Skip to Content

European Data Protection Board - Ninth Plenary session: Guidelines on the processing of personal data in the context of information society services

12.4.2019 8.43 | Published in English on 12.4.2019 at 8.47
Press release

On April 9th and 10th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their ninth plenary session.

During the plenary, the EDPB adopted guidelines on the scope and application of Article 6(1)(b)* GDPR in the context of information society services. In its guidelines, the Board makes general observations regarding data protection principles and the interaction of Article 6(1)(b) with other lawful bases. In addition, the guidelines contain guidance on the applicability of Article 6(1)(b) in case of bundling of separate services and termination of contract.

The guidelines will be subject to public consultation.

More information:

Data Protection Ombudsman Reijo Aarnio, tel. +358 40 520 7068, reijo.aarnio(at)

Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (pdf, version for public consultation)

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679 (pdf)

*Article 6 (1) (B)
“1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;”

Back to top