European Data Protection Board - Ninth Plenary session: Guidelines on the processing of personal data in the context of information society services
On April 9th and 10th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their ninth plenary session.
During the plenary, the EDPB adopted guidelines on the scope and application of Article 6(1)(b)* GDPR in the context of information society services. In its guidelines, the Board makes general observations regarding data protection principles and the interaction of Article 6(1)(b) with other lawful bases. In addition, the guidelines contain guidance on the applicability of Article 6(1)(b) in case of bundling of separate services and termination of contract.
The guidelines will be subject to public consultation.
Data Protection Ombudsman Reijo Aarnio, tel. +358 40 520 7068, reijo.aarnio(at)om.fi
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects (pdf, version for public consultation)
*Article 6 (1) (B)
“1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;”