Multinational companies should stay within strict limits when processing customer’s personal data on limited grounds to fulfill the terms of a contract, the European Data Protection Board said in new guidance.
The guidance that the board approved Oct. 8 clarifies how companies that offer online products and services in the European Union can meet the terms of the EU’s year-old privacy regime. The General Data Protection Regulation allows companies operating in the bloc to process data from consumers without their additional consent if it’s necessary for a contract.
But questions can arise over what’s considered necessary.
The new guidance specifies ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.