Multinational companies should stay within strict limits when processing customer’s personal data on limited grounds to fulfill the terms of a contract, the European Data Protection Board said in new guidance.
The guidance that the board approved Oct. 8 clarifies how companies that offer online products and services in the European Union can meet the terms of the EU’s year-old privacy regime. The General Data Protection Regulation allows companies operating in the bloc to process data from consumers without their additional consent if it’s necessary for a contract.
But questions can arise over what’s considered necessary.
The new guidance specifies...