Brussels, 10 April - On April 9th and 10th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their ninth plenary session.
During the plenary, the EDPB adopted guidelines on the scope and application of Article 6(1)(b)* GDPR in the context of information society services. In its guidelines, the Board makes general observations regarding data protection principles and the interaction of Article 6(1)(b) with other lawful bases. In addition, the guidelines contain guidance on the applicability of Article 6(1)(b) in case of bundling of separate services and termination of contract.
Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.
* Article 6 (1) (B)
“1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; ”