Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Credit scoring under the GDPR: Insights from the CJEU’s SCHUFA case
Journal of Data Protection & Privacy,
7
(2),
152-165
(2025)
Abstract
The Court of Justice of the European Union’s (CJEU) SCHUFA case revealed significant insight into the complex relationship between credit scoring processes, data protection regulations and the emerging artificial intelligence (AI) governance framework. This paper offers a thorough analysis of the court ruling in the SCHUFA case, focusing on the question of whether credit scoring processes are qualified as automated decision making (ADM) under the General Data Protection Regulation (GDPR). The paper starts by defining credit scoring and its importance in financial decision making, followed by the concerns associated with it. The analysis then shifts to focus on credit scoring systems in light of GDPR and the new European Union Artificial Intelligence Act (EU AI Act), before proceeding to the main facts of the case along with the decision of the Court. After discussing the potential implications of the CJEU’s decision on credit information agencies and other industries relying on ADM, the paper highlights the importance of considering robust measures to mitigate the risks associated with ADM.
Keywords: automated decision making (ADM); AI; SCHUFA case; credit scoring; GDPR; EU AI Act; creditworthiness assessment
The full article is available to subscribers to the journal.
Author's Biography
Laroussi Chemlali Dr Laroussi Chemlali is an Associate Professor in the College of Law, Ajman University, Ajman, United Arab Emirates. His research focuses on privacy law, e-commerce law and IP/IT law.
Leila Benseddik Dr Leila Benseddik is an Assistant Professor in the Faculty of Communication, Arts and Sciences, Canadian University Dubai, United Arab Emirates. Her research interest lies English for Legal Purposes, Legal English and Applied Linguistics.
