{"id":11320,"date":"2025-11-19T10:42:20","date_gmt":"2025-11-19T09:42:20","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=11320"},"modified":"2025-11-19T15:46:28","modified_gmt":"2025-11-19T14:46:28","slug":"data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/","title":{"rendered":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\"><strong>Consumer loan checks<\/strong><\/h4>\n\n\n\n<p>Consumer loan checks can reveal people&#8217;s lifestyles. The Dutch Data Protection Authority AP concluded this after reviewing a bill concerning consumer loans. It believes that lenders can assess a person&#8217;s ability to meet payment obligations with less information about them. It&#8217;s <a href=\"https:\/\/www.autoriteitpersoonsgegevens.nl\/actueel\/ap-kredietverstrekkers-mogen-niet-om-hele-bankafschriften-vragen\">unlikely that all the information in a bank statement, including sender, recipient, or description, is always necessary<\/a>.&nbsp;<\/p>\n\n\n\n<p>The bill introduces stricter rules for a consumer loan under 200 euros, (services like &#8220;buy now, pay later,&#8221; credit cards, and bank overdrafts). For these relatively small loans, the ability to pay the bill on time will also be checked, and whether there is a risk of default. People who use such loans will also be registered with the Credit Registration Office. The AP emphasises that the new rules need to be further developed for better data control and minimisation.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a href=\"#newslettersignup\"><mark style=\"background-color:#fdeadd;color:#ba7ff2\" class=\"has-inline-color\">Stay up to date! Sign up to receive our fortnightly digest via email.<\/mark><\/a><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>EU Digital Omnibus package latest<\/strong><\/h4>\n\n\n\n<p><strong> <\/strong>The privacy advocacy group NOYB warns that the so-called Digital Omnibus, which is being prepared by the European Commission, brings <a href=\"https:\/\/noyb.eu\/en\/eu-commission-about-wreck-core-principles-gdpr\">fast-track deregulation<\/a>, including \u2018massive\u2019 reform of the GDPR and e-Privacy legislations. Following the <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/digital-omnibus-regulation-proposal\">draft proposal<\/a>, the Commission envisages changes to core elements like the definition of personal data, consent requirements, and data subjects&#8217; rights, as well as lesser protections for special categories of data under the GDPR. In parallel, AI companies could also benefit from easier access to European personal data through the implementation of the \u2018legitimate interests\u2019 legal basis for processing.\u00a0\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>ETIAS and data protection<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"614\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/cyber-security-3194286_1280-1024x614.jpg\" alt=\"\" class=\"wp-image-11329 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/cyber-security-3194286_1280-1024x614.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/cyber-security-3194286_1280-300x180.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/cyber-security-3194286_1280-768x461.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/cyber-security-3194286_1280.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>As the clock ticks down to the launch of a new EU large-scale border management system, the <a href=\"https:\/\/www.edps.europa.eu\/press-publications\/press-news\/blog\/etias-fundamental-rights-guidance-board-ensuring-access-effective-judicial-remedy_en\">European Travel Information and Authorisation System (ETIAS) in autumn 2026<\/a>, momentum is building to prepare it for entry into operation and ensure its compliance with data protection laws. The EDPS follows the implementation of ETIAS at close quarters. To help mitigate the risks, legislators have established an ETIAS Fundamental Rights Guidance Board.&nbsp;<\/p>\n<\/div><\/div>\n\n\n\n<p>Composed of representatives of the EDPS, EDPB, EU Fundamental Rights Agency, Frontex Fundamental Rights Office and Frontex Consultative Forum, the EFRGB is mandated to issue guidance on the fundamental rights impacts of processing ETIAS applications. A critical concern for individuals required to apply for an ETIAS is ensuring access to an effective judicial remedy. For instance, refusal of a travel authorisation could result from a data processing error.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Brazil draft adequacy decision<\/strong><\/h4>\n\n\n\n<p><strong> <\/strong>The EDPB also adopted an opinion regarding the European Commission <a href=\"https:\/\/www.edpb.europa.eu\/system\/files\/2025-11\/edpb_opinion_202528_brazil_adequacy_en_0.pdf\">draft implementing decision on Brazil\u2019s adequacy<\/a>. The General Data Protection Law in Brazil, LGPD, together with Presidential decrees and binding regulations issued by Brazil\u2019s Data Protection Authority, ANPD, establish requirements, including in relation to the principles, data subject rights, transfers, oversight and redress, closely aligned with the GDPR and case law of the CJEU. At the same time, the EDPB invites the Commission to clarify further how certain exemptions and specific limitations of data subject rights in the LGPD correspond to the adequate level of data protection regarding:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>national security purposes relating to the collection and sharing of data between the public entities within the Brazilian intelligence systems<\/li>\n\n\n\n<li>personal data processing for criminal law enforcement purposes<\/li>\n\n\n\n<li>rights of information and access to the data&nbsp;<\/li>\n\n\n\n<li>accountability principle and the requirements for the data protection impact assessment<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">More legal updates<\/h4>\n\n\n\n<p><strong>NIS2 implementation in Germany: <\/strong>On 13 November, the <a href=\"https:\/\/www.bsi.bund.de\/DE\/Service-Navi\/Presse\/Pressemitteilungen\/Presse2025\/251113_NIS-2-Umsetzungsgesetz.html\">law implementing the European Network and Information Systems (NIS) 2 Directive, passed in the German Bundestag<\/a>. The directive increases the cybersecurity requirements for certain companies and the federal administration. The Federal Office for Information Security (BSI) occupies a key position in both areas. It will become the supervisory authority for the companies affected by the directive; in addition, in the role of Chief Information Security Officer (CISO), it will be the central body for the cybersecurity of the federal administration.&nbsp;<\/p>\n\n\n\n<p>Affected companies must register with the BSI, report significant security incidents, and implement technical and organisational risk management measures. It includes an amendment to the BSI Act, which previously covered approximately 4,500 entities in the economic area: operators of critical infrastructure, providers of digital services, and companies of particular public interest. With the entry into force of the NIS2, this scope is expanded to include the categories of &#8220;important institutions&#8221; and &#8220;particularly important institutions,&#8221; meaning that the BSI will supervise approximately 29,500 institutions in the future.&nbsp;<\/p>\n\n\n\n<p><strong>NIS upgrade in the UK: <\/strong>In parallel, on 12 November, the <a href=\"https:\/\/digitalpolicyalert.org\/event\/35450-cyber-security-and-resilience-bill-introduced-to-parliament\">Cyber Security and Resilience Bill was introduced to the UK Parliament<\/a>. The Bill will update the <a href=\"https:\/\/www.gov.uk\/government\/collections\/nis-directive-and-nis-regulations-2018\">NIS Regulation from 2018<\/a> by expanding the regulatory scope to include a broader range of essential and digital service providers, including online marketplaces, cloud computing services, and search engines, as well as managed service providers (eg, data centres will be designated as essential services). It also places the Secretary of State in charge of maintaining consistency in implementation across sectors.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>AI solutions legal basis<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"682\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/analysis-6232545_1280-1024x682.jpg\" alt=\"\" class=\"wp-image-11331 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/analysis-6232545_1280-1024x682.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/analysis-6232545_1280-300x200.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/analysis-6232545_1280-768x512.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/analysis-6232545_1280.jpg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>At the request of the Danish Agency for Higher Education and Science, the Danish Data Protection Agency has assessed whether the agency has the authority to develop and operate an <a href=\"https:\/\/www.datatilsynet.dk\/presse-og-nyheder\/nyhedsarkiv\/2025\/nov\/datatilsynet-har-vurderet-hjemlen-til-ai-loesning-paa-su-omraadet\">AI solution that will function as support in the assessment of applications for disability allowance<\/a>. The Danish Data Protection Authority assessed that the processing of personal data that takes place during the development and operation of an AI solution can, as a rule, be carried out based on what is necessary for reasons of substantial public interest &#8211; GDPR Art. 9(2)(g). <\/p>\n<\/div><\/div>\n\n\n\n<p>However, it requires a so-called supplementary national legal basis. In relation to the duty of information towards citizens whose historical cases are included in the training dataset, the Danish Agency for Higher Education and Science has, among other things, pointed out:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>There is a large number of citizens (approx. 3,000).<\/li>\n\n\n\n<li>It would be resource-intensive to inform citizens individually.<\/li>\n\n\n\n<li>The processing of personal data is limited.<\/li>\n\n\n\n<li>The purpose of the processing is to improve case processing time.<\/li>\n\n\n\n<li>The treatment is not assessed to have direct consequences for citizens.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>GDPR ready-to-use templates<\/strong><\/h4>\n\n\n\n<p>The EDPB invites experts to participate in a public consultation aimed at proposing practical templates to help organisations comply with their obligations under the GDPR. The EDPB identified the need to develop standardised tools that could serve as guidance for both controllers and processors. The public consultation aims to find out which types of templates would be most beneficial in practice, for instance:&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>privacy notice,<\/li>\n\n\n\n<li>records of processing activities,<\/li>\n\n\n\n<li>data protection impact assessment,<\/li>\n\n\n\n<li>notification of a personal data breach.<\/li>\n<\/ul>\n\n\n\n<p>It is possible to participate in the public consultation from November 5 to December 3, 2025. Experts, organisations, and individuals can submit their suggestions through <a href=\"https:\/\/www.edpb.europa.eu\/our-work-tools\/general-guidance\/public-consultations-our-guidance_en\">this page<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More from supervisory authorities<\/h4>\n\n\n\n<p><strong>Australia child privacy updates: <\/strong>From 10 December, platforms like Facebook, Instagram, Snapchat, <a href=\"https:\/\/minister.infrastructure.gov.au\/wells\/media-release\/social-media-minimum-age-platform-assessments\">TikTok, YouTube, X, Threads, Reddit and Kick must take reasonable steps to prevent under-16s from holding accounts on their services<\/a>. Failure to do so will expose these platforms to fines of up to 49.5 million dollars. These services currently meet the criteria for under 16 restrictions as specified in the Social Media Minimum Age legislation, in particular the key requirement that their \u201csole or significant purpose is to enable online social interaction\u201d.<\/p>\n\n\n\n<p><strong>Health data warehouses (EDS): <\/strong>The CNIL&#8217;s Digital Innovation Laboratory (LINC) has published a map of health data warehouses in France. An EDS, explains the CNIL, is a database built up over a long period of time and intended to be reused mainly for steering (management, control and administration of the activity) and research, studies and evaluations in the field of health. They can be <a href=\"https:\/\/www.cnil.fr\/fr\/explorez-la-cartographie-des-entrepots-de-donnees-de-sante-en-france\">set up by both public (such as a public healthcare institution) and private entities (such as a data broker or a startup), provided that they comply with the applicable legal framework<\/a>.<\/p>\n\n\n\n<p><strong>AI risk assessment: <\/strong>The EDPS has published a new guidance document to help data controllers carry out data protection risk assessments when developing, acquiring and deploying AI systems. Although the new guidelines are aimed at EU institutions, organisations in both the public and private sectors that use or plan to adopt AI systems can use them as a valuable starting point. It focuses on the risk of non-compliance regarding: <a href=\"https:\/\/www.edps.europa.eu\/system\/files\/2025-11\/2025-11-11_ai_risks_management_guidance_en.pdf\">fairness, accuracy, data minimisation, security and certain data subjects\u2019 rights<\/a>. The list of risks and countermeasures is not exhaustive, but merely reflects some of the most pressing issues that controllers must address when procuring, developing and deploying AI systems.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">In other news<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"768\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-1024x768.png\" alt=\"\" class=\"wp-image-11321 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-1024x768.png 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-300x225.png 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-768x576.png 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image.png 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Cyber attack mitigation tools: <\/strong>The Dutch AP has issued recommendations for a <a href=\"https:\/\/www.autoriteitpersoonsgegevens.nl\/actueel\/drie-aanbevelingen-voor-een-sterke-verwerkersovereenkomst-bij-een-cyberaanval\">strong data processing agreement in the event of a cyber attack<\/a>. Organisations that collaborate with service providers must enter into a data processing agreement regarding the sharing and use of personal data. This agreement outlines agreements, for example, regarding security and the roles and responsibilities in the event of incidents such as data breaches. To that end, to limit the damage from cyber attacks, organisations can:<\/p>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Make agreements as concrete as possible<\/li>\n\n\n\n<li>Maintain control over the entire supply chain<\/li>\n\n\n\n<li>Give more priority to drafting and maintaining data processing agreements<\/li>\n<\/ul>\n\n\n\n<p>Therefore, the regulator sums up, negotiate agreements carefully and promptly. And <a href=\"https:\/\/techgdpr.com\/consultancy\/managed-gdpr-compliance\/\">review agreements and appendices regularly to ensure they remain relevant in practice. Employee awareness and knowledge<\/a> of the GDPR play a crucial role in this.<\/p>\n\n\n\n<p><strong>Misleading cookie banners: <\/strong>The AP also reports that three-quarters of websites modified misleading cookie banners after an investigation was launched on more than 200 websites in the Netherlands starting in April. The AP is now taking enforcement action against organisations that haven&#8217;t updated their cookie banners. <a href=\"https:\/\/www.autoriteitpersoonsgegevens.nl\/actueel\/ap-driekwart-websites-past-misleidende-cookiebanner-aan-na-waarschuwing-onderzoek-gestart-naar-weigeraars\">The easiest way to respect this is to not use tracking software<\/a>. In that case, a cookie banner isn&#8217;t necessary. Where organisations do use tracking software, they must adhere strictly to the rules and inform visitors honestly and clearly.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Biometric processing<\/strong><\/h4>\n\n\n\n<p><strong> <\/strong>In New Zealand, the Privacy Commissioner has issued a <a href=\"https:\/\/www.privacy.org.nz\/focus-areas\/biometrics\/\">Biometric Processing Privacy Code<\/a> that creates specific privacy rules for agencies (businesses and organisations) using biometric technologies to collect and process biometric information. The Code, which is now law made under the Privacy Act, will help make sure agencies implementing biometric technologies are doing it safely and in a way that is proportionate.&nbsp;<a href=\"https:\/\/www.privacy.org.nz\/resources-and-learning\/a-z-topics\/biometrics\/\">Guidance has also been developed to support the Code<\/a>.&nbsp;<\/p>\n\n\n<div id=\"newslettersignup\"><\/div>\n<div id=\"role-block_c62bda935f795b711c68c1cfc762a910\" class=\"text-t-black bg-t-pink p-6 md:p-12 rounded-tr-50 rounded-bl-50 mb-4 lg:mb-12 text-center role\">\n  \n      <h2 class=\"text-xl lg:text-2xl max-w-screen-lg mx-auto text-t-black font-display mb-4\">\n      Receive our digest by email     <\/h2>\n        <h3 class=\"text-base max-w-screen-lg mx-auto text-t-black font-body mb-4\">Sign up to receive our digest by email every 2 weeks<\/h3>\n  \n  <div id=\"rmOrganism\">\n    <div class=\"rmEmbed rmLayout--vertical rmBase\">\n      <div data-page-type=\"formSubscribe\" class=\"rmBase__body rmSubscription\">\n                  <form method=\"post\" action=\"https:\/\/mailing.techgdpr.com\/145\/6351\/5e9fc3cdda\/subscribe\/form.html?_g=1698845230\" class=\"rmBase__content\">\n                  <div class=\"rmBase__container mx-auto max-w-screen-sm\">          \n            <div class=\"rmBase__section\">\n              <div class=\"text-left rmBase__el rmBase__el--input rmBase__el--label-pos-none\" data-field=\"email\">\n                <label for=\"email\" class=\"rmBase__compLabel rmBase__compLabel--hideable hidden\">\n                  Email address\n                <\/label>\n                <div class=\"rmBase__compContainer mb-2\">\n                  <input type=\"text\" name=\"email\" id=\"email\" placeholder=\"Email\" value=\"\" class=\"p-4 border rounded border-gray-400 w-full rmBase__comp--input comp__input\">\n                  <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section mb-4\">\n              <div class=\"rmBase__el rmBase__el--consent\" data-field=\"consent_text\">\n                <div class=\"rmBase__comp--checkbox\">\n                  <label for=\"consent_text\" class=\"flex space-x-2 items-baseline text-left vFormCheckbox comp__checkbox\">\n                    <input type=\"checkbox\" value=\"yes\" name=\"consent_text\" id=\"consent_text\" class=\"vFormCheckbox__input\">\n                    <div class=\"vFormCheckbox__indicator hidden\"><\/div>\n                    <div class=\"vFormCheckbox__label\">\n                                              I consent to the processing of my data and to receiving regular updates from TechGDPR. Data is processed according to our <a href=\"https:\/\/techgdpr.com\/privacy-policy\/\"> Privacy Notice<\/a>.\r\n                                          <\/div>\n                  <\/label>\n                <\/div>\n                <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--cta\">\n                <button type=\"submit\" class=\"inline-flex items-center justify-center px-8 py-3 text-white visited:text-white font-bodybold rounded-md bg-t-navy border-3 border-t-navy hover:border-t-navy hover:bg-transparent hover:text-t-navy transition-all hover:text-white cursor-pointer rmBase__comp--cta\">\n                  Subscribe\n                <\/button>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/form>\n      <\/div>\n      <div data-page-type=\"pageSubscribeSuccess\" class=\"rmBase__body rmSubscription hidden\">\n        <div class=\"rmBase__content\">\n          <div class=\"rmBase__container\">\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--heading\">\n                <div class=\"rmBase__comp--heading\">\n                  Thank you for your subscription!\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--text\">\n                <div class=\"rmBase__comp--text\">\n                  We have sent you an email &#8211; please confirm your email address by clicking the activation link in it.\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n\n      <script src=\"https:\/\/mailing.techgdpr.com\/form\/145\/6069\/8a53c9178b\/embedded.js\" async><\/script>\n  \n<\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Direct marketing and free-of-charge services<\/strong><\/h4>\n\n\n\n<p> On 13 November, the CJEU released its <a href=\"https:\/\/curia.europa.eu\/juris\/document\/document.jsf?text=&amp;docid=306136&amp;pageIndex=0&amp;doclang=EN&amp;mode=req&amp;dir=&amp;occ=first&amp;part=1&amp;cid=3601894\">ruling in Inteligo Media SA v ANSPDCP (Romanian data protection regulator)<\/a> (C-654\/23), where a media website provided information about new legislation in Romania, Bird&amp;Bird law blog reports.&nbsp; Six articles per month could be viewed completely free of charge. Users might also subscribe for free to an additional two articles and a daily newsletter. They could also pay for unlimited access and a fuller newsletter. ANSPDCP claimed that Inteligo could only process subscriber registration details and deliver the free newsletter if it had approval, which it did not.&nbsp;<\/p>\n\n\n\n<p>Inteligo argued it was covered by the soft opt-in exception. The ePrivacy Directive does demand that organisations obtain consent before sending direct marketing emails, but there is an exception: where the organisation acquires the subscriber&#8217;s information after selling a product or service, and the direct marketing is for that organisation&#8217;s similar product or service. The top EU court concluded that the <strong>free subscription did constitute a sale: a sale requires payment in exchange for goods or services, as well as remuneration. However, the reimbursement might be indirect<\/strong>, when a particular customer does not have to pay, but it is rather covered by the premium version of the subscription.&nbsp;<\/p>\n\n\n\n<p>Continue reading the <a href=\"https:\/\/www.twobirds.com\/en\/insights\/2025\/understanding-soft-opt-in-when-free-deals-count-as-consent-under-eprivacy-rules\">original analysis here<\/a>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Telecommunications multimillion fine<\/strong><\/h4>\n\n\n\n<p>Following ex officio proceedings, the Croatian data protection agency imposed an administrative fine on a telecommunications operator, in its capacity as controller, for the total amount of <a href=\"https:\/\/azop.hr\/naslovna-english\/\">4.5 million euros for violations of the GDPR. The infringements concerned the transfer of personal data to third countries without a valid transfer instrument <\/a>and without transparent information to data subjects, the processing of copies of employees\u2019 identity cards and certificates of no criminal proceedings without a legal basis, as well as the failure to carry out appropriate prior checks of a processor.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Customer service fine<\/strong><\/h4>\n\n\n\n<p>The EDPB sums up a recent enforcement case in Italy, when a customer, who was the victim of fraud, <a href=\"https:\/\/www.edpb.europa.eu\/news\/national-news\/2025\/right-access-data-protection-authority-fines-bank-100-000-eur-customers-can_en\">contacted their bank to obtain recordings of calls made to customer service, which would be useful in contesting a transfer of approximately 10,000 euros and reconstructing what had happened<\/a>. Having received no satisfactory response, they complained to the privacy regulator Garante. Only after the authority had opened proceedings did the bank provide the recordings, but by then the 30-day deadline set by the GDPR had already passed. Garante imposed an administrative fine of 100,000 euros, taking into account the bank&#8217;s turnover, its cooperation during the investigation and the absence of previous infringements.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">&nbsp;In case you missed it<\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:30% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-8-1024x576.jpeg\" alt=\"\" class=\"wp-image-11325 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-8-1024x576.jpeg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-8-300x169.jpeg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-8-768x432.jpeg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-8.jpeg 1280w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Children\u2019s data lifecycle: <\/strong>Privacy International states that in England\u2019s schools, children are tracked from birth through a vast, opaque network of digital systems that turn education into a lifelong exercise in data collection and surveillance. Children\u2019s data in education starts from the day they are born until they are 25 years old:<\/p>\n<\/div><\/div>\n\n\n\n<ul class=\"wp-block-list\">\n<li>during pre-school, with personal data submitted by legal guardians during the school admissions process&nbsp;<\/li>\n\n\n\n<li>every child is assigned a <a href=\"https:\/\/www.cl.cam.ac.uk\/~rja14\/Papers\/kids.pdf#page=41\">unique pupil record<\/a> and a <a href=\"https:\/\/schoolsweb.buckinghamshire.gov.uk\/school-management-support\/unique-pupil-numbers-upns\">unique pupil number<\/a> that stays with them forever<\/li>\n\n\n\n<li>the student\u2019s educational setting gets added to the record, which includes its religious character and location, etc.<\/li>\n<\/ul>\n\n\n\n<p>The next layer of data added to those records is created by school staff &#8211; absence and attendance records, assessments, etc. Separately, children\u2019s data can be generated and collected by the EdTech tools used by staff. Some schools use a broad range of tools, such as behaviour tracking apps, which can take the form of scores but also of more <a href=\"https:\/\/www.researchgate.net\/publication\/391132937_Predictive_Analytics_to_Enhance_Learning_Outcomes_Cases_from_UK_Schools\">complex profiles and predictions in relation to a child.<\/a> Further personal data is collected and added to the National Pupil Database (NPD), and is kept indefinitely.&nbsp;<\/p>\n\n\n\n<p>Keep reading the <a href=\"https:\/\/privacyinternational.org\/long-read\/5696\/playground-database-child-data-education\">original analysis here<\/a>.<\/p>\n\n\n\n<p><strong>Agentic AI explained: <\/strong>The JD Supra law blog outlines the rise of &#8220;agentic AI&#8221;. Unlike traditional AI systems, which are designed to perform specific, narrowly defined tasks (generating text or images or analysing inputs) and rely on human input and oversight, agentic AI systems can complete far more complex, multi-step tasks autonomously and make context-dependent decisions. The emergence of these systems could transform a wide range of industries and business functions, including: <a href=\"https:\/\/www.jdsupra.com\/legalnews\/understanding-agentic-ai-opportunities-4944071\/\">a) consumer-facing systems, b) customer support, c) internal operations, and d) sales and marketing.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Consumer loan checks Consumer loan checks can reveal people&#8217;s lifestyles. The Dutch Data Protection Authority AP concluded this after reviewing a bill concerning consumer loans. It believes that lenders can assess a person&#8217;s ability to meet payment obligations with less information about them. It&#8217;s unlikely that all the information in a bank statement, including sender, [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":11323,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[51,129,100,98,89,58,79],"class_list":["post-11320","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-artificial-intelligence","tag-consumer-data-protection","tag-cookies","tag-direct-marketing","tag-dpo","tag-gdpr-compliance","tag-international-transfers"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-150x150.jpeg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-300x200.jpeg",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-768x512.jpeg",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-1024x682.jpeg",640,426,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-200x200.jpeg",200,200,true]},"post_excerpt_stackable":"<p>Consumer loan checks Consumer loan checks can reveal people&#8217;s lifestyles. The Dutch Data Protection Authority AP concluded this after reviewing a bill concerning consumer loans. It believes that lenders can assess a person&#8217;s ability to meet payment obligations with less information about them. It&#8217;s unlikely that all the information in a bank statement, including sender, recipient, or description, is always necessary.&nbsp; The bill introduces stricter rules for a consumer loan under 200 euros, (services like &#8220;buy now, pay later,&#8221; credit cards, and bank overdrafts). For these relatively small loans, the ability to pay the bill on time will also be&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-150x150.jpeg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-300x200.jpeg",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-768x512.jpeg",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-1024x682.jpeg",640,426,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg",1280,853,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7-200x200.jpeg",200,200,true]},"post_excerpt_stackable_v2":"<p>Consumer loan checks Consumer loan checks can reveal people&#8217;s lifestyles. The Dutch Data Protection Authority AP concluded this after reviewing a bill concerning consumer loans. It believes that lenders can assess a person&#8217;s ability to meet payment obligations with less information about them. It&#8217;s unlikely that all the information in a bank statement, including sender, recipient, or description, is always necessary.&nbsp; The bill introduces stricter rules for a consumer loan under 200 euros, (services like &#8220;buy now, pay later,&#8221; credit cards, and bank overdrafts). For these relatively small loans, the ability to pay the bill on time will also be&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-19T09:42:20+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T14:46:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0\",\"datePublished\":\"2025-11-19T09:42:20+00:00\",\"dateModified\":\"2025-11-19T14:46:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/\"},\"wordCount\":2420,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/image-7.jpeg\",\"keywords\":[\"Artificial Intelligence\",\"consumer data protection\",\"cookies\",\"direct marketing\",\"dpo\",\"GDPR Compliance\",\"International transfers\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/\",\"name\":\"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/image-7.jpeg\",\"datePublished\":\"2025-11-19T09:42:20+00:00\",\"dateModified\":\"2025-11-19T14:46:28+00:00\",\"description\":\"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/image-7.jpeg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/image-7.jpeg\",\"width\":1280,\"height\":853,\"caption\":\"consumer loan\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR","description":"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/","og_locale":"en_US","og_type":"article","og_title":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR","og_description":"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data","og_url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/","og_site_name":"TechGDPR","article_published_time":"2025-11-19T09:42:20+00:00","article_modified_time":"2025-11-19T14:46:28+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg","type":"image\/jpeg"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0","datePublished":"2025-11-19T09:42:20+00:00","dateModified":"2025-11-19T14:46:28+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/"},"wordCount":2420,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg","keywords":["Artificial Intelligence","consumer data protection","cookies","direct marketing","dpo","GDPR Compliance","International transfers"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/","url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/","name":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0 - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg","datePublished":"2025-11-19T09:42:20+00:00","dateModified":"2025-11-19T14:46:28+00:00","description":"TechGDPR\u2019s review of the most important data-related stories: Consumer loan checks can reveal lifestyle data","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/11\/image-7.jpeg","width":1280,"height":853,"caption":"consumer loan"},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-19112025-consumer-loan-checks-can-reveal-peoples-lifestyle-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Data protection digest 3-17 Nov 2025: Consumer loan checks can reveal people\u2019s lifestyle data\u00a0"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11320","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=11320"}],"version-history":[{"count":23,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11320\/revisions"}],"predecessor-version":[{"id":11356,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/11320\/revisions\/11356"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/11323"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=11320"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=11320"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=11320"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}