Abstract
Credit scoring is a widespread practice that assigns a score based on certain characteristics or past behaviors, in particular regarding the reliability of debtors to repay loans. In this regard, the new Regulation on Artificial Intelligence (AI Act) adds a control tool to the already well-known art. 22 GDPR, in order to protect consumers and weaker parties, based on which the Court of Justice of the European Union issued the SCHUFA decision. However, there are still grey areas in which the balance between the transparency owed to the consumers regarding the processing of their data or the protection of trade secrets in favor of credit score agencies. This article analyses the orientations of the Court of Justice of the European Union and the national courts regarding credit scoring, following the SCHUFA decision, and proposes some reflections on the application of arts. 22 GDPR and 86 AI Act in this context.