[simpss]

GDPR "opt-in" consent definition also says it must be possible to "opt-out" and still receive the service.

If the data is required for providing the service, no consent is needed, but you must be able to clearly show that the data is indeed an absolute requirement to provide the service.

[closeparen]

Someone would probably be willing to write you a loan with opaque credit history, for the right price. But that price would be so high you'd never agree to pay it. (This is not the same as no credit history. No credit history means you have not taken out any loans before. An unknown history with credit, that you decline to reveal, is far worse).

Credit reporting is an immensely valuable institution, and a lot of that value gets passed down to borrowers.

[harryh]

I'm comfortable with the idea that "if you take out a loan, but don't pay us back, we're going to tell other people that you're a bigger credit risk" is an absolute requirement to provide the service.

It's certainly a requirement if you don't want the interest rates on loans to be much higher.

[tptacek]

It wasn't always a requirement! They had other heuristics before they had credit scoring databases, like, "do your parents have an account here", and, "do you have the correct skin color and religious affiliation".