It will become interesting with GDPR, when customers start to revoke their consent to exchange data with credit scoring companies.
I was only referring to the remark about credit scoring companies which I believe to be wrong
In what way is the law used arbitrarily? I would like some sources for this claim.
The thing that may feel arbitrary is simply the fact the laws in Europe actually enforce privacy, whereas a company, and people, form the US expect that these laws are teethless.