"Discretion" in the Opinions of the Advocates General of the Court of Justice of the European Union, presented on the Opinion of AG Pikamäe in the Schufa Holding case (C-634/21)

Firstly, the general prohibition on decisions based solely on automated processing under Article 22(1) GDPR, in light of Articles 7 and 8 of the EU Charter, requires case-by-case analysis, giving national authorities discretion. In the Schufa case, the AG relies on the referring court (paras 46-47) finding that credit scores effectively predetermine lending decisions, making them "decisions" under Article 22(1). Fundamental rights protection is thus shaped jointly by EU law and national interpretation.
Secondly, while the GDPR allows Member States some discretion (Article 22(2)(b) to regulate automated decision-making, this must be exercised through clear, specific legislation, not vague or general rules (the second question of the referring court)
Finally, these two arguments supports the arguments discussed in legal literature: (i) the margin of discretion facilitates a process of "co-creation" where both national and EU actors contribute to the definition of rights;
(ii) the degree of harmonization directly impacts the breadth of discretion.
In conclusion, as digital regulation continues to evolve, the AG’s Opinion in the Schufa case may offer a model for preserving a measured form of co-creation in areas of technological complexity and rights sensitivity.