The European Data Protection Board (EDPB) has published its guidelines 02/2019 on its understanding of Art. 6(1)(b) GDPR, the legal basis for processing of personal data necessary for the fulfillment of a contract. The guidelines were published on April 9th 2019 after being worked on since July of 2018 in the Key Provision Subgroup. They were open for public consultation until May 24th 2019. The following review summarizes the EDPBs understanding of necessary for the fulfillment of a contract within Art. 6(1)(b) GDPR (1) and evaluates the legal reasoning behind it (2). It will then try to show how the EDPBs understanding is contradicting in itself as well as sidelining consumer protection and contractual law and how the justification given for this is insufficient (3). It will further demonstrate how the EDPBs guidelines may lead to undue legal uncertainty (4) and why they were likely to over-emphasizes consent as a result (5). This review will conclude by offering an alter native view on the notion of necessity closer aligned with existing contractual law and will try to show the merits of such an understanding while applying it to the examples given by the EDPB (6).