EDPB Issues Recommendations on Legal Basis for User Accounts on E-commerce Sites
The European Data Protection Board (EDPB) has issued recommendations on when e-commerce websites can require users to create accounts. These guidelines aim to protect users’ personal data and reduce privacy risks associated with mandatory account creation. The EDPB emphasizes that users should generally be able to interact with e-commerce platforms, including making purchases, without the need to register an account.
E-commerce websites are encouraged to provide a ‘guest’ mode, allowing users to complete transactions without creating an account, or offer account creation as an optional choice. This approach limits the collection and processing of personal data, aligning with the GDPR principles of data protection by design and by default. It helps ensure that users’ privacy is respected while maintaining a smooth shopping experience.
Mandatory account creation is only justifiable in specific cases, such as when a subscription service is offered or when access to exclusive promotions is restricted to registered users. The EDPB’s recommendations seek to balance business needs with user privacy, promoting transparent and fair data processing practices in the e-commerce sector.
These guidelines reflect the EDPB’s commitment to fostering user-friendly and privacy-conscious practices online. By clarifying the legal basis for account requirements, the Board supports compliance with the GDPR and encourages businesses to minimize unnecessary data collection.
