This article looks at pseudonymisation under GDPR and cases when pseudonomysed data can be treated as anonymous data. Authors argue that the definition of pseudonymisation in Article 4(5) GDPR will not expand the category of personal data, and that there is no intention that it should do so. There may also be circumstances in which data which have undergone pseudonymisation within one organisation could be anonymous for a third party.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]