The study finds that while the General Data Protection Regulation (GDPR) lays down horizontal directly applicable rules in all Member States, there remains variation in the range of national-level legislation linked to its implementation in the area of health. This, the study suggests, has led to a fragmented approach in the way that health data processing for health and research is conducted in the Member States. This can negatively impact cross-border cooperation for care provision, healthcare system administration, public health or research.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]