This Report outlines how national courts and Data Protection Authorities (DPAs) in the EU/ European Economic Area (EEA) and UK have interpreted and applied the relevant GDPR provisions on automated decisionmaking (ADM) so far, as well as the notable trends and outliers in this respect. To compile the Report, we authors looked into publicly available judicial and administrative decisions and regulatory guidelines across EU/EEA jurisdictions and the UK, which was a member of the EU until December 2020 and whose rules on ADM are still an implementation of the GDPR at the time of writing this Report. To complement the facts of the cases discussed, we have also looked into press releases, annual reports and media stories.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]