This paper aims to offer suggestions as to how the GDPR can offer the strongest protections on profiling and automated decision-making for data subjects in Europe and beyond. After a brief introduction to profiling, automated decision-making and the harms it may create, it provides a set of recommendations for additional guidance, with a focus on individual rights, as opposed to obligations placed on controllers.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]