These Guidelines are intended to help with the assessment of compliance of proposed measures with EU law on data protection. They have been developed to better equip EU policymakers and legislators responsible for preparing or scrutinising measures that involve the processing of personal data and limit the rights to protection of personal data and to privacy. They aim at assisting policy makers and legislators, once they have identified the measures which have an impact on data protection and the priorities and objectives behind these measures, in finding solutions which minimise conflict between these priorities and are proportionate.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]