This guidance has been prepared by Ireland’s supervisory authority – Data Protection Commission – to aid data controllers and processors to ensure they meet their obligations with regard to the security of personal data they process.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]