European Data Protection Board draft regulatory guidelines on the right of data subjects to have access to their personal data under the EU General Data Protection Regulation (GDPR). In the draft guidance, the EDPB explains the aim and components of the right. This analysis is followed by general considerations on the assessment of access requests and the scope of the right. The EDPB also provides guidance on the practicalities of providing access as well as the limitations and restrictions that the GDPR imposes on the right of access.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]