Identifying a lead supervisory authority is only relevant where a controller or processor is carrying out the cross-border processing of personal data.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]