The European Data Protection Board (EDPB), at its plenary session on December 4, 2025, adopted Recommendations for the creation of user accounts on e-commerce websites. The goal is to make online shopping more respectful of users’ privacy by allowing transactions to be carried out without the need to register, favoring a “guest” mode. Registration may be mandatory only in specific cases, such as subscriptions or exclusive offers. These guidelines aim to reduce the collection and processing of personal data, in line with the GDPR’s principles of data protection by design and by default.

The EDPB has also launched a preliminary discussion on the “Digital Omnibus” proposal, expressing concern over the proposed change to the definition of personal data, which could go beyond the case law of the Court of Justice of the EU and undermine the fundamental right to data protection. This change, in fact, risks weakening the protection of data subjects and reducing transparency and accountability of companies in the management of personal data.