You know the feeling — you find something you want to buy in an online store, add it to your cart — and at the last step, you have to create an account with a name, password, and email just to complete the purchase. The EDPB decided in December 2025 that this is generally not allowed. If you want to buy one thing, you should be able to do so without leaving a permanent footprint. Exceptions exist for subscription services and exclusive member offers — but for regular online shopping, guest box that the GDPR requires.
What does this mean to you?
Offer guest checkout in the online store. If you want people to register, make it optional — and not at the last step of the checkout process.
Inspired by: European Data Protection Board