The Commissioner for the Right to Information and Personal Data Protection, Mr. Besnik Dervishi, participated in the most recent plenary session of the European Data Protection Board (EDPB), held on December 4th in Brussels, during which key matters of the European personal data protection agenda were examined.
During the meeting, the EDPB adopted new recommendations concerning the legal conditions under which websites engaged in electronic commerce may require the creation of user accounts. These recommendations aim to ensure a higher level of protection of personal data, minimize the collection of personal data, and reinforce the principles of data protection by design and by default, in full compliance with the GDPR.
As a general rule, the EDPB emphasizes that users must be afforded the possibility to make purchases through a “guest checkout” modality, without any obligation to create an account. The requirement to create an account may only be justified in limited circumstances, such as when providing subscription-based services or granting access to exclusive offers.
The recommendations will undergo a public consultation procedure, during which interested stakeholders will have the opportunity to submit comments and suggestions.
A substantial part of the session was dedicated to the initial discussions on the European Commission’s proposal for a Digital Omnibus Regulation, for which the EDPB and the EDPS will issue a Joint Opinion.
The deliberations focused on the impact of the proposed amendments on individuals’ fundamental rights, the extent to which the proposal aims to simplify compliance for controllers and processors and enhance legal certainty, as well as concerns that modifications to the definition of “personal data” may exceed the boundaries of the jurisprudence of the Court of Justice of the European Union. The EDPB underscored that any intervention in this field must guarantee high data protection standards and prevent any adverse impact on the fundamental right to personal data protection.
Furthermore, the Board’s member states elected Ms. Jelena Virant Burnik, Information Commissioner of Slovenia, as the new Deputy Chair of the EDPB. In her statement, Ms. Burnik expressed her commitment to strengthening cooperation among National Data Protection Authorities and contributing to the consistent harmonization of GDPR implementation across the European Union.
The participation of Commissioner Mr. Dervishi in the work of the EDPB reflects Albania’s institutional commitment to advancing alignment with EU standards in the field of personal data protection.
