European regulators have advised that online retailers in the European Economic Area should allow customers to shop without creating an account. The guidance states that compulsory registration for routine purchases results in unnecessary collection and processing of personal information. Regulators said that this approach conflicts with data protection principles, which require organisations to limit data gathering to what is essential for a specific transaction. They also noted that account creation increases long-term retention of personal data even when shoppers only intend to complete a one-time order.
The guidance calls for a clear guest checkout option that allows users to browse and complete purchases without registration. Regulators said that retailers should only require accounts in cases where there is a legitimate need for ongoing identification. Examples include subscription services or features that depend on a continuing customer profile. They emphasised that one-time purchases and common retail transactions generally do not require a mandatory account.
Regulators stated that reducing compulsory registration would lower privacy and security risks. Each new user account contains additional personal information that can be exposed if the retailer experiences a data breach. They added that guest checkout reduces these risks by ensuring that retailers collect only the data required for payment and delivery. Providing an account as an optional feature remains permitted as long as it is not a condition for completing ordinary purchases.
A consultation period will allow retailers, consumer organisations, and authorities to provide feedback. The goal is to design a consistent approach that balances customer convenience with data protection. Regulators expect that guest checkout will become a standard option if the guidance is adopted.
Retailers may need to adjust their ordering systems to support purchases without user profiles. This includes ensuring that payment, invoicing, and delivery processes function independently of registered accounts. The guidance suggests that removing barriers created by compulsory registration could simplify the customer experience while improving compliance with data protection requirements.