EDPB sheds light on anonymisation and web scraping for generative AI and adopts final version of guidelines on blockchain
The European Data Protection Board has adopted new guidelines on anonymisation, web scraping for generative AI, and blockchain data processing. The anonymisation guidance incorporates recent Court of Justice of the EU case law to clarify when data can genuinely be considered anonymous under European privacy law.
Why this matters: These guidelines matter because 'anonymous data' is the escape hatch that lets companies avoid GDPR entirely. If data is truly anonymous, almost none of the rules apply. The EDPB is now tightening what that actually means, which will affect every AI company scraping the web and claiming the data is clean to use. The web scraping guidelines are just as consequential. Generative AI runs on scraped data. Whether that data contains personal information, and who is responsible for it, is a live fight between regulators and the AI industry. Clearer rules put companies on notice.
Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.