PrivacySignal
GDPR / Intl

EDPB sheds light on anonymisation and web scraping for generative AI and adopts final version of guidelines on blockchain

EDPB · · EU · GDPR & International

The European Data Protection Board has adopted new guidelines on anonymisation, web scraping for generative AI, and blockchain data processing. The anonymisation guidance incorporates recent Court of Justice of the EU case law to clarify when data can genuinely be considered anonymous under European privacy law.

Why this matters: These guidelines matter because 'anonymous data' is the escape hatch that lets companies avoid GDPR entirely. If data is truly anonymous, almost none of the rules apply. The EDPB is now tightening what that actually means, which will affect every AI company scraping the web and claiming the data is clean to use. The web scraping guidelines are just as consequential. Generative AI runs on scraped data. Whether that data contains personal information, and who is responsible for it, is a live fight between regulators and the AI industry. Clearer rules put companies on notice.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

GDPR / Intl
EDPB · · EU

EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing

The European Data Protection Board and the newly established Anti-Money Laundering Authority have announced a joint effort to develop guidelines on how financial institutions can share customer information to fight money laundering and terrorist financing without violating data protection rules. The collaboration stems from an explicit provision in the EU's AML Regulation allowing such information exchanges.

Who should care: Lawyers · Privacy officers · AI governance · Compliance

#gdpr#regulation Read original →
GDPR / Intl
noyb (None of Your Business) · · EU

US Supreme Court just blew up EU-US Data Transfers

The US Supreme Court's ruling in Trump v. Slaughter has put the FTC's independence in doubt, which directly threatens the legal foundation of EU-US data transfer agreements. The current adequacy framework cites the FTC as an independent enforcer 259 times, a requirement under EU law that may no longer be satisfied.

Who should care: Lawyers · Privacy officers · AI governance

GDPR / Intl
M Maryland Association of Counties · · International

Attorney General Releases Guidance on Community Trust and Data Privacy Acts

A state Attorney General has released formal guidance on laws governing community trust and data privacy, providing direction to counties on how to interpret and apply both statutes. The guidance appears aimed at helping local governments align their practices with the requirements of the acts.

Who should care: Lawyers · Privacy officers · Compliance

#state-privacy#regulation Read original →
GDPR / Intl
CNIL · · EU / France

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Data protection authorities from G7 nations have jointly adopted a set of principles addressing how emerging technologies should handle children's data and safeguard minors online. The agreement signals coordinated regulatory intent across major democracies to hold technology developers to higher standards when children are involved.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
DataBreaches.net · · International

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner's Office has published a report summarizing findings from its audits of educational technology providers, outlining how those companies handle personal data and where improvements were identified or made.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
- - Center for Democracy and Technology · · International

Potential Avenues for Redress for AI-related Harms under the GDPR: A Visual Explanation

The Center for Democracy and Technology has published a visual guide mapping out how individuals can seek redress for harms caused by AI systems under the GDPR. The resource appears aimed at helping people and advocates understand which legal pathways are available when AI causes harm covered by European data protection law.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy