Thought for the week: Web scraping for generative AI is subject to the GDPR
A commentary from the IAPP argues that web scraping used to build generative AI training datasets falls within the scope of GDPR, meaning the collection and processing of personal data found online is not exempt simply because it occurs at scale or at the infrastructure level.
Why this matters: A lot of AI development runs on scraped data. Companies pull text, images, and other content from across the web, and some of that content includes real people. Names, opinions, medical posts, forum entries. GDPR has rules about collecting personal data, and those rules do not disappear because the collection is automated or the end product is a language model. If this reading holds, AI developers cannot treat the open web as a free data mine. They need a lawful basis, just like anyone else collecting personal information.
Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.