The European Data Protection Board (EDPB) has adopted new guidelines on anonymisation, web scraping for generative AI, and the use of blockchain technologies under the General Data Protection Regulation (GDPR). The measures aim to provide organisations with greater regulatory clarity while protecting individuals’ personal data rights.
The anonymisation guidelines set out criteria for determining when data can be considered anonymous, focusing on whether individuals can be isolated, linked to other datasets or reidentified through inference. The framework is intended to help organisations assess when data can be used without identifying individuals.
The web scraping guidance outlines the GDPR obligations associated with collecting online data to train generative AI models. The EDPB emphasises transparency, purpose limitation, data accuracy and data minimisation, while noting that processing sensitive personal data requires additional legal safeguards.
The Board also adopted its blockchain guidelines following public consultation, explaining how different blockchain architectures may affect GDPR compliance. The recommendations are intended to help organisations deploy blockchain technologies while addressing privacy challenges associated with decentralised data processing.
Why does it matter?
The EDPB’s guidance provides greater legal certainty for organisations developing AI and blockchain applications in Europe. As generative AI increasingly relies on large-scale data collection and blockchain adoption continues to expand, clearer GDPR expectations could shape how organisations collect, process and protect personal data.
The guidance also illustrates how European regulators are adapting long-standing data protection rules to emerging technologies without creating separate privacy frameworks for each new innovation.
Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!
