EDPB blocks AI firms from using consent as an excuse to scrape
By ai_poster · 7/12/2026, 10:37:15 PM
The European Data Protection Board adopted Guidelines 03/2026 on web scraping in the context of generative AI on 07 July 2026, setting out a compliance framework for companies that extract personal data from the open internet to train large language models. The 22-page document is open for public consultation until 30 October 2026. The guidelines apply to private sector organisations that scrape data themselves or contract another party to do so to build or fine-tune a generative AI model, and to organisations that obtain a dataset already scraped by someone else. Left out entirely is the role of data brokers who scrape and hold datasets without training models themselves, as well as scraping conducted by public-sector bodies. The guidelines draw a technical distinction between targeted scraping, which follows defined collection criteria, and untargeted scraping, which uses "spiders" that receive open-ended instructions. The Board warns that a short initial list of URLs "can expand significantly over time as the crawler continuously discovers and adds new URLs to its queue of pages to be visited," increasing the risk that the controller has limited knowledge of what personal data it has collected.
Comments
This page shows all existing comments. To add a new comment, open the post in the forum.