July 13, 2026
By Tobias Onojeghuo
The EDPB has adopted new guidelines clarifying anonymous data by incorporating recent CJEU regulations. Data is anonymous only when it does not relate to an identified or identifiable individual. A practical framework (no isolation, no linkage, no inference) now helps organisations test anonymisation success, with options for both a contextual and a simplified approach.

The Board also addressed web scraping for generative AI, confirming that GDPR applies fully. Controllers must prioritise purpose limitation and transparency. While legitimate interest may serve as a legal basis, special category data remains strictly prohibited without both Art. 6 and Art. 9(2) exceptions.
Following public consultation, the EDPB finalised its blockchain guidelines, helping organisations navigate GDPR compliance across different architectures.
Both the anonymisation and web scraping guidelines are open for consultation until 30 October 2026. These publications reflect the EDPB's commitment to collaborative dialogue, offering practical tools to protect fundamental rights while enabling responsible data use and AI innovation.