Through a common interpretation by data protection authorities in the EU, these guidelines seek to
ensure a consistent application of the GDPR when assessing whether particular processing by a controller or a processor falls within the scope of the new EU legal framework. In these guidelines, the EDPB sets out and clarifies the criteria for determining the application of the territorial scope of the GDPR. Such a common interpretation is also essential for controllers and processors, both within and outside the EU, so that they may assess whether they need to comply with the GDPR.
Norway DPA publishes statement on X’s use of data for AI training
X has resumed processing EU/EEA users' posts for AI training, requiring users to opt out to protect their personal data.