The EDPB Is Asking About Your AI Agents. Most Teams Can't Answer.

On March 19, 2026, the European Data Protection Board launched its fifth Coordinated Enforcement Action — and 25 Data Protection Authorities across Europe started contacting organizations with a specific question about their data processing. The question sounds straightforward. For teams running AI agents, it exposes a gap that logs alone cannot close. The question: can you document what personal data you processed, in which sessions, on what legal basis, and with what protections in place? For a standard web application, this is answerable. For most AI agent deployments, it isn't — not because the data isn't there, but because agents don't have a bounded, predictable data footprint. An agent decides in real time which records to pull into its context window. That decision shifts with every session, every input, every tool call. And most teams have no session-level record of what the agent actually touched. GDPR transparency obligations — as codified in Articles 12, 13, and 14 — requir

The EDPB Is Asking About Your AI Agents. Most Teams Can't Answer.

Related Articles

Put your SSH keys in your TPM chip

Ursa - a new Iceberg-first storage engine for Kafka

Capsicum vs seccomp: Process Sandboxing

My Finance Team Spends 2 Days Every Month on Invoice Matching. Its Insane.

Why Aren't We uv Yet?

Related Articles

News
Put your SSH keys in your TPM chip
Lobsters • 20m ago

News
Ursa - a new Iceberg-first storage engine for Kafka
Lobsters • 1h ago

News
Capsicum vs seccomp: Process Sandboxing
Lobsters • 2h ago

News
My Finance Team Spends 2 Days Every Month on Invoice Matching. Its Insane.
Dev.to • 3h ago

News
Why Aren't We uv Yet?
Lobsters • 4h ago