GDPR, CCPA, and Privacy Compliance for AI Agent Purchases — The Practitioner Playbook

§1 · The Threshold Question

The agent-as-data-processor question — three classifications, one correct answer.

Under GDPR Articles 4(7) and 4(8), every entity that touches personal data in your agent commerce stack occupies one of three roles. Getting this classification wrong is not a paperwork problem — it determines which legal instrument governs the data flow, which party bears which compliance obligations, and whether your data sharing with the runtime is lawful at all. This is not legal advice. Consult counsel before launch.

Controller

Data Controller

Determines why and how personal data is processed. If you operate the merchant stack that reads a customer's name, email, purchase history, and intent signal to execute a purchase through an AI agent — you are the data controller for that transaction. This is almost certainly your classification.

Processor

Data Processor

Processes personal data only on behalf of the controller under documented instructions. A cloud LLM API runtime — OpenAI API with an executed enterprise DPA, Anthropic API with its commercial DPA incorporated — fits this category when the merchant is the controller. The DPA must be executed. Free-tier usage does not qualify.

Joint Controller

Where two entities jointly determine purposes and means of processing. GDPR Article 26 requires a documented arrangement specifying each party's obligations. The ICO (January 2025) and CNIL (June 2024) both noted that developers and deployers of closed-access AI models may converge into joint controller status — a live regulatory risk operators cannot ignore.

Critical — DPA execution required

OpenAI's Data Processing Addendum states explicitly that the API customer is the Data Controller and OpenAI processes Customer Data as Data Processor — but only when the enterprise DPA is executed. Free-tier or non-enterprise usage carries broader OpenAI data rights and no processor classification. The same logic applies to Anthropic: processor status requires acceptance of Commercial Terms of Service that incorporates Anthropic's DPA. Verify execution before onboarding any EU or California user data to any runtime.

The honest practitioner answer

It depends on the contract structure — but every operator must answer the question before launch. Key facts that push toward processor status: (1) a signed DPA prohibiting the runtime from using data for any purpose except service delivery; (2) no model training on your customers' data without consent; (3) no retention beyond the service delivery window (OpenAI API retains Customer Data for a maximum of 30 days per its DPA, then deletes). Key facts that push toward joint or independent controller status: free-tier usage with no executed DPA, a runtime that uses conversation data to retrain its models, or a runtime that aggregates cross-merchant user signals.

The operational implication for the agents page trust layer: every agent listed must surface its data-handling role and link to its DPA. Merchants connecting agents via OAuth must verify the runtime's DPA status before any customer personal data flows through it. This is not legal advice. Consult counsel before launch.

Classification	GDPR Article	Required Instrument	Typical Agent Commerce Scenario	Key Risk If Wrong
Data Controller	Art. 4(7)	Privacy Policy + ROPA	Merchant operating the agent stack	Inadequate notice or no lawful basis
Data Processor	Art. 4(8)	Executed DPA (Art. 28)	OpenAI/Anthropic API on enterprise tier with executed DPA	No lawful transfer; data sharing = unauthorized disclosure
Joint Controller	Art. 26	Joint Controller Arrangement	Runtime that uses your data for own model improvement	No arrangement = both parties fully liable; no right of allocation
Independent Controller	Art. 4(7)	Separate compliance obligations for each party	Free-tier runtime with no DPA; cross-merchant aggregation	Disclosure to runtime = potential CCPA "sale"; GDPR transfer without basis

§2 · GDPR Article 6

The six GDPR lawful bases applied to agent transactions.

GDPR Article 6 enumerates six lawful bases for processing personal data. Applying one basis to your entire product is an audit failure — you need a documented basis for each distinct processing activity. For agent-mediated commerce, three bases do most of the work; the other three are edge cases. This is not legal advice. Consult counsel before launch.

Basis	Article	Agent Commerce Application	Conditions / Caveats	Common Mistake
Performance of Contract	Art. 6(1)(b)	Processing necessary to fulfill a purchase order: shipping address, payment authorization, order fulfillment, refund processing	Consumer must have intentionally invoked the agent to shop on their behalf — document this invocation in the UX flow	Using this basis for post-purchase marketing: marketing is NOT necessary for contract performance
Legitimate Interests	Art. 6(1)(f)	Fraud scoring during agent checkout; tool-call logging for abuse detection; purchasing-velocity anomaly detection	Requires documented 3-part test: (1) legitimate interest test; (2) necessity test; (3) balancing test. GDPR Recital 47 explicitly identifies fraud prevention as a legitimate interest	Skipping the balancing test documentation; using legitimate interests as a catch-all basis without per-activity analysis
Consent	Art. 6(1)(a)	Post-purchase marketing emails; building preference profiles for future personalization; sharing purchase data with retargeting platforms	Freely given, specific, informed, unambiguous. Must be as easy to withdraw as to grant. NOT the right basis for core transaction processing — withdrawal creates ambiguity about whether the purchase was legally completed	Using consent for the core transaction, then citing legitimate interests as fallback when user revokes — EDPB Opinion 3/2024 confirms this basis-switching is a violation
Legal Obligation	Art. 6(1)(c)	Retaining transaction records for tax purposes (typically 5–7 years, jurisdiction-dependent — re-verify before launch)	Must identify the specific legal obligation (VAT law, income tax regulation); retention period bounded by that obligation	Using legal obligation as a general retention justification without citing the specific statute
Vital Interests	Art. 6(1)(d)	Not applicable to commercial agent transactions	Limited to life-or-death scenarios	Citing vital interests for commercial purposes (not valid)
Public Task	Art. 6(1)(e)	Not applicable to private merchant agent stacks	Limited to public authorities and official authority mandates	Citing public task for private commerce (not valid)

Practitioner Note — Processing Inventory

Build a processing inventory table mapping every data flow in your agent stack to its specific GDPR lawful basis — and its equivalent US state law basis. Minimum required entries for an agent commerce stack: (a) transaction data → contract performance; (b) fraud prevention → legitimate interests with documented three-part test; (c) post-purchase marketing → consent, separately captured; (d) tax log retention → legal obligation, statute cited. Review this inventory with outside counsel before launch. This is not legal advice. Consult counsel before launch.

The EDPB Opinion 3/2024 warning on basis-switching

The European Data Protection Board's Opinion 3/2024 addressed a specific failure pattern that appears repeatedly in agent product launches: a merchant obtains consent for a processing activity, the user revokes consent, and the merchant switches to legitimate interests as a fallback basis to avoid halting the processing. The EDPB confirmed this is a violation. If you choose consent as your lawful basis for an activity, revocation of that consent means you must stop the processing — you cannot pivot to a different basis mid-stream. This makes basis selection a foundational architectural decision, not a post-launch edit. This is not legal advice. Consult counsel before launch.

§3 · CCPA / CPRA

CCPA/CPRA consumer rights for agent transactions.

The California Privacy Rights Act (CPRA, effective January 1, 2023, amending CCPA) grants California residents eight core rights. Each right maps differently to agent-mediated commerce — and several create technically novel obligations that most merchant stacks have not yet solved. This is not legal advice. Consult counsel before launch.

Consumer Right	Agent Commerce Application	Key Operational Gap
Right to Know / Access	Consumer can demand a list of personal information collected, categories, sources, purposes, third parties, and specific pieces. AI agent runtime conversation logs are in scope if they constitute personal information collected on the merchant's behalf.	Runtime logs often not mapped in data inventory; portability format (JSON/CSV) must be technically buildable at request time
Right to Delete	Merchant must delete AND direct all service providers and contractors to delete. OpenAI's DPA requires deletion within 30 days of DPA termination — but merchant must actively assert this right.	Deletion must propagate to runtime cache, vector stores, tool-call logs, and sub-processors — not just the merchant DB
Right to Correct	CPRA added the right to correct inaccurate personal information. Incorrect shipping address or order preference cached in an agent user profile must be corrected on request.	Correction in merchant DB does not automatically propagate to runtime embeddings or cached profiles
Right to Opt-Out of Sale/Share	Opt-out applies to sharing for cross-context behavioral advertising — regardless of whether money changes hands. Sharing customer data with an ad runtime constitutes "sharing" under CPRA.	Agent flows that pass customer context to advertising platforms without opt-out mechanism are exposed
Right to Limit Use of Sensitive Personal Information	CPRA defines SPI: precise geolocation, health information, racial/ethnic origin, biometric data, SSN, religious beliefs, sexual orientation. Agent runtimes capturing geolocation for shipping eligibility or health-adjacent product preferences are processing SPI.	Many merchants do not realize geolocation for shipping = SPI; additional consent and limitation controls required
Right to Opt-Out of ADMT	CPPA finalized Automated Decision-Making Technology (ADMT) regulations in October 2025. Agent decisions that "significantly affect" consumers — flagging a purchase as fraudulent, restricting account access — require pre-use notice, opt-out, and access to logic and outcomes.	Most agent fraud-scoring systems have no consumer-facing ADMT notice or opt-out mechanism
Right to Non-Discrimination	Merchants cannot deny goods, charge different prices, or provide different service levels because a consumer exercised CCPA rights.	Agent personalization systems must not degrade service quality for users who have opted out of profiling
Right to Data Portability	Consumer can request their personal information in a portable format. Portability must cover all data held across all layers — merchant DB, runtime logs, vector stores.	Building a cross-system portability export is technically non-trivial; must be tested before launch

The Service Provider vs. Third Party distinction — the most commercially consequential CCPA classification

Critical — Service Provider Test

An AI runtime is a CCPA service provider — and disclosure to it does NOT count as a "sale" — only if all three conditions are met simultaneously: (a) the merchant has a signed, CCPA-compliant written contract; (b) the contract prohibits the runtime from using data for its own commercial purposes; (c) the runtime does not retain, use, or disclose personal information outside the direct business relationship. If any condition fails, the runtime may be a "third party" — and the data disclosure may constitute a "sale" triggering opt-out rights, disclosure obligations, and enforcement exposure. This is not legal advice. Consult counsel before launch.

OpenAI's DPA puts the obligation explicitly back on the merchant: the operator "must not take any action that would render the provision of Customer Data to OpenAI a 'sale' or 'share' under U.S. Privacy Laws or render OpenAI not a 'service provider' under the CCPA." That means the merchant controls the classification through how the integration is configured — enabling model improvement opt-in on production customer data without user consent, for example, could disqualify the service provider classification. Verify your integration configuration matches your contractual obligations. This is not legal advice. Consult counsel before launch.

§4 · State Privacy Law Proliferation

Twenty US state privacy laws — thresholds, effective dates, and the ops implications.

As of current writing, 20 US states have enacted comprehensive privacy laws. The table below reflects thresholds as reported by authoritative legal and compliance sources. (Re-verify at the IAPP US State Privacy Legislation Tracker and state AG websites before launch — effective dates, thresholds, and enforcement details are subject to amendment.) This is not legal advice. Consult counsel before launch.

State	Law	Effective Date	Revenue Threshold	Consumer Count Threshold	Data Sale Revenue %
California	CCPA/CPRA	Jan 1, 2020 / Jan 1, 2023	$26.2M gross revenue (re-verify)	100,000 consumers	50% of revenue from selling/sharing PI
Virginia	VCDPA	Jan 1, 2023	None	100,000 consumers	25,000 consumers + >50% revenue from PI sale
Colorado	CPA	Jul 1, 2023	None	100,000 consumers	25,000 consumers + derives revenue from sale
Connecticut	CTDPA	Jul 1, 2023	None	100,000 consumers	25,000 consumers + >25% revenue from PI sale
Utah	UCPA	Dec 31, 2023	$25M gross revenue	100,000 consumers	25,000 consumers + >50% revenue from PI sale
Iowa	ICDPA	Jan 1, 2025	None	100,000 consumers	25,000 consumers + >50% revenue from PI sale
Montana	MTCDPA	Oct 1, 2024	None	50,000 consumers	25,000 consumers + >25% revenue from PI sale
Texas	TDPSA	Jul 1, 2024	None (not small biz)	N/A	N/A — applies to all non-small-biz that process/sell PI
Florida	FDBR	Jul 1, 2024	$1 billion gross revenue	N/A	50% of revenue from online advertising OR smart speaker/app store operator
Oregon	OCPA	Jul 1, 2024 (for-profit)	None	100,000 consumers	25,000 consumers + >25% revenue from PI sale
Delaware	DPDPA	Jan 1, 2025	None	35,000 consumers	10,000 consumers + >20% revenue from PI sale
New Hampshire	NHPA	Jan 1, 2025	None	35,000 consumers	10,000 consumers + >25% revenue from PI sale
New Jersey	NJDPA	Jan 15, 2025	None	100,000 consumers	25,000 consumers + derives revenue/discount from PI sale
Nebraska	NDPA	Jan 1, 2025	None (not small biz)	N/A	N/A — applies to all non-small-biz that process/sell PI
Tennessee	TIPA	Jul 1, 2025	$25M gross revenue	175,000 consumers	25,000 consumers + >50% revenue from PI sale
Minnesota	MCDPA	Jul 31, 2025	None	100,000 consumers	25,000 consumers + >25% revenue from PI sale
Maryland	MODPA	Oct 1, 2025 (compliance from Apr 1, 2026)	None	35,000 consumers	10,000 consumers + >20% revenue from PI sale
Kentucky	KCDPA	Jan 1, 2026	None	100,000 consumers	25,000 consumers + >50% revenue from PI sale
Indiana	INCDPA	Jan 1, 2026	None	100,000 consumers	25,000 consumers + >50% revenue from PI sale
Rhode Island	RIDTPPA	Jan 1, 2026	None	35,000 consumers	10,000 consumers + >20% revenue from PI sale

Operational Notes

Texas and Nebraska use SBA small-business definitions instead of revenue thresholds — if your entity is a non-small-business, both laws apply regardless of consumer volume. Florida's FDBR has a $1 billion threshold — most AgentMall merchants are out of scope, but verify. Montana's 50,000-consumer prong is lower than most states. Most state laws converge on the Virginia/Colorado model: controller duties, consumer rights (know, delete, correct, opt-out), and data protection assessments (DPIAs) for high-risk processing. A GDPR-standard DPIA generally satisfies the substance of state assessment requirements — but re-verify state-specific triggers with counsel. (Re-verify all thresholds and effective dates before launch.)

§5 · Consent Management Platforms

CMPs for agent commerce — and the critical gap no vendor has solved.

Consent Management Platforms automate the consent banner, preference storage, and consent-record audit trail required for GDPR (opt-in) and CCPA/US state law (opt-out) flows on human-facing web surfaces. The critical limitation: all major CMPs were designed for browser-based human-to-website interactions. Agent-mediated purchases bypass the browser consent layer entirely. This is not legal advice. Consult counsel before launch.

The Critical Gap

If a consumer interacts exclusively through an AI agent — no web browser, no cookie banner — the standard CMP consent capture mechanism does not trigger. Operators must implement a separate programmatic consent collection and storage mechanism for agent flows: consent captured at account registration or OAuth authorization, stored in a consent database that the agent runtime checks before processing personal data. The two-layer approach (browser CMP + programmatic consent database) is currently the only viable architecture given the state of CMP tooling.

Vendor	Entry Pricing (re-verify)	GDPR Support	CCPA/US State Support	Agent-Flow Accommodation	Best Fit
Termly	Free tier; Starter $14/site/month; Pro+ $20/site/month (re-verify)	Yes — IAB TCF 2.3, Google Consent Mode v2 on Pro+	Yes — 17+ US state laws as of current writing	None native — browser banner only; no documented agent/API consent capture mode	Early-stage merchants needing quick browser compliance; lowest cost entry
Iubenda	Free tier; Essentials from ~$6/site/month; Advanced ~$25/site/month; Ultimate ~$100/site/month (re-verify)	Yes — auto-updates for law changes; mobile SDK available	Yes — CCPA/CPRA, US state laws, geo-targeting on higher tiers	Mobile SDK available; no documented agent/API consent capture mode	Multi-jurisdiction early-stage; good policy generator; no native agent support
Cookiebot / Usercentrics	Cookiebot from ~€7/month; Usercentrics Web Essential from €7/month, Pro €30/month, Business €50/month (re-verify)	Yes — IAB TCF 2.2+, Google Consent Mode	Yes — CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA on all plans	None documented for agentic/API-first flows; session-based cookie banner model	Mid-market browser compliance; Usercentrics App CMP for mobile (€50–999/month, re-verify)
Osano	Starter ~$200–300/month; Business ~$500–1,200/month; Enterprise custom from ~$2,000/month (re-verify)	Yes — full GDPR; includes DSR workflow and data mapping	Yes — CCPA/CPRA and US state laws; visitor-volume-based pricing	Includes DSR automation which partially addresses agent-context erasure; no native agent consent capture	Mid-market with DSR workflow needs; best for merchants already processing erasure requests at volume
OneTrust	Minimum $10,000/year; Consent & Preferences from ~$827–1,100/month per domain; full GDPR suite ~$2,275/month (re-verify — pricing requires direct sales conversation)	Yes — enterprise-grade; AI Governance module available	Yes — all US state laws; most complete enterprise coverage	AI Governance module addresses AI-specific data processing risks; closest to agent-aware configuration available — but still no native agent commerce consent capture	Enterprises with full privacy ops stack; implementation fees can add $10,000–$50,000 (re-verify)

The two-layer recommendation for agent commerce

Layer 1 — Deploy a standard CMP (Termly or Iubenda for early-stage; OneTrust or Osano for mid-market and up) for your web/browser surfaces. This covers the majority of your consent capture for browser-originated users and satisfies the visual notice requirements regulators expect to see.

Layer 2 — Build a programmatic consent record system for agent-invocation flows. When a user grants OAuth consent to the agent (see the OAuth spoke for scope design specifics), include explicit consent language for each processing activity beyond transaction fulfillment. Store consent records with timestamp, user identifier, scope, and version of the consent text. The agent runtime must check this consent database before any processing activity that requires consent as its lawful basis. This is not legal advice. Consult counsel before launch.

Example — Programmatic Consent Record Schema (PostgreSQL)

CREATE TABLE agent_consent_records (
  id              UUID PRIMARY KEY DEFAULT gen_random_uuid(),
  user_id         UUID NOT NULL REFERENCES users(id),
  consent_scope   TEXT NOT NULL,
  -- e.g. 'marketing_email', 'personalization_profile', 'behavioral_analytics'
  consent_text    TEXT NOT NULL,
  -- full text of the consent language shown to the user
  consent_version VARCHAR(32) NOT NULL,
  -- version string of the consent text, e.g. 'v1.2.0'
  granted_at      TIMESTAMPTZ NOT NULL DEFAULT NOW(),
  revoked_at      TIMESTAMPTZ,
  -- NULL means consent is currently active
  ip_address      INET,
  oauth_session_id UUID REFERENCES oauth_sessions(id),
  created_at      TIMESTAMPTZ NOT NULL DEFAULT NOW()
);

-- Index for fast consent lookup per user and scope
CREATE INDEX idx_consent_user_scope ON agent_consent_records (user_id, consent_scope)
  WHERE revoked_at IS NULL;

-- Query: check whether a user has active consent for a given scope
SELECT COUNT(*) > 0 AS has_consent
FROM agent_consent_records
WHERE user_id = $1
  AND consent_scope = $2
  AND revoked_at IS NULL
LIMIT 1;

§6 · Right to Erasure

The right-to-erasure problem in AI agent commerce.

GDPR Article 17 gives EU data subjects the right to erasure "without undue delay." CCPA's right to delete requires the merchant to direct all service providers and contractors to delete as well. In a traditional e-commerce stack, "delete" means deleting a row in a database. In an AI agent commerce stack, personal data may be stored simultaneously across six distinct layers — and each requires a different deletion mechanism. This is not legal advice. Consult counsel before launch.

#	Storage Layer	What It Holds	Deletion Mechanism	Technical Challenge
1	Merchant Database	Order records, customer profile, shipping address, payment token	Direct SQL DELETE or anonymization; well-understood pattern	Referential integrity; audit log retention for tax compliance may limit full deletion
2	Agent Runtime Cache	In-session conversation memory (ephemeral; may persist for session duration)	Session expiry + explicit session invalidation API call	Session may not yet have expired when erasure request arrives; need API endpoint to force-clear
3	Long-Term Memory / Vector Stores	Cross-session user context in embeddings or vector databases (if the agent architecture uses persistent memory)	Delete vector records by user_id metadata filter; regenerate affected index segments	Embeddings may contain reconstructable personal data even after source record is deleted; deletion must include embedding regeneration
4	Tool Call Logs	Logs from external API calls (inventory lookup, payment authorization) executed by the agent — may be held by third-party services	Assert deletion rights against each third-party service; require written confirmation	Third-party services have their own retention policies; merchant must track sub-processor list and assert rights contractually
5	AI Runtime Training Pipeline	On free/non-enterprise tiers: conversation data may flow into model fine-tuning corpora	Prevented by enterprise DPA (model training prohibition); remediation requires runtime to purge training data	"Machine unlearning" — retraining a model to forget specific examples — is not yet deployable at commercial scale or certified as meeting full erasure standards
6	Sub-Processor Chains	Primary runtime may use named sub-processors (OpenAI's DPA delegates to named sub-processors with contractual protections)	Cascade deletion obligations through DPA sub-processor chain; require confirmation from each layer	Sub-processor list changes; 30-day advance notice clause in DPA must be monitored; cascade confirmation SLA may exceed response window

EDPB December 2024 Opinion on AI Models

The EDPB's December 2024 Opinion on AI models confirmed that individuals can exercise data subject rights "whenever AI models include personal data" — and that erasure rights extend to embeddings, model weights containing personal data, and derived artifacts. Regulatory guidance and case law have accepted anonymization, purging, and delisting as forms of compliance — but only if the data is rendered permanently irreversible. Filter-based mitigation (suppressing personal data from appearing in model outputs without full deletion) is acknowledged by some regulators as a partial interim measure, but its legal sufficiency is unresolved. This is not legal advice. Consult counsel before launch.

The DSAR workflow for agent transactions

A complete Data Subject Access Request (DSAR) workflow for agent commerce must cover five steps:

Intake and identity verification — confirm the requester is the data subject; the 30-day (GDPR) or 45-day (CCPA) response clock starts on verified receipt, not on submission.
Scope mapping — query merchant database, agent runtime logs, vector stores, and all sub-processors for records referencing the subject.
Deletion propagation — trigger deletion APIs at each of the six layers above; require sub-processors to confirm deletion in writing within the response window.
Audit trail — generate an immutable, timestamped receipt of: request receipt, identity verification, deletion execution, and downstream cascade confirmation.
Portability response — for access requests, compile all personal data held across all layers and return in a portable format (JSON, CSV).

For rights related to Automated Decision-Making: if your agent stack makes significant decisions using automated processing — flagging a purchase as fraudulent, restricting an account — both GDPR Article 22 and CCPA ADMT regulations require you to explain the logic and allow a human review appeal. This is not legal advice. Consult counsel before launch.

§7 · DPIA

Data Protection Impact Assessments for agent commerce — when mandatory and what to document.

GDPR Article 35(1) requires a DPIA where processing "using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons." Article 35(3)(a) mandates a DPIA automatically for any systematic and extensive evaluation of personal aspects based on automated processing on which decisions are made that significantly affect the person. AI agent-mediated purchasing decisions at scale are within the mandatory scope. The DPIA is required before you go live. This is not legal advice. Consult counsel before launch.

The nine WP29/EDPB high-risk indicators

The WP29/EDPB guidelines identify nine indicators of high-risk processing; any two typically trigger a DPIA requirement. An agent commerce stack at scale will typically hit multiple indicators simultaneously:

Indicator	Agent Commerce Application	Typically Present?
Automated decision-making with significant effect	Agent deciding what products to show, what price to offer, or whether to complete a transaction	Yes
Innovative use of new technology	AI agent runtime using LLM-based planning and tool execution	Yes
Data processed on a large scale	Any merchant processing at consumer scale	Yes, above threshold
Matching or combining datasets	Agent pulling purchase history + browsing behavior + real-time inventory + geolocation simultaneously	Yes
Denial of service / access	Agent denying a transaction for fraud reasons constitutes a decision about access to a service based on automated processing	Yes
Evaluation / scoring of individuals	Fraud scoring, trust scoring, purchasing velocity analysis	Yes
Sensitive data processing	Geolocation for shipping, health-adjacent product preferences (SPI under CPRA)	Context-dependent
Processing involving vulnerable populations	Depends on product category	Context-dependent
Systematic monitoring	Behavioral analysis of purchasing patterns for personalization	Yes, if personalization is active

DPIA template structure for agent commerce

The following five-section structure meets the GDPR Article 35(7) minimum requirements. This is a practitioner starting point — have outside counsel review before finalization. This is not legal advice. Consult counsel before launch.

Section 1 — Processing Description

Identity of the controller and DPO (if applicable). Description of the agent system: runtime vendor(s), tools invoked, data categories accessed (name, email, payment token, purchase history, IP address, device fingerprint). Purposes of processing: transaction fulfillment, fraud prevention, personalization. Data flows: merchant app → agent runtime (OpenAI/Anthropic/etc.) → payment processor → fulfillment system. Retention periods by data category. Sub-processors and their DPA status.

Section 2 — Necessity and Proportionality Assessment

Is the processing necessary for the stated purpose? Can the purpose be achieved with less data? Is data minimization applied — does the agent request only the minimum data needed for each tool call? Are retention limits enforced — is ephemeral context truly discarded after session close? Are data subject rights technically implementable — does your stack support DSAR, deletion propagation, and portability export?

Section 3 — Risk Assessment

Risk: Unauthorized access to agent conversation logs → Impact: high (PII exposure); Likelihood: medium → Mitigation: encryption at rest and in transit, access controls, sub-processor audit rights. Risk: Agent erroneously declines transaction based on fraud scoring → Impact: medium (denial of service); Likelihood: low → Mitigation: human review appeal path. Risk: Right-to-erasure propagation fails in vector store → Impact: high (GDPR non-compliance); Likelihood: medium → Mitigation: deletion API testing, audit log of erasure cascades. Risk: Agent runtime used for model training without user consent → Impact: high; Likelihood: low with DPA → Mitigation: enterprise DPA with training prohibition, contractual audit rights.

Section 4 — Measures to Address Risks

Technical: end-to-end encryption; PII detection at ingest (redact card numbers and SSNs before they enter agent context); purpose-locked agent goal definitions; execution trace logging; deletion APIs for each storage layer. Organizational: DPA executed with each runtime before data processing begins; DSAR workflow with defined SLAs; DPO consultation; incident response plan; annual sub-processor audit.

Section 5 — Residual Risks and DPA Consultation Trigger

If any high-risk residual cannot be mitigated, GDPR Article 36 requires consultation with the relevant supervisory authority before processing commences. This is a mandatory prior consultation — not a post-launch notification. Document residual risks clearly in the DPIA so that the Article 36 trigger is unambiguous. This is not legal advice. Consult counsel before launch.

§8 · Cross-Border Data Transfer

Schrems II, the EU-US DPF, and the Schrems III risk.

Following Schrems II (CJEU, July 2020), which invalidated the EU-US Privacy Shield, cross-border data transfers from the EEA to the US have required either Standard Contractual Clauses (SCCs), Binding Corporate Rules, or another Article 46 mechanism — each supplemented by a Transfer Impact Assessment (TIA) where required. The European Commission adopted an adequacy decision for the EU-US Data Privacy Framework (DPF) on July 10, 2023. If a runtime vendor is DPF-certified, transfers can proceed without SCCs or a TIA — but the merchant must verify the vendor's current certification on the DoC certification list before relying on it. DPF certifications require annual renewal. (Re-verify current DPF status before launch.) This is not legal advice. Consult counsel before launch.

Transfer Path	Current Mechanism	TIA Required?	Key Risk
Merchant (EU) → OpenAI API	SCCs via OpenAI Ireland Ltd DPA; or DPF if OpenAI holds current certification (re-verify)	No (DPF); Yes (SCCs)	DPF certification must be verified annually; SCC chain through OpenAI Ireland to US parent must be confirmed
Merchant (EU) → Anthropic API	SCCs incorporated automatically into commercial terms per Anthropic's DPA; Clause 14 requires documented TIA	Yes, documented in Clause 14	TIA must assess US government access laws; document before processing EU data
Merchant (EU) → Google Gemini API	Check Google's current DPF/SCC status (re-verify before launch)	Depends on mechanism selected	Google's status changes; rely on Google's DPA publication, not assumptions
Merchant (US) → Any runtime	No GDPR transfer mechanism required if data is US-origin; CCPA service provider contract still required	N/A for GDPR transfers	If serving EU users, merchant becomes a GDPR controller and all transfer rules apply from that point forward

Schrems III Risk — Maintain Parallel SCCs

The DPF, like its predecessors Safe Harbor and Privacy Shield, faces active legal challenges. NOYB has publicly stated intent to challenge the DPF. An operator relying exclusively on DPF as its transfer mechanism carries legal continuity risk: if the DPF is invalidated, transfers become unlawful overnight — as happened in Schrems I (2015) and Schrems II (2020). The prudent approach: maintain parallel 2021 SCCs with a documented TIA for each runtime vendor as a fallback mechanism. The operational overhead is modest compared to the continuity risk. Re-verify current legal status before launch. This is not legal advice. Consult counsel before launch.

The sub-processor chain problem

Most agent runtimes process data across multiple jurisdictions — US-headquartered companies with EU processing nodes, sub-processors in multiple countries. The DPA for each runtime must specify the transfer mechanisms for each sub-processor and jurisdiction. OpenAI's DPA states it transfers data from the EEA to other OpenAI affiliates via intra-group agreements incorporating SCCs — but the merchant must verify this chain annually and upon sub-processor changes. Your DPA with each runtime should include a 30-day advance notice clause for sub-processor changes, with a right to object. Build sub-processor list review into your annual vendor compliance audit. This is not legal advice. Consult counsel before launch.

§9 · PCI DSS 4.0

PCI DSS 4.0 and agent payment flows — keep card data out of agent context.

PCI DSS governs the handling of payment card data. The governing principle for agent commerce: if your agent stack never touches raw card data, PCI DSS scope is dramatically reduced. PCI DSS 4.0 became fully mandatory on March 31, 2024, and introduced new requirements relevant to AI/agent contexts. This is a light-touch overview — re-verify PCI DSS 4.0 specifics with a Qualified Security Assessor (QSA) before launch.

Architecture Pattern	PCI DSS Scope	PCI 4.0 Requirement Impact	Recommended Approach
Agent receives purchase intent; card entry via Stripe/Braintree/Adyen SDK	Minimal — merchant systems hold only payment token, not card data. Payment processor holds card data in its scope.	Req. 6.4.2 (automated web attack detection) still applies to the merchant's web surface; Stripe API key security is in scope	Recommended — architect all agent payment flows to this tokenization pattern
Agent receives card number as text from user (voice/chat)	Full PCI scope — agent runtime enters cardholder data environment; triggers network segmentation, access controls, QSA assessment	All PCI DSS 4.0 requirements apply; cost and complexity are substantial	Avoid this pattern; use DTMF masking for voice, redirect to PCI-scoped IVR, or present payment link that routes outside agent context
Agent stores payment token only	Reduced — token is non-sensitive; token vault managed by payment processor	Token storage must not be in same system as card data; access controls on token use still required	Preferred for repeat-purchase agent flows; token authorizes the agent to initiate charges without re-entering card data

Recommended — Stripe Tokenization Pattern for Agent Payment Flows

# The agent NEVER sees raw card data.
# Flow: user presents card in Stripe's hosted UI → Stripe returns a
# PaymentMethod ID → agent stores ONLY the PaymentMethod ID and
# uses it to initiate charges via the Stripe API.

import stripe
stripe.api_key = STRIPE_SECRET_KEY  # stored in secrets vault, never in agent context

def agent_initiate_charge(
    payment_method_id: str,  # e.g. "pm_1NqJBT2eZvKYlo2C5XXXXXXXX"
    amount_cents: int,
    currency: str,
    customer_id: str,
    idempotency_key: str,
    description: str
) -> dict:
    """
    Agent calls this function to complete a purchase.
    The agent receives ONLY the payment_method_id (a token),
    never the underlying card number, CVV, or expiry.
    """
    intent = stripe.PaymentIntent.create(
        amount=amount_cents,
        currency=currency,
        customer=customer_id,
        payment_method=payment_method_id,
        confirm=True,
        description=description,
        # idempotency key prevents duplicate charges on retry
        idempotency_key=idempotency_key
    )
    return {
        "status": intent.status,
        "payment_intent_id": intent.id,
        "amount": intent.amount,
        "currency": intent.currency
    }
    # The agent logs payment_intent_id and status.
    # It NEVER logs payment_method_id, card BIN, or any card data.

PCI DSS and GDPR/CCPA overlap where cardholder personal data (name, billing address) is processed — both regulatory frameworks cover this data, but with different regulatory bodies and enforcement frameworks. Cross-reference your payment processor's DPA with your GDPR/CCPA DPA stack to ensure consistent obligations. (Re-verify PCI DSS 4.0 specifics with a QSA before launch.)

§10 · Trust-Layer Interaction Map

The 4-layer agent-ready model — privacy compliance obligations by layer.

Privacy compliance is not a single policy — it is a stack of obligations that maps precisely to the four layers of the agent-ready trust model. Each layer has distinct compliance triggers, instruments, and failure modes. This is not legal advice. Consult counsel before launch.

Layer	Trust Spoke	Privacy / Compliance Obligation	Instrument / Mechanism	Failure Mode
Layer 1: OAuth + Identity	OAuth spoke	Verify user identity before any personal data flows to agent; scope OAuth tokens to minimum necessary data; token expiry limits data exposure window; consent capture at authorization step for CCPA service provider compliance	OAuth 2.0 scopes (data minimization); PKCE; short-lived tokens; programmatic consent record written at OAuth grant	Over-broad scopes create unnecessary data exposure; missing consent record means agent-flow GDPR consent basis is undocumented
Layer 2: Agent Authorization	Agents page	Each listed agent must declare: runtime vendor, DPA link, data categories processed, retention period, DSAR contact; manifest is the public record of data-handling role	Agent metadata on /agents page; DPA verification checklist; manifest schema with data_handling_role field	Missing DPA link or undeclared runtime means operator cannot verify processor classification before connecting a customer
Layer 3: Transaction Processing	This spoke (Privacy Compliance)	Core GDPR lawful basis (contract performance); CCPA service provider contract with runtime; PCI tokenization to keep card data out of agent context; DSAR response SLA	Executed DPAs; Stripe/payment processor SDK tokenization; consent record database check before each GDPR-consent-based processing activity	No DPA = unauthorized data disclosure; consent missing for marketing = GDPR violation; card data in agent context = full PCI scope
Layer 4: Post-Transaction	Fraud prevention + Privacy	DSAR flow for erasure/access/correction; right-to-erasure propagation across all six storage layers; marketing consent management; DPIA documentation and annual review	CMP for browser surfaces; programmatic consent database for agent surfaces; erasure cascade APIs covering merchant DB, runtime cache, vector stores, tool logs, sub-processors; immutable DSAR audit log	Deletion only in merchant DB while runtime/vector stores retain data = GDPR Article 17 violation; no DPIA = standalone Article 35 violation

Cross-Spoke Dependency

The OAuth scope design spoke and this privacy compliance spoke are operationally interlinked: the OAuth authorization step is the primary UX moment where programmatic consent is captured for agent flows. If that consent capture is missing from the OAuth flow, the entire GDPR consent basis for agent-flow processing activities is undocumented. Build these two spokes together, not sequentially. This is not legal advice. Consult counsel before launch.

§11 · Common Mistakes

Eight ways privacy compliance breaks in production.

1. Assuming the free-tier AI runtime is a GDPR processor

Merchants assume that because they are "the business," OpenAI or Anthropic is automatically their processor. On free/consumer tiers, these runtimes have broader data use rights and there is no executed DPA — meaning the processor classification the merchant is relying on does not legally exist. Exact fix: Execute the enterprise-tier DPA for every runtime before any customer personal data flows through it. Verify the DPA prohibits model training on your customers' data. (This is not legal advice. Consult counsel before launch.)

2. Applying a single GDPR lawful basis across all agent processing activities

The privacy policy states "legitimate interests" as the basis for all agent processing. Regulators identify that post-purchase marketing emails require consent, which was never collected. A single-basis approach is structurally wrong — each distinct processing activity needs its own documented basis. Exact fix: Build a processing inventory mapping each data flow to its specific lawful basis: (a) contract performance for transaction data; (b) legitimate interests with documented three-part test for fraud prevention; (c) consent for marketing; (d) legal obligation for tax retention. (This is not legal advice. Consult counsel before launch.)

3. No DSAR flow at launch

A user submits an erasure request. The merchant deletes the database record but the agent runtime's conversation logs — and potentially embeddings — are not addressed. This is a GDPR Article 17 violation even if no other non-compliance exists. Exact fix: Build the DSAR workflow before launch. Map every data store. Test an end-to-end erasure with synthetic data, verifying deletion confirmation is returned from each of the six layers. Establish a deletion SLA (30 days for GDPR, 45 days for CCPA) with a ticketing system. (This is not legal advice. Consult counsel before launch.)

4. Treating agent interaction logs as non-personal operational data

Logs of agent tool calls and conversation turns are retained indefinitely in the belief that they are system logs, not personal data. They contain order numbers, product preferences, and user identifiers — making them personal data under both GDPR and CCPA. Exact fix: Apply the same retention policy to agent interaction logs as to customer records. Document the legitimate interest basis for fraud-detection logs with a defined rolling retention period (e.g., 90 days). (This is not legal advice. Consult counsel before launch.)

5. No DPA with sub-processors of the runtime

Merchant executes a DPA with OpenAI but does not audit OpenAI's sub-processor list. OpenAI may use third-party safety tooling or infrastructure that processes customer data — the chain-of-contract requirement under GDPR Article 28 is unmet. Exact fix: Review the published sub-processor list for each runtime (OpenAI and Anthropic both publish these). Your DPA should require 30-day advance notice of sub-processor changes with a right to object. Build sub-processor review into your annual vendor compliance audit. (This is not legal advice. Consult counsel before launch.)

6. CMP deployed for the website but no consent mechanism for agent-only flows

The merchant deploys Termly or Iubenda on their website (a correct move). Users who access the merchant through an AI agent bypass the website entirely — no consent banner is shown, no consent is recorded. GDPR consent requirements for marketing processing are unmet for the entire agent user cohort. Exact fix: Build a programmatic consent capture at the agent OAuth authorization step, as described in the OAuth spoke. Store consent records with timestamp, user identifier, scope, and consent-text version. Check consent status before each agent processing activity that requires consent. (This is not legal advice. Consult counsel before launch.)

7. No DPIA before launch

Merchant launches without a DPIA, assuming the obligation applies only to enterprises. Under GDPR, processing without a required DPIA is a standalone violation — independent of whether any data breach occurred. An under-the-radar audit or a competitor complaint to a supervisory authority surfaces the gap post-launch. Exact fix: Complete and document a DPIA before processing any EU data at scale. Use the five-section template in §7. Have outside counsel review before sign-off. (This is not legal advice. Consult counsel before launch.)

8. Relying exclusively on EU-US DPF without backup SCCs

Merchant relies on DPF certification as the sole cross-border transfer mechanism for EU-to-US transfers to the runtime. A third Schrems ruling invalidates the DPF. Transfers become unlawful overnight — exactly as happened in Schrems I (2015) and Schrems II (2020). Exact fix: Maintain parallel 2021 SCCs with each runtime vendor as a fallback mechanism. Under the SCCs, maintain a documented TIA. The operational overhead is modest; the legal continuity risk of not doing this is substantial. (This is not legal advice. Consult counsel before launch.)

§12 · FAQ

Frequently asked questions.

Is an AI agent acting on a user's behalf always a "data processor" under GDPR?

Not automatically. The classification depends on the contract structure and actual processing behavior, not on labels in a document. If the agent runtime (OpenAI API, Anthropic, etc.) processes personal data only on your instructions and has signed a DPA that prohibits it from using that data for its own purposes, it is a processor. If the runtime uses your customers' data to improve its own models, or if it jointly determines the purposes and means of processing with you, it may be a joint controller or independent controller. The ICO and CNIL both published guidance in 2024–2025 confirming this is a case-by-case functional analysis. Execute a DPA with every runtime before processing EU customer data, and verify the DPA prohibits model training. This is not legal advice. Consult counsel before launch.

Do I need GDPR consent to process personal data for an AI agent purchase?

Consent is one of six lawful bases under GDPR Article 6, but it is not the right basis for the purchase transaction itself. The most appropriate basis for executing a purchase a consumer has requested is performance of contract (Article 6(1)(b)). For fraud prevention during checkout, legitimate interests (Article 6(1)(f)) with a documented balancing test is the appropriate basis. Consent is required for post-purchase marketing emails and for any behavioral profiling for future personalization. Using consent as the basis for core transaction processing is inadvisable because withdrawal of consent would retroactively destabilize the legal basis for a completed purchase. This is not legal advice. Consult counsel before launch.

When does an AI agent runtime become a "third party" under CCPA instead of a "service provider"?

A runtime becomes a third party if: (a) there is no written contract prohibiting the runtime from retaining, using, or disclosing personal information outside the business relationship; (b) the runtime retains data for its own commercial purposes (e.g., model training, cross-customer analytics); or (c) the disclosure of personal information involves valuable consideration that qualifies as a "sale" under CCPA's broad definition. If the runtime is a third party rather than a service provider, the merchant must treat the disclosure as a sale of personal information — triggering opt-out rights, disclosure obligations, and potential enforcement exposure. Practical fix: execute a signed, CCPA-compliant service provider contract with every runtime before processing California consumer data. This is not legal advice. Consult counsel before launch.

Does the EU-US Data Privacy Framework protect AI agent cross-border transfers indefinitely?

No. The DPF is the European Commission's adequacy decision for US companies that self-certify with the Department of Commerce. Its two predecessors (Safe Harbor, Privacy Shield) were both invalidated by CJEU rulings — Safe Harbor in Schrems I (2015) and Privacy Shield in Schrems II (2020). NOYB and other privacy advocates have publicly stated intent to challenge the DPF. A prudent operator maintains parallel Standard Contractual Clauses with each runtime vendor as a fallback, verified annually. (re-verify current DPF status before launch) This is not legal advice. Consult counsel before launch.

What exactly must be deleted when a user exercises the right to erasure in an agent commerce context?

The merchant must delete: (1) all personal data in its own systems referencing the subject; (2) all personal data held by service providers and processors at the merchant's direction; (3) agent conversation logs containing the user's personal data; (4) vector embeddings derived from conversations that can be used to reconstruct personal data; (5) any fine-tuning data containing the subject's information. The EDPB's 2024 Opinion on AI models confirmed that data subjects can assert erasure rights over AI model training data. Technical deletion of embeddings and fine-tuned weights is an unresolved practical challenge — current practice is to delete the source data, regenerate affected embeddings, and document that model fine-tuning data has been removed or that the model was retrained. This is not legal advice. Consult counsel before launch.

Do all US state privacy laws require a DPIA equivalent?

Most US comprehensive state privacy laws require a "data protection assessment" or "privacy risk assessment" for high-risk processing — including targeted advertising, sale of personal data, profiling for significant decisions, and processing sensitive personal information. This is functionally analogous to the GDPR DPIA, though the statutory requirements and triggers differ state by state. California's CPRA regulations finalized in October 2025 require risk assessments for activities presenting "significant risk" to consumer privacy. Colorado, Connecticut, Virginia, Oregon, Nebraska, and most other state laws have similar requirements. A single GDPR-standard DPIA covering your agent commerce stack will generally satisfy the substance of US state assessment requirements — but re-verify specific requirements with counsel for each state you operate in. This is not legal advice. Consult counsel before launch.

Which CMP should an early-stage merchant use for an agent commerce product?

For an early-stage merchant (under 100,000 monthly users, primarily US market), Termly Pro+ ($20/site/month, re-verify) or Iubenda Advanced (~$25/site/month, re-verify) are cost-effective starting points for browser-based consent management. Both cover GDPR and 17+ US state laws and auto-update policies when laws change. Neither has native agent-flow consent capabilities — you must build a programmatic consent database separately for agent interactions. For a merchant with meaningful EU user exposure and above 100,000 users, Osano Business ($500–1,200/month, re-verify) adds DSR workflow automation. For enterprises already invested in a full privacy operations stack, OneTrust (minimum $10,000/year, re-verify) offers the most complete coverage including an AI Governance module. This is not legal advice. Consult counsel before launch.

Is PCI DSS in scope for an agent commerce merchant that uses Stripe for payments?

If your agent never receives, stores, or transmits raw payment card data (primary account numbers, CVVs, expiry dates) — because Stripe or another PCI-compliant processor handles card capture and tokenization — your PCI DSS scope is minimal. You remain responsible for: using Stripe's SDKs correctly (not logging or transmitting card data through your own servers), maintaining your Stripe API keys securely, and completing the appropriate SAQ (Self-Assessment Questionnaire) with your acquiring bank. If your agent architecture routes through a voice or chat interface where users could speak or type card numbers into the agent context, that is a scope-in scenario that must be addressed with DTMF masking, transcript redaction, or routing to a PCI-scoped IVR before card capture. (re-verify PCI DSS 4.0 specifics with a QSA before launch)

§13 · Step-by-Step

The 30-day rollout, in five steps.

Each step mirrors the HowTo JSON-LD at the top of this page word for word. This is not legal advice. Consult counsel before launch — use this checklist as a starting point for that conversation, not a substitute for it.

Step 1 — Classify and contract with every data processor in your stack

Before processing any customer personal data, execute a GDPR-compliant DPA and a CCPA-compliant service provider contract with: every AI runtime (OpenAI, Anthropic, Google, or equivalent); your payment processor; your analytics platform; your CMP vendor; and any other third party that receives personal data. For each runtime, verify: (a) the runtime is classified as a data processor under the DPA; (b) model training on your customers' data is prohibited; (c) retention limits are defined; (d) deletion obligations are contractually enforceable; (e) sub-processor notification obligations are specified. Document the completed DPA stack in your Records of Processing Activities (ROPA) per GDPR Article 30.

Step 2 — Document a lawful basis for every distinct processing activity

Build a processing inventory table mapping each data flow to its GDPR lawful basis and US state law equivalent. Minimum required entries: transaction data (contract performance); fraud prevention (legitimate interests + documented balancing test); marketing follow-up (consent — requires separate capture); log retention for tax/legal purposes (legal obligation — document applicable statute and retention period). Review this inventory with outside counsel before launch. Note: consent for marketing must be captured separately from the transaction consent, with specific language, and must be as easy to withdraw as to grant.

Step 3 — Build the DSAR workflow and test end-to-end deletion before launch

Map every data store in your stack. Build intake logic (web form, email, or API endpoint) that starts the 30/45-day response clock on verified receipt. Build deletion propagation: (a) delete from merchant database; (b) call deletion API for each runtime sub-processor; (c) delete from vector stores and embeddings; (d) confirm deletion from each layer with a timestamped audit log. Run a full end-to-end erasure test with synthetic data before your first production customer. Document the test in your DPIA.

Step 4 — Deploy a CMP for browser surfaces and a programmatic consent database for agent-invocation flows

Deploy Termly, Iubenda, or equivalent on your web/browser properties before EU or California users can access them. For agent-mediated interactions that bypass the browser, build a consent capture at the OAuth authorization step: present specific consent language for each processing activity beyond transaction fulfillment; store consent records with timestamp, user identifier, scope, and consent-text version; check consent status before each agent processing activity. This two-layer approach is required because existing CMPs do not natively support agent flows.

Step 5 — Complete and document a DPIA, and re-verify annually

Using the template structure in Section 7, complete a DPIA covering your agent commerce processing before you go live with EU user data or US consumer data at scale. Have outside counsel review before finalization. Document the DPIA in your ROPA. Schedule an annual DPIA review — and trigger an ad hoc review whenever you add a new AI runtime, change a sub-processor, or materially change the data flows (as required by GDPR Article 35(11)). If the DPIA identifies residual high risks that cannot be mitigated, consult the relevant supervisory authority before processing begins (GDPR Article 36).

§14 · Sources — and a reminder: this is not legal advice. Consult counsel before launch.

Regulatory citations and reference sources.

This is not legal advice. Consult counsel before launch. All URLs verified at time of research. Re-verify before reliance — legal and pricing content changes frequently. Every legal threshold, vendor contract clause, and regulatory citation in this guide must be confirmed with qualified privacy counsel before you act on it.

#	Source	Topic	URL (re-verify before reliance)
1	GDPR Article 6 — Lawfulness of Processing	Lawful bases text	https://gdpr-info.eu/art-6-gdpr/
2	GDPR Article 26 — Joint Controllers	Joint controller arrangement requirements	https://gdpr-info.eu/art-26-gdpr/
3	GDPR Article 35 — DPIA	Mandatory DPIA triggers	https://gdpr-info.eu/art-35-gdpr/
4	European Commission — Controller vs. Processor definitions	Controller / processor definitions	https://commission.europa.eu/law/law-topic/data-protection/rules-business-and-organisations/obligations/controllerprocessor/what-data-controller-or-data-processor_en
5	EDPB — Data Controller or Data Processor guidance for SMEs	SME compliance guidance	https://www.edpb.europa.eu/sme-data-protection-guide/data-controller-data-processor_en
6	CNIL — Determining Legal Qualification of AI System Providers (June 2024)	AI joint controller analysis	https://www.cnil.fr/en/determining-legal-qualification-ai-system-providers
7	Paul Weiss — EDPB Opinion on AI Models and GDPR (January 2025 summary)	EDPB December 2024 AI opinion	https://www.paulweiss.com/insights/client-memos/european-regulators-provide-guidance-on-the-use-of-personal-data-in-artificial-intelligence
8	ICO — Legitimate Interests Basis	Legitimate interests three-part test	https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/lawful-basis/legitimate-interests/what-is-the-legitimate-interests-basis/
9	ICO — When Do We Need to Do a DPIA?	DPIA triggers and guidance	https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/data-protection-impact-assessments-dpias/when-do-we-need-to-do-a-dpia/
10	Irish Data Protection Commission — DPIA guidance	DPIA practical guidance	https://www.dataprotection.ie/en/organisations/know-your-obligations/data-protection-impact-assessments
11	OpenAI Data Processing Addendum	Processor classification, 30-day retention, SCC provisions	https://openai.com/policies/data-processing-addendum/
12	Anthropic DPA / Privacy Center	SCCs incorporated into commercial terms	https://privacy.claude.com/en/articles/7996862-how-do-i-view-and-sign-your-data-processing-addendum-dpa
13	European Commission — Standard Contractual Clauses (2021)	2021 modernized SCCs	https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
14	Alston & Bird — EU-US DPF vs. SCCs Analysis (July 2023)	DPF adequacy decision, TIA requirements	https://www.alston.com/en/insights/publications/2023/09/eu-us-data-privacy-framework
15	activeMind.legal — EU-US Data Privacy Framework Guide	DPF practical guide	https://www.activemind.legal/guides/eu-us-data-privacy-framework/
16	California Office of the Attorney General — CCPA	CCPA statutory text and guidance	https://oag.ca.gov/privacy/ccpa
17	IAPP — CCPA Service Provider Definition Analysis (July 2019)	Service provider vs. third party test	https://iapp.org/news/a/how-to-know-if-your-vendor-is-a-service-provider-under-ccpa
18	Securiti — CPRA vs. CCPA comparison	CPRA amendments overview	https://securiti.ai/cpra-vs-ccpa/
19	Jackson Lewis — CCPA/CPRA FAQs including ADMT regulations	ADMT regulations, consumer rights	https://www.jacksonlewis.com/insights/navigating-california-consumer-privacy-act-30-essential-faqs-covered-businesses-including-clarifying-regulations-effective-1126
20	Securiti — CCPA Automated Decision-Making Regulations	ADMT finalized Oct 2025	https://securiti.ai/ccpa-automated-decision-making-technology/
21	Usercentrics — US State Data Privacy Effective Dates and Thresholds	State law thresholds (re-verify before launch)	https://usercentrics.com/us/knowledge-hub/us-state-data-privacy-effective-dates-and-thresholds/
22	Osano — US Data Privacy Laws Guide	State law overview (re-verify before launch)	https://www.osano.com/us-data-privacy-laws
23	Mintz — 2024 Round-Up on State Consumer Data Privacy Laws	State law 2024 updates	https://www.mintz.com/insights-center/viewpoints/2826/2025-01-02-_024-round-state-consumer-data-privacy-laws
24	White & Case — 2025 State Privacy Laws	2025 compliance requirements	https://www.whitecase.com/insight-alert/2025-state-privacy-laws-what-businesses-need-know-compliance
25	IAPP US State Privacy Legislation Tracker (re-verify before launch)	Real-time state law tracker	https://iapp.org/resources/article/us-state-privacy-legislation-tracker/
26	IAPP — Engineering GDPR Compliance in the Age of Agentic AI (October 2025)	Agentic AI GDPR engineering guidance	https://iapp.org/news/a/engineering-gdpr-compliance-in-the-age-of-agentic-ai
27	Leiden Law Blog — Erasing Personal Data in an AI Era	EDPB opinion on deletion rights	https://www.leidenlawblog.nl/articles/erasing-personal-data-in-an-ai-era
28	Termly — Pricing (re-verify before purchase)	CMP pricing	https://termly.io/pricing/
29	Iubenda — Pricing (re-verify before purchase)	CMP pricing	https://www.iubenda.com/en/pricing/
30	Usercentrics — Pricing (re-verify before purchase)	CMP pricing	https://usercentrics.com/us/pricing/
31	Osano via Vendr — Pricing ranges (re-verify before purchase)	CMP pricing	https://www.vendr.com/marketplace/osano
32	OneTrust Pricing Analysis via Enzuzo (March 2026) (re-verify)	Enterprise CMP pricing	https://www.enzuzo.com/blog/onetrust-pricing-for-compliance
33	Fortanix — PCI DSS Tokenization	Tokenization architecture	https://www.fortanix.com/blog/tokenization-as-a-key-tool-for-pci-dss-compliance
34	Telnyx — PCI Compliance Checklist including AI agent scope	PCI 4.0 AI agent scope	https://telnyx.com/resources/pci-compliance-checklist
35	TrustArc — GDPR Article 35 DPIA guidance	DPIA template and process	https://trustarc.com/resource/data-protection-impact-assessment-article35/
36	MultiState — 20 State Privacy Laws in Effect 2026	2026 state law effective dates	https://www.multistate.us/insider/2026/2/4/all-of-the-comprehensive-privacy-laws-that-take-effect-in-2026
37	European Parliament Study — Impact of GDPR on AI (2020)	Academic foundation	https://www.europarl.europa.eu/RegData/etudes/STUD/2020/641530/EPRS_STU(2020)641530_EN.pdf

This is not legal advice. Consult counsel before launch. The publisher and 30DayPivot.com accept no liability for any legal, business, financial, technical, or other loss arising from the application of information contained in this guide. Every legal threshold, vendor contract clause, and regulatory citation must be confirmed with qualified privacy counsel before you act on it.

§15 · Continue the Guide

The trust layer continues — next spokes.

Trust Spoke · OAuth

OAuth for Agents

Delegated purchase authority, spending limits via RFC 9396 rich authorization requests, the RFC 7009 revoke path, and MCP OAuth. OAuth scope design is operationally part of CCPA service provider compliance.

Trust Spoke · Agents Page

The Agents Page

The manifest that declares each agent runtime's data-handling role, DPA status, and compliance signals — the public record regulators and consumers rely on when evaluating your agent stack.

AgentMall · Roadmap

AgentMall Roadmap

The complete trust and identity layer map for agent-ready commerce. All spokes, sequencing, and operator-direct patterns in one place.

Trust Spoke · Cloudflare

Cloudflare Bot Verification

Separating legitimate AI agent traffic from malicious bots at the edge — the first line of defense before any personal data enters your stack.

Trust Spoke · Fraud

Fraud Prevention

Agent-mediated checkout fraud patterns, velocity checks, and the legitimate interests basis that makes fraud screening compliant with GDPR Article 6(1)(f).

Trust Spoke · Reviews

Verified Reviews

Trust signals that survive agent-mediated discovery — verified purchase data, structured review schemas, and the anti-manipulation controls that keep review data defensible.

Trust Spoke · Security

Security

End-to-end security architecture for agent commerce stacks — encryption, access controls, incident response, and the controls that make your DPA obligations technically enforceable.

The Window

The compliance layer is the trust layer.

Every DPA you execute, every lawful basis you document, every erasure cascade you test — these are not bureaucratic overhead. They are the technical and legal controls that make agent-mediated commerce a category consumers and regulators can trust. The operators who build this correctly before launch are not just compliant — they are the ones whose agent integrations survive the first regulatory inquiry, the first data subject request, and the first Schrems ruling their competitors weren't ready for. The window is open. Build the compliance layer now, while the architectural decisions are still yours to make. This is not legal advice. Consult counsel before launch — and then open the roadmap.

Open the AgentMall Roadmap →