If you have a booking form on your site and are implementing WebMCP, you must explicitly specify which actions the agent can perform autonomously (e.g., checking available times) and which require user confirmation (e.g., final booking with personal data). In practice, check whether your form collects a name, email, or phone number — if so, every AI action on this data requires explicit consent from the person on whose behalf the agent acts.
Template to copy: "If the AI agent makes a booking, ensure that the user has
given explicit consent to process the data in this context, as GDPR requires
clear consent for automated processing of personal data. In practice, add
the attribute data-mcp-requires-confirmation="true" to forms
collecting personal data."
The client asks ChatGPT: "Book me an appointment at the hairdresser on Friday at 2:00 PM." If the salon has implemented WebMCP, the AI agent can do this directly, without her clicking through the form. Sounds like a convenience. And it is — but only if the salon has taken care of one thing: a clear boundary between what the agent can do alone and what requires confirmation.
This is not a technical issue. It is a GDPR issue.
Why This Matters in 2026
WebMCP is a W3C WebMCP Community Group protocol that allows sites to describe available actions in a way that AI models can understand. Instead of guessing how to fill out a form, the agent reads the site owner's declaration: "I have a search function for appointments" or "I have a contact form that collects names and emails."
By 2026, more and more AI assistants (ChatGPT Operator mode, Claude Computer Use, Gemini Actions) are able to perform tasks on behalf of users: clicking, filling out forms, initiating transactions. McKinsey estimates that by 2027, over 30% of e-commerce interactions in Europe will be initiated by AI agents, not by direct clicks (McKinsey Digital, 2025).
For the owner of a salon, clinic, or store, a question arises that did not exist a year ago: what happens to my client's data when AI fills out the form?
GDPR (Regulation 2016/679) was not written with AI agents in mind, but its principles fully apply. Article 22 states explicitly: individuals have the right not to be subject to a decision based solely on automated processing if that decision produces legal effects concerning them or similarly significantly affects them.
Booking an appointment with personal data is a decision with legal effects. An AI agent making that booking without asking the user is on slippery ground.
How WebMCP Differs from a Regular Form
A classic booking form: the user sees it, fills it out manually, and clicks "Submit." Each step is a conscious decision by a human.
WebMCP: the AI agent fills out the form programmatically, in the background, without direct user interaction with your site's interface. The user has given consent to the AI assistant (e.g., ChatGPT) to perform a task on their behalf — but did they give your company permission to process their data?
| Scenario | Who Decides | GDPR Issue | | ---------------------------------------------- | -------------------------- | ---------------------------------------- | | User fills out the form | Human | None — consent given directly | | Agent checks available times | AI (read only) | None — no processing of personal data | | Agent books an appointment with name and email | AI (data saved) | Requires verification of consent | | Agent pays with user's card | AI (financial transaction) | Very high risk — legal analysis required |
Step by Step: How to Implement WebMCP in Compliance with GDPR
- Divide Actions into Two Types
Review all forms on your site and assign them to two groups.
Safe actions (the agent can perform independently): check available times, search for a product by parameters, read opening hours and pricing, check order status (without sensitive data).
Actions requiring confirmation: booking with name, email, or phone, purchasing a product, filling out a contact form, cancelling or changing an existing booking.
BadI'm implementing WebMCP site-wide and leaving the default settings.BetterI mark each action with the attribute data-mcp-requires-confirmation="true" for forms collecting personal data and data-mcp-safe="true" for read-only actions.<!-- Searching for available times — safe, no personal data --> <form data-mcp-action="search-availability" data-mcp-safe="true"> <input type="date" name="date" data-mcp-param="preferredDate" /> <input type="text" name="service" data-mcp-param="serviceType" /> <button type="submit">Check Availability</button> </form> <!-- Final booking — requires confirmation from the user --> <form data-mcp-action="book-appointment" data-mcp-requires-confirmation="true"> <input type="text" name="name" data-mcp-param="clientName" /> <input type="email" name="email" data-mcp-param="clientEmail" /> <input type="tel" name="phone" data-mcp-param="clientPhone" /> <button type="submit">Book</button> </form>
- Update Your Privacy Policy
Your privacy policy should now describe not only how you collect data, but also that it may be transmitted by automated AI agents acting on behalf of the user.
BadWe collect data through contact forms on the site.BetterPersonal data may be transmitted by AI assistants (e.g., ChatGPT, Claude) acting on behalf of the user based on their prior consent to that assistant. In all cases, we process data solely for the purposes of fulfilling bookings and based on Art. 6(1)(b) GDPR (contract).Note for dental clinics: if the data includes information about the service (e.g., "preventive visit"), it may be sensitive data of a special category (Art. 9 GDPR). Legal consultation is mandatory, not optional.
- Choose a Consent Verification Mechanism
When the AI agent performs an action requiring confirmation, there must be a moment in which the user consciously approves the transmission of data to your company. You have three options:
Mechanism A: confirmation on the AI assistant's side. The agent shows the user: "I will soon send your name, email, and selected time to the salon. Do you confirm?" The user clicks YES in the AI interface. GDPR compliant, but requires that the AI assistant is configured to ask for consent.
Mechanism B: confirmation on your site. After the agent's action, the site returns: "Your booking is almost ready. Click the link to confirm and give consent for data processing." The user receives an email or SMS and clicks confirmation. Legally safer, but adds a step.
Mechanism C: fallback to traditional form. The AI agent does not finalize the booking by itself — it opens the form on the site with pre-filled fields and allows the user to click "Submit" themselves. Easiest to implement, GDPR compliant.
For a beauty salon with a low volume of bookings: start with Mechanism C. Legal risk is minimal, implementation is simple.
- Describe Actions in server-cards.json
WebMCP requires a description of available actions in the
server-cards.jsonfile or directly in HTML attributes. When describing actions, indicate the consent requirements:{ "name": "Kowalska Hair Salon", "version": "1.0", "actions": [ { "id": "search-availability", "name": "Check Available Times", "type": "query", "requiresPersonalData": false, "requiresConfirmation": false, "description": "Returns available times for the selected service and date. Does not collect personal data." }, { "id": "book-appointment", "name": "Book Appointment", "type": "mutation", "requiresPersonalData": true, "requiresConfirmation": true, "personalDataFields": ["clientName", "clientEmail", "clientPhone"], "legalBasis": "Art. 6(1)(b) GDPR", "description": "Creates a booking. Requires personal data and confirmation from the user." } ] }An AI model reading this file before performing actions knows that
book-appointmentrequires confirmation. If not properly designed, your site should serve as the last line of defense. - Add a Contact Address for GDPR Issues
When the AI agent acts on behalf of the user, the question "who is responsible for the data?" is no longer straightforward. Your site must include clear information: who is the data controller (your company name, address, VAT ID), how to withdraw consent or delete data, how long you keep booking data.
Minimal implementation: site footer with a link to the privacy policy and an email address for GDPR matters. If you operate in the medical or educational sector, a formal Data Protection Officer (DPO) is required.
- Test the Agent Workflow
Before publishing the WebMCP configuration, test two scenarios.
Scenario A (safe action): ask your AI assistant or simulator to check available times without providing any personal data. Verify that the site does not collect any personal data and the response contains only availability.
Scenario B (action requiring consent): ask the agent for a full booking. Check if a confirmation step appears — on either the agent's or your site's side. If data enters the database without any confirmation step from the user, you have a GDPR problem.
Ready-Made Templates for Implementation
Template 1: Message on Data Processing by AI Agent
Add this text next to each form collecting personal data that is available through WebMCP:
"Your data may be sent by an AI assistant acting on your behalf. We process it solely for the purpose of fulfilling the booking (Art. 6(1)(b) GDPR). More: [Privacy Policy]."
Template 2: HTML Attributes for Standard Forms
<!-- Contact Form — requires confirmation --> <form data-mcp-action="contact-inquiry" data-mcp-requires-confirmation="true" data-mcp-legal-basis="consent" data-mcp-retention="12 months" > <!-- form fields --> </form> <!-- Quote Form without personal data — safe --> <form data-mcp-action="price-estimate" data-mcp-safe="true" data-mcp-requires-confirmation="false" > <!-- form fields --> </form>
Template 3: Server Response for Actions Requiring Confirmation
{
"status": "pending_confirmation",
"message": "Booking is awaiting confirmation. Link sent to {email}.",
"confirmationRequired": true,
"confirmationMethod": "email"
}Implementation Checklist for WebMCP in Compliance with GDPR
- Inventoried all forms on the site
- Categorized actions into 'safe' and 'requiring confirmation'
- Marked forms with attributes data-mcp-safe or data-mcp-requires-confirmation
- Updated privacy policy to mention AI agents
- Defined legal basis for data processing (Art. 6 GDPR)
- Verified if the form collects data of a special category (Art. 9 GDPR)
- Implemented a consent verification mechanism (A, B, or C)
- Added the server-cards.json file with action descriptions and consent requirements
- Tested safe action scenario (without data)
- Tested consent-requiring action scenario
- Checked that data does not enter the database without a confirmation step
- Added a contact address for GDPR issues to the site footer
- Defined data retention period for booking data
- Checked that all forms collecting personal data have HTTPS
- Consulted with a lawyer if operating in the medical or educational sector
- Set up a link to the privacy policy next to every form accessible through WebMCP
7-Day Mini Plan for Implementation
Inventory — go through all pages of your site. List every form: name, what it collects, whether it collects personal data. A table in a spreadsheet will suffice.
Decision on confirmation mechanism — based on your inventory, choose mechanism A, B, or C for each form collecting personal data. For a small salon, start with mechanism C.
HTML attributes — add
data-mcp-*attributes to forms. These are invisible to users and you do not need to change the appearance of the site.server-cards.json — create or update the
server-cards.jsonfile. If you do not have this file, day 4 is for writing it from scratch.Privacy policy — update the privacy policy. If you use a standard template from a lawyer or platform, add a paragraph about AI agents. If you do not have a privacy policy — today is that day.
Testing — test both scenarios from step 6. Check if the backend behaves as expected.
Review and publish — ensure that the privacy policy is accessible from every subpage. Publish the WebMCP configuration.
Common Mistakes
Common assumption: "The user accepted the AI assistant's terms, so they have consent for everything." This is a mistake. User consent to use ChatGPT is consent for OpenAI, not for your company. Each data controller needs its own legal basis.
How to check: find mention of the legal basis for processing in your privacy policy. If it is missing, that is a clear answer.
server-cards.json without differentiation between
query (read only) and mutation (data write) means
the AI agent does not know which actions are safe. It could perform a write
of personal data without any confirmation mechanism.
Website owners often configure WebMCP, check if the site "technically works," and stop there. They do not verify whether personal data actually does not enter the database without user confirmation. Testing with an AI assistant or simulator is the minimum before launching.
How to Measure the Effects of Implementation
GDPR compliance does not have a single indicator. But several signals suggest that the implementation is going well:
- Zero user complaints about unauthorized bookings — monitor reports for the first 30 days after WebMCP implementation.
- Server logs show
pending_confirmationfor actions requiring consent, rather than direct writes to the database. - The privacy policy mentions AI agents — verifiable by the Data Protection Authority (DPA).
- The confirmation form has a measurable conversion rate — if you implemented Mechanism B, check how many bookings are waiting for confirmation and how many are finalized.
- Audit AI score in the WebMCP category is increasing — the Audit AI tool verifies, among other things, the presence of WebMCP attributes and action descriptions in
server-cards.json.
FAQ
Does GDPR apply to data that the AI agent sends to my site?
Yes. It does not matter who technically fills out the form — a human or an AI agent. If the data enters your database, you are the controller and must have a legal basis for processing.
What if the client gave consent to the AI assistant but not to me?
These are two different legal relationships. Consent to use ChatGPT is consent for OpenAI, not for your company. Your legal basis must be separate — most often Art. 6(1)(b) GDPR when the booking is a contract.
Can I completely block AI agents from filling out forms?
Yes. You can choose not to implement WebMCP or implement only read actions. This is not a violation of the law.
Do I need a lawyer?
For a standard booking form in a salon or store: not necessarily if you are using Art. 6(1)(b) GDPR as the basis. If you collect medical data, financial data, or data about children — yes, consulting a lawyer or DPO is necessary.
What penalties are there for violations?
The DPA can impose a fine of up to €20 million or 4% of global annual turnover — the higher amount applies. For a small business, penalties are usually lower, but the investigation itself is costly and time-consuming.
Who This Advice Is Not For
This guide assumes you run a simple site with a booking form: salon, clinic, small store, service business. If you:
- process medical, financial, or children's data — you need a dedicated legal analysis, not this article,
- run a large e-commerce store with hundreds of transactions daily — implementing WebMCP will require a full-stack developer and a legal audit,
- use a SaaS platform (e.g., Shopify, Calendly) — check if the platform has already implemented WebMCP and what guarantees it provides for GDPR; direct editing of HTML attributes may be impossible.
Summary
WebMCP allows AI agents to perform actions on your site. This is not a futuristic scenario — ChatGPT Operator mode and Claude Computer Use are already functioning today. Two HTML attributes and an updated privacy policy are the minimum needed for this to operate in compliance with GDPR. Check your site's AI-readiness on auditai.cc — the tool verifies, among other things, the presence of WebMCP configuration and highlights any missing elements.
