The guidelines aims to ensure consistent application of both frameworks in protecting users’ rights online.
The European Data Protection Board (EDPB) has adopted its first guidelines on how the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) work together. The aim is to understand how GDPR should be applied in the context of DSA.
Presented during the EDPB’s September plenary, the guidelines ensure consistent interpretation where the DSA involves personal data processing by online intermediaries like search engines and platforms. While enforcement of DSA falls under authorities’ discretion, the EDPB’s input supports harmonised application across the EU’s evolving digital regulatory framework, including:
- Notice-and-action systems that help individuals or entities report illegal content,
- Recommender systems used by online platforms to automatically present specific content to the users of the platform with a particular relative order or prominence,
- The provisions to ensure minors’ privacy, safety, and security and prohibit profile-based advertising using their data are presented to them.
- transparency of advertising by online platforms, and
- Prohibition of profiling-based advertising using special categories of data.
Following initial guidelines on the GDPR and DSA, the EDPB is now working with the European Commission on joint guidelines covering the interplay between the Digital Markets Act (DMA) and GDPR, as well as between the upcoming AI Act and the EU data protection laws. The aim is to ensure consistency and coherent safeguards across the evolving regulatory landscape.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!