European Board Offers Guidelines on GDPR-Digital Services Act Relationship
The European Data Protection Board (EDPB) guidelines published Friday marked its first advice on the interplay between the General Data Protection Regulation (GDPR) and Europe's new digital laws, it said.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The guidelines deal with the Digital Services Act (DSA), which is intended to complement GDPR rules to ensure the highest level of rights protections in the digital space, the board said. The DSA applies to online intermediaries such as search engines and platforms.
The guidelines will help with the consistent application of DSA provisions that relate to the processing of personal data by intermediaries and include references to GDPR concepts and definitions, the board added.
Although national authorities will interpret the DSA, several provisions relate to the GDPR, the board said. Among these are notice-and-action systems that help people or companies report illegal content and recommender systems that platforms employ to automatically offer specific content to users with a certain relative prominence.
Other GDPR provisions at play in the DSA are those on ensuring a high level of privacy, safety and security for minors, those relating to the transparency of advertising by online platforms, and the ban on profiling-based advertising using special data categories, the EDPB said.
The EDPB also provided practical guidance for cross-regulatory cooperation among authorities to help them coordinate enforcement and give intermediaries more legal certainty.
The board said it will consult on the guidelines. Work is also underway with other regulators to clarify the relationships between the GDPR and the Digital Markets Act and AI Act, it added.