IAB Criticizes EDPB Guidelines on GDPR, Digital Services Act Interplay
The European Data Protection Board (EDPB) should revise its guidelines on the interaction between the GDPR and the Digital Services Act (DSA), and refrain from interpreting DSA provisions that fall outside its expertise, the Interactive Advertising Bureau Europe said Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
IAB Europe's comments responded to an EDPB consultation on the draft guidelines (see 2509120020). The DSA, which applies to online intermediaries such as search engines and platforms, is intended to complement GDPR rules to ensure the highest level of rights protections in the digital space.
Among other things, IAB Europe and associated organizations recommended that the EDPB adopt a risk-based, proportionate approach to age assurance consistent with the GDPR. "A flexible approach is essential to allow platforms to implement effective and context-appropriate measures for protecting minors online," they wrote.
They also stressed the need for more structured cooperation among DPAs, Digital Services Coordinators, the European Board for Digital services and the European Commission. "The draft guidelines should refrain from interpreting substantive DSA provision beyond the EDPB's remit and focus instead on clarifying GDPR obligations where personal processing is concerned."
The organizations urged the EDPB to clarify that advertising, including personalized ads, doesn't amount to automated decision-making under the GDPR.