The EDPS publishes its opinion on the Digital Services Act and Digital Markets Act
The question: What recommendations has the European Data Protection Supervisor (EDPS) made in respect of the EU’s proposed Digitals Services Act (DSA) and Digital Markets Act (DMA)?
The EDPS has announced additional recommendations designed to give greater protection to individuals when it comes to content moderation, online targeted advertising and recommender systems used by online platforms under the DSA and DMA.
As part of the Europe’s Digital Strategy “Shaping Europe’s Digital Future”, at the end of 2020 the European Commission published proposals centring around an ambitious reform of EU legislation and designed to safeguard consumers and businesses that make use of online platforms such as search engines, social networking sites and online marketplaces.
The proposed reforms will take effect through two directly applicable, full harmonisation Acts: the DSA and the DMA. The stated goals of both the DSA and the DMA are:
- “to create a safer digital space in which the fundamental rights of all users of digital services are protected; and
- to establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally”.
In February 2021, the EDPS published its opinions in respect of the European Commission’s legislative proposals. These opinions are intended to influence and assist legislators to produce final form legislation which reflects the EU’s fundamental values around individual data protection rights.
Through these opinions, the EDPS has signalled its approval of the DSA’s stated intention to promote a transparent and safe online environment and noted that while the proposal “does not impose a general monitoring obligation, it confirms reasonable liability exemptions and supplements them with a pan-European system of notice and action rules, so far missing”. In relation to the DMA, the EDPS has welcomed the Act’s stated intention to “promote fair and open digital markets and the fair processing of personal data through the regulation of large online platforms acting as gatekeepers”.
Digital Services Act
In relation to the DSA, the EDPS has made several recommendations designed to better protect individuals with regards to: (i) targeted advertising; (ii) the moderation of content; and (iii) recommended systems used by online platforms. The EDPS specifically recommends:
- additional safeguards around the three areas specified above, eg providers who wish to profile their users for content moderation, should be able to demonstrate that such measures are strictly necessary to address the systemic risks identified by the DSA
- the phasing-out, and eventual prohibition, of targeted advertising based on pervasive tracking
- increased restrictions around which data categories can be processed for targeting purposes and which data categories may be disclosed to advertisers or third parties to enable targeted advertising
- the introduction of minimum interoperability requirements for large online platforms with explicit obligations on very large online platforms to support interoperability, as well as obligations not to take measures that impede such interoperability
- the development of technical standards around interoperability at European level, in line with the applicable EU legislation on standardisation.
Digital Markets Act
The EDPS highlights how the relationship between competition, consumer protection and data law are “inextricably linked policy areas” in the context of the online platform economy, and that this relationship should be one of complementarity. The EDPS elects to specifically highlight those provisions of the proposed Act which have the effect of mutually reinforcing the “contestability” of the market and which affect the control of individuals over their personal data. These include, for example, articles 5(f) and 6(1) (b) which prohibit mandatory subscription by end-users to other core platforms services offered by the gatekeeper and allow the end-user to uninstall pre-installed software applications on the core platform service, respectively.
As it did with the DSA above, the EDPS also makes some specific recommendations for improvements to the DMA:
- that gatekeepers are to provide end-users with a solution of easy and prompt accessibility for consent management
- increased clarity around the scope of the data portability
- where necessary (eg see Article 6(1)(i)) rewording provisions of the Proposal to ensure full consistency with the GDPR
- highlighting the need for effective anonymisation and re-identification tests when sharing query, click and view data in relation to free and paid search generated by end users on online search engines of the gatekeeper.
As part of its recommendation, the EDPS recommends that the DMA Committee should include representatives from the EDPS, and also calls for structured cooperation between the relevant oversight authorities in order to ensure the uninhibited exchange of information between them, allowing them to fulfil their complementary role.
As with the DSA above, the EDPS once again invites the co-legislators to consider introducing minimum interoperability requirements for gatekeepers and to promote the development of technical standards at European level, in line with EU legislation on standardisation.
Why is this important?
The EDPS’ opinions, as detailed above, once again highlight the importance of its role in protecting the data rights of European subjects and specifically their rights under the Commission’s new Digital Strategy. While they are non-binding, the EDPS’ opinions give an indication of the direction that data protection, and its enforcement in Europe, is taking and highlights a clear intention to harmonise this approach across the authorities within the EU.
Any practical tips?
The opinions given by the EDPS are likely to shape both the final form legislative proposals and the national implementation of the DSA and DMA. Stakeholders would do well to keep their ear to the ground in relation to the effects of EDPS’ recommendations and take note of how the DSA and DMA are amended as a result. There are likely to be direct knock-on effects for online service providers and their management of end-user data.