TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | A view from Brussels: DSA's obligations take effect Related reading: Garante alleges OpenAI's ChatGPT violated GDPR



Holiday season is almost over in the Northern Hemisphere? So what! If you are feeling energized to take on a new adventure, look no further: the IAPP will run its annual call for volunteers from 12-29 Sept. Read up on opportunities to serve as a KnowledgeNet Chapter Chair, Advisory Board member or Young Privacy Professional on our Volunteer page or learn more here.

The streets of Brussels' EU quarter are still quiet this week. Perhaps the corridors of some very large online platforms and search engines' legal and compliance teams are less quiet these days. Nineteen companies designated as such by the European Commission will have to start complying with the Digital Services Act starting 25 Aug.

On the list are a couple of prominent European names — and Zalando — two Chinese companies and 15 U.S.-headquartered companies. In fact, this expected breakdown was raised very early on as a red flag by many industry stakeholders when the DSA was a mere proposal. Could it be that EU co-legislators were crafting thresholds such that only large U.S. tech companies were caught by the designation?

"Regulations can be designed to primarily impact foreign firms; in such cases they may be non-tariff barriers to trade serving protectionist or discriminatory purposes that violate obligations under global or bilateral trade agreements," wrote a global tech association at the time.

In its 2021 National Trade Estimate Report on Foreign Trade Barriers, the U.S. Trade Representative adds the DSA, alongside the Digital Markets Act and many other EU policy and technical initiatives, to its watchlist of significant foreign barriers to U.S. exports, U.S. foreign direct investment and U.S. electronic commerce. USTR's 2022 report turned up the heat slightly by pointing concerns about the articulation between the DSA draft provisions at the time grandfathering the e-Commerce Directive liability limitation and intellectual property rights.

"The EU Council's version of the DSA proposal could weaken the current liability regime and have a detrimental impact on the existing standards and practices for addressing illegal content and activities, including online infringement of copyright and related rights," the report said.


  • EU/U.K.: The European Parliament's Civil Liberties committee is not happy about the direction the U.K. is headed on data protection matters in law enforcement. Back in May, it drafted an opinion on the implementation of the EU-U.K. Trade and Cooperation Agreement, in particular as it pertains to law enforcement and judicial cooperation in criminal matters. The draft opinion refers to legislative changes in discussion in the U.K., such as the Retained EU Law Act 2023 that seeks to revoke certain retained EU law, the Bill of Rights Bill, the Data Protection and Digital Information Bill and the Illegal Migration Bill.
    How do I know LIBE is not having it? The use of verbs like "condemns" and "deplores" gave it away.
    The draft opinion will be debated by LIBE early September. What could happen if the opinion is adopted as is you might ask. Honestly? Not much.
  • Germany: The IAPP will next set camp in Munich on 13-14 Sept. for its upcoming Data Protection Intensive: Deutschland. We have a great line-up of German regulators this year again, including from Berlin and Stuttgart authorities. Find more information and registration details here.

Comments, suggestions, constructive criticism? Email me at

Credits: 1

Submit for CPEs


If you want to comment on this post, you need to login.