TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Europe Data Protection Digest | A view from Brussels: Reflections on the DSA and DMA adoption, Spain's AI regulatory sandbox pilot and more Related reading: A view from Brussels: Reflections on the incoming Czech Republic presidency


Two more done. On 5 July, the European Parliament Plenary adopted with an overwhelming majority two flagship initiatives from the European Commission, namely the Digital Services Act and the Digital Markets Act. 

Some may say getting these texts approved was the easy part. Now the real work begins for entities in the scope of one or both texts. Let’s be real; the vast majority of companies operating in Europe would not meet the DMA thresholds of “gatekeepers.” Still far from being the whole-economy approach, as we saw with the EU General Data Protection Regulation, the DSA’s material scope is much broader than that of the DMA. It covers various types of digital operators, online platforms and “very large online platforms” with more than 45 million active users in the EU. Both regulations thus have a lot of implications for privacy pros of entities in scope, particularly on digital advertising. Want to refresh your memory on what DSA and DMA are and what they may mean for you? IAPP’s Jetty Tielemans’ initial analysis is a good place to start. 

The DSA and DMA application may be equally challenging for the European Commission itself as it is set to play a key role in their enforcement … but has yet to build the internal (staff and governance) capacity to do so. In a recent blog post, EU Commissioner for Digital Thierry Breton, who spearheaded the proposals, provided initial views on how the commission will tackle this challenge. 

Brussels may soon go on summer break, but we still have plenty of EU policy action to look forward to. The work on the Data Act is only getting started. The EU Artificial Intelligence Act is also far from done; if you want to learn more about where it stands and what it could change for privacy pros, I invite you to tune in for our IAPP online discussion on Tuesday 12 July. 

And speaking of AI, Spain kicked off its pilot for a Regulatory Sandbox on Artificial Intelligence. By the end of the year, it will open a call for organizations to participate in the sandbox, focusing on high-risk AI across various verticals. Companies’ solutions will be tested in three-month iterations over the course of one year. The conclusions will be publicly available. 


If you want to comment on this post, you need to login.