Implementation and enforcement of the Digital Services Act were extensively discussed in European Parliament this month, during both the Internal Market and Consumer Protection Committee meeting with Director-General for Communications Networks, Content and Technology Roberto Viola and during the first plenary session with Executive Vice-President Margrethe Vestager, who is overseeing the digital portfolio.
Viola recapped the European Commission's DSA implementation efforts, including ongoing investigations, and underlined that the DSA is a risk-based regulation that outlines online platforms' responsibilities concerning illegal and harmful content, but does not define what illegal content is, leaving that to the member-state level.
"The Digital Services Act does not regulate online content, full stop," Vestager said before highlighting the Commission's future areas of focus: intensifying DSA enforcement, including the European Democracy Shield against foreign interference; tackling challenges with e-commerce platforms to ensure EU customs and market surveillance authorities can fulfill their duties; and making the online world safer for children, with a focus on online addiction and cyberbullying.
This week, the European Board for Digital Services met for the seventh time to discuss DSA implementation.
Protecting minors online
The proposal for a regulation combatting child sexual abuse material online is struggling to move forward in the legislative process.
Member states still haven't reached an agreement due to concerns about the text's negative impact on privacy, which some deem a red line. The European Council distributed a new compromise text that clarifies the powers and obligations of certain stakeholders and makes further changes to detection measures and reporting, hoping this would address some of the concerns.
While it remains to be seen whether this will result in a shift in stance of opposing member states, Euractiv reports that the Hungarian Presidency is aiming to reach a partial general approach 10 Oct.
Help with DMA compliance
The Commission will assist Apple in compliance with the Digital Markets Act. On 19 Sept., the Commission started two specification proceedings to help Apple comply with interoperability obligations under the DMA.
Over the next six months, the Commission will inform Apple exactly what measures it must be taking.
Data spaces
As the European Health Data Space awaits final adoption by the Council, the Commission is celebrating the launch of the Public Procurement Data Space. The PPDS is the Commission's initiative to harness the power of public procurement data and foster competition, including by facilitating company and small and medium-size enterprise access to public procurement procedures across the EU.
Differing from the EHDS, which will be directly applicable across the EU, the PPDS is based on voluntary member state participation.
More from European DPAs
Recent developments highlight that there is room for improvement when it comes to dealing with personal data breaches.
The investigation by the Netherlands' data protection authority, the Autoriteit Persoonsgegevens, shows companies are too slow in communicating data breaches to individuals and the language of such communications lack urgency and clarity.
Furthermore, Poland's data protection authority, the Urząd Ochrony Danych Osobowych, recently fined a bank close to 1 million euros for failing to inform customers of a breach concerning their sensitive personal data.
Data breaches are also addressed in 2023 annual reports of several DPAs. In September, Berlin, Denmark and Luxembourg data protection authorities published reports on their annual activities, including complaints received, cases handled, fines issued and guidance provided.
Throughout the year, various EU General Data Protection Regulation and data protection authority evaluations indicated a need to increase authorities' resources to improve GDPR enforcement and their capacity to deal with growing responsibilities. A response to that is the Swedish government's recent budget proposal, which plans to allocate an additional 3 million euros to its data protection authority, the Integritetsskyddsmyndigheten.
European data protection authorities are working with other regulators. France's DPA, the Commission nationale de l'informatique et des libertés, together with the French Cyber Security Agency, developed a tool aiming to boost cybersecurity of digital public services. In the U.K., the Information Commissioner's Office signed a memorandum of understanding with the National Crime Agency, officiating a commitment to join efforts in boosting the U.K.'s cyber resilience.
The reading tab
Data Act: The commission recently published an FAQ page, not only outlining its measures but also explaining practical implementation.
Digital Services Act: The Netherlands' Authority for Consumers and Markets published guidelines on who must comply with the DSA and how. The ACM will organize a digital meeting later this year to provide further compliance guidance and will publish more business-specific guidelines.
Laura Pliauskaite is European operations coordinator for the IAPP.