Monthly Archives: May 2022

Digital Services Act

EU Digital Services Act (DSA) – how will it affect you?

There’s a lot of buzz about the new upcoming legislation (Digital Services Act (DSA) and Digital Markets Act (DMA)) for digital services within the EU.  And on 23rd April, Parliament’s Internal Market Committee endorsed the provisionally reached agreement with EU governments on the Digital Services Act.

UK Impact

As these are EU regulations, they will not strictly form part of UK law.  But they will apply to all businesses who offer their services to the EU.  They are also likely to impact the UK’s law reform – and we have already seen some information about the Data Reform Bill in the Queens Speech last week.  

EU Digital Services Act 

The basic principle behind the EU’s Digital Services Act (DSA) is simple: 

If it’s illegal offline … it’s illegal online

The DSA applies to all businesses who act as online intermediaries and provide services in the EU.   The most stringent requirements will affect very large online platforms or search engines – those with over 45 million monthly active users in the EU – for example Google, Facebook, Amazon and so on.

It is designed to protect users’ fundamental rights in digital space, and fight the spread of illegal content and practices. For example, counterfeit online sales, manipulation of information / provision of disinformation, breach of users’ fundamental rights and so on.

Summary of Obligations

For marketers and retailers, the following issues will be particularly relevant:

  • Special protection measures are required to ensure minors’ safety online
  • No targeted advertisements based on the use of minors’ personal data is allowed
  • No targeted advertisements tailored to people’s ethnicity or sexual orientation
  • Additional information must be collected from traders wanting to use selling platforms, and platforms will need to try to verify the information
  • Platforms will need to run random product checks to attempt to avoid sales of counterfeit or dangerous products
  • Dark patterns (for example “bait and switch”, disguised ads, hidden costs, friend spam, misdirection etc) are banned
  • Platforms using algorithms to help online users access relevant content or information, will need to provide some explanation of how the algorithms work.
  • Large platforms will have to offer users a system for recommending content that is not based on such profiling.
  • Promoted content must be clearly labelled as such

Other more general requirements include:

  • Strict requirements to remove illegal content, and to moderate content which may be harmful
  • Consumers will be able to seek compensation for damages caused by a non-compliant platform 
  • Crisis mechanism has been added – to enable the Commission to mandate specific actions around the crisis (for example taking down war propaganda in the case of Russia – Ukraine war).

Penalties for non-compliance

Large platforms will have to assess these risks routinely, and take steps to minimise them. Their risk assessments will be subject to independent audits – failing the audit could lead to fines up to 6% of global turnover.

The DSA runs in parallel with the Digital Markets Act (DMA) – more of that in my next blog.

 

Victoria Tuffill

20th May 2022

If you are concerned about this new legislation, or would like to chat about how it might impact you and your business, just get in touch.  Call us on 01787 277742 or email dc@datacompliant.co.uk  And do have a look at our services to see if we can help you with your more general data protection needs.

Queens' Speech - Data Reform Bill

Data Reform Bill – Queen’s Speech

In the Queen’s Speech on 10th May, 2022, The Prince of Wales stated that a Data Reform Bill will be introduced. This follows the Government’s September 2021 consultation paper on reforms to the UK’s data protection regime. There is no time-frame for delivery of the bill, but the announcement is encouraging for businesses who want to see less red tape around data protection.  

However, there are concerns that following this course may lead to the EU withdrawing the UK’s adequacy status.  Adequacy status is designed to make it easy to transfer personal data between the UK and the EEA. So its loss could increase both administration and costs of such transfers.

More details of the Data Reform Bill will be provided over time.  In summary:

Purpose

  • Create a new pro-growth, trusted UK data protection framework 
  • Focus on privacy outcomes rather than box-ticking
  • Protect UK citizens’ personal data to a gold standard
  • Modernise the Information Commissioner’s Office (‘ICO’)
  • Ensure the ICO has the power it needs to take stronger action against organisations who breach data rules
  • Increase industry participation in Smart Data Schemes (where customer data is shared with authorised third-party providers on the customer’s request).

Benefits

The Data Reform Bill promises benefits both to business and consumers:

  • Increase competitiveness and efficiency of UK businesses
  • enable public services to share data to improve delivery of services
  • enable data to be used to empower citizens and improve their lives, through more effective delivery of public healthcare, security, and government services
  • create a clearer regulatory environment
  • enable personal data to fuel responsible innovation and drive scientific progress
  • provide citizens with greater clarity on their rights

More on Data Protection in Queen’s Speech

There are two other noteworthy bills mentioned in the Queen’s Speech:

  • Product Security and Telecommunications Infrastructure Bill, whose purpose is to improve cyber resilience and digital connectivity for individuals and businesses; and make sure that smart consumer products (for example smartphones and televisions) are more secure against cyber attacks.
  • Draft Digital Markets, Competition and Consumer Bill, whose purpose is to “promote competition, strengthen consumer rights and protect households and businesses. Measures will also be published to create new competition rules for digital markets and the largest digital firms.”

 

Victoria Tuffill

16th May 2022

If you need help with your data protection, or have concerns over current issues, just get in touch.  Have a look at our services.  Or call us on 01787 277742.