December 6, 2021

Volume XI, Number 340


December 03, 2021

Subscribe to Latest Legal News and Analysis

EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads

On November 18, 2021, the European Data Protection Board (“EDPB”) released a statement on the Digital Services Package and Data Strategy (the “Statement”). The Digital Services Package and Data Strategy is a package composed of several legislative proposals, including the Digital Services Act (“DSA”), the Digital Markets Act (“DMA”), the Data Governance Act (“DGA”), the Regulation on a European approach for Artificial Intelligence (“AIR”) and the upcoming Data Act (expected to be presented shortly). The proposals aim to facilitate the further use and sharing of personal data between more public and private parties; support the use of specific technologies, such as Big Data and artificial intelligence (“AI”); and regulate online platforms and gatekeepers.

The EDPB’s Statement draws attention on several concerns related to the proposals, including (1) lack of protection of individuals’ fundamental rights and freedoms, (2) fragmented supervision, and (3) risks of inconsistencies.

With respect to the lack of protection of individuals’ fundamental rights and freedoms, the EDPB highlights specific issues and makes recommendations directed toward the European co-legislator, including, notably:

  • that the AIR must prohibit the use of AI systems that categorize individuals based on biometrics (such as facial recognition) according to ethnicity, gender, political or sexual orientation, or other prohibited grounds of discrimination, and must prohibit any other AI systems whose scientific validity is not proven or that conflict with essential EU values. In addition, the AIR should include a ban on the use of AI to infer emotions of individuals or for the automated recognition of human features in publicly accessible areas.

  • that the DSA should regulate online targeted advertising more strictly and push for less intrusive forms of advertising that do not require any tracking of user interaction with content. Particularly, the EDPB recommends a phase-out of targeted advertising, leading to a prohibition of targeted advertising based on pervasive tracking. The EDPB also advocates for a general prohibition of the profiling of children.

In addition, the EDPB highlights the risk of parallel supervision structures as a result of these proposals and recommends that each proposal clearly set out how the new supervisory body called for in the proposal should cooperate with other authorities, including with existing data protection supervisory authorities.

Finally, the EDPB calls on the European co-legislature to resolve any ambiguities and inconsistencies with the existing data protection framework created by the proposals. The EDPB requests further clarification to ensure that existing data protection rules are not affected or undermined by the various proposals and that data protection rules will prevail where personal data is processed.

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 327

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct