A View from Brussels — Thoughts on DSA and DMA adoption, Spain’s AI regulatory sandbox pilot and more

Two more facts. On July 5, the plenary of the European Parliament overwhelmingly adopted two flagship initiatives of the European Commission, namely the Digital Services Act and the Digital Markets Act.

Some might say that getting these texts approved was the easy part. Now the real work begins for entities within one or both texts. Let’s be realistic; the vast majority of companies operating in Europe would not meet the ‘gatekeeper’ DMA thresholds. Still far from the economy-wide approach, as we have seen with the EU’s General Data Protection Regulation, the material scope of DSA is much broader. than that of DMA. It covers different types of digital operators, online platforms and “very large online platforms” with more than 45 million active users in the EU. The two regulations therefore have many implications for the privacy professionals of the entities concerned, in particular on digital advertising. Want to refresh your memory on what DSA and DMA are and what they can mean to you? IAPP Tielemans Pier initial analysis is a good starting point.

DSA and DMA enforcement can be equally challenging for the European Commission itself as it is called upon to play a key role in their enforcement…but still needs to build internal capacity (staff and governance) to do so. In a recent blog postEU Digital Commissioner Thierry Breton, who led the proposals, gave his initial view on how the commission will tackle this challenge.

Brussels may soon have its summer holidays, but we still have plenty of political action from the EU to look forward to. The work on the data law is just beginning. The EU’s artificial intelligence law is also far from complete; If you want to know more about the situation and what it could change for privacy pros, I invite you to adjust for our IAPP online discussion on Tuesday, July 12.

And speaking of AI, Spain has launched its pilot project for a regulatory sandbox on artificial intelligence. By the end of the year, it will open a call for organizations to participate in the sandbox, focusing on high-risk AI in various verticals. The companies’ solutions will be tested in three-month iterations over the course of a year. The conclusions will be made public.