Clear, concise, and practical regulatory guidance is essential for organisations, as it provides the legal certainty needed to navigate an increasingly complex and overlapping regulatory landscape. This is particularly important in cases of legislative overlap, where the jurisdictions and competencies of multiple regulators may intersect.
CIPL supports the clarification the draft guidelines make, that the DSA does not act as lex specialis to the GDPR, and the explicit reference to existing Court of Justice of the European Union (CJEU) case law that European regulations of the same hierarchical status should be interpreted in a manner that ensures consistency and coherence.
Our response identifies several areas of attention where draft guidelines would benefit from greater clarity. In the context of the EDPB draft guidelines, CIPL provides the following recommendations:
- Adapt the draft guidelines to ensure they are accessible, concise, clear, and practical.
- Ensure that the draft guidelines reflect cross-regulatory collaboration and provide transparency regarding any consultative process with other competent regulators undertaken by the EDPB prior to their issuance.
- Clarify the interpretation of automated decision-making (ADM) provisions in the context of these draft guidelines without extending such interpretation beyond what is legally justified.
- Provide concrete, practical guidance on the transparency requirements under the GDPR and the DSA, illustrating how these can be operationalised in a compliant and effective manner.
- Clarify that the principle of data minimisation should not be interpreted so narrowly as to restrict necessary and lawful processing of personal data.
- Encourage a broad and balanced interpretation of the principles of accuracy, fairness, and purpose limitation to avoid inadvertently hindering innovation.
- Promote a risk-based approach to the retention of minors’ age data, particularly when pseudonymised, to support age-appropriate online experiences.
- Ensure consistency with the European Commission’s Guidelines on the Protection of Minors under Article 28 of the DSA.
- Provide clear and harmonised regulatory guidance on the appropriate conditions for processing special categories of personal data.
CIPL Response to the EDPB Draft Guidelines on the Interplay Between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR)
Download NowMore like this
CIPL EU Simplification Workshop Project – Workshop I Report: Recommendations on the Digital Omnibus on AI Regulation
Find out more
CIPL Response to the European Commission and the European Data Protection Board Public Consultation on the Draft Joint Guidelines on the Interplay between the GDPR and the DMA
Find out more
CIPL Response to the Notice of Proposed Rulemaking from New York’s Office of the Attorney General Regarding the Stop Addictive Feeds for Kids Act
Find out more
CIPL Submission on the European Commission’s Call for Evidence on the Digital Fairness Act
Find out more
CIPL Response to the Proposed Rules for the New Jersey Data Privacy Act
Find out more
