The JENTIS Legal Digest

Welcome to the JENTIS Legal Digest, your bi-weekly news update on all things data privacy around the world.?

Written by Tomislav Rachev LL.M.

In this edition:

• The latest on the EU digital services regulations
• Déjà vu: first legal challenge of the new EU-US Data Privacy Framework?
• Data privacy around the globe: US, UK, South Korea, India

The latest on the EU digital services regulations

The EU Digital Services Act and Digital Markets Act -?game changer for the advertising industry??

As the cornerstones of the EU's ambitious strategy?for the digital economy,?the Digital Services Act (DSA) and the Digital Markets Act (DMA) have the potential to reshape the advertising industry.?

The two regulations aim at different, but connected policy objectives - the DMA aims at turning digital markets into a fair and competitive playing field, while the DSA is focused on making them?a safer digital space, in which?users' fundamental rights?are protected. Both regulations provide for new rules, which have already begun?coming?into effect for large online platforms.

The DSA now in effect for large online platforms and search engines, while enforcement for smaller websites begins in early 2024

19 companies are now obliged to follow the new DSA rules and must submit risk assessments relating to their content and algorithms in use to the Commission.

Read more >>

More insights into Google's advertising powerhouse on the way

Following the start of the DSA enforcement, Google announced plans to expand its Ads Transparency Center, a searchable database of advertisers?with?information, with more information on the mechanics of its targeted advertising. Researchers will also get more data access relating to various Google products, including Google Search, YouTube, and Google Maps.

Read more >>

The EU names the?tech companies falling under the DMA

The European?Commission?designated six BigTech?companies as "gatekeepers", which must follow the DMA rules - Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. Notably,?22 core platform services operated by these gatekeepers are covered by the DMA - here are some honourable mentions:

• social networks (Facebook and TikTok)
• intermediation services (Amazon Marketplace)
• ads delivery systems (Google and Amazon),
• browsers (Chrome and Safari)
• operating systems (Android, iOS, Windows PC OS)
• communication services (WhatsApp, Facebook Messenger)

Read more >>

Key insights:

• The DMA contains far-reaching data access, portability and interoperability requirements for Bigtech relating to their?core digital services. In the context of advertising services, the enforcement of these rules aims to provide?both business users?and consumers with?more data control, choice and transparency.
• The DSA prohibits targeted advertising based on data of minors and special categories of personal data (e.g. health data, political affiliation, religion), underlining the need for website operators to have more control over what data is collected and processed within their website.
• The ban on dark patterns in the DSA?is likely to?reduce consent rates across the advertising industry as cookie banners are becoming more transparent and intuitive for users. This will likely decrease the availability of?data?for targeted advertising, which opens the markets for alternative advertising models based on less privacy-intrusive methods for online marketing.

A?déjà vu?moment for?transatlantic data flows?

EU-US Data Privacy Framework challenged before top EU Court?

Less than two months after its launch, the new transatlantic data agreement faces its first legal challenge before the European Court of Justice (ECJ) and an unlikely?complainant is behind it. Suprisingly,?it is not?Max Schrems this time - French lawmaker Philippe Latombe beat the Austrian privacy activist to?putting the matter before the EU top court and filing two challenges against the new framework - one to suspend it and another relating to its substance.?It remains to be seen, if these?challenges will be deemed?admissible by the ECJ.

Latombe, a member of the French parliament and an ally of President Emmanuel Macron,?argues?that the new agreement violates GDPR and?the Union's Charter of Fundamental Rights, as it does not provide sufficient guarantees for the?"protection of private and family life?with regard to bulk collection of personal data."?Latombe also raised procedural issues with the framework, noting that it was only communicated to EU countries in English and was not published in the EU's Official Journal, which could be in breach of procedural rules.

Key insights:

• Legal challenges of the EU-US DPF seem unavoidable and reminiscent of 2020, when the?EU?top court struck down the Privacy Shield?over concerns that US intelligence agencies could easily access data on European citizens.
• While it remains to be seen whether the challenge is?deemed admissible in court, it seems to foreshadow future legal battles over the new framework for data transfers to the US.
• EU companies can mitigate the legal uncertainty surrounding international data flows?by implementing additional measures, which allow them to maintain data control and flexibility over their data transfers.

Read more ?

Data privacy around the globe

• US: Government agencies issue?warning to hospitals and telehealth providers over use of tracking pixels
• US: New health privacy lawsuit against Meta
• US, UK: Dark patterns under regulatory scrutiny
• India: New data protection law authorises authorities to prohibit data transfers to specific countries, prohibits processing of minors' data for web tracking?or targeted advertising
• South Korea:?Google and?Meta fined over consentless advertising