For Information: EDPB Guidelines on Interplay Between the DSA and GDPR

SUMMARY

Today, the European Data Protection Board (EDPB) adopted its first guidelines (see attached) on the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR).

The guidelines clarify how the GDPR should be applied in the context of DSA obligations and aim to ensure a coherent and effective EU digital rulebook.

A public consultation is open until 31 October.

‍

MORE INFORMATION:

Key areas addressed in the guidelines include:

• ‍Notice-and-action systems for reporting illegal content.‍
• Recommender systems and how they present content to users.‍
• Protection of minors, including prohibitions on profile-based advertising.‍
• Advertising transparency on online platforms.‍
• Restrictions on profiling-based advertising using sensitive data categories.

‍

The guidelines also highlight the need for cross-regulatory cooperation between authorities.

Further work is underway on similar guidelines covering the interplay between the GDPR and the Digital Markets Act (DMA), as well as between the GDPR and the AI Act.

NEXT STEPS

• The EDPB’s public consultation is open until 31 October 2025.

FESI will further analyse the guidelines in more detail and, if appropriate, circulate a draft response for member comments in the coming days.