Revised compliance guidelines for online advertisers under the Data Governance Act (DSA) issued by the European data protection board
The European Data Protection Board (EDPB) has released guidelines to help digital marketers, online platforms, and advertising technology providers navigate the intersection of the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR).
The DSA, passed by the European Parliament on October 19, 2022, and fully operational for all platforms on February 17, 2024, aims to enhance protection for children and address deceptive design patterns. Article 28 DSA mandates high privacy, safety, and security levels for minors, while parallel prohibitions apply under both regulatory frameworks.
Key developments in DSA-GDPR regulatory convergence include the publication of a DSA transparency approach summary by IAB Europe on November 6, 2023, and the adoption of new age verification rules by the EDPB on February 12, 2025.
The guidelines address critical compliance gaps where DSA provisions reference GDPR concepts without clear implementation guidance, ensuring coherent interpretation and preventing regulatory inconsistencies that could undermine both user protection and legal certainty.
Marketing technology providers must establish governance frameworks addressing both DSA transparency and GDPR accountability requirements. This includes documentation obligations for processing purposes, legal bases, technical safeguards, and risk mitigation measures across content moderation, advertising delivery, and user protection systems.
Advertising transparency obligations under Article 26 DSA require platforms to provide real-time information about advertisement parameters, while GDPR mandates prior disclosure before data collection begins.
Content moderation systems require careful legal basis assessment under both the DSA and GDPR. Notice and action mechanisms under Articles 16 and 17 DSA involve substantial personal data processing requiring GDPR compliance.
Very Large Online Platforms face enhanced risk assessment obligations under Articles 34 and 35 DSA that often mandate Data Protection Impact Assessments under GDPR Article 35.
The framework applies across all European Union member states for intermediary service providers processing personal data under both DSA and GDPR jurisdiction, with extraterritorial effects for global platforms.
The EDPB coordinates the implementation of the European Data Protection Authority’s Guidelines 3/2025 about the interplay between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR), while national data protection authorities in each of the 27 EU member states are responsible for enforcing and applying these guidelines locally.
The guidelines outline scenarios where marketing activities trigger requirements from both the DSA and GDPR simultaneously. Recommender systems face algorithmic transparency requirements that may trigger automated decision-making provisions.
On July 26, 2025, a House committee in the European Union exposed the impact of the Digital Services Act on American political speech, while the European Commission dismissed censorship claims around DSA implementation on August 28, 2025.
Enforcement coordination between Digital Services Coordinators and data protection authorities requires sincere cooperation under EU Treaty obligations. Current enforcement includes formal proceedings against major American technology companies, with some companies reportedly facing potential penalties totaling over €1 billion.
The guidelines establish compliance requirements for processing personal data while meeting Digital Services Act (DSA) obligations, covering advertising transparency, content moderation, age verification, recommender systems, and enforcement coordination.
Read also:
- India's Sports Revolution: Bhubaneswar, Chennai, and Ahmedabad Pioneering Nation's Athletic Makeover
- "Blood tests could potentially enhance the accuracy of malaria diagnoses in research circumstances"
- The Dominion of Longevity
- Application solicitations for PhD in Law at DAU School of Law for the academic year 2025-26 are now open
%20issued%20by%20the%20European%20data%20protection%20board){kind=link}