EC Welcomes Adoption of Digital Services Package

Digital Services Package. The Digital Services Act sets out a standard for accountability of online platforms and its scope covers various online intermediary services. These online intermediary services include cloud computing services; online platforms such as online marketplaces, app stores, collaborative economy platforms and social media platforms; and very large online platforms that reach over 10% of the 450 million consumers in EU. Also part of this package is the Digital Markets Act, which will apply to gatekeepers—companies that create bottlenecks between businesses and consumers and sometimes even control entire ecosystems—made up of different platform services such as online marketplaces, operating systems, cloud services, or online search engines. The Digital Markets Act establishes a set of narrowly defined objective criteria for qualifying a large online platform as a “gatekeeper.” These gatekeepers will be subject to a number of clearly defined obligations and prohibitions. The adoption of the Digital Services Package in the first reading by the European Parliament follows the political agreement that has been reached by the co-legislators on the Digital Markets Act on March 24, 2022 and the Digital Services Act on April 23, 2022. EC will enforce these rules for the largest online platforms active in EU. Following this adoption, text for both the Acts must now be formally adopted by the European Council. Finally, the Digital Services Act and the Digital Markets Act are expected to be published in the Official Journal of the European Union in Autumn 2022.

Opinion on Proposed Cybersecurity Rules. The European Data Protection Supervisor welcomes the aim of the EC proposal to improve the cybersecurity posture of the Union Institutions, bodies, offices and agencies. The European Data Protection Supervisor recommends adding in the proposal that its minimum security requirements should be at least equal or higher than the minimum security requirements of the entities of Directive on security of network and information systems (NIS Directive) and NIS 2.0 proposal. Further, the European Data Protection Supervisor strongly advises that the proposal, or at the very least a delegated act to be adopted subsequently by EC, must clearly provide a legal ground for the processing of personal data by Cybersecurity Center (CERT-EU) and the EU entities. The European Data Protection Supervisor also advises that the proposal provide for close cooperation between the CERT-EU and the European Data Protection Supervisor, when addressing incidents resulting in personal data breaches, or when addressing any significant vulnerabilities, incidents, or major attacks, that have the potential to result in personal data breaches. The European Data Protection Supervisor also strongly recommends that the proposal provide for the supervisor's participation in the Interinstitutional Cybersecurity Board (IICB).

Related Links

• Press Release on Digital Services Package
• Digital Services Act
• Digital Markets Act
• Opinion on Proposed Cybersecurity Rules

Keywords: Europe, EU, Banking, Insurance, Securities, Digital Services Act, Digital Markets Act, Regtech, NIS, CERT-EU, Cyber Risk, Online Marketplaces, Cloud Computing, Data Providers, Platform Businesses, European Parliament, EC