Facebook Instagram Linkedin Youtube

Similarities and Differences between the GDPR and Other European Laws

Introduction:

Europe has a strong focus on privacy protection and digital security. This is reflected in various legislations such as the General Data Protection Regulation (GDG or GDPR), the ePrivacy Regulation and the Digital Services Act (DSA). While all of these laws help protect personal data and regulate digital services, their goals and scopes differ. In this blog, we explore the similarities and differences between the GDPR, ePrivacy Regulation and the Digital Services Act, and what companies need to know to comply with these regulations.

Table of contents

What is the GDPR?

The General Data Protection Regulation (GDPR), or Algemene Verordening Gegevensbescherming (AVG) in Dutch, came into force in May 2018 and applies throughout the EU. The GDPR sets rules on how personal data should be collected, processed and protected. This law has some important principles such as:

  • Data subjects’ rights: The GDPR gives individuals rights such as the right to access, correct, delete and restrict their personal data.
  • Accountability: Companies must be able to demonstrate compliance.
  • Data Protection by Design and Default: Privacy protection must be built into business processes.

The purpose of the GDPR is to ensure the privacy of European citizens and to require organizations to handle personal data with care.

What is the ePrivacy Regulation?

The ePrivacy Regulation, currently still in draft and negotiation stages, serves as a complement to the GDPR and focuses specifically on electronic communications. This legislation, also known as the “Cookie Law,” addresses, among other things:

  • Cookies and tracking technologies: Regulates the use of cookies and other technologies that track users, requiring consent.
  • Protection of electronic communications: Protects the privacy of communications via e-mail, telephone, text messaging and new technologies such as WhatsApp.
  • Direct marketing: Sets rules for the use of contact information for commercial purposes.

The ePrivacy Regulation focuses on the confidentiality of electronic communications and, when approved, will replace the existing ePrivacy Directive.

What is the Digital Services Act?

The Digital Services Act (DSA) is a broad European regulation designed to create a safer online environment. The DSA imposes obligations on online platforms, such as social media and e-commerce websites, regarding:

  • Accountability and transparency: Online platforms should be clear about their content moderation and the algorithms they use.
  • Protection from illegal content: Platforms must take measures to limit the distribution of illegal content, such as hate speech or fake news.
  • User rights: Users have the right to transparency about decisions platforms make about removing their content.

The DSA focuses less on the protection of personal data and more on the responsibility and security of online services and platforms.

Similarities between GDPR, ePrivacy and DSA

Although the GDPR, ePrivacy Regulation and DSA each have their own specific goals, there are some important overlaps:

  • Protection of user rights: All three laws have at their core the protection of rights of individuals. The GDPR gives people control over their personal data, the ePrivacy Regulation protects the confidentiality of communications, and the DSA ensures a secure online environment.

  • Accountability and transparency: Both GDPR and the DSA emphasize the obligation of companies to take responsibility for their practices. For GDPR, this means demonstrable compliance with data protection rules, while the DSA requires companies to provide transparency about moderation and algorithms.

  • Consent requirements: The GDPR and the ePrivacy Regulation place strong emphasis on the need for informed consent, for example, in data processing or the placement of cookies and other tracking technologies.

  • Enforcement and fines: All of these laws impose significant fines for non-compliance. GDPR fines can be as high as 4% of global revenue, while the DSA and ePrivacy Regulation (when final) will impose similar penalties.

Differences between GDPR, ePrivacy and DSA

Despite the similarities, the GDPR, ePrivacy Regulation and DSA each have their own specific focus and applications:

  1. Purpose and focus:
    • GDPR: Protection of personal data and privacy of individuals.
    • ePrivacy: Protection of confidentiality of communications and regulation of tracking technologies.
    • DSA: Regulation of online platforms and protection from illegal content, with less focus on personal data.
  2. Scope of application:
    • GDPR: Applicable to any organization that processes personal data, both inside and outside the EU, provided they process data of EU citizens.
    • ePrivacy Regulation: Specifically targets providers of electronic communications and online services that use tracking technologies.
    • DSA: Aimed at online platforms, including social media companies and online marketplaces, and has no direct application to offline companies.
  3. Nature of data protection:
    • GDPR: Handles all types of personal data, from contact information to biometric and sensitive data.
    • ePrivacy: Focuses specifically on the protection of communications content and metadata.
    • DSA: Limited to obligations regarding content moderation and illegal content, and does not specifically address personal data.
  4. Status and implementation:
    • GDPR: In effect since 2018 and is being actively enforced.
    • ePrivacy Regulation: Not yet finally approved, but expected to complement GDPR.
    • DSA: The legislation has been passed and will take effect in 2024, but focuses on platform responsibility and has a different focus than GDPR.

What does this mean for businesses?

Companies operating in the EU must be well aware of these laws in order to meet their obligations:

  • Evaluate your data processing practices: Make sure all data processing complies with the GDPR, and prepare for additional ePrivacy Regulation rules, especially if you use tracking technologies.
  • Check your electronic communications: If your business uses electronic communications for marketing, pay close attention to the rules of the ePrivacy Regulation.
  • Content moderation and transparency: Companies with online platforms or digital services should prepare for the DSA by implementing content management processes and transparency measures.

Conclusion

The GDPR, ePrivacy Regulation and Digital Services Act each play a unique role in protecting privacy, security and user rights in the digital world. Companies that want to be compliant must consider not only the protection of personal data, but also confidentiality of communications and transparency about online services. It is up to companies to properly integrate these complex rules to provide a trustworthy and secure environment for their customers and users. Start requesting an audit for GDPR,DORA,NIS2 or ISO27001 today!

Audit Applications

Delen:

Meer berichten

gdpr audit

An Audit in NIS2

Introduction: The European Union has responded by introducing the NIS2 directive, an update to the original 2016 Network and Information Systems (NIS)

Partners

AMS Antwerp Management School
Ombudsdienst Energie
College Of Europe
DeltaHealthCare Willebroek
FKS Hasselt
KLIO Kusala Leadership Intelligent Organisation
Vancauthem BV
Bureau Buitenland BV
Vandermaesen Lakkerij Tessenderlo
Takeldienst M-Assistance
Notariaat Cabes
Notariskantoor Fagard & Deak

Links

Links

Contact

©DPO Associates Alle rechten voorbehouden. Privacy verklaringCookie verklaring | Algemene voorwaarden