On 17 February 2024, the EU’s Digital Services Act (DSA) will become fully applicable for in-scope entities such as cloud service providers, comparison websites and online marketplaces. The DSA’s obligations, being legal, operational and technical in nature, call for an organisation-wide response and a timely compliance strategy.
Looking specifically at transparency, one of the hurdles ahead for intermediary service providers, as defined in the DSA, is to understand the impact of these regulatory changes on their current framework. To help businesses gear up for this compliance change, PwC Malta outlines below some of those key challenges.
For an overview of the DSA, please see our previous article here.
Designating the Point of Contact
Besides the obligation to designate a single point of contact (and a legal representative under certain conditions), the DSA also requires providers of intermediary services to make public all the information required to identify and communicate with the point of contact.
Indeed several organisations have tasked their data protection function to include the DSA point of contact and, accordingly, to keep pace with the regulatory responsibilities of the DSA. In this light, businesses need to have an upfront conversation and consider whether their teams can effectively meet the requirements of the DSA alongside those of other regulations.
Terms and conditions (T&Cs)
Just as important is the requirement for providers to provide information in their terms and conditions (T&Cs) about the restrictions imposed concerning the use of their services with respect to information provided to recipients of the service.
Arguably, the requirements relating to the T&Cs are a chance for businesses to review and update their T&Cs such that they remain aligned with their respective industry’s best practices and compliant with the requirements of the DSA.
Note that, as from August 2023 very large online platforms (VLOPs) and very large online search engines (VLOSEs) are required to comply with the provisions of the DSA, including the requirement to provide a concise and machine-readable summary of their T&Cs to users. In this respect, the European Commission launched the Digital Services Terms and Conditions Database to allow users to easily access the T&Cs of online platforms, see any recent changes and retrieve past versions.
The requirements impacting the T&Cs impact areas such as content moderation, protection of minors and complaint handling.
The way forward
So how can businesses get their compliance journey up to speed?
Connecting teams
Meeting regulatory demands while delivering business value requires a close connection. To address this challenge, compliance teams should take the lead and play a critical role in framing the organisation’s wider agenda.
Getting prepared
The starting point for many is to gain clarity on how the DSA’s regulatory demands may impact the business. Documenting any gaps can help in understanding the organisation’s capabilities to respond effectively.
Partnering
Setting a new compliance function from scratch can be challenging, especially regarding budgeting. Outsourcing complex tasks may allow companies to gain wider access to skills, expertise and technology that are not readily available internally.
Contact Us
At PwC Malta, our Privacy and Data team has the expertise to help your organisation. For more information on the DSA and other regulatory matters including GDPR compliance, please reach out to one of our sector leaders below.
Contact us
