In the fast-paced digital era of the last decade, data privacy regulations have more and more become an integral part of the marketing landscape. And while some people working in our industry may find these regulations cumbersome, it's crucial to recognize that they are essential for safeguarding user rights. Whoever hasn’t figured that out by now, needs to to wake up in 2024. Because data privacy is here to stay – and the rules and measures associated with it are not getting any easier.
So here we go navigation you through this hot topic by taking a closer look at the currently most important privacy regulations in Europe – and therefore at the state of data privacy in Europe in 2024:
1. General Data Protection Regulation (GDPR)
Introduced in 2018, the General Data Protection Regulation (GDPR) is arguably the European Union's best-known and most comprehensive data protection regulation. It gives individuals more control over their personal data and mandates that organizations handle this information responsibly and ensure transparency and consent. The GDPR has served as a catalyst for similar legislation around the world by setting a precedent for robust data protection standards. For example, the California Consumer Privacy Act (CCPA) in the United States was heavily influenced by the GDPR.
2. Digital Service Act (DSA)
The Digital Services Act (DSA) is an EU regulation that has been in force since November 2022 and applies from February17, 2024. It aims to create an efficient and clear transparency and accountability framework for online platforms, to better protect users and their fundamental rights online and to promote innovation, growth and competitiveness in the single market. Specifically, the DSA regulates conduct obligations for providers of online intermediary services and contains, among other things, liability and safety regulations for digital platforms, services and products.
3. Digital Markets Act (DMA)
While the DSA applies primarily to medium-sized to large online platforms, the Digital Markets Act, which has been in force since May 2023, focuses primarily on large, market-dominating digital groups in the digital sector (such as Google, Microsoft, Apple and Meta). The aim is to give users important rights vis-à-vis these corporations and to ensure fairness and competition in the European digital single market through a harmonized regulatory framework, thus also ensuring the existence of small and medium-sized online platforms. In order to limit the influence of the "big players", uniform framework conditions were created across Europe. Gatekeepers are subject to special prohibitions or obligations of conduct. These range from bans on self-favoritism, regulations on data use and data interoperability to bans on discrimination and fair conditions.
4. Data Protection Impact Assessment (DPIA)
The EU’s General Data Protection Regulation (GDPR) includes a large amount of rules that organizations must follow in order to protect the personal information they collect about their clients or people who visit their websites. Under the GDPR, a Data Protection Impact Assessment (DPIA) is mandatory where data processing “is likely to result in a high risk to the rights and freedoms of natural persons”. This is particularly relevant whenever a new data processing technology is being introduced. This means that it is required in particular in the following cases: systematic and extensive evaluation of personal aspects relating to natural persons, including profiling; extensive processing of sensitive data; systematic and extensive monitoring of publicly accessible areas. In cases where it is not clear whether a data protection impact assessment is mandatory, it is nevertheless good practice to carry out a data protection impact assessment, as it helps data controllers to comply with data protection regulations.
5. Artificial Intelligence (AI) Act
With the Artificial Intelligence (AI) Act, the EU is taking a decisive step towards regulating AI - and therefore probably the hottest topic of the past few months and probably the next few months (or rather years). It would be the world's first comprehensive regulation of AI. The regulation takes a risk-based approach. AI technologies are to be divided into four different risk categories, ranging from "AI systems with unacceptable risk" to" AI systems with high risk", "AI systems with transparency requirements" and "AI systems with no/low risk". Various prohibitions and compliance and information obligations are then linked to this. The aim of the EU AI Act is to create a trustworthy framework in which companies can benefit from the development of AI systems while at the same time safeguarding people's rights and safety.
Breaches of data protection are not only reprehensible, but also expensive
As annoying as the topic of data protection may sometimes be in everyday digital marketing, it is justified – and we can be glad that most things are so well regulated in the EU. Anyone who is still not convinced must realize that violations are not exactly cheap. Data protection is a human right – and anyone who ignores this will pay dearly. Probably the highest fine was imposed on Meta in recent years. The US company had to pay a fine of 1.2 billion US dollars because it sent EU user information to the USA without having taken sufficient data protection precautions. In 2023, TikTok was fined 12.7 million pounds for failing to protect children's data. A lawsuit was filed against Amazon in the USA last year. The online giant is alleged to have used tricks to force subscriptions on customers. The US government has also started a lawsuit against Google – the largest US competition lawsuit in more than 20 years. This involves the accusation that the company is unfairly hindering competitors.
Data protection has come to stay
Whether we like it or not: Data protection should not be taken lightly. Regulations are becoming increasingly complex. And you have to keep learning and start working with companies that take data protection seriously.
ConnectAd is proud to be such a company. As an European AdTech company we do not only embrace and support data privacy. We have developed a privacy by design system. Wanna know more about that? Don’t hesitate to contact us! We are happy to meet you. Together we’ll navigate through the privacy regulations like a breeze.