{"id":5842,"date":"2022-07-11T14:13:25","date_gmt":"2022-07-11T12:13:25","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=5842"},"modified":"2025-01-30T12:54:53","modified_gmt":"2025-01-30T11:54:53","slug":"weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/","title":{"rendered":"Weekly digest 4 &#8211; 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\"><em>TechGDPR\u2019s review of international data-related stories from press and analytical reports.<\/em><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">Legal processes: DSA and DMA, China\u2019s data exporters, ransom payments, CASPs<\/h4>\n\n\n\n<p><a href=\"https:\/\/www.europarl.europa.eu\/news\/en\/press-room\/20220701IPR34364\/digital-services-landmark-rules-adopted-for-a-safer-open-online-environment\">Last week, the European Parliament adopted the new Digital Services Act (DSA) and Digital Markets Act (DMA)<\/a>, following a deal reached between Parliament and Council. The two bills aim to address the societal and economic effects of the tech industry by setting clear standards for how they operate and provide services in the EU, in line with the EU\u2019s fundamental rights and values. The DSA sets clear obligations for <a href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-18012024-digital-services-transparency-and-risk-assessment-in-the-focus-of-regulators\/\">digital service providers<\/a>, such as social media or marketplaces, to tackle the spread of illegal content, online disinformation and other societal risks. These requirements are proportionate to the size and risks platforms pose to society. The new obligations include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>New measures to counter illegal content online and obligations for platforms to react quickly, while respecting fundamental rights, including the freedom of expression and data protection.<\/li>\n\n\n\n<li>Strengthened traceability and checks on traders in online marketplaces to ensure products and services are safe; including efforts to perform random checks on whether illegal content resurfaces.<\/li>\n\n\n\n<li>Increased transparency and accountability of platforms, for example by providing clear information on content moderation or the use of algorithms for recommending content, (so-called recommender systems); users will be able to challenge content moderation decisions.<\/li>\n\n\n\n<li>Bans on misleading practices and certain types of targeted advertising, such as those targeting children and ads based on sensitive data. So-called \u201cdark patterns\u201d and misleading practices aimed at manipulating users\u2019 choices will also be prohibited.<\/li>\n\n\n\n<li>Very large online platforms and search engines, (with 45 million or more monthly users), which present the highest risk, will have to comply with stricter obligations, enforced by the Commission, (preventing systemic risks, independent audits). They will also have to facilitate access to their data and algorithms to authorities and vetted researchers.<\/li>\n<\/ul>\n\n\n\n<p>At the same time, the DMA sets obligations for large online platforms acting as \u201cgatekeepers\u201d, (platforms whose dominant online position make them hard for consumers to avoid), on the digital market to ensure a fairer business environment and more services for consumers. To prevent unfair business practices, those designated as gatekeepers will have to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>allow third parties to inter-operate with their own services, meaning that smaller platforms will be able to request that dominant messaging platforms enable their users to exchange messages, send voice messages or files across messaging apps. This will give users greater choice and avoid the so-called \u201clock-in\u201d effect where they are restricted to one app or platform;<\/li>\n\n\n\n<li>allow business users to access the data they generate in the gatekeeper\u2019s platform, to promote their own offers and conclude contracts with their customers outside the gatekeeper\u2019s platforms.<\/li>\n<\/ul>\n\n\n\n<p>Gatekeepers can no longer:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Rank their own services or products more favourably, (self-preferencing), than other third parties on their platforms;<\/li>\n\n\n\n<li>Prevent users from easily un-installing any pre-loaded software or apps, or using third-party applications and app stores;<\/li>\n\n\n\n<li>Process users\u2019 personal data for targeted advertising, unless consent is explicitly granted.<\/li>\n<\/ul>\n\n\n\n<p>Once formally adopted by the Council in July, (DMA), and September, (DSA), both acts will be published in the EU Official Journal and enter into force twenty days after publication. Their application will start through 2023-2024.&nbsp;<\/p>\n\n\n\n<p>Meanwhile, <a href=\"https:\/\/www.reuters.com\/world\/china\/chinas-cyberspace-regulator-says-data-export-review-rules-effective-sept-1-2022-07-07\/\">China&#8217;s cyberspace regulator, (CAC), clarified that rules requiring data exports to undergo security reviews would be effective from Sept. 1<\/a>, the first time it has given a start date for a new regulatory framework that will affect hundreds, if not thousands, of Chinese companies, Reuters reports. The measures, according to Data Guidance\u2019s report, provide the cases in which a data exporter must submit a data exit security assessment to the CAC through the provincial cybersecurity and informatisation department where:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the data processor provides important data overseas;<\/li>\n\n\n\n<li>the data processor is a critical information infrastructure operator and the data processor processes the personal information of more than 1 million people;<\/li>\n\n\n\n<li>the data processor processes the personal information of 100,000 people or the sensitive information of 10,000 people since 1 January of the previous year; or<\/li>\n\n\n\n<li>other situations required to declare data export security assessments as provided by the CAC.<\/li>\n<\/ul>\n\n\n\n<p>The data export security assessment adheres to the combination of prior assessment and continuous supervision, and the combination of risk self-assessment and security assessment. In addition, the measures outline that a data processor&#8217;s pre-assessment should focus on, among other things, the responsibilities and obligations that overseas recipients are subject to, the risk of data being tampered, destroyed, or leaked, and whether data export related contracts fully stipulate the responsibility and obligation of data security protections. The full legal text, (in Chinese), is available <a href=\"http:\/\/www.cac.gov.cn\/2022-07\/07\/c_1658811536396503.htm\">here<\/a>.&nbsp;<\/p>\n\n\n\n<p>The UK National Cyber Security Centre, (NCSC), and Information Commissioner\u2019s Office, (ICO), say it is incorrect for organisations to assume paying ransoms is a) the right thing to do and they do not need to engage with the ICO as a regulator, or b) will gain benefit from it by way of reduced enforcement. Thus both organisations in a joint statement advise solicitors not to advise clients to pay ransomware demands should they fall victim to a cyber-attack.\u00a0Paying ransoms to release locked data does not reduce the risk to individuals, is not an obligation under data protection law, and is not considered as a reasonable step to safeguard data. <\/p>\n\n\n\n<p>The European Parliament and Council negotiators also reached <a href=\"https:\/\/www.europarl.europa.eu\/news\/en\/press-room\/20220627IPR33919\/crypto-assets-deal-on-new-rules-to-stop-illicit-flows-in-the-eu\">a provisional deal on a new bill aiming to ensure that crypto transfers, (like bitcoins and electronic money tokens), can always be traced<\/a> and suspicious transactions blocked. The legislation is part of the new EU anti-money laundering package and will be aligned with the Markets in Crypto-assets rules, (MiCA). The agreement extends the so-called \u201ctravel rule\u201d, already existing in traditional finance, to cover transfers in crypto assets. This rule requires that:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Information on the source of the asset and its beneficiary travels with the transaction and is stored on both sides of the transfer.&nbsp;<\/li>\n\n\n\n<li>Crypto-assets service providers, (CASPs), will be obliged to provide this information to competent authorities if an investigation is conducted into money laundering and terrorist financing.<\/li>\n\n\n\n<li>There are no minimum thresholds nor exemptions for low-value transfers, as originally proposed. Regarding protecting personal data, including a name and an address required by the travel rule, negotiators agreed that if there is no guarantee that privacy is upheld by the receiving end, such data should not be sent.<\/li>\n\n\n\n<li>Before making the crypto-assets available to beneficiaries, providers will have to verify that the source of the asset is not subject to restrictive measures or sanctions, and there are no risks of money laundering or terrorism financing.<\/li>\n<\/ul>\n\n\n\n<p>The rules would also cover transactions from so-called un-hosted wallets, (a crypto-asset wallet address that is in the custody of a private user,) when they interact with hosted wallets managed by CASPs. In case a customer sends or receives more than 1000 euros to or from their own un-hosted wallet, the CASP will need to verify whether the un-hosted wallet is effectively owned or controlled by this customer. The rules do not apply to person-to-person transfers conducted without a provider, such as bitcoin trading platforms, or among providers acting on their own behalf.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Official guidance: employees location, insurance applications, local authorities, commercial interest vs. consent<\/h4>\n\n\n\n<p>The Finnish data protection ombudsman <a href=\"https:\/\/tietosuoja.fi\/en\/-\/deputy-data-protection-ombudsman-collection-of-location-data-should-not-be-automatically-switched-on-in-employees-computers-without-a-reason\">asked service providers in the public sector for a report on use of the location data function in computers used by employees in the municipal sector<\/a>. The background for the report was a notification of a data security breach filed by a hospital district, when settings that allowed the collection of location data were switched on in employees\u2019 Windows 10 workstations and remote work laptops, although there was no intention to collect the data. As a result, the regulator found that:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The hospital district did not have a need required by law for processing employees\u2019 location data.<\/li>\n\n\n\n<li>The hospital district did not appropriately review what data it intended to collect.&nbsp;<\/li>\n\n\n\n<li>Since the employees\u2019 location data were unnecessary for the employer and collected unintentionally, these data should not have been processed. In order to ensure data protection by default, the hospital district should have reviewed the basic settings of the system and noticed that the location function was switched on before deploying the workstations.&nbsp;<\/li>\n\n\n\n<li>Since the location function was switched on, employees\u2019 personal data were delivered to Microsoft as well.<\/li>\n<\/ul>\n\n\n\n<p>The regulator ordered the erasure of any historical data, location logs and other personal data created during use of the location data function.&nbsp;<\/p>\n\n\n\n<p>The Finnish ombudsman has also investigated <a href=\"https:\/\/tietosuoja.fi\/-\/tietosuojavaltuutettu-vakuutusyhtiot-keranneet-terveystietoja-tarpeettoman-laajasti\">the procedures of insurance companies when they request the health information of insurance applicants <\/a>and insured persons from health care providers in order to determine the insurance company&#8217;s responsibility. Deficiencies were found, especially in the appropriate demarcation of the information requested from the health care provider and in the legality of processing. The insurance companies justified the processing of the policy applicant&#8217;s health data on the grounds of data protection, according to which the insurance institution can process client or claimant\u2019s health data that is necessary to determine the liability of the insurance institution.<\/p>\n\n\n\n<p>The regulator states that the provision of the data protection law in question only applies to the processing of the data of the insured and the claimant. Insurance companies cannot process the insurance applicant&#8217;s health information or request personal information from the health care provider during the insurance application phase, based on the regulations, because the contract has not yet been concluded. It is possible to process health data under certain conditions if the person has given valid consent. However, it requires that the person is told precisely what information is collected about them and for what purposes it is used. Asking for consent in a general way without detailing the information and purposes of use therefore does not meet the requirements of the data protection regulation.<\/p>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 36%\"><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The French data protection regulator CNIL published <a href=\"https:\/\/www.cnil.fr\/fr\/cybermalveillancegouvfr-et-la-cnil-publient-un-guide-sur-les-obligations-et-les-responsabilites-des\">a guide on the obligations and responsibilities of local authorities with regard to data protection<\/a>. The study was conducted at the end of 2021. Focusing on communities smaller than 3,500 inhabitants, which represent 91% of municipalities in France, this study aimed to understand digital usage, identify risks\/obstacles and data needs. It appeared that the majority of respondents are not aware of the legal framework in force, with the exception of the GDPR. The provisions relating to competences and responsibilities in the field of digital security are little or not known to local elected officials and territorial agents, who consider cybersecurity regulations to be particularly complex.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"1024\" height=\"683\" src=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-1024x683.jpg\" alt=\"DSA and DMA\" class=\"wp-image-5847 size-full\" srcset=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-1024x683.jpg 1024w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-300x200.jpg 300w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-768x512.jpg 768w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-1536x1024.jpg 1536w, https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/wesley-tingey-snNHKZ-mGfE-unsplash-2048x1365.jpg 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p>The purpose of this guide is to inform local elected officials and territorial agents about the obligations related to: a) the protection of personal data; b) the implementation of local teleservices; c) hosting of health data. This guide also recalls the different types of legal liability to which local authorities and their public institutions are exposed in the event of cyberattacks and damage related to: administrative responsibility, civil liability, criminal liability.<\/p>\n\n\n\n<p>The European Commission says that the Dutch data protection authority <a href=\"https:\/\/www.nrc.nl\/nieuws\/2022\/07\/03\/brussel-tikt-nederlandse-ap-op-de-vingers-om-te-strikte-naleving-privacywetgeving-a4135385\">AP is hindering free enterprise in the EU by interpreting privacy legislation too strictly<\/a>. The legal battle refers to the dispute between the AP and streaming service VoetbalTV. The service broadcasted video images of amateur matches via the internet for, among others, players, trainers and fans. More than 150 clubs used it, until the AP imposed a fine of 575,000 euros on the service in\u00a0 2019. Football TV then went bankrupt. <\/p>\n\n\n\n<p>According to the AP, the profit motive of the company could never constitute a &#8216;legitimate interest&#8217; for the broadcasting of the images without the individual consent of players and the public.\u00a0According to Brussels, the Dutch supervisory authority did not strike the right balance between the right to data protection on the one hand and the freedom of undertaking on the other. Additionally, in 2020, a Dutch court reportedly ruled that VoetbalTV did not have to pay the fine, as personal data may sometimes also be processed when there is only a commercial interest. The AP had appealed against this decision.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Investigations and enforcement actions: website security, data protection requests, employment certificate, cookies, account deletion, health data<\/h4>\n\n\n\n<p>As part of one of its priority themes, &#8220;the cybersecurity of the French web&#8221;, <a href=\"https:\/\/www.cnil.fr\/fr\/cybersecurite-15-mises-en-demeure-lencontre-de-sites-web-insuffisamment-securises\">the CNIL has carried out a series of online checks of twenty-one websites of French public sector bodies, <\/a>(municipalities, university hospitals, ministries, etc.), and the private sector, (e-commerce platforms, IT solution providers, etc.). The verifications carried out by the CNIL therefore focused mainly on technical and organisational flaws:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>unsecured access, (HTTP), to websites, (many actors), implemented obsolete versions of the TLS protocol to ensure the security of data in transit, used certificates and non-compliant cryptographic suites for exchanges with the servers of controlled sites;<\/li>\n\n\n\n<li>lack of devices to trace abnormal connections to servers;<\/li>\n\n\n\n<li>use of insufficiently robust passwords and procedures to renew them that do not sufficiently secure their transmission and retention.<\/li>\n<\/ul>\n\n\n\n<p>The bodies on notice have a period of three months to take any measure to ensure an appropriate level of security.<\/p>\n\n\n\n<p>The Finnish company Otavamedia was penalised for <a href=\"https:\/\/tietosuoja.fi\/-\/otavamedialle-seuraamusmaksu-puutteista-tietosuojaoikeuksien-toteutuksessa\">shortcomings in the implementation of data protection rights<\/a>. Between 2018 and 2021, eleven cases concerning Otavamedia were brought to the office of the data protection commissioner. Among other things, the complainants had not received an answer to their requests or inquiries regarding data protection rights. According to the report provided by Otavamedia, some of the data protection requests had not been implemented due to a technical problem with the e-mail control in connection with the change of digital service providers. During the error situation, the messages that arrived in the e-mail box reserved for data protection matters were not forwarded to the customer service staff. The situation was discovered only after the data protection authority\u2019s request for clarification.&nbsp;<\/p>\n\n\n\n<p>Otavamedia should have taken care to test the e-mail box, as it is the main electronic contact channel of data subjects in data protection matters. Additionally, the registrants had the opportunity to make requests to Otavamedia regarding their own information using a printable form. The person&#8217;s signature was required on the form for identification purposes. The regulator considers that with this method of operation, Otavamedia collected an unnecessarily large amount of data for identification purposes. Otavamedia does not process signature information in other contexts, which is why it was not possible, for example, to compare signatures with previously held information.<\/p>\n\n\n\n<p>In the first half of 2022, the Czech office for personal data protection UOOU monitored compliance with the GDPR in connection with the setting of the processing of cookie files by various operators of web portals and pages, based on both complaints received and the monitoring plan. Among the main shortcomings detected by the regulator are:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use of non-technical cookies without consent.<\/li>\n\n\n\n<li>A disproportionately long period of validity of cookies in relation to their purpose.<\/li>\n\n\n\n<li>Absence of the choice for expressing disagreement with the non-technical cookies in the first layer of the cookie bar.<\/li>\n\n\n\n<li>Wrong categorisation of cookies.<\/li>\n\n\n\n<li>Absence of information about specific cookies used.<\/li>\n\n\n\n<li>The difference in the visibility of the consent and non-consent buttons for the use of non-technical cookies.<\/li>\n\n\n\n<li>Information about cookies in a foreign language.<\/li>\n\n\n\n<li>The cookie bar makes it difficult or impossible to read the website.<\/li>\n<\/ul>\n\n\n\n<p>The Polish supervisory authority UODO was notified of potential inaccuracies related to the processing of personal data by a manufacturing company, (Esselmann Technika Pojazdowa). <a href=\"https:\/\/edpb.europa.eu\/news\/national-news\/2022\/loss-document-personal-data-and-failure-notify-incident-reason-fine_en\">The company made an informed decision not to notify a breach involving an important document of one of its employees to the supervisory authority<\/a>, despite the letters addressed to it indicating a possible risk to the rights or freedoms of the persons concerned in this case. In the course of explanatory actions by the regulator the loss of a document from the personal file of a company employee &#8211; an employment certificate &#8211; was revealed. The certificate of employment contains a lot of important information about the person, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the period(s) of employment;<\/li>\n\n\n\n<li>the procedure and legal basis for the termination or expiry of the employment relationship;<\/li>\n\n\n\n<li>parental and child care leave taken;<\/li>\n\n\n\n<li>information on the amount of remuneration and qualifications obtained &#8211; at the employee&#8217;s request;<\/li>\n\n\n\n<li>information on enforcement seizure of remuneration.<\/li>\n<\/ul>\n\n\n\n<p>Taking the above into account, the Polish regulator imposed a fine of approx 3,500 euros.<\/p>\n\n\n\n<p>The Irish data protection authority DPC published its recent decision concerning Twitter International Company. In 2019, the complainant alleged that, following the suspension of their Twitter account, <a href=\"https:\/\/www.dataprotection.ie\/sites\/default\/files\/uploads\/2022-07\/Decision%20concerning%20Twitter%20International%20Company%2020220427.pdf\">Twitter failed to comply with an erasure request they had submitted to it within the statutory timeframe<\/a>. Further, the complainant alleged that Twitter had requested a copy of their photographic ID in order to action their request without a legal basis to do so. Finally, the complainant alleged that Twitter had retained their personal data following their erasure request without a legal basis to do so.<\/p>\n\n\n\n<p>While the complaint was lodged directly with the DPC by an individual who resides in the UK, the DPC considered that the nature of the data processing operations complained of could have a substantial effect, and that the type of processing meets the definition of cross border processing. As a result, the DPC ordered Twitter, pursuant to Article 58 of the GDPR, to revise its internal policies and procedures for handling erasure requests to ensure that data subjects are no longer required to provide a copy of photographic ID when making data erasure requests, unless it can demonstrate a legal basis for doing so.&nbsp;<\/p>\n\n\n\n<p>Data relating to health enjoys enhanced protection and, subject to the exceptions provided for by the law, dissemination is prohibited. Administrative transparency cannot violate people&#8217;s privacy. For these reasons, the Italian privacy regulator \u2018Garante\u2019 <a href=\"https:\/\/www.gpdp.it\/garante\/doc.jsp?ID=9784482\">sanctioned the Roma local health authority 46,000 euros<\/a>. It had published in clear text on its website all the names and data relating to the health of the subjects who had requested civic access in 2017 and 2018. In most cases, the documents concerned the health records of the persons concerned, including medical records, disability assessments, tests, technical reports, etc. The first serious violation detected by the Authority, which took action ex officio, was therefore the dissemination of data on the health of the subjects concerned, information relating to both their physical and mental state, including the provision of health care services.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data security: cybersecurity threat landscape<\/h4>\n\n\n\n<p>The European Union Agency for Cybersecurity provided<a href=\"https:\/\/www.enisa.europa.eu\/news\/enisa-news\/how-to-map-the-cybersecurity-threat-landscape-follow-the-enisa-6-step-methodology\"> simple steps to map the cybersecurity threat landscape<\/a>. The methodology aims at promoting consistent and transparent threat intelligence sharing across the EU, (including but not limited to public bodies, policy makers, cybersecurity experts, industry, vendors, solution providers, SMEs). The framework is based on the different elements considered in the performance of the cybersecurity threat landscape analysis. It therefore includes the identification and definition of the process, the methods and tools used as well as the stakeholders involved. Building on the existing modus operandi, this methodology provides directions on the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>defining components and contents of each of the different types of CTL;<\/li>\n\n\n\n<li>assessing the target audience for each type of CTL to be performed;<\/li>\n\n\n\n<li>how data sources are collected;<\/li>\n\n\n\n<li>how data is analysed;<\/li>\n\n\n\n<li>how data is to be disseminated;<\/li>\n\n\n\n<li>how feedback is to be collected and analysed.<\/li>\n<\/ul>\n\n\n\n<p>The methodology consists of six main steps with predicted feedback and associated to each of these steps: direction, collection, processing, analysis and production, dissemination, feedback. You can download the the full methodology guide <a href=\"https:\/\/www.enisa.europa.eu\/publications\/enisa-threat-landscape-methodology\">here<\/a>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Big Tech: Apple\u2019s new lockdown mode, Chinese CCTV in UK<\/h4>\n\n\n\n<p><a href=\"https:\/\/www.cnet.com\/tech\/mobile\/how-to-use-apples-lockdown-mode-to-guard-against-an-industrial-strength-iphone-hack\/\">Apple&#8217;s latest iOS 16 security tool can defend against a state-sponsored cyberattack on your iPhone<\/a>, cnet.com reports. In short, new Lockdown Mode increases <a href=\"https:\/\/www.apple.com\/newsroom\/2022\/07\/apple-expands-commitment-to-protect-users-from-mercenary-spyware\/\">security capabilities<\/a> on iOS 16, iPadOS 16, and macOS Ventura by limiting certain functions that may be vulnerable to attack:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.<\/li>\n\n\n\n<li>Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.<\/li>\n\n\n\n<li>Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.<\/li>\n\n\n\n<li>Wired connections with a computer or accessory are blocked when iPhone is locked.<\/li>\n\n\n\n<li>Configuration profiles cannot be installed, and the device cannot enrol into mobile device management, (MDM), while Lockdown Mode is turned on.<\/li>\n<\/ul>\n\n\n\n<p>Meanwhile, a cross party group of <a href=\"https:\/\/news.yahoo.com\/call-for-ban-on-chinese-cctv-cameras-which-recognise-faces-and-emotions-155043095.html?guccounter=1\">UK MPs have called for a ban on two Chinese surveillance camera brands widely used in Britain<\/a>, according to Yahoo News. The AI-enabled cameras are capable of facial detection, gender recognition and behavioural analysis and offer advanced features such as identifying fights or if someone is wearing a face mask. The two brands \u2014 Hikvision and Dahua \u2014 are widely used by government bodies in the UK, by 73% of councils across the UK, 57% of secondary schools in England, and six out of 10 NHS Trusts. Reportedly, Hikvision and Dahua are now banned from trading in the US over security concerns and evidence of their widespread use in so-called \u201cre-education\u201d camps in China. The MP\u2019s call for action also includes \u201can independent national review of the scale, capabilities, ethics and rights impact of modern CCTV in the UK\u201d. <\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Legal processes: DSA and DMA, China\u2019s data exporters, ransom payments, CASPs Last week, the European Parliament adopted the new Digital Services Act (DSA) and Digital Markets Act (DMA), following a deal reached between Parliament and Council. The two bills aim to address the societal [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":5844,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[198,197,100,102,116,119,35],"class_list":["post-5842","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-cctv","tag-consent","tag-cookies","tag-data-subjects-rights","tag-digital-markets-act","tag-digital-services-act","tag-gdpr"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg",2560,1707,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-300x200.jpg",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-768x512.jpg",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-1024x683.jpg",640,427,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-2048x1365.jpg",2048,1365,true],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-200x200.jpg",200,200,true]},"post_excerpt_stackable":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Legal processes: DSA and DMA, China\u2019s data exporters, ransom payments, CASPs Last week, the European Parliament adopted the new Digital Services Act (DSA) and Digital Markets Act (DMA), following a deal reached between Parliament and Council. The two bills aim to address the societal and economic effects of the tech industry by setting clear standards for how they operate and provide services in the EU, in line with the EU\u2019s fundamental rights and values. The DSA sets clear obligations for digital service providers, such as social media or marketplaces,&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg",2560,1707,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-150x150.jpg",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-300x200.jpg",300,200,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-768x512.jpg",640,427,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-1024x683.jpg",640,427,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-2048x1365.jpg",2048,1365,true],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-200x200.jpg",200,200,true]},"post_excerpt_stackable_v2":"<p>TechGDPR\u2019s review of international data-related stories from press and analytical reports. Legal processes: DSA and DMA, China\u2019s data exporters, ransom payments, CASPs Last week, the European Parliament adopted the new Digital Services Act (DSA) and Digital Markets Act (DMA), following a deal reached between Parliament and Council. The two bills aim to address the societal and economic effects of the tech industry by setting clear standards for how they operate and provide services in the EU, in line with the EU\u2019s fundamental rights and values. The DSA sets clear obligations for digital service providers, such as social media or marketplaces,&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2022-07-11T12:13:25+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-30T11:54:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Weekly digest 4 &#8211; 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers\",\"datePublished\":\"2022-07-11T12:13:25+00:00\",\"dateModified\":\"2025-01-30T11:54:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/\"},\"wordCount\":3523,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg\",\"keywords\":[\"CCTV\",\"consent\",\"cookies\",\"data subjects rights\",\"Digital Markets Act\",\"Digital Services Act\",\"GDPR\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/\",\"name\":\"Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg\",\"datePublished\":\"2022-07-11T12:13:25+00:00\",\"dateModified\":\"2025-01-30T11:54:53+00:00\",\"description\":\"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg\",\"width\":2560,\"height\":1707},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly digest 4 &#8211; 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR","description":"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/","og_locale":"en_US","og_type":"article","og_title":"Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR","og_description":"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers","og_url":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/","og_site_name":"TechGDPR","article_published_time":"2022-07-11T12:13:25+00:00","article_modified_time":"2025-01-30T11:54:53+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg","type":"image\/jpeg"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Weekly digest 4 &#8211; 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers","datePublished":"2022-07-11T12:13:25+00:00","dateModified":"2025-01-30T11:54:53+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/"},"wordCount":3523,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg","keywords":["CCTV","consent","cookies","data subjects rights","Digital Markets Act","Digital Services Act","GDPR"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/","url":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/","name":"Weekly digest 4 - 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg","datePublished":"2022-07-11T12:13:25+00:00","dateModified":"2025-01-30T11:54:53+00:00","description":"TechGDPR\u2019s review of the most important data-related stories: DSA and DMA adopted, setting clear standards on EU digital service providers","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2022\/07\/austin-distel-744oGeqpxPQ-unsplash-scaled.jpg","width":2560,"height":1707},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/weekly-digest-11072022-dsa-and-dma-adopted-setting-clear-standards-on-eu-digital-service-providers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Weekly digest 4 &#8211; 10 July 2022: DSA and DMA adopted, setting standards on EU digital service providers"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=5842"}],"version-history":[{"count":15,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5842\/revisions"}],"predecessor-version":[{"id":10229,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/5842\/revisions\/10229"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/5844"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=5842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=5842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=5842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}