Brussels IP & Tech Update - EU Regulatory Data Protection framework, Digital Services Act, New Content Creator Protocol, Data breach survey 2022

In this first edition of 2022, we bring you an overview of EU Regulatory Data Protection developments, an update on the DSA legislative process and DLA Piper’s data breach survey and report 2022.

We highlight the Flemish Media Regulator’s Content Creator Protocol of mid-December 2021, the integration of the cookie rules in the Belgian Data Protection Act, the transposition of the EECC into Belgian law, as well as other developing news.

We take this opportunity to wish you a happy new year and look forward to bringing you more up to date insights on intellectual property, technology and data protection over the course of 2022.

The EU Regulatory Data Protection: Many pieces to the regulatory framework puzzle -The European Data Strategy has resulted in decisive steps to developing an extensive new digital legal framework alongside the GDPR for the European Union. Many of these initiatives focus on building trust for B2B and business-to-government data sharing. Some are aimed, mainly, at regulating certain market players within the EU digital ecosystem. An overview of the main regulatory data protection initiatives can be found here.

Digital Services Act: Trilogue negotiations to start on 31 January 2022 -The European Parliament’s adoption, on 20 January 2022, of its position on the Digital Services Act, has paved the way for trilogue negotiations to start from 31 January 2022.

Some noteworthy changes to the Commission proposal introduced by the Parliament are the following:

• Requirement that information about redress mechanisms against content decisions must be “easily understandable” and include the deadlines for appeal.
• A ban on targeting based on the use of minors’ personal data for advertising purposes.
• A ban on targeting on the basis of certain special categories of data (to protect vulnerable groups).
• A prohibition for online platforms to use deceiving or nudging techniques to influence users’ behaviour through “dark patterns”.
• Very large online platforms should provide at least one recommender system that is not based on profiling to give users more choice on algorithm-based ranking. 
• A new provision on the right to use and pay for digital services anonymously.

We will continue to closely monitor the legislative process in this regard.

Cookie rules integrated in the Belgian Data Protection Act -With the Act of 21 December 2021 transposing Directive 2018/1972 and establishing the European Electronic Communications Code, the cookie rules have been moved from the Electronic Communications Act of 13 June 2005 to the Belgian Data Protection Act of 30 July 2018 (new article 10/2). The rules as such remain unchanged. When storing information or gaining access to information stored in a user’s terminal equipment by means of cookies or other techniques or technologies, prior consent is required. Except, however, for technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary, in order to provide an information society service explicitly requested by user.

New Content Creator Protocol for content creators -The Flemish Media Regulator (FMR) published its Content Creator Protocol which contains strict(er) guidelines aimed at content creators, influencers and vloggers established in Flanders. It focuses on: (i) commercial communications on social media, (ii) commercial communications and content towards minors and (iii) hate speech. Read the blog here.

Transposition of the European Electronic Communications Code into Belgian law -On 16 December 2021 (one year after the deadline), the Belgian legislator adopted a law which transposes the European Electronic Communications Code (EECC) into Belgian law. It is clear from the wording of the law that the Belgian legislator intended to stay as close as possible to the EECC’s text. More information about the changes introduced by the EECC can be found here. To help you navigate the EECC, download our app.

Another step closer to the Unified Patent Court -On 19 January 2022, Austria formally ratified the Protocol on Provisional Application of the UPC Agreement. As Austria is the 13th Member State to participate in the provisional application of the UPC Agreement, the required number of ratifications has now been reached and the Protocol has officially entered into force. The last part of the preparatory work in establishing the Unified Patent Court will now be conducted. Find the official declaration here.

Get ready for collective class actions in the EU -Following the implementation of the Collective Redress Directive (CRD) at the end of 2022, which creates a pan-European system of class actions for any breach of European consumer law, consumers will soon be better protected against any violation of their rights. Key trends and risks that consumer businesses in Europe may face following the implementation are outlined in our client risk report, which is available on request.

Valuable resources

DLA Piper’s GDPR fines and data breach survey 2022 -DLA Piper recently launched the 2022 GDPR fines and data breach report. The latest annual survey provides up-to-date numbers on the total value of GDPR fines imposed, personal data breaches notified per jurisdiction, high profile data breaches, and more. You can obtain a copy of the report and view the webinar here.