IAB Europe responds to the EDPD's DSA-GDPR guidance consultation
31/10/2025 | IAB Europe
IAB Europe has submitted a joint response to the European Data Protection Board's (EDPB) draft guidelines on the interplay between the Digital Services Act (DSA) and the EU General Data Protection Regulation (GDPR). IAB Europe notes that while the industry has welcomed the guidance, it expressed concern that it was developed without the involvement of Digital Services Coordinators (DSCs), the European Board for Digital Services, or the European Commission, and urged the EDPB to engage with these relevant regulators.
The response outlines several key concerns. These include seeking clarification that advertising does not necessarily constitute automated decision-making and therefore fall under the scope of Article 22(1) of the EU General Data Protection Regulation (GDPR). IAB Europe also requested the EDPB confirm that processing personal data to comply with the DSA's transparency obligations on advertising targeting can rely on the legal obligation or legitimate interests legal bases. In addition, the response cautioned against an overly broad interpretation of special categories data and called for a flexible, risk-based approach to age verification measures.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 6,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.