European Data Protection Board publishes guidelines on the interaction of European rules on digital and data protection law

  • Author: Arno Schlösser, DP-Dock GmbH
  • Last updated: October 2025
  • Category: Data Security, General obligations

The European Data Protection Board has published guidelines on the interaction of the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR) on 12 September 2025.

The guidelines clarify how the DSA and the GDPR interact when intermediary services such as marketplaces, social networks, content sharing platforms, app stores and online platforms for travel and accommodation process personal data. The guidelines recognise that efforts to detect, identify, and address (e.g., de-monetise, remove or disable access to) illegal content may involve processing of personal data using different techniques. Moreover, the guidelines explain which parts of the DSA affect GDPR regulations and how certain provisions of the DSA relate to GDPR regulations such as profiling and special categories of data.

The guidelines also explain how the competent authorities should interpret and apply both regulations in a harmonised manner and provide practical guidance for supervisory authorities to coordinate the enforcement of the DSA and the GDPR in areas where their obligations overlap. This serves to ensure consistency, legal certainty for data controllers and the protection of rights and freedoms.

Should you have any questions on the interaction of the DSA with the GDPR or require further information, please do not hesitate to contact us any time.

DSA (Digital Services Act) introduced by the European Union. New rules for online safety, content moderation, and platform transparency.
© Sidney vd Boogaard / stock.adobe.com | #1426893422

Back to the news overview

Privacy settings

We use cookies on our website. Some of them are essential, while others help us improve this website and your experience.

In this overview you can select and deselect individual cookies of a category or entire categories. You will also receive more information about the cookies available.
Group essential
Name Matomo
Technical name
Provider
Expire in days 72
Privacy policy
Use Use without cookies
Allowed
Group external media
Name Calendly
Technical name __cf_bm,__cfruid,OptanonConsent
Provider Calendly LLC
Expire in days 365
Privacy policy
Use To arrange appointments via the provider Calendly
Allowed
Name Contao CSRF Token
Technical name csrf_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the website from cross-site request forgery attacks. After closing the browser, the cookie is deleted again.
Allowed
Name Contao HTTPS CSRF Token
Technical name csrf_https_contao_csrf_token
Provider Contao
Expire in days 0
Privacy policy
Use Serves to protect the encrypted website (HTTPS) against falsification of cross-site requests. After closing the browser the cookie is deleted again
Allowed
Name PHP SESSION ID
Technical name PHPSESSID
Provider Contao
Expire in days 0
Privacy policy
Use PHP cookie (programming language), PHP data identifier. Contains only a reference to the current session. There is no information in the user's browser saved and this cookie can only be used by the current website. This cookie is used all used in forms to increase usability. Data entered in forms will be e.g. B. briefly saved when there is an input error by the user and the user receives an error message receives. Otherwise all data would have to be entered again
Allowed
Privacy Policy | Privacy Policy