The European Commission has recently published guidance on the publication of user numbers in the EU under the Digital Services Act.

The European Commission has recently published guidance for online platforms and search engines regarding the publication of user numbers in the EU. Regarding the requirement to publish user numbers in the EU under the Digital Services Act (DSA), the European Commission has published this non-binding guidance, ahead of the February 17th deadline for reporting. After 17th February, 2023, these platforms are expected to continue reporting user numbers in the EU at minimum every six months. Since the entry into force of the DSA, the European Commission has been contacted with practical questions on the application of the Act.

The European Commission publishes guidance in order to address practical questions on the application of the DSA.

This guidance seeks to address some practical questions which have been raised on the provisions of the DSA concerning the obligation to publish information on the average monthly active recipients of the service in the Union. The DSA entered into force on 16 November 2022, and with that it became an obligation for online platforms and search engines to publish user numbers in the EU by February 17th 2023. The Commission seeks to address some practical questions received regarding this aspect of the DSA. These questions cover the  scope of the obligation under the DSA concerning the identification and counting of average monthly active recipients of services, whether the public numbers need to be notified to the European Commission, among other queries. The European Commission clarifies in the publication of this guidance, that average active monthly user counts must be made publicly available and published on the platform’s site. The FAQ-style guidance addresses several clarifying questions received from various service providers.

Larger platforms and search engines, depending on their user numbers will have various additional obligations. 

Depending on an organisation’s EU numbers, they will be classified by the Commission as either a very large online platform (VLOP) or a very large online search engine (VLOSE). Each of these would be subject to additional obligations, such as making a risk assessment and taking corresponding risk mitigation measures. Some of these additional requirements based on a platform’s size include bans on targeted adverts to children and those based on special characteristics of users, options for users to not have recommendations based on profiling, and transparency of recommender systems. The full list of additional obligations and the corresponding classifications are outlined here. 

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.