The DSA debate started very ambitious on the idea of introducing significant limitations to the data-intensive business models underlying much of the platform economy today. As the political process unfolded, the data protection-related aspects of the DSA (tracking-based advertising in particular) become some of the most lobbied provisions in the draft regulation. Amongst others, the EDPS and EDPB indicated that the DSA proposal needed a more radical approach towards the data practices of the online platforms. The final text, however, landed on more limited set of restrictions. Against this background, a number of interesting and complex questions arise, which are worth discussing.
• What can we expect from the synergy of the GDPR and the DSA when it comes to privacy and data protection across (very large) online platforms in particular?
• How will the societal systemic risk rules play out with regard to some of the most problematic aspects of the business models underlying online platforms?
• Will access to data for researchers and auditing concretely shade any light on the functioning and systemic societal risks posed by platforms systems?
• What are the lessons we can draw from the DSA process on the future of data protection and its enforcement?