The House of Data Imperiali bulletins are extracts from the articles of the Legal Information Service (SIG) edited by Mr. Rosario Imperiali d’Afflitto.

The SIG is available by subscription only.

For further information, please email:

EU data strategy and termination of the parliamentary term

In this legislative period, 2019-2024, the European Union has been marked by considerable dynamism in the development of legislative acts directly or indirectly related to the EU data strategy. 

The panorama of EU legislation in this area is broad and includes acts that have been enacted, entered into force, and in some cases already applicable.

In other cases, relevant to this scenario, acts are still in proposal form and completing the legislative process. 

In view of the approaching end of the parliamentary term in May 2024, with the elections for the renewal of Parliament called for June 6-9, this article conducts a reconnaissance in this context, while also attempting to make a prediction as to which acts have a well-founded likelihood of becoming law in this legislature.

The package regarding personal data

The previous legislature had launched the personal data protection package, with the simultaneous approval of the General Regulation (2016/679, “GDPR”) and the data protection law enforcement directive (Dir. 2016/680, “LED”). These had been followed by the Regulation on the Processing of Personal Data by EU Institutions (2018/1725, “EUDPR”). 

Despite the hopes, the personal data package had failed to be completed during the previous legislature with the approval of the proposed Electronic Communications Privacy Regulation (e-Privacy), the discussion of which was postponed to the current legislature and which, as will be seen below, has encountered greater difficulties than anticipated. 

In support of the free flow of data, on the other hand, the Regulation on the Free Flow of Non-Personal Data (2018/1807) had been enacted. While the Open Data Directive (2019/1024) was being published early in this legislature.

Acts which entered into force

Having essentially completed the regulation to protect personal data-with the sole exception of the proposed e-Privacy Regulation-the EU legislator in this legislative term has turned its attention to:  

  • the data implications brought about by digital markets and digital services 
  • the regulatory acts implementing the EU data strategy.

DMA – Digital Markets Act

The Digital Markets Regulation (2022/1925, “DMA”) entered into force on Nov. 1, 2022 and became applicable, with some limited anticipation, on June 25, 2023 (see Art. 54, DMA). 

Among the many requirements of the regulation, Article 15 of the DMA stipulates that designated gatekeepers must send annual descriptive reports to the European Commission on consumers profiling techniques. Following a public consultation launched by the Commission on this issue, EDPB and EDPS provided a joint contribution recommending that these reports should also contain information regarding the categories of personal data processed and their sources, the lifecycle of the processing in question, the legal basis on which it is based, measures taken regarding the rights of data subjects, and a description of the appropriate technical measures taken by gatekeepers. 

If the proposals of EDPB and EDPS are taken into account by the Commission in creating the model report to be produced by gatekeepers, Article 15 of the DMA will be an example of how to address transparency with respect to profiling and automated decisions. Information on the profiling techniques adopted will need to clarify the end results expected and achieved as a result of the profiling process.

DSA – Digital Services Act

The Digital Services Regulation (2022/2065, “DGA”) entered into force on Nov. 16, 2022 and will become applicable on Feb. 17, 2024 with some anticipatory exceptions.

DGA – Data Governance Act

The Data Governance Regulation (2022/868, “DGA”) entered into force on June 23, 2022 and became applicable on September 24, 2023.