Dissecting the Digital Services Act: A Watershed Moment for Data Privacy in European Health Tech



by Alejandro De La Parra Solomon, Co-Founder of the Quantum Brain Research Institute

In the dynamic landscape of digital health, where innovation holds the promise of transforming mental health solutions using innovative technologies, a new regulatory player has taken center stage in Europe. The Digital Services Act (DSA), enacted by the European Union (EU), seeks to redefine the rules of engagement for companies operating in the online sectors. While its primary focus is on illegal content, transparent advertising, and disinformation, the DSA carries profound implications for data privacy, potentially reshaping the future of health tech in Europe.


Unveiling the DSA



The DSA, Regulation (EU) 2022/2065, represents a significant leap forward in EU law. It aims to update the Electronic Commerce Directive 2000 and was meticulously crafted by Margrethe Vestager, the Executive Vice President of the European Commission for A Europe Fit for the Digital Age, and Thierry Breton, the European Commissioner for Internal Market. This regulation has been years in the making, and it reached its culmination on 22nd April 2022, with an agreement reached among European policymakers.

The central objective of the DSA is to harmonize the disparate national laws within the EU that have arisen to address issues such as illegal content. Notable among these national laws is Germany’s NetzDG, and similar legislations in Austria and France. The DSA’s adoption at the EU level seeks to override these national laws, standardizing rules regarding illegal content, transparent advertising, and disinformation.


Timeline for Digital Services Act. | Source: European Commission – https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-package


While the DSA primarily targets illegal content and advertising transparency, its impact on data privacy within the health tech sector cannot be underestimated. To fully appreciate the implications of the DSA on data privacy, it’s crucial to draw comparisons with two well-known regulations:

  • GDPR: The General Data Protection Regulation, in force since May 2018, primarily addresses personal data protection and privacy rights for individuals in the EU. While GDPR and DSA share data protection objectives, the latter is more specialized, focusing on content moderation and advertising transparency. Health tech companies operating in the EU must navigate both regulations when handling health-related data.
  • HIPAA: In the United States, the Health Insurance Portability and Accountability Act is the cornerstone of health data privacy. While the DSA doesn’t explicitly target health data, its obligations regarding data handling and transparency bear similarities to HIPAA. Health tech companies with global operations will need to align their practices with GDPR, HIPAA, and the DSA, creating a multifaceted compliance landscape.

One of the key tenets of the DSA is the conditional liability exemption for companies hosting user-generated content. It stipulates that these companies are not liable for such content unless they are aware of its illegality and fail to remove it. This is a significant departure from the broader immunities provided to intermediaries under Section 230 of the Communications Decency Act in the United States.

Beyond liability exemptions, the DSA introduces a host of obligations on online platforms. These obligations encompass transparency in algorithmic operations, disclosure of content removal processes, and transparency concerning how advertisers target users. In this context, health tech companies that collect and process sensitive health data must navigate a complex regulatory terrain.


The EU Digital Markets Act (VOSTEN)

Learn more about DSA and DMA on the European Commission website at:


Reforms in Consumer Protection and Transparency



The Digital Services Act, in conjunction with GDPR, represents a significant milestone in safeguarding user data and online privacy in the European Union. It introduces several measures designed to empower consumers and enhance transparency in the digital realm, with a particular focus on Very Large Online Platforms (VLOPs).

The DSA incorporates crucial aspects that need careful consideration due to their profound implications. To understand the significance of this legislation, these key elements and their multifaceted impacts across the VLOPs realms merit a decent dissection.

  • Complementing GDPR: The GDPR, which came into effect in 2018, established fundamental rules for individual consent and data usage. The DSA builds upon this framework by addressing specific challenges in the realm of online services and platforms. It brings greater clarity to how user data is handled by digital service providers.
  • Stricter Regulations for VLOPs: VLOPs, characterized by their enormous user bases, are at the center of the DSA’s attention. These platforms, including social media giants and e-commerce behemoths, are now subject to more stringent regulations, given their considerable influence over digital ecosystems.
  • Less Targeted Advertising for Minors: One of the significant consumer-focused aspects of the DSA is the enhanced protection for minors. VLOPs are now required to implement measures to reduce targeted advertising aimed at children. This step aims to shield young users from potentially harmful content and manipulative advertising practices.
  • Prohibition of Discriminatory Targeting: The DSA goes even further by prohibiting targeted advertising based on special categories of personal data, such as sexual orientation or religion. This ensures that users are not subjected to discriminatory or invasive ad campaigns that exploit sensitive information.
  • Mitigating Risks and Ensuring Oversight: VLOPs must adopt more comprehensive risk mitigation strategies. They are now tasked with maintaining and providing access to ad repositories, which can be audited for compliance. This measure fosters greater accountability and transparency in online marketing practices.
  • Elevated Transparency in Online Marketing: Perhaps one of the most noticeable changes for consumers is the higher level of transparency regarding online marketing. VLOPs are required to disclose more information about how advertisements are targeted and displayed to users. This empowers users to make informed choices about their online interactions.
  • Consumer Trust and Empowerment: The overarching goal of these measures is to build and maintain consumer trust in online platforms. When users feel that their data is protected, and they have control over their online experience, they are more likely to engage positively with digital services.
  • Global Implications: While the DSA is a European regulation, its impact is felt globally due to the international reach of VLOPs. Many companies are adopting DSA-compliant practices not only to operate in the EU but also to align with emerging global standards for data privacy and user protection.


DSA’s Profound Influence on Health Tech



The DSA is not just a piece of legislation with implications confined to the world of tech giants and social media platforms; it carries substantial significance for consumers and companies operating in the health technology sector.

In addition, the DSA should matter to consumers as it strengthens their digital rights, ensures safer online experiences, and protects them from harmful content and advertising practices. For health technology companies, the DSA presents an opportunity to build trust, adopt ethical advertising strategies, and align with global data privacy standards. These outcomes contribute to a healthier, more trustworthy digital ecosystem for health solutions and beyond.

To underscore the significance of the DSA for the primary stakeholders in the health tech sector, namely consumers and health tech companies, it’s essential to examine the parallels between these two groups:


For Consumers


The DSA’s impact on consumers is multifaceted and far-reaching. Firstly, it enhances privacy and data protection, which are paramount in the digital age. With stricter regulations on how their data is collected and used, consumers can enjoy a safer online experience. This is predominantly crucial in the health tech sector, where personal health data is often involved.

In the second place, the DSA addresses concerns related to online advertising and content, safeguarding users from harmful or inappropriate material. For individuals seeking health support and information online, this is invaluable. It ensures that platforms providing health resources maintain high standards and do not expose vulnerable individuals to misleading or harmful content.

What is more, the DSA’s focus on transparency in advertising benefits consumers by giving them greater control and understanding of how they are targeted by ads. In the context of health tech, this means that users can trust that the health solutions they encounter online are genuinely designed to support their well-being, rather than exploit their vulnerabilities.


For Health Tech Companies


Given that digital health often involves the collection and analysis of sensitive health data, adherence to the DSA’s data handling and privacy obligations becomes paramount. Striking a balance between innovation and privacy will be a persistent challenge.

Health tech companies, especially those involved in mental health solutions, should take note of the DSA for several reasons. Firstly, the legislation fosters an environment of trust and accountability. In the sensitive realm of mental health, trust is paramount. Companies that adhere to DSA standards not only comply with the law but also signal to users that their well-being is a top priority.

The DSA encourages ethical advertising practices and, for health tech firms, this means that their products and services can reach those who genuinely need them without resorting to intrusive or manipulative marketing tactics. Ultimately, this fosters a healthier and more ethical marketplace for health solutions.

With this in mind, compliance with the DSA aligns health tech companies with evolving global standards in data privacy and user protection. This not only opens doors to European markets but also positions them as responsible and forward-thinking players in the broader health tech landscape.


The Health Sector’s Journey with the DSA: Potential and Pitfalls



The Digital Services Act emerges as a pivotal regulation in the European health tech landscape. It strives to strike a balance between combating illegal content, ensuring advertising transparency, and protecting user data privacy. For entrepreneurs and innovators, particularly those in the health tech sector, the DSA represents both challenges and opportunities. Piloting this intricate regulatory terrain will require a deep understanding of data privacy, a commitment to compliance, and a firm focus on driving innovation while safeguarding sensitive health information.


Thorny Challenges


  • Data Handling Complexity: Health tech companies often deal with highly sensitive and personal data. Complying with the DSA, GDPR, and, if applicable, HIPAA, necessitates robust data protection measures. This complexity could deter startups with limited resources from entering the sector.
  • Compliance Costs: Achieving and maintaining compliance with multiple regulations can be costly. Entrepreneurs may need to allocate significant resources for legal counsel, data protection officers, and compliance audits.
  • Competition: As the health tech sector continues to grow, competition is fierce. Adhering to data privacy regulations can divert resources from innovation, making it challenging to stand out in the market.
  • Evolving Regulations: Regulatory frameworks, including the DSA, are subject to change and interpretation. Keeping up with evolving regulations requires ongoing effort and adaptability.
  • User Trust: Building and maintaining user trust is paramount in health tech. Striking the right balance between data-driven insights and user privacy can be a delicate endeavor.


Emergent Opportunities


  • Differentiation Through Privacy: Companies that prioritize user data privacy can differentiate themselves in the market. Demonstrating a commitment to protecting user information can build trust and loyalty.
  • Innovation: The DSA’s emphasis on transparency in algorithms and content moderation may inspire innovative solutions that enhance user experiences and trust while complying with regulations.
  • Expanding Market: The mental health tech market is vast and growing, driven by increasing awareness of mental health issues. Entrepreneurs who successfully navigate data privacy regulations can tap into this expanding market.
  • Collaboration: Collaborating with experts in data privacy and legal compliance can open doors to new opportunities. Partnerships with data protection specialists can help companies navigate the regulatory landscape effectively.
  • Global Reach: Meeting EU data privacy standards sets a high bar, potentially enabling health tech companies to expand into global markets with confidence in their data protection practices.
  • User-Centric Design: Embracing privacy regulations encourages a user-centric design approach. By prioritizing user needs and privacy, companies can develop more effective and ethical health solutions.


Embracing the Future in the Transforming Digital Landscape



In the ever-evolving landscape of health technology, a critical question emerges for companies: How can they strike the delicate balance between regulatory compliance and fostering innovation? Merely adhering to regulations is not sufficient. What’s imperative is a proactive investment in robust data protection measures and the unwavering prioritization of user privacy. Those who can perceive these evolving regulations as opportunities rather than mere obstacles are the ones poised for not just short-term survival but for achieving lasting growth and influence in the dynamic realm of health technology.

In summary, the Digital Services Act (DSA) and its accompanying data privacy regulations are at the forefront of reshaping the health tech landscape, with a specific lens on the pivotal domain of mental health. While these regulations undoubtedly present challenges, including compliance costs and potential hurdles for emerging startups, they concurrently present a distinct array of opportunities. For companies willing to embrace innovation and place ethical data practices and user-centric design at the core of their operations, this new regulatory environment can serve as fertile ground for growth and success.

As a pivotal complement to the GDPR, the DSA stands as a powerful force fortifying user rights and privacy protections in our digital age. Its overarching mission is to forge a safer and more transparent online environment that benefits all users, with a special focus on safeguarding minors and eradicating discriminatory advertising practices. As these regulations come into play, consumers can anticipate gaining more control over their digital experiences. Meanwhile, Very Large Online Platforms (VLOPs) are facing the challenge of adapting to this new era, characterized by heightened accountability and transparency in the realm of online marketing. The repercussions of these changes are poised to be substantial, signaling a future marked by constant adaptation and an unwavering commitment to securing digital well-being, particularly within the health tech sector.