Advertising Practices and Requirements under DSA
This new topic is needed to specifically address advertising practices on online platforms under DSA, including transparency requirements, content moderation of ads, disclosure of sponsored content, and protection against misleading or deceptive advertising practices.
advertising practices online advertising ad placement sponsored content advertising transparency ad disclosure advertising rules platform advertising
Overview
Legal Framework
The advertising-specific obligations under the Digital Services Act (DSA) are primarily governed by Articles 39 and 40. These articles establish distinct transparency and accountability regimes for online platforms and for very large online platforms (VLOPs)/very large online search engines (VLOSEs), respectively. The legal requirements stem from the particular risks advertising systems pose due to their scale and sophisticated targeting capabilities, as recognized in Recital 95.
Article 39 DSA mandates that all online platforms ensure recipients can identify, in a clear and unambiguous manner, that the information presented to them is an advertisement. They must also disclose, on whose behalf the advertisement is presented, and meaningful information about the main parameters used to determine the recipient to whom the advertisement is displayed. Article 40 DSA imposes enhanced obligations on VLOPs and VLOSEs, requiring them to maintain and provide public access to a searchable repository containing detailed information about all advertisements served on their interface. This repository must include the content of the ad, who paid for it, the period it was displayed, and the targeting criteria and parameters used.
Practical Application
The authoritative commentary emphasizes that these provisions are designed to mitigate systemic risks from opaque advertising systems by enabling public and regulatory scrutiny. For VLOPs/VLOSEs, the repository under Article 40 is not a passive archive; it must be designed to facilitate meaningful analysis of advertising practices, including the identification of advertisers and the logic behind ad targeting. This supports the overarching DSA goals of protecting recipients against misleading or manipulative advertising and ensuring accountability. While Article 39 applies broadly to platforms, its requirement to provide "meaningful information" about targeting parameters necessitates a contextual assessment based on the complexity of the platform's advertising system and the data used.
Key Considerations
- Platforms must implement technical and design solutions to ensure advertisements are labeled conspicuously and that disclosure information about the advertiser and targeting is easily accessible to the user, as required by Article 39.
- VLOPs and VLOSEs must build and maintain a publicly accessible, searchable, and machine-readable ad repository compliant with Article 40's detailed specifications, ensuring data is retained for one year after the ad's last display.
- Organizations should review their advertising interfaces and backend data logging to ensure they can generate and present the required disclosures in real-time (for users) and in comprehensive detail (for the public repository, if applicable).
Laws (6)
Guidance (10)
ARTICLE 29 DATA PROTECTION WORKING PARTY
Guidelines on transparency
Richtsnoeren 3/2022 betreffende het herkennen en vermijden van misleidende ontwerppatronen in de interfaces van socialemediaplatforms
guidelines misleidende ontwerppatronen
Deze richtsnoeren bieden praktische aanbevelingen aan aanbieders van sociale media als verwerkingsverantwoordelijken van sociale media, ontwerpers en gebruikers van socialemediaplatforms, over het beoordelen en vermijden van zogenaamde 'misleidende ontwerp patronen' in de interfaces van sociale media die inbreuk maken op de vereisten van de AVG. Daartoe beveelt de EDPB aan dat verwerkingsverantwoordelijken gebruikmaken van interdisciplinaire teams, bestaande uit onder meer ontwerpers, func...
Richtsnoeren 4/2019 inzake artikel 25 Gegevensbescherming door ontwerp en door standaardinstellingen
guidelines privacy by design en default
Richtsnoeren 8/2020 betreffende de targeting van gebruikers van sociale media
guidelines targeting gebruikers sociale media
Guidelines 8/2020 on the targeting of social media users
Guidelines on the targeting of social media users
Richtsnoeren 3/2018 over het territoriale toepassingsgebied van de AVG (artikel 3)
guidelines territoriaal toepassingsgebied AVG
Versiegeschiedenis
guidelines uitvoeren overeenkomst
Version history
GROEP GEGEVENSBESCHERMING ARTIKEL 29
guidelines transparantie
Guidelines 05/2020 on consent under Regulation 2016/679
Guidelines on consent
News (7)
CNIL (France) - SAN-2025-017
added links to GDPR articles === Holding ====== Holding === The DPA found that, since the membership form did not contain information on the transmission of members' data to the social media platform, or even on targeted advertising, the consent was not informed nor specific. Therefore, it found the processing to be unlawful, violating Article 6(1)(a) GDPR. The DPA found that, since the membership form did not contain information on the transmission of members' data to the social media
AP publiceert vernieuwde leidraad gerichte online politieke reclame
De Autoriteit Persoonsgegevens (AP) heeft de eerder gepubliceerde leidraad voor gerichte politieke online reclame aangepast. Hierin is nu de input verwerkt van organisaties die reageerden op de consultatie van de leidraad.
Legacy Switches: A Proposal to Protect Privacy, Security, Competition, and the Environment from the Internet of Things
Georgetown University Law Center researchers propose that every IoT device manufacturer build a switch into their devices that disables any smart feature that contributes to security or privacy risks. This will render a smart thermostat just a thermostat and a smart doorbell just a doorbell, and will disable microphones, sensors, and wireless connectivity. Any user should find it easy to use and easy to verify whether the switch has been toggled.
No bullsh*t opt-out: free noyb tool for quick and broad Facebook objections!
> No bullsh*t opt-out: free noyb tool for quick and broad Facebook objections! Use the noyb tool to opt out of targeted advertising and various other claimed 'legitimate interestes' by Meta in a simple and legally sound way.
Danish SA Declares Use of Google Analytics Unlawful Without Supplementary Measures
The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.
Irish Data Protection Commissioner Fines Instagram EUR 405M for Children Privacy Violations
> The fine is the result of an investigation that began in 2020 and focused on the company’s processing of children’s personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, children’s phone numbers and email addresses were publicly accessible.
CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR
> The proposed fine follows complaints filed by privacy NGO ‘Privacy International’ against Criteo. […] Under the CNIL’s sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.