Out-of-Court Dispute Settlement under DSA
This is a distinct DSA topic that warrants its own entry, as it covers specific procedures, requirements, and mechanisms for resolving disputes outside of court, including mediator qualifications, settlement procedures, and accessibility requirements that are not adequately covered by existing topics.
out-of-court dispute settlement alternative dispute resolution ADR dispute resolution mechanism Article 21 DSA service provider dispute settlement user dispute resolution complaint resolution
Overview
Legal Framework
The out-of-court dispute settlement mechanism under the Digital Services Act (DSA) is governed by Recitals 59 and 60. Recital 59 establishes the requirement for accessible out-of-court dispute settlement to resolve disputes, including those unsatisfactorily handled by a provider's internal complaint-handling system. The law mandates that such settlement be conducted by certified bodies possessing requisite independence, expertise, and means to operate in a fair, swift, and cost-effective manner. Recital 60 clarifies that these DSA rules are without prejudice to Directive 2013/11/EU on alternative consumer dispute resolution, preserving existing consumer rights under that framework.
Practical Application
The authoritative commentary, drawing analogies from the framework for independent supervisory authorities, emphasizes that the core legal requirement is the demonstrable independence of the certified dispute settlement bodies. This independence is crucial for ensuring fair proceedings and democratic oversight, akin to principles highlighted in the context of data protection authorities. While specific DSA case law on this mechanism is still developing, the procedural fairness underscored in national administrative law cases, such as those from the Dutch Council of State (e.g., Raad van State - 202004638/1/A3), informs the general standards for impartial dispute resolution. In practice, Very Large Online Platforms (VLOPs) and other providers must ensure that users can engage, in good faith, with these certified external bodies after exhausting internal complaint procedures.
Key Considerations
- Provider Obligation: Online platforms must inform users about the possibility of out-of-court dispute settlement and cannot obstruct access to these certified bodies, especially after an internal complaint is not resolved to the user's satisfaction.
- Body Certification: When directing users to a dispute settlement body, providers should verify it is officially certified under the DSA framework, ensuring it meets the strict independence and expertise criteria mandated by Recital 59.
- Consumer Rights Preservation: For business-to-consumer disputes, the out-of-court process under the DSA does not override a consumer's right under Directive 2013/11/EU to withdraw from the alternative dispute resolution procedure at any stage.
Laws (9)
Case Law (3)
Raad van State - grondslag - 202004638/1/A3
Raad van State - Bestuursrecht
Bij besluit van 31 oktober 2018 heeft de minister van Landbouw, Natuur en Voedselkwaliteit het verzoek van de maatschap om haar gegevens niet door te geven aan de Brancheorganisatie Akkerbouw afgewezen. De minister heeft de maatschap gemeld dat haar naam, adresgegevens en zogenoemde KvK-nummer zullen worden doorgegeven aan de Brancheorganisatie Akkerbouw en dat de maatschap daartegen bezwaar kan maken op grond van de Algemene Verordening Gegevensverwerking. De minister wil deze gegevens van de m
Rechtbank Den Haag - persoonsgegevens - AWB - 19 _ 6782
Rechtbank Den Haag - Omgevingsrecht
Verzoek om inzage persoonsgegevens ogv AVG. Beroep ongegrond.
Data Protection Commissioner v. Schrems and Facebook
Schrems I
Necessity/proportionality: The Decision does not contain any finding regarding US rules intended to limit the interference when they pursue legitimate objectives such as national security, nor refer to effective legal protection against such interference. FTC procedures and private dispute resolution mechanisms concern compliance with safe harbor principles (against US organizations) and cannot be applied with respect to measures originating from the State. Moreover, the Commission found that if
Guidance (36)
View all 36Guidelines 10/2020 on restrictions under Article 23 GDPR
Guidelines on restrictions under Article 23 GDPR
Richtsnoeren 07/2020 over de begrippen 'verwerkingsverantwoordelijke' en 'verwerker' in de AVG
guidelines over de begrippen 'verwerkingsverantwoordelijke'Â en 'verwerker'Â in de AVG
De begrippen 'verwerkingsverantwoordelijke', 'gezamenlijke verwerkingsverantwoordelijke' en 'verwerker' spelen een cruciale rol bij de toepassing van de algemene verordening gegevensbescherming (AVG, Verordening (EU) 2016/679), aangezien ermee wordt bepaald wie verantwoordelijk is voor de naleving van verschillende gegevensbeschermingsregels en op welke wijze betrokkenen hun rechten in de praktijk kunnen uitoefenen. De precieze betekenis van deze begrippen en de criteria voor de jui...
Richtsnoeren 02/2021 inzake virtuele spraakassistenten
guidelines over virtuele spraakassistenten
Een virtuele spraakassistent ( virtual voice assistant , of VVA) betreft een dienst die spraakgestuurde opdrachten begrijpt en uitvoert, of indien nodig als tussenschakel optreedt naar andere IT-systemen. Tegenwoordig is een VVA als optie beschikbaar op de meeste smartphones, tablets en reguliere computers en sinds enkele jaren zelfs op losse apparaten zoals smartspeakers. Een VVA functioneert als schakel tussen de gebruiker en zijn apparaat of een online dienst zoals een zoekmachine...
Richtsnoeren 4/2019 inzake artikel 25 Gegevensbescherming door ontwerp en door standaardinstellingen
guidelines privacy by design en default
Richtsnoeren 01/2022 over de rechten van betrokkenen Recht van inzage
guidelines recht op inzage
Het recht van inzage van betrokkenen is vastgelegd in artikel 8 van het Handvest van de grondrechten van de Europese Unie. Het maakt al sinds het begin deel uit van het Europese wettelijke kader voor gegevensbescherming en wordt nu verder ontwikkeld met specifiekere, preciezere regels in artikel 15 AVG.
Richtsnoeren 8/2020 betreffende de targeting van gebruikers van sociale media
guidelines targeting gebruikers sociale media
Richtsnoeren 2/2023 over het technische topassingsgebied van artikel 5, lid 3, van de eprivacyrichtlijn
guidelines technische toepassingsgebied van artikel 5(3) e-privacyrichtlijn
Richtsnoeren 3/2018 over het territoriale toepassingsgebied van de AVG (artikel 3)
guidelines territoriaal toepassingsgebied AVG
Richtsnoeren 05/2020 inzake toestemming overeenkomstig Verordening 2016/679
guidelines toestemming
GROEP GEGEVENSBESCHERMING ARTIKEL 29
guidelines transparantie
Versiegeschiedenis
guidelines uitvoeren overeenkomst
Richtsnoeren 06/2020 inzake de wisselwerking tussen de tweede richtlijn betalingsdiensten en de AVG
guidelines wisselwerking toepassing artikel 3 en hoofdstuk V AVG
Versiegeschiedenis
Version history
Guidelines on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies
Guidelines 02/2022 on the application of Article 60 GDPR
Guidelines on the application of Article 60 GDPR
With the introduction of the GDPR, the concept of the one-stop shop was established as one of the main innovations. In cross-border processing cases, the supervisory authority in the Member State of the controller's or processor's main establishment is the authority leading the enforcement of the GDPR for the respective cross-border processing activities, in cooperation with all the authorities which may face the effects of the processing activities at stake: be it through the establishments ...
Guidelines 04/2022 on the calculation of administrative fines under the GDPR
Guidelines on the calculation of administrative fines under the GDPR
The European Data Protection Board (EDPB) has adopted these guidelines to harmonise the methodology supervisory authorities use when calculating of the amount of the fine. These Guidelines complement the previously adopted Guidelines on the application and setting of administrative fines for the purpose of the Regulation 2016/679 (WP253), which focus on the circumstances in which to impose a fine. The calculation of the amount of the fine is at the discretion of the supervisory authority, ...
Guidelines 06/2022 on the practical implementation of amicable settlements
Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects
VERSIEGESCHIEDENIS
binding corporate rules voor verwerkingsverantwoordelijken
Richtsnoeren 2/2018 inzake afwijkingen op grond van artikel 49 van Verordening 2016/679
guidelines afwijkingen van artikel 49
Richtsnoeren 10/2020 met betrekking tot de beperkingen krachtens artikel 23 AVG
guidelines beperkingen rechten van betrokkenen
News (23)
View all 23Kubilius defence tour continues with laggard Spain
Madrid insists it can meet NATO goals with less defence spending
Article 65 GDPR
(a) No consensus on relevant and reasoned objections On 9 November 2020, the EDPB adopted its first decision under the dispute resolution mechanism laid down by Article 65 GDPR.<ref>EDPB, 9 November 2020, Twitter International Company, Decision 01/2020 (available [https://edpb.europa.eu/sites/default/files/files/file1/edpb_bindingdecision01_2020_en.pdf here]).</ref> The binding decision seeks to address the dispute which arose following a draft decision issued by the Irish SA as LSA
Droit Ă lâeffacement : bilan des contrĂŽles de la CNIL dans le cadre de lâaction coordonnĂ©e europĂ©enne
Dans le cadre dâune action coordonnĂ©e au niveau europĂ©en, la CNIL a menĂ© en 2025 une sĂ©rie de contrĂŽles dâorganismes pour vĂ©rifier la mise en Ćuvre du droit Ă lâeffacement.
Omnibus numĂ©rique : le CEPD et lâEDPS soutiennent la simplification et la compĂ©titivitĂ© tout en soulevant des prĂ©occupations majeures
Le CEPD et lâEDPS ont adoptĂ© un avis conjoint sur la proposition de rĂšglement omnibus numĂ©rique, destinĂ©e Ă simplifier le cadre rĂ©glementaire de lâUE et Ă renforcer la compĂ©titivitĂ©. Ils Ă©valuent son impact sur le RGPD et les droits fondamentaux, notamment en matiĂšre de sĂ©curitĂ© juridique et de simplification rĂ©elle.
Speaking Freely: Yazan Badran
Interviewer: Jillian York Yazan Badran is an assistant professor in international media and communication studies at the Vrije Universiteit Brussel, and a researcher at the Echo research group. His research focuses on the intersection between media, journalism and politics particularly in the MENA region and within its exilic and diasporic communities. *This interview has been edited for length and clarity. Jillian York: What does free speech or free expression mean to you? Yazan Badran: So I th
Cameratoezicht in ov: chauffeurs mogen niet permanent in beeld
Permanent cameratoezicht op de vaste werkplek van werknemers is niet toegestaan. Cameraâs mogen alleen worden ingezet als dat strikt noodzakelijk is, bijvoorbeeld voor veiligheid bij incidenten, en niet om werknemers structureel te volgen of te beoordelen. Dat geldt ook als camerabeelden alleen achteraf worden bekeken. Dat benadrukt de Autoriteit Persoonsgegevens (AP) na een klacht en gesprekken met openbaarvervoerbedrijf Arriva over het gebruik van cameraâs in hun bussen.
OpÄ. sud Zadar - K-648/2025-2
Created page with "{{COURTdecisionBOX |Jurisdiction=Croatia |Court-BG-Color= |Courtlogo=Courts_logo1.png |Court_Abbrevation=OpÄ. sud Zadar |Court_Original_Name=OpÄinski sud u Zadru |Court_English_Name=Municipal Court in Zadar |Court_With_Country=OpÄ. sud Zadar (Croatia) |Case_Number_Name=K-648/2025-2 |ECLI= |Original_Source_Name_1=OpÄ. sud Zadar |Original_Source_Link_1=https://odluke.sudovi.hr/Document/View?id=d3ceb059-72cb-4b95-818d-77c532d86f3c&q=Op%25c4%2587a+uredba+o+za%25c5%25a..." New
Avis et notations en ligne : quels sont les droits des professionnels ?
Les professionnels (médecins, avocats, notaires, etc.) sont de plus en plus évalués en ligne via des annuaires intégrant des systÚmes de notation et de commentaires. La CNIL vous explique le cadre légal applicable et les garanties prévues pour protéger votre réputation et vos droits.
Royaume-Uni : la Commission europĂ©enne renouvelle ses dĂ©cisions dâadĂ©quation
La Commission europĂ©enne constatant que le Royaume-Uni continue dâassurer un niveau de protection substantiellement Ă©quivalent Ă celui de lâUnion europĂ©enne, les transferts de donnĂ©es personnelles depuis l'UE vers ce pays tiers peuvent sâeffectuer sans encadrement spĂ©cifique.
La CNIL à Nantes pour sensibiliser à la protection des données personnelles
Les 9, 10 et 12 dĂ©cembre, dans le cadre de la journĂ©e RGPD Ă Nantes, la CNIL a rencontrĂ© des Ă©lĂšves, mĂ©diateurs numĂ©riques et agents de la mĂ©tropole. Au programme&nbsp;: des temps dâĂ©change et de sensibilisation sur des pratiques numĂ©riques protectrices et responsables.
Le rĂšglement sur les donnĂ©es (Data Act) : un nouveau cadre europĂ©en pour le partage et lâutilisation des donnĂ©es
Le rĂšglement sur les donnĂ©es Ă©tablit un cadre europĂ©en pour organiser le partage et lâutilisation des donnĂ©es des objets connectĂ©s. Il renforce les droits des utilisateurs et crĂ©e de nouvelles obligations pour les acteurs concernĂ©s. La CNIL prĂ©sente son rĂŽle et les nouvelles rĂšgles applicables.
The operation of the CLOUD Act in data storage in Europe
GreenbergTraurig has assessed the scope of the US CLOUD Act on commission by the Dutch government. The CLOUD Act applies to EU entities that process data outside of the US, even if the EU entities are located outside of the US. To completely avoid being subject to the CLOUD Act, an EU entity would need to process data using a non-U.S. entity, which either does not have a corporate relation to any company with a presence in the US (such as a U.S. subsidiary) or if it does have a corporate relatio
Hunton summarises two articles from the new SCCs: the 'local laws and government access' section
Under Clause 14 of the Data Transfer SCCs, the data importer must carry out a transfer risk assessment to verify whether the laws and practices of the receiving third country could prevent the data importer from complying with the Data Transfer SCCs. If the risk assessment shows that the Data Transfer SCCs alone will not ensure an essentially equivalent level of protection for the personal data in the receiving third country, supplementary safeguards will need to be implemented, such as end-to-e
Manipulation by Algorithms. Exploring the Triangle of Unfair Commercial Practice, Data Protection, and Privacy Law
Machine learning can be used to optimize sales practices in consumer markets, but it also raises concerns about manipulation. According to this article, in order to mitigate these risks, we need to understand how unfair commercial practice, data protection, and privacy law interact.
What Happened to the Risk-Based Approach to Data Transfers?
The GDPR incorporates the RBA for all obligations of the controller in the GDPR. Where the transfer rules are stated as obligations of the controller (rather than as absolute principles), the RBA of Article 24 therefore applies. Other than the DPAs assume, this is not contradicted by the ECJ in Schrems II nor by the EDPB recommendations on additional measures following the Schrems II judgment, according to Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security
Danish SA Declares Use of Google Analytics Unlawful Without Supplementary Measures
The Danish Data Protection Agency has looked into the tool Google Analytics and its settings, and the terms under which the tool is provided. On the basis of this review, the Danish Data Protection Agency concludes that the tool cannot, without more, be used lawfully. Lawful use requires the implementation of supplementary measures in addition to the settings provided by Google.
EDPB: Lack of resources puts enforcement of individualsâ data protection rights at risk
> âWe are deeply concerned that the 2023 budget, if not substantially increased, will be significantly too small to allow the EDPB and the EDPS to fulfil their tasks appropriately,â Andrea Jelinek, Chair of the European Data Protection Board (EDPB), and Wojciech WiewiĂłrowski, European Data Protection Supervisor (EDPS), write in an Open Letter to the European Parliament and the European Council.
Irish Data Protection Commissioner Fines Instagram EUR 405M for Children Privacy Violations
> The fine is the result of an investigation that began in 2020 and focused on the companyâs processing of childrenâs personal data. Based on press reports, the investigation focused on children between the ages of 13 and 17 who were allowed to operate business or creator Instagram accounts. As a result, childrenâs phone numbers and email addresses were publicly accessible.
CNIL Proposes 60 Million Euros Fine Against French AdTech Company For Non-Compliance with GDPR
> The proposed fine follows complaints filed by privacy NGO âPrivacy Internationalâ against Criteo. [âŠ] Under the CNILâs sanction procedure, Criteo has the right to respond to the report, both with respect to the alleged infringements and the proposed sanction.
CJEU Clarifies Exceptions to Data Retention in Irish Case
> On 5 April 2022, the CJEU added another chapter to the long history of the admissibility of data retention in the EU. In a case concerning the data retention law in Ireland, the CJEU confirmed that general and indiscriminate retention of traffic and location data relating to electronic communication is contrary to Union law even if it intends to combat serious crime.