Menu

Loading Results

Digital Services Act

8. Digital Services Act

8.1. Identification of Illegal Content

Our organization is subject to the DSA[1]. As controllers, we conduct voluntary investigations or take other measures to detect, identify and remove illegal content or to disable access to illegal content on our own initiative and in good faith and carefully. The purpose of data processing is to identify illegal content. It cannot be ruled out that your personal data as a user of the service may be processed in the course of these investigations.

Legal basis: Art 6(1)(f) GDPR in conjunction with Art 7 DSA

The PwC member firms in Austria have a legitimate interest in conducting voluntary investigations, detecting, identifying and removing illegal content.[2] Another legitimate interest is to protect users of the service from this illegal content.

Categories of data: business card data and, where applicable, content provided by the user.

Storage period: 5 years from the publication of the transparency report for the year in which the voluntary investigation was carried out.

Transfer to third countries: Some of our service providers are located in non-EEA countries.  For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.

8.2. Ensuring a notification and remedial procedure in accordance with Articles 16 and 17 of the DSA

As a hosting service provider, we are required to put mechanism in place to allow any individual or entity to report information that is considered to be illegal content. After receipt of the notice, a confirmation of receipt of the notice will be sent in accordance with Article 16 (4) DSA.

After the notice has been examined, a decision is made on the illegality of the content. The individual or entity making the notice will be informed of the decision and of the possible legal remedies. If illegal content is detected, we may impose restrictions (such as suspension or closure of the user's account) in accordance with Article 17 of the DSA.

All affected users will be informed about such restrictions. In order to fulfil these obligations under Articles 16 and 17 DSA, we collect personal data of the person and also process the respective content (including possibly personal data of other persons) of the service for these purposes. The name and e-mail address of the reporting person are not collected if illegal content is reported in connection with a criminal offence in accordance with Articles 3 to 7 of Directive 2011/93/EU (Child Pornography Prevention Directive).

Legal basis: Art 6(1)(c) GDPR in conjunction with Art 16 and 17 DSA

Categories of data: Name and email address of the reporter, content provided by the user, if applicable

Storage period: 5 years from the publication of the transparency report for the year in which the notice was received.

Transfer to third countries: Some of our service providers are located in non-EEA countries.  For some countries, there is an adequacy decision of the European Commission in place. In other cases, an adequate level of data protection has been achieved by concluding standard contractual clauses and, where applicable, additional guarantees.

[1] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act).

[2] See also European Data Protection Board, Guidelines 3/2025 on the interplay between the DSA and the GDPR (Version 1.1), para. 16 et seq.

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.