This Regulation should be without prejudice to the obligation of data intermediation services providers to comply with Regulation (EU) 2016/679 and the responsibility of supervisory authorities to ensure compliance with that Regulation. Where data intermediation services providers process personal data, this Regulation should not affect the protection of personal data. Where the data intermediation services providers are data controllers or processors as defined in Regulation (EU) 2016/679 they are bound by the rules of that Regulation.
