Inline Policy briefings: The Digital Services Act
by Giulia Iop on 03 May 2022
The three EU institutions - Commission, Parliament and Council of the EU - reached a provisional agreement on the Digital Services Act, (DSA) on 22 April 2022. In this briefing we highlight its main provisions and their implications for companies, particularly regarding compliance and future regulatory ramifications.
As a general point, the DSA applies to all intermediary service providers that offer services to EU users (recipients that have their place of establishment or are located in the Union), regardless of the service provider's place of establishment. The obligations vary for different online players, based on their role, size and impact. These include pure intermediaries, hosting services, online platforms/marketplaces, and so-called ‘very-large-online-platforms’ (VLOPs), which are platforms with more than 45 million average monthly active recipients in the EU. VLOSEs, or ‘very-large-online-search-engines’, have reportedly also been included in the scope of the final text.
According to reports, the final text, which is yet to be seen, includes some new provisions, in particular regarding online advertising, so-called ‘dark patterns’ and crisis response mechanisms. Representatives from the three institutions welcomed the agreement as a ‘global golden standard’ when it comes to protecting citizens’ online rights while preserving freedom of expression.
A WORLD FIRST - MORE ACCOUNTABILITY AND TRANSPARENCY IN THE ONLINE WORLD
A key pillar of the European Commission’s agenda, the DSA was designed to protect the rights and freedoms of European Union online users and to foster innovation. It requires online intermediary services to take measures against illegal content and increase transparency, on the principle that ‘what is illegal offline should be illegal online’. Although the scope of the DSA does not cover harmful-but-legal content, one of its main objectives is to counter misinformation and disinformation online. This has been one of the EU Commission’s (and Parliament’s) priorities since the beginning of its legislative cycle, and now more than ever, in light of misinformation and disinformation surrounding the Covid-19 and Ukraine crises.
But what should businesses expect from a compliance point of view? While maintaining the principles of the e-Commerce Directive (country of origin, limited liability and ban on general monitoring), the DSA introduces a number of new obligations for online intermediary services, depending on and proportionate to whether they are hosting providers, online platforms/marketplaces or VLOPs. Listed below are some of the main ones.
Harmonised notice-and-action mechanism: All online intermediaries will be required to quickly take down illegal content which anyone notifies them about according to a clear, step-by-step notice and action procedure.
Compliance with orders from public authorities: Intermediary service providers will have to comply with orders to act against illegal content and to provide information submitted by relevant national authorities.
Transparency and algorithmic accountability: All intermediaries will have to submit annual transparency reporting obligations, which will cover inter alia the number of orders from authorities that they have received to act against illegal content or to provide information, number of notices, and information on their use of automated tools. VLOPs will have to comply with additional transparency requirements on online advertising, including by keeping a repository of the advertisements shown on their platform.
Know-your-Business-Customer: Online marketplaces, or platforms that allow users to conclude ‘distance contracts’ with traders, shall collect and display a range of (reliable) information from traders before allowing them to offer their products/services on their website. Such information would include a name, address and telephone number, and trade register number where applicable. What’s more, they will have to make ‘best efforts’ to ensure that no illegal products/services are offered in the EU, for instance by using random checks. This is something that MEPs have pushed to include in the final text.
Recommender system and online advertising: These are two of the most contentious issues in the DSA. The institutions reportedly agreed to include in the final text increased transparency obligations for all online platforms - and not just VLOPs - when it comes to both their recommender systems and online advertising. Users shall have access to information on the main parameters used in so-called ‘recommender systems’ (systems which platforms use to suggest new content based on your previous behaviour) via the platform’s terms and conditions, and will have the right to modify them and to have access to at least one option not based on profiling. In addition, platforms will not be allowed to use targeted advertising on minors and/or based on the collection of ‘sensitive data’ such as sexual orientation, religion, and identity.
Systemic risks: VLOPs will be required to carry out annual assessments of the ‘systemic risks’ they create and implement related mitigation measures. Such risks are, for instance, those associated with the dissemination of illegal content, adverse effects on fundamental rights, or manipulation of services that have an impact on democratic process or public security.
Governance: The DSA will be enforced by designated national competent authorities called ‘Digital Services Coordinators’. In a last-minute change, Parliament and Council have entrusted the EU Commission as the main supervisory authority for VLOPs’ compliance with the new obligations, in coordination with the Member State of origin (where the company is established).
Fines: Non-compliant intermediary services may be fined up to 6% of their annual worldwide turnover.
GOING A STEP FURTHER: REGULATING ONLINE INTERFACES AND PLATFORMS’ ACTIVITY IN TIMES OF CRISIS
Dark patterns: Following extensive debates between the Council of the EU and the EU Parliament, the final text of the DSA will reportedly prohibit all intermediary services from using so-called ‘dark patterns.’ Intermediary services must not nudge users into using their services, for example by giving more prominence to a particular choice or urging recipients to change their choice via pop-ups.
Crisis response: According to initial reports, the final agreement includes a new ‘crisis response mechanism’ to be activated by the EU Commision to analyse the impact of VLOPs and VLOSEs’ activities on crises such as public security or health threats (e.g. Covid-19 or Ukraine) and ask them to limit any ‘urgent threats on their platforms’.
In terms of next steps, EU legal services will finalise and verify the final text of the DSA at technical level before both Parliament and Council give their formal approval (not foreseen before the Summer). Once approved, the DSA will come into force 20 days after its publication in the EU Official Journal and the rules will start to apply 15 months later.
WHAT DOES THIS ALL MEAN?
If we look at the big picture, the DSA is clearly part of a wider attempt by the EU to regulate so-called ‘big tech’, especially in light of growing concerns over the availability and accessibility of illegal content online such as child sexual abuse, terrorist content or dangerous products. Online companies operating in the EU will thus likely have to start rethinking their strategies and resource allocation to address the DSA’s obligations. Despite what many think, this will not apply solely to American companies (which are largely considered to be the main target of the regulation) but for European ones alike, or at least those that do not qualify as micro, small or medium-sized enterprises (SMEs), which are excluded from the scope of many of the provisions.
Europe’s ‘gold standard’ is likely to affect other countries’ regulatory efforts, including the United States. Indeed, current and past members of the U.S. administration, including former Secretary of State Hillary Clinton, have welcomed the EU’s efforts to curb the power of online platforms and defend democracy online. The Biden administration is reportedly in talks to draft bills similar to the European DSA and DMA. The UK Government has started working on its ‘Online Safety Bill’, which many consider to be the UK equivalent of the EU DSA. Businesses should thus brace themselves for a likely domino effect across the globe.
At Inline, we help businesses to understand and influence policy and regulation. If you are concerned about the impact that this legislation could have on your business, or if you have any questions on the DSA and its provisions, please contact firstname.lastname@example.org.
Written by Giulia Iop
Giulia provides monitoring and political analysis to emerging technology clients on the collaborative economy, online platforms and smart mobility.