Towards an enhanced responsibility of online platforms: the EU Digital Services Act

Under long-standing EU rules online service providers enjoyed liability exemptions in many instances, but concerns about developments in the digital economy have led the European Commission to question these exemptions and consider new rules.

Liability exemptions for online intermediary service providers were put in place in the e-Commerce Directive (2000/31/EC). The development of social media platforms and their use in disseminating disinformation or illegal content has attracted policy-makers’ attention, leading to calls for platforms to act with due diligence in relation to harmful content they host.

A leaked European Commission document from earlier this year outlines plans to adopt a so-called Digital Services Act which would regulate content on intermediary service providers comprehensively by addressing issues such as liability, content moderation, data sharing and regulatory oversight. 

A change in liability exemptions of intermediary service providers is one of the most salient aspects related to the potential re-opening of the e-Commerce Directive, because such a change would require online platforms to take an active role in determining what kind of content should be removed. 

Below, we provide an overview of the current EU rules governing intermediary service providers, with particular focus on intermediary liability, and the key provisions of the envisaged Digital Services Act, as well as some recommendations on how tech companies should prepare for engagement. 

Current legal framework for information society services

In the EU, the basic legal framework for information society services is provided by the e-Commerce Directive. The objectives of the Directive are to remove cross-border obstacles for information society services and provide an internal market conducive to innovation. The e-Commerce Directive lays down requirements for the establishment of information society services in EU territory and intermediary service provider liability. It also specifies that Member States cannot impose a general obligation on intermediary service providers “to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity” (Article 15 of the Directive). 

The Directive identifies three types of providers who are able to claim protection from liability; those acting as a “mere conduit”, providing “caching” or “hosting”, on the proviso that their conduct is “merely technical, automatic and passive”. The rationale of the Directive is that liability should not be assumed if the service provider does not have actual knowledge of illegal activity or content. Once service providers obtain knowledge about illegal activity or content, they are obliged to remove or block access to it in order to be protected by the liability regime. This obligation to act once notified is a key point of difference between the EU intermediary liability regime from that in force in US legislation. 

Beyond intermediary liability: online platform responsibility

The internet has significantly evolved since the e-Commerce Directive was adopted in 2000. For instance, the emergence of social media platforms has led governments to question their role and responsibility in protecting users from harmful content. Online platforms have been increasingly criticised for hosting illegal content, being used to spread disinformation, or infringing copyright rules. Recently, policy-makers have called for online platforms to take a more proactive role in addressing these issues. However, the provisions of the e-Commerce Directive currently protect online platforms from liability. In addition, online platforms have been reluctant to actively seek out and take-down illegal content on a voluntary basis due to fears that such actions would interfere with their liability protections that exempt them from a requirement to proactively curate online content. 

Meanwhile, the EU has taken measures to regulate harmful content by adopting sectoral policies to tackle specific issues including terrorist content online, copyright infringements, hate speech or child sexual abuse material. During the decision-making stage on these files, there have been repeated concerns related to the interplay between the e-Commerce Directive and its provisions and proposed regulations. For instance, during the revision of the Copyright Directive adopted in 2019, provisions which would have required upload filters to automatically recognise copyright infringements would have directly interfered with the liability regime of the e-Commerce Directive. 

For this reason, policy-makers in some EU Member States have called for the revision of the e-Commerce Directive, citing a lack of responsibility of online platforms and the incompatibility of the Directive with the internet as it is used today. 

The Digital Services Act: opening Pandora's box

An internal note produced by the Digital Single Market (DSM) strategic group within the Directorate General for Communications Networks, Content and Technology (DG CONNECT) in the European Commission, has been leaked and published by French newspaper Contexte and German digital rights blog Netzpolitik. The document reveals the intention of the European Commission to adopt a ‘Digital Services Act’ which would repeal the e-Commerce Directive and adopt new rules for the governance of the internet under the form of a Regulation. 

The idea of a Digital Services Act has also featured in a DG CONNECT leaked document which outlines its strategic priorities for the next legislative term, as well as the political guidelines adopted by the recently elected President of the European Commission Ursula Von der Leyen which gives greater political backing to legislative intervention. However, despite the intent for legislation there are plenty of unanswered questions from DG CONNECT’s note on how the Digital Services Act will take shape. 

Key provisions proposed by the DG CONNECT internal note

Scope:

The DSM strategic group envisages an extended scope for the Digital Services Act in comparison to the e-Commerce Directive by including services such as internet service providers, cloud services, content delivery networks, domain name services, social media services, search engines, collaborative economy platforms, online advertising services, digital services built on electronic contracts and distributed ledgers (blockchain). 

Liability exemptions:

Whereas the note upholds that liability exemptions should be maintained, it proposes the codifying of provisions adopted through secondary legislation during the last Commission's mandate – including for example the Copyright Directive – as well as existing case law relating to intermediary liability. 

It suggests the need to clarify the concept of intermediary liability for collaborative economy services, cloud services, content delivery networks, domain name services, search engines and WiFi hotspots. 

It also mentions the replacement of the concept of active and passive hosts with concepts that reflect the notions of editorial functions, actual knowledge and the degree of control.

Another provision would be to introduce a “Good Samaritan” clause whereby platforms are encouraged to proactively monitor the legality of content, without endangering their liability exemptions. 

General monitoring obligations: 

The note also supports the preservation of the e-Commerce Directive's prohibition on general monitoring obligations. Nevertheless, it mentions that specific provisions should be adopted for automated filtering technologies that ensure transparency and accountability. 

There are already examples of some online platforms deciding to adopt automated content recognition technologies in this manner. For instance, YouTube uses software named Content ID to identify and manage copyright infringements. 

Content moderation:

The note proposes uniform rules for the removal of illegal content, including illegal hate speech, by adopting mandatory and transparent notice-and-action rules tailored to the type of the service provider. Mandatory notice-and-action procedures could be based on the examples of the German Network Enforcement Act or the proposed French Hate Speech Law. 

Of particular importance is the reference to the inclusion of harmful content under the substantive scope of the Digital Services Act.  Harmful content, as the note rightly explains, is not necessarily illegal and its ever-changing nature makes it unsuitable for strict notice-and-action procedures. Exactly what the definition for harmful content is and what type of content it will include remains to be seen. The UK Government has taken a similar approach in its Online Harms White Paper, where it decided to adopt a broader definition of online harms covering thee “buckets”:

• harms that are clearly illegal (e.g. terrorist content);
• online harms related to children; and
• content that is not necessarily illegal but needs more context to be defined. 

Online advertising:

The introduction of rules for cross-border online advertising services and political advertising is also envisaged. This is in line with the European Commission’s recommendations for online platforms to provide easily recognisable online paid political advertisement and communications ahead of the 2019 European elections.

Although platforms have attempted to proactively address the issue of political advertisement since the 2016 US Presidential election, criticism remains regarding the efficiency of these proactive measures. For instance, Facebook created an Ad Library, Google launched a Transparency Report for Political Ads, and Twitter has an Ad Transparency Centre, all to provide advertising transparency. However, academics suggest that these archives and tools have some limitations. For instance, Edelson, Dey, Sakhuja and McCoy performed an analysis of the ads available on Google, Facebook and Twitter’s archives in the United States and found out that advertisers are able to intentionally by-pass political transparency archives.  

Service interoperability:

The note indicates that the Digital Services Act could revise current data portability rules to improve interoperability between equivalent services. In practice, this would mean that service providers could open their services to similar service providers, in particular smaller companies seeking to compete with the well-established online platforms. So far, companies have provided interoperability of their own services, for example, Microsoft provides interoperability between Microsoft Teams and Skype for Business. The note therefore implies that service interoperability could be opened to services owned by different providers, for example between WhatsApp and Telegram. 

Regulatory oversight:

The note proposes the establishment of a regulatory structure under the form of either a centralised authority (i.e. a new EU-wide regulator) or decentralised authority (a network of national regulators), or through allocating more powers to existing regulatory structures. 

Cooperation with public authorities:

The note indicates that provisions of the Digital Services Act could include simpler rules for cooperation between information society services and public authorities on data access, including for cooperation with fiscal authorities or illegal content notifications.  

How should tech companies respond to the Commission's plans?

As European Commission President-elect Ursula von der Leyen has mentioned the Digital Services Act in her political guidelines for the next European Commission, it is highly likely that the file will be introduced in the Commission's first Work Programme. Once the Commission adopts its Work Programme at the end of 2019, it will begin drafting an impact assessment, consulting stakeholders and drafting the legislative proposal. A proposed Regulation could therefore come as early as the end of 2020

The Digital Services Act is now potentially shaping up to be the most far-reaching piece of legislation for tech companies in the early stages of the 2019-2024 legislative term and will re-write the rules that apply to companies operating in the EU. However, as highlighted above, there are several outstanding questions which will need answering under the next term. 

Tech companies who are included in the potential scope outlined in the note presented by DG CONNECT will need to consider the impact that such provisions could have on their business model. It has never been more important to be monitoring developments with a view to preparing to engage with EU policymakers before the plans are finalised.

If you would like an informal discussion about how Inline can guide your company’s engagement through the legislative process and help better understand the implications for your business, then please get in touch.