Members of the European Union approved the passage of the “Digital Services Act package” on July 4. The Digital Services Act (DSA) and the Digital Markets Act (DMA) are intended to create a safer and more competitive digital space.
As per the European Union, the DSA and DMA have two main goals:
- to create a safer digital space in which the fundamental rights of all users of digital services are protected
- to establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.
Why does it matter? Both the DSA and the DMA are supposed to rein in the power of the four Big Tech overlords Facebook, Google, Apple and Amazon by setting down new responsibilities for online platforms. The rules also seek to “better educate and empower users”. However, many of the draft’s initial approaches were deemed problematic for democratic values. While the initial draft had called for social media platforms surrendering user data to governments, the final bill avoids the complete transformation social networks and search engines into censorship tools, though the new platforms regulations will be harsher than the older ones.
However, the DSA package is not an omniscent solution for all problems users face online. In fact, the rules can be seen as giving way too much power to government agencies to flag and remove potentially illegal content and to uncover data about anonymous speakers. How the implementation of these rules pan out, depend on how social media platforms interpret their obligations under the DSA, and how EU authorities enforce the regulation.
Never miss out on important developments in tech policy, whether in India or across the world. Sign up for our morning newsletter, with a “Free Read of the Day”, to experience MediaNama in a whole new way.
What is the Digital Services Act all about?
What are Digital Services? “Digital services include a large category of online services, from simple websites to internet infrastructure services and online platforms,” reads the EU’s official definition of the term.
Scope of the rules: The rules specified in the DSA are primarily focused on online intermediaries and platforms such as online marketplaces, social networks, content-sharing platforms, app stores, and online travel and accommodation platforms. It includes rules that govern gatekeeper online platforms that function as bottlenecks between businesses and consumers in the Union’s internal market for important digital services.
Some of these services are also covered in the Digital Markets Act, but for different reasons and with different types of provisions.
Why does the EU need new rules? While there is a broad consensus on the benefits of mass digitisation, the problems arising have numerous consequences for European society and economy. A core concern is the trade and exchange of illegal goods, services and content online. Online services are also being misused by manipulative algorithmic systems to amplify the spread of disinformation, and for other harmful purposes. These new challenges and the way platforms address them have a significant impact on fundamental rights online.
Despite a range of targeted, sector-specific interventions at EU-level, there are still significant gaps and legal burdens to address.
What was the process up to now and how were stakeholders involved? The European Commission consulted a wide range of stakeholders, including those in the private sector, users of digital services, civil society organisations, national authorities, academia, the technical community and international organisations, in preparation of this legislative package.
These meetings identified specific issues that may require EU-level intervention in the context of the DSA and the DMA. The Commission made the proposals in December 2020 and on March 25, 2022 a political agreement was reached on the Digital Markets Act, and on April 23, 2022 on the Digital Services Act.
Next steps for the EU: Following the adoption of the Digital Services Package, both the Digital Services Act and the Digital Markets Act will be published in the Official Journal and will enter into force 20 days after publication.
The DSA will be directly applicable across the EU. It will apply in fifteen months or from 1 January 2024, whichever comes later, after entry into force. As regards the obligations for very large online platforms and very large online search engines, the DSA will apply from an earlier date, that is four months after their designation.
After the DMA enters into force, it will become applicable six months later. The designated gatekeepers will have a maximum of six months after the designation decision by the Commission to ensure compliance with the obligations laid down in the Digital Markets Act.
What about the Digital Markets Act?
Scope of the rules: The DMA will apply to the EU’s internal market gatekeepers — companies controlling entire ecosystems which create bottlenecks between businesses and consumers. These are made up of different platform services such as online marketplaces, operating systems, cloud services or online search engines. These gatekeepers will be subject to a number of defined obligations and prohibitions. These are established by reference to the most unfair market practices, or practices that create or strengthen barriers for other companies, with the overall aim of ensuring the contestability of gatekeepers’ digital services.
At the same time, the DMA will create an effective enforcement mechanism ensuring rapid compliance with precise obligations.
“This agreement seals the economic leg of our ambitious reorganisation of our digital space in the EU internal market. We will quickly work on designating gatekeepers based on objective criteria. Within 6 months of being designated, they will have to comply with their new obligations. Through effective enforcement, the new rules will bring increased contestability and fairer conditions for consumers and business users, which will allow for more innovation and choice in the market. We are serious about this common endeavour: no company in the world can turn a blind eye to the prospect of a fine of up to 20% of their global turnover if they repeatedly break the rules.” — EU Commissioner for the Internal Market, Thierry Breton
Penalty powers: The European Commission will be able to impose penalties and fines of up to 10% of a company’s worldwide turnover, that may, in the event of repeated infringements, reach up to 20% of such turnover, once the DMA is implemented. In the case of regular infringements, the Commission will also be able to impose any behavioural or structural remedies necessary to ensure the effectiveness of the obligations, including a ban on further acquisitions relevant to the infringement.
Power to carry out market investigations: The DMA also gives the Commission the power to carry out market investigations that will ensure that the obligations set out in the regulation are kept up-to-date in the constantly evolving reality of digital markets.
A summary of the new rules
Below are listed some of the important aspects covered by both the DSA and the DMA:
- Online platforms and intermediaries such as Facebook, Google, YouTube, etc. will have to add “new procedures for faster removal” of content deemed illegal or harmful. This can vary according to the laws of each EU member state. Further, these platforms will have to clearly explain their policy on taking down content; users will be able to challenge these takedowns as well. Platforms will also need to have a “clear mechanism” to help users flag content that is illegal and will have to cooperate with “trusted flaggers”.
- The DSA adds “an obligation for very large digital platforms and services to analyse systemic risks they create and to carry out risk reduction analysis”. This audit for platforms like Google and Facebook will need to take place every year. Companies will have to look at the risk of “dissemination of illegal content”, “adverse effects on fundamental rights”, “manipulation of services having an impact on democratic processes and public security”, “adverse effects on gender-based violence, and on minors and serious consequences for the physical or mental health of users.”
- Under the DMA, marketplaces such as Amazon will have to “impose a duty of care” on sellers who are using their platform to sell products online. They will have to “collect and display information on the products and services sold in order to ensure that consumers are properly informed.”
- The DSA incorporates a new crisis mechanism clause — it refers to the Russia-Ukraine conflict — which will be “activated by the Commission on the recommendation of the board of national Digital Services Coordinators”. However, these special measures will only be in place for three months. This clause will make it “possible to analyse the impact of the activities of these platforms” on the crisis, and the Commission will decide the appropriate steps to be taken to ensure the fundamental rights of users are not violated.
- The laws collectively propose stronger protection for minors, and aims to ban targeted advertising for them based on their personal data.
- They also propose “transparency measures for online platforms on a variety of issues, including on the algorithms used for recommending content or products to users”.
- Finally, it says that cancelling a subscription should be as easy as subscribing.
Data privacy measures and social media regulations around the world
The European Union is adopting the Digital Services Act package at a time when countries around the world are bringing out their respective personal and non-personal data privacy measures as well as clamping down on social media platforms. India and the United States are two important players in these domains. We have summarised some of the salient features of these laws (and proposed laws) below.
United States: The States are home to tech companies that amass the most amount of user data worldwide, but the US does not have a law that regulates what data is collected and how it’s used, as of yet. The American Data Privacy and Protection Act is set to change that status quo by becoming the first comprehensive national data privacy framework that has bipartisan and bicameral support, which makes it closer to becoming law than any other federal privacy legislation introduced in the US in the past.
In summary, the American Data Privacy and Protection Act:
- Requires covered entities to minimise data collection to what is necessary
- Requires covered entities to ensure privacy by design and that users don’t have to pay for privacy
- Requires covered entities to allow consumers to turn off targeted advertisements
- Provides enhanced data protection for children and minors
- Provides consumers rights to access, correct, delete, port their data, and withdraw consent at any time
- Increases transparency on how companies collect and use data
- Provides greater protection to sensitive personal data
- More accountability measures for larger platforms.
Meanwhile, individual states in the country are looking to introduce new regulations in order to keep social media platforms in check. In May, 2022, the US Supreme Court lifted an injunction off the September 2021 Texas social media law HB 20, which prohibits large social media platforms from censoring and banning users based on their “views”. Tech companies are protesting the law, arguing that the Texas law is an unconstitutional law that compels government-preferred speech from select private entities.
India: While India does not have any kind of data protection law at the moment, the fates of both the Personal Data Protection Bill and the Data Governance Framework are up in the air regarding implementation.
Meanwhile, the Central government in New Delhi came out with the new Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (IT Rules), which requires social media platforms to proactively monitor content, publish periodic grievance reports, appoint grievance redressal roles and disable content as per government orders. Some of the broad aspects of the rules are detailed below.
- Social media intermediaries, with registered users in India above a notified threshold, have been classified as significant social media intermediaries (SSMIs). SSMIs are required to observe certain additional due diligence such as appointing certain personnel for compliance, enabling identification of the first originator of the information on its platform under certain conditions, and deploying technology-based measures on a best-effort basis to identify certain types of content.
- The Rules prescribe a framework for the regulation of content by online publishers of news and current affairs content, and curated audio-visual content.
- All intermediaries are required to provide a grievance redressal mechanism for resolving complaints from users or victims. A three-tier grievance redressal mechanism with varying levels of self-regulation has been prescribed for publishers.
This post is released under a CC-BY-SA 4.0 license. Please feel free to republish on your site, with attribution and a link. Adaptation and rewriting, though allowed, should be true to the original.