Prepared by Fabrizio Di Geronimo and Giuseppe Massimo Verrecchia
As offline so online
As offline so online. This twist on a modern paraphrase summarizes the cardinal principle around which the mechanism of the now closer Digital Service Act (“DSA”) revolves. The DSA is a European regulation which, alongside the Digital Markets Act, promises to be a fundamental tool for the protection of the digital space against the spread of illegal content, fake news and, in general, for the protection of the fundamental rights of online users.
On April 23rd, 2022, in Brussels, the Council and the European Parliament reached a political agreement that represents an important step towards the final approval and implementation of the DSA. In the words of the President of the European Commission, Ursula von der Leyen, the DSA “will ensure that the online environment remains a safe space, safeguarding freedom of expression and opportunities for digital businesses. It gives practical effect to the principle that what is illegal offline, should be illegal online”.
Along the lines of the e-commerce directive (Directive 2000/31/EC) and the copyright directive (Directive (EU) 2019/79), the DSA aims to introduce a new and more incisive level of accountability of online intermediaries. Faced with an extremely different market for digital services compared to the one existing at the turn of the 20th century, the DSA aims to rebalance the rights and responsibilities of users, of intermediary platforms for online services and of public authorities, moving within an established framework of fundamental European values such as respect for human rights, freedom, democracy, equality and the rule of law.
On these premises, the DSA aims above all to provide greater protection to users (i.e., citizens), offering greater choice, less exposure to illegal content and greater protection of fundamental rights, including greater control of the impact of online platforms on the democratic process.
At the same time, this reform aims to support the growth of smaller companies and platforms by: (i) standardizing the rules in force in the Member States; (ii) counteracting illegal online activities through new simple and effective mechanisms for reporting illegal content (in this regard, companies may become “trusted flaggers”, i.e. reliable sources that signal illegal content or goods); and (iii) making the internal processes and terms and conditions of online platforms clearer and more transparent, thus allowing companies to make more informed strategic business decisions.
Scope
The provisions of the DSA are mainly addressed to intermediary platforms that provide their services in the EU. This is a broad category, which includes, in the definitions of the DSA: (i) services that offer network infrastructures (e.g., Internet Service Providers and domain name registrars); (ii) hosting service providers (e.g., cloud computing and web hosting services); (iii) search engines and online platforms that could pose particular risks related to the spread of illegal content with harmful consequences to society, that reach a user base equal to at least 10% of the 450 million European consumers (respectively, very large online search engines – “VLOSEs” and very large online platforms – “VLOPs”); and (iv) online platforms that bring sellers and consumers together, such as online marketplaces, app stores, collaborative economy platforms and social media platforms.
Therefore, based on the current draft, the DSA provides a set of obligations that target online intermediary services depending on their role, size, and impact on the online ecosystem. The obligations introduced by the DSA for the providers will, in fact, be proportionate to the nature of the services concerned and the number of users. In the words of the President of the European Commission, “The greater the size, the greater the responsibilities of online platforms”. Most notably, VLOSEs and VLOPs will be subjected to stricter obligations and responsibilities than those imposed on search engines and online platforms that do not reach 45 million monthly active users in the EU, which will on the contrary be exempt from certain rules and obligations. In this way, the DSA also aims to protect the development of start-ups and small businesses in a sector where market competition is particularly difficult.
The main obligations and take-aways of the political agreement
Among the most relevant measures envisaged by the DSA for online intermediaries, there are measures aimed at countering the spread of illegal contents, services and products online, including, among others, measures to report to platforms and appeal their decisions, traceability obligations for sellers on marketplaces, applicability of the measures to all platforms operating in the single market even if based outside the EU, as well as the provision of a new European Board for Digital Services, that will monitor intermediaries and will assist Member States and the Commission in ensuring compliance with the DSA. Furthermore, the DSA will provide a set of exemptions from liability, in line with the already well-established “notice and take down” system.
In addition, we are witnessing the introduction of greater responsibility and active participation of platforms in the protection of the online world, albeit still controlled by the Commission, which has the exclusive power to supervise very large platforms and search engines regarding compliance with obligations provided under the European legislation. In this way, if on the one hand the private operators are personally entrusted with certain supervisory obligations and compliance with the new obligations, on the other hand a uniform and effective response to the risks posed by these larger operators is guaranteed.
The VLOSEs and VLOPs will have an obligation to analyze the systemic risks they create and to carry out a reduction analysis of the same (Systemic Risk and Risk Reduction Analysis). This analysis will have to be carried out annually and will provide a monitoring of the risks due, inter alia, to the spread of illicit content, the violation of fundamental rights, the manipulation of services that impact democratic processes and public safety (e.g., the Cambridge Analytica case), as well as the negative effects in relation to gender-based violence, the protection of minors and the serious consequences for the physical or mental health of users.
The DSA has also provided for specific transparency obligations. Most notably, the prohibition of the phenomenon known as “Dark Patterns”, i.e., the use of graphical interfaces designed specifically to deceive the users, for example by inducing them to share more information than they intended. Furthermore, VLOSEs and VLOPs are obliged to set up a system for recommending content to users that is not based on their profiling.
Another noteworthy innovation is the provision of a crisis response mechanism, also introduced considering the particularly frequent cases of manipulation of information which occurred following the Russian invasion of Ukraine. This mechanism could be activated by the European Commission on the recommendation of the Board of national Digital Services Coordinators. The hope is that through a verification of the impact of the activities of the VLOSEs and VLOPs on the crisis it will be possible to identify which (proportionate and effective) measures to implement to protect fundamental rights.
Moving on to the protection of minors online, there will also be a ban on targeted advertising based on the exploitation of the minor’s personal data, where the platforms are aware that their user is a minor.
Finally, in the wake of other successful European regulations, the DSA also provides significant penalties for intermediaries who violate the provisions of the DSA, which could reach up to 6% of global turnover. Furthermore, in the event of repeated violations, a real ban on operating in the single European market may also be imposed. On this point, Thierry Breton, European Commissioner for the internal market, clarified how “With the DSA, the time of big online platforms behaving like they are ‘too big to care’ is coming to an end”.
Next steps
The political agreement reached by the European Parliament and the Council is now subject to the formal approval of the co-legislators. Once adopted, the DSA will be directly applicable across the EU and from fifteen months after entry into force or from 1 January 2024, whichever is later.
A final note on this point. In the context of the more general Digital Strategy of the European Union, on March 24th, 2022, the Council and the European Parliament also reached a political agreement regarding the Digital Markets Act, aimed, together with the DSA, to protect users and businesses in the digital world, in particular by banning certain practices of the so-called “gatekeepers” and “core platform services”.
In the meantime, the “trilogue” negotiation of the European co-legislators has continued for over a year regarding the final version of the e-Privacy Regulation, which aims to replace Directive 2002/58/EC on electronic communications by regulating, among other aspects, the use of cookies.
Let’s Talk
For a deeper discussion, please contact:
PwC TLS Avvocati e Commercialisti
Partner