With the Digital Services Act (DSA), Europe is strengthening its legislative arsenal to protect its citizens from the abuses and excesses of online content and service providers. A regulation that will frame the practices of tech giants.
Mark Zuckerberg, the boss of Meta, Elon Musk, the new owner of Twitter, did not dream of it. But Europe did. On April 23, 2022, a few weeks after the DMA (Digital Market Act, see our article), the Council and the European Parliament reached an agreement officially classified as historic on the DSA (Digital Services Actor Legislation on digital services in French), a new European regulatory framework which, like its legislative cousin, the AMD, is expected to come into effect in 2023 and profoundly affect our digital lives. As the rapporteur for the text in the European Parliament, Christel Schaldemose, points out, this regulation has two purposes: “ensure that what is illegal offline is also illegal online” and “setting new international standards through which citizens will have greater control over how their data is used on online platforms and by big tech companies”. on Tweeter, Ursula von der Leyen, the President of the European Commission, estimated that “This historic agreement will protect online users, enable freedom of expression and new business opportunities”.
Todays agreement on #DSA is historic.
Our new rules will protect users online, ensure freedom of expression and opportunities for businesses.
What is illegal offline will effectively be illegal online in the EU.
A strong signal for people, business & countries worldwide.
—Ursula von der Leyen (@vonderleyen) April 23, 2022
Digital Services Act: complementing the Digital Market Act
The adoption of such a text was more necessary than ever, as the European legislative arsenal was beginning to date. Fight against cyberviolence, fight against counterfeiting, fight against manipulation of information, protection of freedom of expression, accountability of platforms (Facebook, Google, etc.) and online marketplaces (Amazon, etc.): the DSA aims to better prevent the excesses of large technological groups by more strictly regulating their activities, but also to put in place unique protection rules that will apply in all member countries of the European Union and, by extension, as soon as Internet users and European citizens will be concerned. After the GDPR, the successive adoption of the DMA and the DSA reinforces the image of a Europe regulating the Internet, failing to have been able to contain the technological hegemony of countries such as China or the United States. As Jean Cocteau said: “Since these mysteries are beyond me, let’s pretend to be the organizer.”
DSA: enhanced protection for European consumers
Concretely, here is what the DSA will change for French and European Internet users. First of all, from a general point of view and this is an important novelty, Europe is going to impose a principle of transparency on online platforms and services which have more than 45 million users on the continent by forcing them to open their algorithms, in other words a large part of their manufacturing secrets, both to the Member States and to the European Commission. While the DSA intends to strengthen the protection of (individuals’) fundamental rights online by emphasizing in particular respect for freedom of expression, within the limits defined by law, and the protection of personal data, this new legislative framework also aims to better combat the dissemination of illegal content online. Content can be defamatory messages but also goods or services. A notification procedure will allow users to report illegal content online and will force online platforms to react quickly. Corollary of this device, the fight against online counterfeiting.
In this area, Europe is putting pressure on market places and the major players in online commerce. These will have to ensure that consumers can buy safe products and services online, by strengthening controls to prove that the information provided by sellers is reliable (principle of ”know the customer”), and they will have to make efforts to prevent the appearance of illegal content on their platforms, in particular through random checks.
DSA: sanctions against all cyber-violence
Another important aspect is the fight against all forms of cyber-violence (harassment, revenge porn), in this type of case, from the moment a report is made, the removal of the incriminated content must be immediate. For offenders and repeat offenders, that is to say for the platforms and for the search engines which would take too many liberties with the new legislation, Europe has provided for a system of sanctions which could very quickly prove to be quite deterrent. As a penalty, the companies concerned may thus be fined up to 6% of global turnover. And for very large platforms (with more than 45 million users), the European Commission will have the exclusive power to demand compliance with the rules when national authorities supervise the activity of smaller platforms.
For Internet users, the adoption of the DSA is also the promise of evolving in more secure online spaces. Bad news for platforms which generate a very large part of their turnover through online advertising, users will be able to better control the way in which their personal data is used and new obligations in terms of transparency will weigh on the platforms: users should therefore be better informed of how content will be recommended to them (”recommender systems”) and they will be able to choose at least one option that is not based on profiling. In addition, targeted advertising based on sensitive data (for example, sexual orientation, religion or ethnic origin) will be prohibited. Regarding minors and more specifically the protection of minors, online platforms must take specific measures and in particular prohibit any targeted advertising.
DSA: Internet giants under surveillance
Another important element carried by the DSA, the prohibition of “dark patterns” these graphic interfaces of mobile applications or Internet sites specially designed to deceive or manipulate users by, for example, giving more importance to a particular choice or by encouraging the recipient to change their choice via annoying pop-up windows. On this point, beyond the very prohibition of this type of practice, the DSA lays down the principle that for the consumer Internet user, it should be as easy to unsubscribe from a service as to subscribe to it. Failure to comply with these obligations will give rise to a right to compensation, i.e. the right for users, who may consider themselves wronged, to seek compensation. “for any damage due to offenses committed”by the companies concerned.
Finally, another key aspect of the DSA relates to the fight against so-called dangerous content and against disinformation which can pose a risk to the democratic balance of the Member States of the European Union. On this point, there is no longer any question for the European authorities to content themselves with a string of declarations of good intentions. Faced with the various destabilization strategies and campaigns that regularly target the European continent, it was time to act. Very large platforms (understand above all social networks like Facebook and Twitter) will have to assess and mitigate systemic risks and undergo annual independent audits. In addition, those who use ”recommender systems” (algorithms that determine what users see) should provide at least one option that is not based on user profiling. Last measure: in the event of a crisis, such as a danger to security or public health, the Commission may require very large platforms to circumscribe any urgent threat to their platforms. These specific actions will be limited to a period of three months.
DSA: entry into force from 2023
Although an agreement in principle has been reached between the Council and the European Parliament, a few stages are still on the schedule. The text will have to be finalized at technical level and checked by lawyer-linguists before the Parliament and the Council give their formal agreement. Once the procedure is completed, it will enter into force 20 days after its publication in the Official Journal of the EU, and the rules will start applying 15 months later. At the same time, from May 23 to 27, 2022, a delegation from the European Parliament’s Internal Market Committee is scheduled to visit several company headquarters (Meta, Google, Apple, etc.) in Silicon Valley in order to discuss on the “legislative package” on digital markets and on other legislation in the pipeline, and to hear the position of technology companies which, it is suspected, will not necessarily always be very enthusiastic about complying new legal and regulatory constraints imposed by the European Union.