Think fast — because according to the Czech Republic Minister for Industry and Trade, Jozef Sikela, the Digital Services Act (DAS) could become “the gold standard” other countries will soon seek to emulate.
“The Digital Services Act is one of the EU's most ground-breaking horizontal regulations and I am convinced it has the potential to become the 'gold standard' for other regulators in the world,” said Sikela in a EU press release announcing the act’s passage. “By setting new standards for a safer and more accountable online environment, the DSA marks the beginning of a new relationship between online platforms and users and regulators in the European Union and beyond.”
What Is the Digital Services Act?
Increased transparency and accountability are clear hallmarks of the new DSA. Among some of the notable requirements:
- Platforms are now charged with accountability for isolating dangerous or illegal content and services.
- Platforms are prohibited from using targeted advertising based on the use of minors' personal data as defined in EU law.
- It imposes certain limits on the presentation of advertising and on the use of sensitive personal data for targeted advertising, including gender, race and religion.
- It bans misleading interfaces known as "dark patterns" and other practices aimed at misleading.
According to the EU, “smaller platforms and start-ups will benefit from a reduced set of obligations, special exemptions from certain rules” but stricter rules for very large online platforms and search engines (VLOPs and VLOSEs) — those with more than 45 million users — will apply.
Among the new rules, VLOPs and VLOSEs must incorporate an optional user system for recommending content that’s not based on profiling. In addition, under the DSA, they must implement risk mitigation measures that are subject to independent audit and conduct an annual assessment to analyze the systemic risks they’ve created related to the dissemination of illegal content and the negative effects on fundamental rights, electoral processes and gender-based violence or mental health. The DSA also grants the European Commission extensive investigatory powers as well as the ability to impose penalties and hefty fines against platforms in non-compliance.
Related Article: What Europe’s AI Act Could Mean for Marketers
When Does the Digital Services Act Take Effect?
The EU announced the act into force on Nov. 16, 2022 and said online platforms will have until Feb. 17, 2023 to report the number of active end users on their websites in order for the Commission to assess whether a platform should be designated as a VLOP or VLOSE. If such a designation is received, the platform will have four months to comply with DSA rules — that will include their first complete risk assessment exercise.
EU Member States must select and empower their Digital Services Coordinators — those appointed to monitor compliance — by Feb. 17, 2024.
To Whom Does the Digital Services Act Apply?
The DSA will impact to a range of digital service providers in four categories:
- Intermediary services: offering network infrastructure
- Hosting services: such as cloud and web hosting services
- Online platforms: such as online marketplaces, app stores, collaborative economy platforms and social media platforms.
- Very large online platforms: (VLOP and VLOSE) will be subject to the strictest regulation.
Kaitlin Kirkham-Cooper, a managing director at Protiviti who focuses on the technology industry within the risk and compliance practice, said the question on everyone’s mind is who will the DSA impact. And while the intent of the DSA, along with the Digital Markets Act, is to manage and regulate the power of big tech, the act’s applicability is far reaching and applies to all online platforms and hosting services.
“We believe that many technology companies need to foundationally reexamine their existing processes to understand how they can meet the new standards. In many cases, we expect that this may fundamentally change how core processes like product development and data retention and deletion strategies are designed, which is obviously a significant impact to any tech firm,” Kirkham-Cooper said. “The DSA is a very comprehensive, forward-thinking regulation surrounding content and conduct moderation. Until now, data has been treated as an asset and regulated as such. The DSA fundamentally changes that thinking and establishes rules around regulating data as an industry.”
Related Article: Growing Data Privacy Concerns in the Age of Digital Transformation
The DSA: Good News and Bad News
In a statement from the Electronic Frontier Foundation (EFF), a nonprofit organization that works to defend civil liberties in the digital world, the act contains both good — and bad — news.
As they see it, the good news is that it avoids turning social media sites and search engines into “censorship tools” and retains previous internet rules that promote a free internet, including allowing liability exemptions for online platforms and limiting user monitoring. Additionally, it imposes a set of higher transparency standards in content moderation and creates more user control over algorithmically curated recommendations.
However, the EFF is quick to note “the DSA is not a panacea for all problems users face online.” In their opinion, government agencies are given excessive power to uncover anonymous data and remove potentially illegal content. The EFF also notes a large degree of ambiguity when it comes to how platforms will assess and mitigate systematic risks — given they are now required to do so — and said “much will depend on how social media platforms interpret their obligations under the DSA, and how European Union authorities enforce the regulation.”
“There’s a lot to like in the Digital Services Act," Christoph Schmon, EFF’s international policy director, said in a statement. "Far too many proposals launched since work on the DSA began in 2020 posed real risks to free expression by making platforms the arbiters of what can be said online, and the DSA avoids many of them. That being said, we can expect a highly politicized co-regulatory model of enforcement with an unclear role of government agencies, which could create real problems. Respect for the EU’s fundamental rights charter and inclusion of civil society groups and researchers will be crucial to ensure that the DSA becomes a positive model for legislation outside the EU.”
Why Is the Digital Services Act Being Enacted?
As the Internet went mainstream in the 90’s, people rushed online to discover a new realm: one in which businesses could sell online items that consumers could purchase from home. But this early form of ecommerce was mired in legal uncertainty. The e-Commerce Directive was created by the EU in 2000 in an effort to safely promote this new exchange and remain competitive with other countries. Businesses and consumers who sold and/or purchased goods and services online in exchange for money were required to adhere to its principals.
However, the last 20 years have brought monumental accelerating change — with such exponential advances in technology, online activity and ecommerce — that some say it must be the work of aliens. But despite the developments, not much changed in how digital services in the EU were regulated.
“Much of the existing global legislation is outdated and encompasses requirements that were drafted when the digital world was very different," Kirkham-Cooper said. "Whether or not it becomes a ‘gold standard’ will mostly depend on how it is enforced. There is a lot of ambiguity in the regulation that likely will not be fully understood until regulatory exams and enforcements start to materialize."
In short, she added, the impact of DSA will be sweeping, and companies should not underestimate the lift that will be required to be in full compliance with its obligations.
"The act’s potential for significant fines for non-compliance should catch the attention of all affected companies,” Kirkham-Cooper said. "We suggest companies start the journey now by understanding where they are impacted by DSA, conducting a gap analysis based on current practices, and building a roadmap to get to a future-state that’s compliant with DSA’s obligations.”