Maria Tzanou, Keele University

In December 2020, the European Commission published two ambitious draft Regulations aimed at upgrading the rules governing digital services in the EU: the Digital Services Act (DSA) and the Digital Markets Act (DMA) (for an interesting discussion of the ‘Act’ nomenclature, see here). This post provides a snapshot of the two frameworks and discusses the latest legislative developments in the area. 

The Digital Services Act

The DSA aims to regulate a number of information society actors (intermediary service providers, hosting services, online platforms and very large online platforms) in order to protect citizens from risks and harms online, such as the spread of illegal content and disinformation. The regulatory ambition and potential of the DSA are immense. According to the European Commission, the DSA will provide ‘a modern, future-proof governance framework, effectively safeguarding the rights and legitimate interests of all parties involved, most of all [EU] citizens.’ The DSA contains a number of important elements: 

i) It introduces a horizontal framework that aims to regulate all categories of content, products, services and activities on intermediary services. This is not sector-specific; rather, it purports to cover the entire digital ecosystem.

ii) It incorporates the safe harbour rules of the e-Commerce Directive that exempt providers of intermediary services from liability under certain conditions and imposes an obligation on intermediary providers to act against illegal content and provide information when required by national judicial and administrative authorities.

iii) It sets out different layers of due diligence or accountability obligations for digital service providers. Some of these (such as, transparency reporting obligations in relation to removal of illegal content; establishment of a single point of contact to facilitate direct communication with regulators)  are applicable to all providers of intermediary services. Additional obligations apply to providers of hosting services (i.e., they must put in place mechanisms to allow third parties to notify the presence of alleged illegal content; if the hosting provider decides to remove or disable access to specific information provided by a recipient of the service, they must provide that recipient with a statement of reasons). Further obligations are envisaged for online platforms. These are required, inter alia: to provide an internal complaint-handling system regarding decisions taken in relation to alleged illegal content; to engage with certified out-of-court dispute settlement bodies to resolve any dispute with users of their services; to ensure that notices submitted by ‘trusted flaggers’ are treated with priority; to inform competent enforcement authorities where they become aware of any information giving rise to a suspicion of serious criminal offences; to make reasonable efforts to assess the reliability of and publish specific information on the traders using their services where those online platforms allow consumers to conclude distance contracts with those traders; to publish reports on their activities relating to the removal and the disabling of alleged illegal content; to comply with transparency obligations in respect of online advertising. Finally, the DSA imposes additional obligations to very large online platforms (VLOPs) reaching more than 10% of 450 million consumers in Europe. VLOPs are obliged to conduct risk assessments on the systemic risks relating to the functioning and use of their services; take reasonable and effective measures to mitigate those risks; appoint compliance officers and implement specific, additional transparency reporting obligations. 

iv) It provides for a robust oversight regulatory regime at the national level (with the establishment of independent ‘Digital Services Coordinators’ (DSCs)) and at the EU level (‘European Board for Digital Services’ and the possibility for  the Commission to intervene vis à vis very large online platforms in case infringements persist). Both the DSCs and the Commission are given significant enforcement powers, including the power to impose fines.

Where are we now in the legislative procedure?

The Council of the EU adopted its negotiating position on the DSA in November 2021. The Council proposed a number of changes to the Commission’s proposal. For instance, it suggested broadening the DSA’s scope to include online search engines, it introduced provisions to protect minors online and it strengthened the obligations for VLOPs. 

The European Parliament adopted its negotiating position on the DSA on 20th January 2022. In its report, it also proposed several amendments to the Commission’s proposal, including: the introduction of stronger safeguards to ensure that notices are processed in a non-arbitrary and non-discriminatory manner and with respect for fundamental rights and in particular freedom of expression; additional obligations for VLOPs also aiming to tackle ‘harmful’ content (which might not be illegal) and the spread of disinformation by imposing, for instance, mandatory risk assessments and risk mitigation measures with regard to the transparency of so-called ‘recommender systems’ (algorithms that determine what users see); a prohibition to online platforms from using deceiving or nudging techniques to influence users’ behaviour through ‘dark patterns’; and, more choice on algorithm-based ranking.

The two co-legislators will now start negotiations in the – rather ambitious – hope of concluding negotiations during the French Council Presidency.

The Digital Markets Act

The DMA aims ‘to establish a level playing field to foster innovation, growth, and competitiveness’ in the European Single Market and globally. The DMA complements the DSA. In fact, according to the European Commission, the two frameworks ‘form a single set of new rules applicable across the whole EU to create a safer and more open digital space.’ 

The DMA is market-focused and purports to address the economic imbalances and unfair business practices by certain powerful players (‘gatekeepers’) in the digital sector with the ultimate goal to enable end users and businesses to ‘reap the full benefits of the platform economy and more generally of the digital economy, in a contestable and fair environment’. 

The DMA aims to regulate ‘core platform services’, including: online intermediation services (for example marketplaces and app stores), online search engines, social networking, video sharing platform services, interpersonal electronic communication services, operating systems, cloud services and advertising networks and services where these relate to one or more of the other core platform services. The DMA aims to establish ex ante interventions to minimise the potential detrimental structural effects that might arise when core platform services are operated by so-called ‘gatekeepers’. Providers of core platform services can be deemed to be gatekeepers if they: (i) have a significant impact on the internal market, (ii) operate one or more important gateways to customers and (iii) enjoy or are expected to enjoy an entrenched and durable position in their operations (gatekeeper status can be determined either with reference to quantitative metrics, or based on a case-by-case qualitative assessment by means of a market investigation). 

The DMA grants the Commission several significant investigatory and enforcement powers including the power to impose fines for breaches of the DMA by gatekeepers.

Where are we now in the legislative procedure?

The Council adopted its general approach on the DMA in November 2021. The Parliament agreed its negotiating mandate in December 2021, proposing several amendments to the Commission’s proposal, including  additional requirements on the use of data for targeted or micro-targeted advertising and the interoperability of services; giving users the option to uninstall pre-installed software applications, such as apps, on a core platform service at any stage; and imposing restrictions on ‘killer acquisitions’ in cases of systematic non-compliance, restricting gatekeepers from making acquisitions in order to remedy or prevent further damage to the internal market. 

The two co-legislators will now start negotiations in the – rather ambitious – hope of reaching an agreement as to the final format of the law  during the French Council Presidency.

Concluding Remarks

Both the Commission’s legislative proposals and the amendments agreed by the Council and the Parliament to the two sister Digital Acts are highly ambitious and innovative in many respects. Their overarching goal is to modernise the EU’s digital market and services by introducing strict accountability and transparency regimes for powerful players while protecting the fundamental rights of EU citizens. Only the future will show whether and how the DSA and the DMA will live up to their full potential. 

 

Dr Maria Tzanou is an Associate Professor in Law at Keele University, UK. Her research focuses on European constitutional and human rights law, privacy, data protection, AI, big data, surveillance, transborder data privacy cooperation, the inequalities of data privacy law and how these affect vulnerable groups. She has published numerous journal articles and book chapters on data privacy. She is the author of The Fundamental Right to Data Protection. Normative Value in the Context of Counter-Terrorism Surveillance (Hart, 2017) and the editor of Personal Data Protection and Legal Developments in the European Union (IGI Global, 2020) and Health Data Privacy under the GDPR. Big Data Challenges and Regulatory Responses (Routledge, 2021). She acts as permanent scientific advisor to the Greek Ministry of Justice on data protection issues, co-convenes the UK Society of Legal Scholars (SLS) Cyberlaw Section and is an Associate Editor of European Data Protection Law Review.

The views expressed in this blog reflect the position of the author(s) and not necessarily that of the Brexit Institute Blog.