The EU’s Digital Services Act is one step closer to becoming law with a provisional political agreement reached between the Council of the European Union and the European Parliament.
The Digital Services Act (DSA), which is all about the principle of “what is illegal offline must also be illegal online,” has the potential to slap some hefty fines on the tech giants if they don’t play along.
In 2020 we reported on a leaked draft of the legislation that showed fines amounting to a potential 6 percent of annual turnover being payable for violations.
That sanction has remained in the current proposal [PDF]: “The Commission may impose on the very large online platform concerned fines not exceeding 6 percent of its total turnover in the preceding financial year.”
A “very large online platform” is one with more than 45 million monthly active users in the EU, according to the Council. “To safeguard the development of startups and smaller enterprises in the internal market,” it said, “micro and small enterprises with under 45 million monthly active users in the EU will be exempted from certain new obligations.”
As for those obligations, “Platforms will be prohibited from presenting targeted advertising based on the use of minors’ personal data as defined in EU law,” according to the Council.
In addition, misleading interfaces known as “dark patterns” are prohibited, there are transparency requirements for recommendation systems, and the tech giants must analyze and reduce the systemic risks they create. The Council gave examples such as illegal content, impact of democratic processes and public scrutiny, as well as “adverse effects on fundamental rights.”
If that wasn’t wide-ranging enough, a new article was added in light of the Russian aggression in Ukraine “and the particular impact on the manipulation of online information.” Dubbed the “crisis response mechanism,” the article permits the analysis of tech giants’ activities surrounding the crisis and takes action accordingly.
In a sequence of tweets over the weekend, EU Commission executive vice president Margrethe Vestager celebrated the agreement, which had taken 16 hours to nail down.
The next steps will be further approval by the Council and European Parliament before it can come into force, potentially by 2024. The UK’s own Online Safety bill was also tweaked since its draft introduction in 2021.
The Register’s request for comment, a Google spokesperson said: “We welcome the DSA’s goals of making the internet even more safe, transparent and accountable, while ensuring that European users, creators and businesses continue to benefit from the open web. As the law is finalised and implemented, the details will matter. We look forward to working with policymakers to get the remaining technical details right to ensure the law works for everyone.”
Facebooks’ parent Meta has yet to respond.
Along with the Digital Markets Act, a proposed regulation which is meant to help new players move into markets currently dominated by tech giants (“gatekeepers” in the parlance of the EU), the DSA will create a single set of rules applicable across the European Union for giants including Meta, Google and Amazon.
Simon Elliot, senior technical director at “digital experience” outfit Acquia, described the legislation as “a significant step towards restoring some of the original principles of the web.
“It also underpins the critical need for an ongoing re-evaluation of the rules that govern our digital ecosystems. The misuse of consumer data and rampant spread of online misinformation has turned public sentiment against big tech companies and social media platforms, leading to an erosion of trust.”
But there was also disquiet and worries that the DSA did not go far enough. Pirate Party MEP Patrick Breyer noted that while minors would be afforded protection from surveillance advertising, “the ban on using sensitive personality traits (e.g. a person’s political opinion, diseases or sexual preferences) for targeted manipulation and targeting was heavily watered down.
“The disappointing outcome fails in multiple respects to protect our fundamental rights online. Our online privacy will not be protected by a right to use digital services anonymously, nor by a right to encryption, a ban on data retention, or a right to generally opt out of surveillance advertising in your browser (do not track).”
Worrying about interoperability and cross-border removal orders, Breyer said: “Industry and government interests have unfortunately prevailed over digital civil liberties.” ®