The road to a uniform digital law in the EU is about to enter the home straight. The EU Commission and the EU Council have reached agreement on the content of the Digital Services Act. In the following, we will take a closer look at exactly what these are.
A “digital constitution” for the Internet
The Digital Services Act is intended to be nothing less than a basic principle for all Internet services within the European Union. After many long negotiations, the most important bodies within the EU have now agreed on the basic framework of this norm construct. This was announced on Saturday. And all those involved are proud of their achievements. After all, the Digital Services Act is intended to act as a kind of “digital constitution. Goal number one seems to be to keep rapidly growing tech companies like Google, Amazon or Meta in check.
Von der Leyen is convinced
Former German minister and current president of the EU Commission, Ursula von der Leyen (CDU), seems particularly happy. Since the beginning of her presidency, the politician has made no secret of the fact that she no longer approves of the times of limitless action by large tech corporations on the World Wide Web. The Digital Services Act now appears to be an effective step in the right direction.
“The DSA will improve the ground rules for all online services in the EU,”
Von der Leyen said in a public statement. And in doing so, the CDU politician also got even more specific by emphasizing that
“It will ensure that the online environment remains a safe space that protects freedom of expression and opportunities for digital businesses.”
Laws Apply to the Internet Too
The Digital Services Act is quite obviously under the heading of wanting to eradicate the Internet’s reputation as a lawless space. According to Ursula von der Leyen’s vision, the final version of the Digital Services Act is to be worded in such a way,
“that what is illegal offline should also be illegal online”
This may sound as if no laws have ever applied on the Internet before, but of course the World Wide Web was not a wild west. Rather, one should see in the Digital Services Act the chance that the regulations should now be much more comprehensible and, above all, more controlled. Accordingly, Alexandra Geese (The Greens) also aptly describes it as a
If one follows the opinion of the politician, who has been working on the Digital Services Act for some time, it could be a
“first, decisive step to more democracy and freedom on the net”
The thread sounds promising
So far, of course, no final version of the Digital Services Act is available. Accordingly, one can only rely on statements made by the bodies sitting at the negotiating table. From this, however, we can at least derive a basic framework and thus a common thread. In principle, the Digital Services Act is intended to regulate the power of online platforms. Accordingly, it represents a catalog of standards to which large companies such as Amazon, Google and Meta must adhere in the future. It is to apply throughout the EU. According to the EU Commission, the fundamental rights of users in particular must be protected. This concerns not only data protection, but also the removal of illegal content.
Not everyone is affected
The scope of the Digital Services Act does not affect every online platform. The goal was rather to reach the large corporations. Who is ultimately affected depends on various factors. In addition to the sheer size of the company, the impact on the entire Internet also plays a major role. The keyword here would be Google, for example, as the largest search engine, but also advertising platform. There is virtually no getting around this provider when surfing the Internet. The law itself will speak of so-called online intermediaries. In addition to search engines like Google, social networks and online marketplaces are also included. As a result, it will be primarily U.S. tech companies that will have to comply with the new rules.
Meta in particular, with its construct of various social networks, Amazon with its gigantic marketplace, and also Apple with its large app store for software applications will have to prepare for new due diligence obligations toward their customers. In addition, the EU also wants to include providers around the topic of network infrastructure in the scope. In particular, providers where you can register your domain or access cloud services are to be included. The EU wants to make a clear distinction between large and small companies.
Most of the regulations are to be imposed on companies whose services are used by more than 10 percent of the total of 450 million consumers in the EU. Again, big names like Amazon, Meta or Google can be mentioned as examples. After all, this point will undoubtedly apply to all three companies. So that small companies do not now have to fear going under in the face of new regulations on the highly competitive market, the EU has also thought of them. The obligations of the Digital Services Act will only apply to a limited extent to smaller and/or newly founded companies or startups. Those with a user base of less than said 10 percent per month will “only” have to comply with selected obligations.
Fighting Hatespeech and Disinformation
One requirement of the Digital Services Act is quite obviously to protect users on the Internet from harmful content. To make this possible, the companies concerned have a duty to enable their users to report such content. To ensure that the reporting tool is not misused, the EU would also like to enable cooperation with so-called “trusted flaggers”. These would then act as a kind of moderator and take a neutral position. On top of that, the threshold for deleting illegal content is to be lowered. In particular, if authorities want to take action against such content, a judge is still required. This is to be omitted, which is to simplify, for example, the deletion of hate comments..
On top of that, this results in a deletion obligation for the corresponding platform. Selbiger is not only to comply with the platform as soon as possible. In serious violations of the law must also be informed of the police. However, the focus is not only on insulting or threatening people. Quick deletion also makes sense, especially when it comes to fake news. Just how dangerous this can be was recently demonstrated by the excesses of the lateral thinking movement. The Digital Services Act also makes special reference to neutrality in the area of news feeds. Since tailored news recommendations can cause people to slip into their very own news bubble, in future at least the algorithms on which the recommendations are based are to be disclosed.
Compulsory contact in the EU
To facilitate interaction with a large company outside the EU, all platforms will be required to designate a contact person in the EU. In relation to a company like Telegram, this is quite interesting. After all, the messenger is still considered a closed book for authorities. With the new regulation, it could become expensive for the service if it does not finally disclose a suitable contact. However, a corresponding obligation to disclose does not only affect the operators of the online platform itself. For example, online marketplaces such as Amazon and Ebay are also to ensure that commercial users can be tracked more easily in the future. Conversely, more emphasis is to be placed on protecting the anonymity of private buyers or sellers.
Big tech corporations will have to “get naked”
The Digital Services Act is particularly exciting with regard to the obligations for so-called big tech corporations. However, this is also where one still finds the biggest question marks. What is certain is that operators will be required to disclose their algorithms upon request. Selected persons from the EU Commission as well as certain delegates from each EU member state should then be allowed to view them. This would be a really big step, as algorithms are the holy grail of any big tech company. After all, they are the foundation for great success. However, it is important to keep in mind that Google and Meta in particular are far too important in everyday life today to allow them to pass off “secrecy” as a corporate secret.
Their influence on the formation of political opinion and the understanding of news is far too weighty. Consequently, it is more than reasonable to fight for the right to look behind the scenes. However, it is questionable how far-reaching this “insight” should be. After all, one cannot expect the corporations to release 100 percent of their secrets of success. At the same time, the big tech companies have a duty to protect their users not only from insults and threats. Defamatory content that affects certain population groups or violates the protection of minors must also be removed from the platform immediately, if possible.
Moderators must be disclosed
More transparency seems to be demanded not only in the area of algorithms. The issue of content deletion must also be traceable in the future. The Digital Services Act aims to achieve this with new rules on moderation. MEP Geese (The Greens) is pleased with these points enshrined in Article 12 and titles them as follows:
“This is a strong Green success.”
But this opinion is apparently not all. So the MEP Patrick Breyer (Pirate Party) sees behind the transparency even the danger of censorship:
“Freedom of expression on the net is not protected from error-prone censorship machines (upload filters), arbitrary platform censorship, as well as cross-border deletion orders from illiberal member states without a judge’s decision, so that perfectly legal reports and information can be deleted.”
Personalized advertising as a vexed issue
The so-called profiling is no longer just a word that we know from shows like Aktenzeichen XY or the crime scene. It also refers to customized advertising. This is adapted to the user by collecting important information. Once a profile has been created, it can be perfectly lumped together with other, comparable users. If advertisers approach the platform, they can be offered very targeted marketing for expensive money. An ingenious idea, but one that is anything but uncontroversial. However, the Digital Services Act will probably not change the basic idea of profiling.
However, the EU is planning to restrict the filtering options, so to speak. In detail, this means that very personal data, such as religion or sexual orientation, must be excluded from profiling. In addition, profiling will only be possible for users of legal age. Unfortunately, this seems to be only a partial success. After all, data protectionists in particular had wanted tracking to be excluded across the board in the browser. Here, one probably did not want to cut Google and Meta too much into the flesh.
Revision of the cookie notice
Meanwhile, a large part of the Internet community can no longer see them – the cookie banners. These inform the user that the website in question relies on cookies and asks whether only technically necessary ones may be collected or whether they may go beyond that. It looks like this banner will still be with us even with the Digital Services Act. However, they would like to revise it a bit. In particular, it should now finally be possible to reject optional cookies just as quickly as to agree to them. After all, it was precisely the extra effort that drove many users to give up their data out of convenience.
High fines measured by annual revenue
Tech companies such as Meta and Apple have already had several encounters with the European judiciary. Although they have always dutifully paid their fines, this has never really hurt them. With a view to the Digital Services Act’s catalog of sanctions, this is now apparently to come to an end. The authorities are to be authorized to oblige the companies concerned to make payments equivalent to up to six percent of their annual revenue. This is not just about the revenue generated in the EU, but the global revenue. In the worst case, it should not remain with a one-off payment. If the company does not improve its practices, regular fines up to this maximum amount are also possible. However, the extensive list of penalties does not only provide for economic sanctions. On top of that, the EU is also to be able to order interim measures.
EU Commission gains supervisory power
Under the General Data Protection Regulation (GDPR), it has become clear that an EU regulation is only effective if it is also enforced equally by all EU members. Unfortunately, the GDPR has not really been enforced since it came into force, especially in Ireland, which is an interesting country for tech corporations. The reason is that the Irish authorities simply cannot keep up with processing the countless violations. This not only means that proceedings are sometimes delayed for years. On top of that, some companies also get off lightly. The EU Commission now seems to have learned from this mistake. Without further ado, it wants to take the reins and take care of the proceedings. It is clear that the processing of cases could become very lengthy even under this principle. We are curious about the final version.