作者

Debbie Heywood

高级专业支持律师

Read More
作者

Debbie Heywood

高级专业支持律师

Read More

2022年5月16日

Radar - May 2022 – 2 / 3 观点

EC Digital Services Act agreed

What's the issue?

The Digital Services package was proposed by the European Commission in December 2020.  Comprising two flagship pieces of legislation, it is intended to tackle some of the most pressing issues in the online environment.  The Digital Services Act (DSA) will tackle illegal content, goods and services online, and the Digital Markets Act (DMA) aims to regulate digital markets and address concerns raised by the market power of large online players.

What's the development?

In April, we reported that provisional political agreement had been reached on the Digital Markets Act.  Now, political agreement has also been reached on the Digital Services Act. 

The agreed text of the DSA has not yet been published.

DSA

According to the press releases issued by the EU institutions, the agreed DSA includes the following.

Broadly, online platforms including social media and marketplaces will have to take measures to protect users from illegal content, goods and services.  The DSA will apply to all online intermediaries providing services in the EU but very large online platforms (VLOPs) and very large online search engines (VLOSEs) (services with more than 45m active users in the EU) will be subject to more stringent requirements than micro and small enterprises which are exempted from some of the obligations.  The Commission and Member States will have access to algorithms of VLOPs.

Online marketplaces - will have a duty of care in respect of products and services provided on their platforms and will be required to carry out systematic and spontaneous checks to ensure information provided by traders is reliable, in order to prevent illegal content on their platforms.  Marketplaces will have to collect and display information on the products and services sold on their platforms to ensure consumers are kept properly informed.  Clearer notice and action procedures will be required to enable swift removal of illegal online content, products and services, and in relation to 'revenge porn' and other types of cyber violence.

Risk analysis and reduction – VLOPs will have to analyse systemic risks and carry out risk reduction analysis each year.  This will require continuous monitoring to reduce risks associated with illegal content, content with an adverse impact on fundamental rights, democratic processes and public security, gender-based violence and on minors, and with serious consequences for the physical or mental health of users. 

Dark patterns – misleading interfaces or dark patterns will be prohibited.

Recommender systems – will have attached transparency requirements.  VLOPs and VLOSEs will have to offer users a system for recommending content which is not based on their profiling.

Online advertising – users will have better control over how their personal data is used.  Targeted advertising based on sensitive personal data will be prohibited as will targeted advertising of any kind to minors.

Minors – will benefit from specific protections.

Crisis mechanism – new rules will be introduced to provide for special measures during times of crisis (such as a public security or health threat).  The Commission may require very large platforms to limit any urgent threats for a period of up to three months.

Penalties – online platforms and search engines will face fines of up to 6% of annual global turnover for non-compliance.  The Commission will have exclusive power to demand compliance.

Redress– users will be able to challenge content moderation decisions and seek redress.

The agreed text is now subject to formal approval by the European Parliament and Council.  It will apply fifteen months from adoption or from 1 January 2024, whichever is later.  However, it will apply to VLOPs and VLOSEs four months after their designation as such.

Digital Markets Act

The provisionally politically agreed version of the DMA has been published. It suggests there have been some significant changes since the first draft.  These include wide-ranging interoperability requirements on messaging services, and extended obligations on gatekeepers under Articles 5 and 6.

In particular:

  • Web browsers and virtual assistants have been added to the list of core platform services.
  • Users will have the right to download apps from the internet and third party app stores.
  • App developers will be allowed to select which in-app payment solution they want to use.
  • The requirement to provide access to app stores on fair, reasonable and non-discriminatory (FRAND) terms, has been expanded to include access to search engines and social networking services.
  • Gatekeepers will (subject to certain conditions) have to ensure their messaging services are interoperable with those of their competitors without compromising end-to-end encryption.
  • The prohibition on combining personal data across gatekeeper services or with personal data from third-party services without consent has been extended.  Gatekeepers must not process personal data from end users using third party services which use core platform services for their advertising purposes.  Nor can they combine personal data across their core services, nor cross-use personal data from core services in other separate services, nor use single sign-in across services unless the end user has consented (to GDPR standards of consent).  Consent for these purposes can only be sought once a year.
  • Advertisers will be able to access both aggregated and non-aggregated data which must be provided by gatekeepers in such a way that advertisers can analyse it using their own software.

The DMA will apply six months after entry into force subject to the following exceptions:

  • Articles 3(5) and (6), 40, 46, 47-50 will apply from entry into force.  These deal mostly with some aspects of the designation of gatekeeper status, including representations against being designated as a gatekeeper, and some administrative aspects such as the provision of guidelines and appeals processes.
  • Articles 42 & 43 will apply from 25 June 2023 or date of entry into force if later.  These cover representative actions and whistleblowing/breach reporting. 

What does this mean for you?

These are very significant pieces of legislation.  While there will be time between enactment and application, online platforms, social media and marketplaces, and those designated as gatekeepers under the DMA, will have a lot to do to become and continue to be compliant.  This will be alongside parallel but different provisions in the UK including the Online Safety Bill and the proposed legislative framework to regulate digital businesses with strategic market status.

本系列内容

技术、媒体与通信 (TMC)

UK government set to regulate big tech

作者 Debbie Heywood

技术、媒体与通信 (TMC)

EC Digital Services Act agreed

作者 Debbie Heywood

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe