European DSA and Big Tech
The digital services act has set the strictest standards for tech platforms and marketplaces
The European Digital Services Act (DSA) which comes into force today (February 17, 2024) has placed the toughest regulations for major tech platforms and marketplaces. Moreover, these companies have passed one compliance deadline that focuses on algorithmic transparency and systematic risk mitigation that came into force last August.
These regulations relate to VLOPs and VLOSEs (very large online platforms and very large online search engines) and readers would recall that the Commission had already put one such entity – the Elon Musk-owned X (formerly Twitter) on notice for a bevy of breaches. This was done last December and the investigations are currently on.
The Commission followed up the initial probe with a request for information sent to 17 other tech companies that includes Amazon, Apple, Booking.com, Facebook, Instagraph, Google Search, Google Play, Google Maps and Google Shopping and LinkedIn, Bing, Pinterest, Snapchat, YouTube and TikTok.
The EU asked these companies to provide information on measures they have taken to give researchers access to relevant data around the upcoming national elections in the region and the steps taken to counter illegal content and goods sold online. The DSA came into force in November and requires large tech platforms to tackle illegal content and public security risks.
Revamped regulations require Big Tech to do more
Per the revamped regulations that come into force now, the big tech giants have been subjected to the rules governing the VLOPs and VLOSEs and become compliant with the DSA’s general obligations as well. So, in case these companies were poor in compliance earlier, they have more to worry about now.
Some of the areas that require additional compliance include providing content reporting tools for users, giving them ability to challenge content moderation decisions, cooperating with the trusted flaggers (third parties authorized to report on platforms), produce transparency reports and apply business traceability requirements or know-your-customer rules.
On its part, the regulator would collect these statements and thus far it notes that more than 4 billion such data points from the larger platforms subject to VLOP rules have been stored. As similar statements from smaller platforms start flowing in, the Commission hopes to get a complete dashboard of content moderation practices for future use.
User age determination remains a challenge
Big tech platforms need to provide information around the ads that are run and the algorithmic recommendation system that they operate on. One direct impact of this move would be to specifically ban children’s data use for advertisement purposes and the rule would ensure that such information isn’t sucked out from existing systems.
Of course, this does beg the question around how these platforms would be able to determine a user’s age without actually falling into privacy issues. Should age verification tech be installed across all user types is something the Commission itself considers a vexatious issue. So, while platforms are obliged to provide effective protection to minors, the acceptable solutions to determine age is something that is under discussion.
Monitoring mechanism is at country level
Another facet of the regulations involve the monitoring mechanism as the compliance of DSA regulations rests not with the Commission but the Digital Services Coordinators or the enforcers at the member states level. So, we now have an entire digital oversight later being put together to regulate online activity around the region.
The law has stuck with a country-of-origin principle whereby oversight of the DSA on tech giants would rest with the authorities located in the countries where the platforms are set up. So, in the case of X, Ireland’s media regulator could be the authority to oversee compliance while for Amazon, the monitoring may rest with Luxembourg’s competition authority.
In case of platforms without a regional establishment and those without a local legal representative, the enforcement would rest in the hands of the competent authorities in any of the member states. In other words, any of the countries could request information or take enforcement related action on compliance issues on DSA. Which means, they are at far greater regulatory risk than those operating in the member countries.
Things are definitely going to get tough
When it comes to the smaller platforms and startups, the DSA oversight could come via DSC appointed in the home market. Reports indicated that confirmed DSCs are a mix of existing regulatory agencies that includes telecoms, media, consumer and competition regulators. On its part, the EU has a webpage for finding the DSC appointed by each member state.
The regulations also establish the European Board for Digital Services where the DSCs will regularly meet to share data and coordinate. This authority would also be responsible for producing advice and guidance for applying the law.
Of course, Big Tech doesn’t have to worry immediately as the EU could provide some grace period to the companies to get up to speed. However, what is also clear is that the DSA would enhance the complexity of platforms operating in the region. Why? Because what works for the goose may not work for the gander!
