On July 5, the European Union adopted the long-awaited Digital Services and Digital Markets Acts in an overwhelming vote.
The formally adopted texts will be entered into the Official Journal of the European Union, and will come into force 20 days after publication. The DMA will be applicable six months following adoption – likely in early 2023. The DSA applies 15 months after adoption, or from January 1, 2024, whichever is later. Those platforms defined by the acts as “Very Large Online Platforms” (VLOP are platforms with more than 45 million average monthly active users in the EU, or 10 percent of the 450 million consumers in the EU market) must meet new obligations sooner – four months after the DSA’s entry into force or after any new designation of a platform as a VLOP.
While presented together as part of the EU’s digital strategy for regulating the online economy, the two acts have different aims and will have different effects. The Digital Markets Act sets rules targeting the dominant market power of “gatekeepers” – search engines, app stores, social networks, video-sharing platforms, communications apps, or cloud services. The Digital Services Act updates the e-Commerce Directive and harmonizes rules on illegal content, while requiring increased transparency from platforms.
These pieces of legislation mean that platforms will likely face significant adjustments to how they operate in Europe, with repercussions worldwide. What major changes can we expect to see when these rules come into force?
THE CHANGES COMING WITH THE DIGITAL SERVICES ACT
- Platform Risk Assessments: The DSA requires risk assessments from designated VLOPs and search engines in order to assess and reduce the spread of illegal content on their services (as defined by EU or national-level laws) and potential negative impact on fundamental rights. These assessments and resulting risk-mitigating measures will be backed up by independent auditors to assess compliance.
- Transparency for Regulators and Researchers:
The DSA also includes provisions for providing access to data for researchers, who must submit proposals for approval via national Digital Services Coordinators. Extensive outside work is also ongoing to ensure effective and safe mechanisms for researcher access to data. The European Digital Media Observatory’s Working Group on Access to Platform Data released a draft code of conduct in May 2022 outlining GDPR-compliant methods for data-sharing.
Under the DSA, the Code of Practice on Disinformation will be strengthened into a co-regulatory Code of Conduct for designated Very Large Online Platforms, including external audits of VLOPs on their application of the Code. The 2018 Code of Practice was updated in June 2022, with major platforms as signatories and with new commitments. The code emphasizes disincentivizing the spread of disinformation through demonetization, increasing transparency of political ads, tackling manipulative behavior, and strengthening reporting tools. Platforms will have to disclose quantitative and qualitative information about the functioning of their recommender systems, advertising, and bots; cooperate with a range of actors including fact-checkers; and provide country-by-country rather than EU-wide data.
US researchers are optimistic about piggybacking on these requirements to access platform data. Such initiatives are of interest for the wider public since more granular research will allow a targeted understanding and informed public debate over what’s going on under the hood of these platforms, including on content moderation or algorithmic decisions, and the resulting societal and political effects.
- Redress for Users on Content Moderation Decisions: The DSA lays out redress mechanisms for users, who will be able to request information about why their content was removed. Users will have access to data about content moderation decisions and be able to appeal content takedown via several avenues, including directly with the platform or via dispute settlement bodies.
- New Flagging Mechanisms for Illegal Content: Users will have new mechanisms under the DSA to flag illegal content – including counterfeit goods on online marketplaces or illegal speech as defined under EU laws. “Trusted flaggers” will also be charged with working with platforms to find and remove illegal content.
- More Transparency on Targeted Ads: Both the DMA and DSA increase transparency around targeted advertising, including by increasing price transparency and ad performance metrics. Users will be able to request information about who is behind an ad and the criteria used to display it. The DSA includes a ban on targeted advertising for minors and targeted ads based on sensitive information as defined by the GDPR – such as race, sexual orientation, and religion.
CHANGES COMING WITH THE DIGITAL MARKETS ACT
- Allowing Sideloading and Third-Party App Stores: The DMA forces gatekeepers to allow users to download apps from outside their proprietary app stores. The DMA also blocks self-preferencing, or the promoting of gatekeepers’ own apps over third-party ones. While sideloading has been criticized for allowing potential security vulnerabilities, the DMA permits “duly justified” measures by gatekeepers to protect their software or operating systems.
- Choice for Search Engines, Web Browsers, and More: Gatekeepers under the DMA will need to offer users choices for search engines, virtual assistants, or web browsers. Users must be able to install their choice of software instead of the one provided by default within the operating system.
- Interoperability: The DMA mandates interoperability, which will require technical changes in order to connect different apps together. The key will be designing solutions that do not undermine end-to-end encryption or enable spam and phishing. What this will look like in practice for users is still under debate; for example, when sending a message from encrypted Service A to non-encrypted service B, a pop-up might warn that the message is leaving an encrypted service, providing transparency so users can make informed decisions. This could potentially be more difficult to scale in a US context, given that Americans have a higher use of SMS which is not encrypted, rather than encrypted messaging apps like Signal or Whatsapp.
- New Rules for Data Use: Gatekeepers will be blocked from using data collected from third-party sellers to offer competing products. The DMA blocks gatekeepers from combining user data from disparate parts of their business to target ads in order to level the playing field with smaller companies without the same resources. Smaller users and businesses who advertise on these platforms will have more access to marketing and performance data.