On April 23, 2022, the Council of the European Union (the Council) announced that it reached a provisional political agreement with the European Parliament regarding the Digital Services Act (DSA). The DSA aims to legislate against the spread of illegal content and to add further measures for ensuring the protection of the fundamental rights of European citizens.
The DSA includes specific requirements for the protection of minors, online marketplaces, online platforms, and search engines, with stricter requirements implemented proportionately for ‘very large online platforms’ (VLOPs) and ‘very large online search engines’ (VLOSEs). The DSA also includes rules for the use of misleading interfaces, including Dark Patterns, and for transparency in the use of recommender systems.
The agreement represents a step forward for the digital services package introduced by the European Commission in December 2020, which also included the Digital Markets Act (DMA). The package aims to define a framework to address the challenges posed by large digital organizations and the protection of their users while continuing to promote innovation in the digital economy.
What is the EU Digital Services Act?
The DSA is a digital regulation that follows the principle of ‘what is illegal offline must also be illegal online’ and aims to stop the dissemination of illegal content as well as protecting the fundamental rights of EU citizens. The DSA will try to achieve this by introducing requirements for VLOPs to analyze the systemic risks they create and to take action to reduce these risks. Such analysis must be conducted annually and should be aimed at reducing risks associated with:
The DSA’s requirements aim to be proportionate to the size and nature of the service provider. As a result, VLOPs and VLOSEs (services with more than 45 million monthly active users in the European Union) will be subject to stricter requirements while small and medium enterprises (SMEs) with under 45 million monthly active users in the EU will be exempt for certain areas of the DSA to maintain a focus on innovation.
What requirements will the DSA introduce?
There are several new requirements that the DSA will impose including the protection of minors online, a duty of care for online marketplaces, and the introduction of a crisis mechanism. The new requirements placed on VLOPs and VLOSEs will be overseen by the European Commission which will have the exclusive supervisory power over these types of organizations.
Protection of Minors Online
The Digital Services Act places an obligation on platforms that can be accessed by a minor in the EU to implement special protection measures to ensure their safety. Including the prohibition of using a minor’s personal data for targeted advertising.
Online Marketplaces
Online marketplaces will have a duty of care imposed upon them in relation to the sellers that utilize their services and will have to meet requirements to ensure that consumers are properly informed about the products and services they are sold.
Crisis Mechanism
The draft of the DSA introduced a crisis response mechanism to assist in reducing the spread of misinformation. This will be done through an analysis of VLOP and VLOSE activity that has an impact on the crisis in question. The Commission, based on the recommendation of the Digital Services Coordinators, will decide on proportionate and effective measures to be put in place for the respect of fundamental rights.
Dark Patterns & Recommender Systems
The DSA will introduce new transparency requirements for organizations that fall under the Act’s scope in relation to Dark Patterns, misleading practices, and recommender systems (systems that allow users to quickly access relevant content). Under the DSA, Dark Patterns and other misleading practices will be prohibited, while VLOPs and VLOSEs will be required to offer users a system for recommending content that is not based on profiling.
Next Steps for Organizations
The DSA is still subject to approval by the Council and the European Parliament. In particular, the provisional agreement announced is subject to approval by the Permanent Representatives Committee, before proceeding through the formal steps of the adoption procedure.
While formal adoption is still awaited, organizations should assess whether they fall under the scope of the DSA’s requirements and analyze their practices in order to measure the impact of the Act on their operations. You can read the European Commission’s proposal for a digital services act to gain a better understanding of the Act. Alternatively, access OneTrust DataGuidance to keep up to date with the latest news on the DSA as well as the European Commission’s digital services package.