Digital Services Act Package: A Right Step towards a Europe fit for the Digital Age?
Twenty years after the adoption of the e-Commerce Directive, the European Commission released its Digital Services Act Package (Package) comprising two proposals for a Regulation, the Digital Services Act (DSA) and the Digital Markets Act (DMA), that will profoundly modify the legal regime for online services:
- The Digital Services Act aims to uphold the limited liability regime for online services providers provided in the e-Commerce Directive while changing the system of due diligence obligations, enforcement, and sanctions.
- The Digital Markets Act aims to create a new ex ante regulatory regime for providers acting as ‘gatekeepers’, those platforms which hold considerable economic power.
Both proposals will now go through the ordinary co-legislative procedure. The European Parliament and the Member States in Council are expected to run each intense internal talks to reach a position before entering inter-institutional negotiations. As with many other European Union (EU) legislative proposals of such magnitude, these discussions could take years before the EU institutions reach a consensus, both within themselves and then with each other.
In order to speed up the process, some Member States have started introducing anticipatory measures with objectives similar to those of the Package. After a failed attempt in France to tighten platforms’ moderation content duties, the French government is pushing for a new reform modelled on the Digital Services Act. A new German competition law reform, which will come into force in the beginning of this year, is addressing the market power of platforms “of paramount significance”, vesting the national competent authorities with powers that the Digital Markets Act foresees for the European Commission.
By contrast, the complexities of the EU decision making machine essentially mean that the provisions of the two proposals could change dramatically as the debate moves along and as technology and society evolves along with it. Recent events related to the selling of illegal goods during the COVID pandemic, the unilateral decisions of taking down allegedly illegal content by social media platforms, as well as the abovementioned initiatives adopted by EU member states have no doubt heightened the sense of urgency of a common EU response to these issues.
Digital Services Act (DSA)
Different rules for different services
The DSA sets out a horizontal regulatory framework with a broad territorial scope, covering all online intermediaries offering services in the European Union (EU) regardless of their place of establishment.
Crucially, the DSA would introduce a four-layered system for intermediary services of due diligence obligations, which would be adapted and gradually increased according to the nature of the service, from general obligations applying to all intermediary services to more gradually stringent ones applicable to hosting services, online platforms, and “very large online platforms”.
By upholding the limited liability framework for information society services, the draft DSA clarifies that intermediary services are not subject to a general monitoring obligation or to an “active fact-finding” obligation (art. 7).
Striking the balance on illegal content
Weeks after the release of the DSA proposal, several social media platforms took unilateral decisions to remove content allegedly illegal, published by now former US President Donald Trump. The event once again brought under public attention the sensitivity of the issue at stake which, in EU terms, means setting a harmonized framework that also takes account of Member States’ specific approaches to fighting against illegal content, safeguarding the freedom of expression or the very nature of illegal content.
Under the DSA, all hosting services would have to implement a notice & action mechanism (art. 14) similar to what many providers from e-commerce to social media platforms already do. Hosting services would also be responsible for informing both recipients and the European Commission of their decisions regarding notified contents (art. 15). The intention is to establish a harmonised framework for tackling illegal content, while balance the rights and responsibilities of users, intermediary platforms and public authorities.
Online platforms would have additional obligations to monitor and report on illegal content, for instance by relying on “trusted flaggers” appointed by competent authorities (art. 19). Their implementation should not in itself place platforms outside the liability exemption for intermediaries. Similar to what the Platform-to-Business Regulation provides, the draft DSA provides for redress mechanisms for users, a big part of the burden being largely placed on platforms. Users could for example contest removal decisions via a free-of-charge internal complaint-handling mechanism of the platform (art.17), and they could also seek redress though an out-of-court dispute settlement system (art.18), with costs that appear to be borne by online platforms regardless of the result of the dispute.
For very large online platforms, an extra layer of obligations could apply. It would consist especially in conducting assessments on the systemic risks related to the dissemination of illegal content such as those concerning fundamental rights or other broader societal harms (art. 26).
Biggest obligations reserved for ‘very large online platforms’
The hobbyhorse of the upcoming legislative discussions will be the criteria establishing “very large online platforms”, to which the draft DSA reserves the most stringent requirements. The Commission set the unique benchmark of the number of monthly active recipients, which should equal or exceed 45 million subjects in the EU (art. 25). The Commission would also have some leeway to modify the calculation methodology according to demographic changes through delegated acts.
The very large online platforms would be subject to greater scrutiny from competent authorities and additional requirements, including greater transparency of moderation, recommender, and advertising systems (art. 26, 27, 29, 30), running external audits (art. 28) and assigning a compliance officer (art. 32).
Online advertising
The European Commission followed some of the recommendations of the left-leaning groups in the European Parliament on ad-related matters. The draft DSA would impose a transparency obligation on online platforms displaying advertising so as to guarantee that users are aware of the nature of the content and have access to ‘meaningful’ information about targeting parameters (art. 24).
Once again, very large online platforms would be subject to additional obligations; their ad repositories would need to be made publicly available and accessible (art.30), and they would have to assess their advertising system and take preventive measures to mitigate related risks (arts. 26 and 27).
Enforcement
The Commission proposes an enforcement mechanism that touches on the country-of-origin principle set out in the e-Commerce Directive. Member State would appoint a Digital Services Coordinator (DSC) responsible for supervising services providers with the main establishment or the legal representative on their territory. The EU legislator will have to clarify the extraterritoriality of their powers (art. 41). But very large online platforms would be subject to an enforcement system that could be ultimately spearheaded by the European Commission (art. 25).
Drawing inspiration from the General Data Protection Regulation (GDPR), the draft DSA sets a ‘European Board for Digital Services’, an assembly of DSCs chaired by the European Commission, responsible for ensuring harmonization and organizing the cooperation between national authorities.
Competent national authorities should be able to impose penalties, to be defined in national law, up to 6% of the annual turnover of the provider for non-compliance with the regulation.
Digital Markets Act (DMA)
The draft DMA seeks to address market failures stemming from the expansion of a small number of large providers of core platform services (gatekeepers) such as online search, social networking, video-sharing, cloud computing, internet messaging services, online marketplaces etc. It marks a shift of the European Commission’s approach from ex post investigation to ex ante prevention when it comes to regulating thebehavior of gatekeepers and could have a profound impact on not only gatekeepers but also those who use and/or do business with them.
Designation of a gatekeeper
According to the proposal, gatekeeper status can be determined based on quantitative criteria including financial and user base thresholds which serve as rebuttable presumptions. Platforms that meet these criteria would have todeclare themselves to the European Commission.
Alternatively, and without having to satisfy the quantitative criteria, the European Commission would also be empowered to designate gatekeepers following a case-by-case qualitative assessment by means of a market investigation. Such assessmentwould take into account factors like the size of the provider, entry barriers derived from network effects, and user lock-in as well as foreseeable developments of these factors.
Obligations of a gatekeeper
Once designated, gatekeepers would have to comply with a defined set of rules againstunfair practices such as self-preferencing, unfair data combination,and impeding users’ freedom to transact with other service providers and/or subscribe to services of those service providers.Conversely, gatekeepers would be compelled to ensure interoperability with its platforms andprovidemore transparency on their online advertising business,among other measures. Additionally, gatekeepers wouldbe required to notify the E.U. of any intended merger or acquisition.
For failing to comply with the DMA, gatekeepers may face fines of up to 10% of their global annual revenue. In the case of systematic non-compliance, the European Commission wouldeven be able to impose behavioural or structural remedies such as legal, functional, or structural separation.
Enforcement
The DMA would confer an exclusive enforcement competence to the European Commission. To this end, it would receive a wide array of powers, including a power to impose behavioural, or, where appropriate, structural remedies, to issue interim measures and to fine a gatekeeper with up to 10% of its annual turnover. An advisory committee, composed of representatives of Member States (the Digital Markets Advisory Committee), wouldbe consulted thorughout the process of adoption of individual decisions .
The road ahead
It’s set to be a long road ahead as both files are set to be some of the most contentious attempts at reforming the internet rulebook. The European Commission is seeking feedback on the Package until 31 March 2021, while the European Parliament and the Council will be discussing the proposals and adopting their own respective positions before jointly agreeing on the proposals – which are not expected anytime soon.
Battles have already begun as to which Committee inside the European Parliament is best placed to lead on the file. Provisionally, the Internal Market and Consumer Protection (IMCO) Committee is set to lead on both files but that is being challenged by the Legal Affairs (JURI) Committee for the DSA and by the Economic and Monetary Affairs (ECON) and Industry, Research and Energy (ITRE) Committees for the DMA. The members of the European Parliament appointed as lead Rapporteurs, Christel Schaldemose (Denmark, Socialsts & Democrats) for the DSA and Andreas Schwab (Germany, European People’s Party) respectively, will need to tap into all their experience as long standing MEPs to build sufficient support within their respective Groups and Committees around a negotiating mandate.
As previously mentioned, Member States are pre-emptively legislating on the matter, drawing their lines in the sand on the matter. Yet progress at the EU level will likely be all but swift. The Portuguese Presidency of the Council of the EU plans to present a first progress report in the Competitiveness Council on 27 May.
