What is the Digital Services Act, what changes for users and what is the impact on digital rights?

1. DIGITAL SERVICES ACT
…coming soon in your country
Kirsten Fiedler, Senior Policy Advisor, EU Parlament

2. Interactive website https://afuturewithoutmanipulation.eu/
Greens/EFA ideal law: mycontentmyrights.eu/

3. DEVELOPMENT OF DIGITAL SERVICES
 A FEW BIG ONES  MANY SMALL ONES
EU-Kommission via Dealroom database:
ca. 10.000 are based in the EU , of which 96 % SMEs and around
half micro enterprises.
Dealroom database,infra, S.24

4. DEVELOPMENT OF DIGITAL SERVICES
E-Commerce Directice (2000):
 Rules for all services of the
information society
Digital Services Act:
 Liability rules (=ECD)
 Notice and complaint
mechanisms
 Due diligence obligations
 Harmonised enforcement
(Digital Services Coordinators+
EU -Commission)

5. GOALS
 1. To make it easier to offer cross-border digital
services and to create uniform rules for the
European internal market.
 2. Make the internet and digital services a
safer place where national law applies and
everyone in the EU can freely exercise
their fundamental rights, in particular
their right to freedom of expression and
information.
 3. Combat disinformation and hate
speech. The functioning of platforms that
damage democratic societies are being
considered.

6. SCOPE
 The DSA applies to digital services offered to users located
in the EU, regardless of the place of establishment of the
services themselves.
 It applies with tiered rules to
 intermediary services
 hosting services
 online platforms
 Very Large Online Platforms (VLOPs) and Search Engines
(VLOSEs)

7. SCOPE
 Intermediary services
 Hosting services
 Online platforms
 Very large online platforms and search engines (VLOPs and VLOSEs)

8. CATEGORIES
AND
OBLIGATIONS

9.  Liability rules
 Reporting Illegal Content and Remedial Procedures
 Transparency reports for online platforms
 Ban on manipulative practices (dark patterns)
 Restrictions on behavioral advertising
 Exceptions for small and medium-sized companies
VLOPs/VLOSEs:
 Risk assessment and mitigation
 Audits (independent verification)
 Recommender systems
 Advertising archives
 Data access for researchers and CSOs
Enforcement:
 based on country of origin principle
 The EU Commission is responsible for VLOPs
 Fines of up to 6% of global annual sales
CONTENTS

10. LIABILITY
 Services are not liable for user-generated content
until they have actual knowledge of it and then "act
expeditiously" to remove content (Articles 4-6)
 General monitoring (Art. 8):
“No general obligation to monitor the information which
providers of intermediary services transmit or store, nor actively
to seek facts or circumstances indicating illegal activity shall be
imposed on those providers“

11. ORDERS
 Orders to take action against illegal content and
information orders from authorities (Articles 9-10):
Harmonised and clear rules.
 In future, orders from the judicial and
administrative authorities of the Member States
against illegal content and requests for information
from all online services must be acted on
expeditiously.

12. POINTS OF CONTACT & LEGAL
REPRESENTATIVES
 Services designate a single point of contact so
that they can communicate electronically directly
with users, authorities and the Commission
(Articles 11-12)
 Services that do not have an establishment in the
EU appoint a legal or natural person to act as
their legal representative (Article 13).

13. TERMS & CONDITIONS and TRANSPARENCY
 T&Cs and community standards that establish rules for
content moderation must be applied in an objective and
non-arbitrary way in the future (Article 14).
 Services are obliged to respect the fundamental rights of
their users when applying their terms and conditions
(Article 14).
 Annual accountability for content moderation must be
provided in machine-readable transparency reports
(Article 15).
 Very large platforms must also disclose how many staff
are used for content moderation and how the staff is
trained and supported (Article 42).

14. NOTICES AND COMPLAINTS
 Europe-wide harmonised notification procedures
to quickly and easily report potentially illegal
content on the Internet (Article 16).
 Users finally get more rights via:
 Justification and complaints procedures at the
platforms (Articles 17 and 20)
 External dispute resolution procedures (Art. 21) so that
users can defend themselves against unlawful deletions
and account blocks.

15. ONLINE MARKETPLACES
 Illegal activities on online marketplaces are
frequently uncovered, especially when it comes to
selling dangerous products. Too often the identity of
the providers is not verified.
 DSA:
 Dedicated chapter for marketplaces (Section 4)
 Traceability of traders on platforms (duty to provide
information: name, contact details, registration numbers,
etc., Art. 29-32)
 Online marketplaces must use their "best efforts" to check
whether the information has been provided reliably and
completely

16. RECOMMENDER SYSTEMS
 Since the revelations by Facebook whistleblower Frances
Haugen, we have evidence of the negative impact of
online platforms' recommendER systems: Algorithms
amplify the distribution of polarising content.
 DSA:
 Online platforms must explain how their recommendation
systems work, why certain content is displayed and how users
can change this (Article 27).
 Very large platforms must also offer an option to view the
content that is not personalized and not based on profiling
(Article 38).

17. MANIPULATIVE PRACTICES
 "Dark Patterns" push users in unfair and manipulative manner to make
decisions every day, such as:
 Cookie banners that hide the option to refuse cookies.
 Repeated harassment after users have already opted out.
 Hiding "unsubscribe" options or how to close an account
 Article 25, DSA:
 Websites and buttons must be designed fairly so that users have a real
choice in the future.
 But: Practices already covered by existing consumer protection and
data protection legislation are not included in this prohibition.
 But: no binding list of practices in the article, as provided for in the
parliamentary text. The EU Commission can publish guidelines to
explain specific prohibited practices.

18. SURVEILLANCE ADVERTISING
Prohibition of advertising based on profiling
which uses sensitive data - e.g. political and
sexual orientation, trade union membership,
religion… (Article 26(3))
Prohibition of advertising based on profiling
using personal data of minors (Article 28(2))

19. RULES FOR VLOPs, 45mio USERS
 Risk assessment and mitigation (Art. 34-35)
 Recommendation systems with alternative option not
based on profiling (Art. 27/38)
 Crisis management (Art. 36)
 Audits (independent review, Art. 37)
 Ad archives for VLOPs (Article 39)
 Access to platform data for researchers and civil
society (Art.40)
 VLOPs supervisory fee (Article 43)

20. RISK ASSESSMENT & MITIGATION
 VLOPs are required to conduct annual risk assessments
(Article 34): how design and algorithmic systems
impact:
fundamental rights, human dignity, data protection,
diversity of opinion and media, non-discrimination,
youth protection and consumer protection?
the public discourse and elections, on gender-
specific violence or on the mental and physical
health of the users?
 VLOPs are required to address the identified risks
(Article 35).

21. CRISIS MANAGEMENT
 The EU Commission can, on the recommendation of
the DSA Board (consisting of the 27 MS), require
actions from VLOPs, e.g. carry out specific risk
analyses or take measures
 This crisis response must be limited in time (max. 3
months)
 The Commission's decision must be made public

22. ACCESS TO PLATFORM DATA
 Access to platform data for researchers and civil
society has been secured (Article 40).
 VLOPs and VLOSEs have to explain the design, logic
and functioning of their algorithmic systems,
including their recommendation systems, at the
request of the authorities in the MS or the
Commission.

23. ENFORCEMENT
National Level -
Digital Service
Coordinators (DSCs)
• Independent
Authorities Direct
Oversight and
Enforcement
Coordination with
other national
authorities
• Coordination with
other national
authorities
EU Board for Digital
Services (Art. 61)
• Ad hoc independent
advisory board
• Composition from
DSCs
• Presidency of the
EU Commission
• Advises DSCs and
com, proposes
EU Commission
• Direct oversight and
enforcement for
VLOPs
• Advises on cross-
border cases
• Acts upon DSC
request

24. ENFORCEMENT
 We learned from the GDPR: Avoiding an “enforcement
bottleneck”
 Regulators have strong enforcement measures at their disposal
(Articles 49 ff.)
 Penalties of up to 6% of global sales (Article 52)
 Periodic fines of up to 5% may be imposed for persistent
violations (Art. 52)
 (Temporary) measures to stop the violation can be ordered or, in
special situations, the service can even be completely blocked
(Article 70).
 EU Commission has centralized enforcement power for VLOPs.
 VLOPs share the financial burden of their own supervision through
fees.

25. ENFORCEMENT IN GERMANY
 The draft law to implement the DSA in Germany
published beg. August 2023:
 designates the BNetzA as the national DSC,
 plus tasks for Federal Agency for the Protection of
Children and Young People in the Media
 and the Data Protection Authority (5 new FTE).
 NetzDG will be fully replaced by the DSA.
 In Ireland, the DSC is the Coimisiún na Meán (a new
Media Commission)
 In France, ARCOM will be the "coordinateur pour les
services numériques" (CSN)

26. NEXT UP
 Entered into force on Nov.22
 Applies for VLOPs since 25 August 2023, applies to
everyone from 17 February 2024
 In Feb. 22: User numbers published, COM then named 19
services as VLOP/VLOSE.
 Risk reports were due 28/08-4/9 (4 months after
designation), but not published
 Delegated Act on Audits in Q3 (September)
 Template for transparency reports (by December)
 Delegated Act on Art. 40, data access (planned 1st
quarter 2024)
 Whistleblowing platform (similar to FISMA tool)

27. tl;dr
 Platforms are not liable for the opinions of their users, but for
their own actions.
 Systemic risks from the business model of surveillance advertising
and interaction-based recommendations are identified and
addressed.
BUT
 Profiling for recommendation systems not restricted at all.
 Prohibiting advertising profiling and manipulative practices does
not go far enough.
 Systemic risks are researched but not eliminated immediately.
 The DSA gives us tools, but it won't change the Internet from one
day to the next.

28. alexandrageese.eu Newsletter email: kirsten.fiedler@ep.europa.eu
mastodon: @kik1@chaos.social
QUESTIONS ?