August 25, 2023, marks a monumental shift as the Digital Services Act (“DSA“) takes center stage, impacting industry giants like Amazon, Google, Apple, and TikTok. With 19 platforms and search engines, each having a minimum of 45 million users, the DSA takes action to uphold data privacy, combat disinformation, and eliminate online hate speech. This dynamic legislation aims to give users, including minors, enhanced rights and control over their online presence, fostering a high level of privacy and security.
What’s the story?
Back on April 25, 2023, the first designation decisions were made, designating very large online platforms (“VLOPs“) and very large online search engines (“VLOSEs“). From that point, these designated entities were given four months to comply with the DSA. Now that this window is closed prepare for a fresh chapter as major online platforms gear up to identify, analyze, and mitigate an extensive spectrum of systemic risks.
Given the current developments, the European Commission (“EC“) requires VLOPs and VLOSEs to meet these obligations:
Every year, VLOPs and VLOSEs need to assess possible systemic risks that come from their services. They are required to address these identified risks by implementing appropriate and effective mitigation strategies that are tailored to the specific context. The evaluations must encompass the following aspects:
(i) The dissemination of illegal content through their services,
(ii) Safeguarding fundamental rights, including dignity, privacy, data protection, freedom of expression and information, non-discrimination, child rights, and consumer protection,
(iii) Countering adverse impacts on civic discourse, election process, and public security,
(iv) Managing effects on gender-based violence, public health, minors, and personal well-being.
Risk management and crisis response
During a crisis, the EC may require VLOPs and VLOSEs to take specific actions, which include:
(i) Assessing whether the functioning and use of their service significantly contribute to a serious threat;
(ii) Identifying and applying specific, effective, and proportionate measures to eliminate such contribution; and
(iii) Providing the EC with reports on these assessments.
Providers of VLOPs or VLOSEs shall publish the reports on any content moderation they engaged in at least every six months. These reports must include information on the human resources dedicated to content moderation, the qualifications and linguistic expertise of the persons carrying out these activities, and the indicators of accuracy and related information in such reports.
Additional Online Advertising Transparency
The DSA also prescribes that VLOPs and VLOSEs displaying online ads must establish a public repository with key (minimum) details, including:
(i) ad content, product, service, or brand details,
(ii) presenting the person’s identity and the funder’s identity if distinct,
(iii) ad timeframe,
(iv) target audience info,
(v) published commercial communications,
(vi) total recipients reached.
The repository should be in a distinct section on the online interface. It must be easily searchable and reliable, allowing multiple criteria searches and accessible through application programming interfaces.
VLOPs and VLOSEs must provide access to the data necessary for monitoring their compliance with the DSA, as per the reasoned request of the relevant Digital Services Coordinator. Within 15 days of receiving the request, providers can propose changes to the request if they cannot grant access due to unavailable or security-sensitive data, in particular trade secrets. Thus, they should suggest alternate ways to access data or offer suitable alternatives that fulfill the request’s purpose.
External and independent auditing
VLOPs and VLOSEs are also subject to external independent audits to confirm their compliance with various obligations outlined in the DSA. In cases where the auditor’s opinion is unfavorable, the report will also provide operational recommendations on specific measures to attain compliance. Within one month of receiving such recommendations, VLOPS and VLOSEs must adopt an audit implementation report for remedial measures.
Designated VLOPs and VLOSEs are required to pay an annual supervisory fee. The amount will be specified in an implementing act published by the EC. The EC will report annually to the European Parliament and the Council on the total amount of the individual fees charged in the preceding year.
The DSA holds substantial importance as it will heavily influence online platform operations. The EU’s efforts to safeguard online users through the DSA are commendable, but close observation of its practical implementation is vital to ensure its effectiveness in achieving its intended objectives. As such, we closely follow the DSA implementation process and its outcomes.
By Veljko Milutinovic, Of Counsel, Gecic Law