The growth of e-commerce and online advertising in Bulgaria in the last two decades has been impressive. The COVID-19 pandemic gave an additional boost to the digital economy. Amid such rapid development and almost 16 years after its entry into force, the Bulgarian Electronic Commerce Act (the ECA) feels quite outdated.
On one hand, for more than ten years, it has failed to properly implement the EU cookie legal framework. The EU e-Privacy Directive 2002/58/EC was updated in 2009 and now prior consent is required from entities to place non-essential cookies on user devices within the EU. However, the respective texts in the Bulgarian ECA have not yet been updated and still rely on the previous “opt-out” regime – instead of consenting, users in Bulgaria are given the right to refuse (object) to the placement of cookies. This clearly shows how crucial it is for important pieces of EU-wide legislation concerning consumers’ rights to be introduced by means of a regulation having direct effect, instead of a directive that needs to further be transposed in Bulgarian law. The legislative process for the adoption of an EU-wide e-Privacy Regulation that would hopefully resolve this local issue is still ongoing.
Another section of the Bulgarian ECA – its rules on liability of providers of information society services for user-generated content – will receive a significant overhaul. The new rules will be introduced with the Digital Services Act (DSA) which aims to ensure a safe, predictable, and trusted online environment for digital users and companies.
The DSA has already been officially adopted by the European Parliament and the Council of the EU. The regulation will enter into force 20 days after it is published in the Official Journal of the EU and will likely become fully applicable in the first quarter of 2024.
Who Do the New E-Commerce Rules Apply to?
The new rules of the DSA complementing the ECA apply to providers of a wide range of online intermediary services: (1) Mere conduit services related to internet infrastructure – ISPs, domain name registrars, wireless access points, virtual private networks; (2) Hosting – cloud computing, web hosting, services enabling sharing information and content online, including file storage and sharing; (3) Caching services ensuring the smooth and efficient transmission of information delivered on the internet. The existing provisions of the Bulgarian ECA aimed at such will be significantly enhanced by the DSA. In addition, the DSA imposes specific responsibilities on online platforms such as app stores, online marketplaces, and social media platforms.
What Is the DSA About?
Currently, Bulgarian legislation does not contain clear rules regarding the procedure to be followed in case of illegal content online. This creates practical problems with the enforcement of IP rights, for example. However, the DSA will change that by introducing due diligence obligations of service providers to act against illegal content and empowers online users to flag it. The new rules broadly cover any information relating to illegal content, products, services, and activities in various forms – some examples are illegal hate speech, terrorist content, unlawful discriminatory content, unlawful non-consensual sharing of private images, online stalking, the sale of non-compliant or counterfeit products, the non-authorized use of copyright-protected material. On top of that, the DSA will further enhance the Bulgarian e-commerce framework by introducing significant transparency obligations on hosting providers and online platforms in cases of moderation or demonetization of content, suspension, or termination of accounts. Online marketplaces will be required to ensure the traceability of their traders, to combat the online sale of illegal products and services.
A significant problem that has continuously impacted users in Bulgaria will also be addressed by the DSA – online platforms will be expressly forbidden from using “dark patterns” in their interfaces which deceive, manipulate, or otherwise impair the ability of users to make free and informed decisions. Further, the DSA will introduce rules that address fairness and transparency issues with such platforms’ online advertising practices.
Sanctions and Compliance
The DSA requires EU member states to introduce fines for violation of its rules, the maximum amount of which must be 6% of the annual worldwide turnover of the provider of intermediary services concerned, for the preceding financial year. Businesses in Bulgaria should remember the lesson of the GDPR and try not to postpone their compliance efforts. An interdisciplinary task force should be formed to assess how to best address the new requirements and seamlessly integrate them into the existing compliance framework of the business.
By Nikolay Zisov, Partner, and Deyan Terziev, Senior Associate, Boyanov & Co.