Privacy & Information Security Law Blog

On April 23, 2022, the European Commission announced that the European Parliament and EU Member States had reached consensus on the Digital Services Act (“DSA”), which establishes accountability standards for online platforms regarding illegal and harmful content.

The DSA imposes obligations on covered entities based on their size, role and impact within the online ecosystem. Specifically, the DSA addresses (1) service providers (covering intermediary services, conduit, caching, hosting and network infrastructure services); (2) online platforms (such as app stores, online marketplaces and social media platforms); and (3) what the DSA labels “very large online platforms” (“VLOPs”), defined as online platforms with more than 45 million active monthly users.

The final agreement retains essentially the same features as the draft originally proposed in 2020, but negotiators at the European Council and the European Parliament agreed to modifications on the following requirements:

• Online Marketplaces. To ensure removal of illegal products and services from online marketplaces, operators of such marketplaces must establish know-your-customer-type protocols for merchants using their platforms. Operators must also make reasonable efforts, including random checks, to prevent illegal products and services from being listed for sale on their platforms.
• Immediate Takedown. Content targeting victims of cyber violence (e.g., “revenge porn”) must be removed “immediately;” other content deemed illegal must be removed “swiftly.”
• Dark Patterns. The DSA creates a qualified ban on the use of dark patterns, by prohibiting online platforms from using dark patterns to manipulate users’ choices unless they pertain to practices permitted by the EU GDPR or the Unfair Commercial Practices Directive. The European Commission is expected to issue guidance on the types of practices that constitute dark patterns under the DSA.
• Algorithm Accountability. The DSA authorizes the European Commission and EU Member States to access the algorithms of VLOPs upon request and within a reasonable time if necessary to monitor and assess the compliance with the DSA.
• Transparency & Profiling. Platforms must clearly describe their recommendation systems in the platform’s terms and conditions. Platforms also must allow users to modify the parameters used in the recommendation systems, and must include at least one option not based on profiling.
• Supervisor Fee by the Commission. VLOPs must pay the European Commission a supervisory fee of up to 0.05% of their global annual revenue to enforce the DSA.
• Inclusion of search engines. In addition to from VLOPs, very large search engine operators separately fall within the scope of the DSA’s takedown regime. While such search engine operators cannot remove illegal content per se, they are required to delist any links leading users to such illegal content.

What’s Next?

The DSA will be sent to the European Parliament and EU Member States for final approval. Once approved, the DSA will become effective 20 days after its publication in the Official Journal. Online platforms will then have 15 months to comply with the legislation, which will is expected to become enforceable in the first quarter of 2024.

The DSA complements another piece of related proposed legislation, the Digital Markets Act (“DMA”), which is also pending final approval.  The European Commission, European Parliament and EU Member States reached political agreement on the DMA on March 22, 2022.