AGORA DSI & CIO - The Legal Minute - 20 September 2023
You have no doubt heard of the famous European regulation on Digital Services or Data Service Act. Since 25 August, it has been applicable to very large platforms.
The 19 companies designated by the European Commission include the Ali Express marketplace, Amazon, Zalando, the AppStore, the social networks Instagram, LinkedIn, TikTok, Twitter, Facebook, the Booking.com platform and the search engines Bing and Google. Wikipedia is also on the list.
The DSA will apply to other so-called intermediary service providers, i.e. ISPs, web hosts and all online platforms, from 17 February 2024.
The regulation replaces the e-commerce directive, which was adopted in 2000, and introduces comprehensive regulation of digital services, comparable to the RGPD for personal data.
In France, a bill currently under discussion will designate ARCOM, the Audiovisual and Digital Communication Regulatory Authority, as the DSA regulatory authority, rather like the CNIL for personal data.
Firstly, so-called intermediary service providers retain their limited liability regime: they are not responsible for the information they store, but must remove it as soon as they become aware of it.
On the other hand, the DSA introduces new due diligence obligations, which are graduated according to the type of player or their size: simple host, online platform, marketplace, very large platforms.
Rather like the DPO under the RGPD, digital service providers will first have to designate a single point of contact.
The DSA then specifies and sets out the internal mechanisms for notifying and handling complaints. ARCOM will also have to approve out-of-court dispute settlement bodies, as well as trusted whistleblowers.
The DSA also imposes a real transparency exercise, including the obligation for platforms to publish a transparency report, the publication of information on online advertising and content recommendation criteria.
In terms of graphic interface design, the Commission will be publishing guidelines to ban interfaces deemed misleading or manipulative.
Finally, very large platforms will be required to assess the systemic risks associated with their services, such as a negative effect on electoral processes. These assessments will be followed by the implementation of risk mitigation measures, such as the adaptation of their algorithms. A compulsory independent audit system should guarantee the seriousness of the approach. Last but not least, the regulatory authorities and accredited researchers will be able to access data on the algorithms used by the major platforms.
In short, the DSA will probably not solve everything, but it does provide innovative tools for better regulation of digital services and the associated risks, such as information warfare.