The Digital Services Act (DSA) aims to provide a European solution to an important societal challenge: illegal content and misinformation online. These are real and significant problems, for which new legislation was needed indeed. The DSA was developed and approved during the pandemic. It is a lengthy and complex text, and I believe it received insufficient political and public scrutiny.
The DSA does contain highly valuable provisions, e.g. providing mechanisms for fighting child abuse and for enforcing transparency requirements in online advertising and recommendation systems. However, there are also concerning parts, which may undermine fundamental rights, especially freedom of expression and information, a cornerstone of European democracies and enshrined as Article 11 of the EU Charter of Fundamental Rights. In this opinion piece, I summarize my understanding of some key points in the DSA, omitting technical details and nuances, and emphasizing those potential risks.
- The DSA requires that online platforms make it easy for anyone to report allegedly illegal content. Online platforms (and providers of so-called ‘hosting services’ more generally), such as social media platforms, must provide user-friendly mechanisms that allow anyone to ‘notify’ (i.e. flag or report) content on the platform (e.g., a message on X) that they believe to be illegal (Art 16).
- Online platforms become liable for reported content. Once notified, platforms (e.g., X) become liable for the notified content, if it is indeed illegal (Art 6, and Art 16 paragraph 3). They then must quickly take appropriate action against it (suppression, removal of the content, suspension or blocking of the author...) (Art 16).
- Notices submitted by so-called Trusted Flaggers must be handled with priority. Trusted Flaggers are organizations that will be certified as such by the so-called national Digital Service Coordinators (DSCs) (see below and Art 49-51). Platforms must handle notices submitted by Trusted Flaggers as a matter of priority (Art 22). Trusted Flaggers who too often notify content inaccurately can lose their privileged status, but risk nothing more than that (Art 22, par 6-7).
- Complaint and redress procedures must be established, but they will take time. Complaint and redress procedures must be established and clearly communicated (see e.g. Art 16 par 5, and Art 17 par 3(f)). Such procedures must include an internal complaint-handling system (Art 20), out-of-court dispute settlement bodies (Art 21), and judicial redress. However, these procedures can drag on for months, during which time the measure (suppression, removal, etc.) remains in force.
- Terms & Conditions (T&Cs) are used as a means against undesirable (but not illegal) content. Notifications can compel a platform to take measures for two possible reasons (e.g., Art 17 par 1):
1. because the platform also deems the content to be illegal (or, perhaps more often, because it does not have the time or resources to investigate, and thus prefers to err on the side of caution), or
2. because the content violates the platform's T&Cs (but is not necessarily illegal).
Remarkably, the DSA explicitly highlights the possibility for online platforms to rely on Trusted Flaggers or similar mechanisms for policing content that is incompatible with their T&Cs (e.g., Recital 62). This contrasts with the stated role of Trusted Flaggers as flagging illegal content (Art 22).
- Mandatory risk assessments and mitigating measures allow the European Commission to influence the T&Cs, content moderation policies, and more, of very large online platforms. Very large online platforms and search engines (X, Facebook, YouTube, Instagram, Google, Snapchat, TikTok, etc.) are required to regularly perform analyses of “systemic risks” (Art 34) and take mitigating measures (Art 35). This may include tightening and extending their T&Cs, strengthening their cooperation with Trusted Flaggers, altering their algorithms, etc. Such risk assessments explicitly go beyond illegal content: they aim to address allegedly deceptive content and disinformation (see also Recital 84). As such, the DSA grants the European Commission not only the power to suppress illegal content, but also content they consider undesirable because it is allegedly detrimental to ‘civic discourse’, public security, public health, and more.
- A crisis response mechanism provides an additional mechanism for the European Commission to exert control over non-illegal content. In times of ‘crisis’ (proclaimed by the European Commission itself, on the initiative of the new European Board for Digital Services), such as a threat to security or public health, the European Commission can demand additional measures from the very large platforms and search engines (Art 36 and 48, and Recital 91). These measures, which may include adjusting the T&Cs and the content moderation processes, intensifying cooperation with Trusted Flaggers, etc., must then be taken by these platforms as a matter of urgency.
- Codes of Conduct provide a further mechanism for the European Commission to exert control over non-illegal content. The European Commission will ‘encourage’ the drafting and adherence to ‘voluntary’ Codes of Conduct for the sector (including quantifiable KPIs and the obligation to report regularly to the Commission and the relevant Digital Service Coordinator). The purpose is not only to combat illegal content, but also the so-called ‘systemic risks’ (Art 45), with specific references to ‘disinformation’ (Recital 104). The phrasing of Art 45 and its motivation (e.g. Recitals 103 and 104) almost read like “an offer they can't refuse”.
- Transparency is limited. There are
various provisions concerning transparency (e.g., Art 15, 17, 22 par 3, 24, and 42,
and Recital 122), but these are mostly at an aggregated level, rather than at
the level of individual content and content moderations. This makes independent
scrutiny of the impact on freedom of expression and information very difficult.
DSCs will have the authority to grant a ‘vetted researcher’ status to particular researchers. Very large online platforms and search engines can then be compelled to provide these vetted researchers with access to data for the purpose of investigating systemic risks in the European Union, and for assessing the adequacy, efficiency and impacts of the risk mitigation measures. Unfortunately, the ‘technical conditions’ (which data, which permitted purposes, etc) are yet to be determined, and the power to do this is delegated to the European Commission (Art 40 par 13).
- Fines for non-compliance are exorbitant, but not for transgressions of fundamental rights. Fines for non-compliance with the obligations under the DSA are exorbitant: up to 6% of the global annual turnover (Art 52 and 74). The DSA also does pay occasional lip service to fundamental rights, including freedom of expression and information (e.g., Art 35 par 3 and Recitals 86 and especially 153). However, I could not find anything about fines for overzealous ‘content moderation’ that violates these fundamental rights. It all remains very vague, without concrete guarantees. The DSA asserts one’s right to file a complaint (Art 53), and to request compensation in case of loss or damage resulting from non-compliance with the DSA (Art 54). But it is doubtful whether a violation of fundamental rights (especially freedom of expression and information) will be recognized as non-compliance with the DSA.
It is hard to shake the feeling that it was a mistake to write and approve this Act between 2020 and 2022, during the pandemic when authorities were struggling to control the global narrative. In my opinion, the European regulator went grocery shopping on an empty stomach, which is never wise.
It is now up to the members states to implement the DSA in such a way that the risks to our fundamental rights and to the foundations of our European democracies remain as small as possible.