In November 2018, the European Commission presented its Digital Strategy for Europe. The aim of the strategy is to strengthen the digital single market and create fair competition, the latter especially vis-à-vis the US digital industry. Single Market Commissioner Thierry Breton made clear: “It’s not us who need to adapt to today’s platforms, it’s the platforms that need to adapt to Europe.”
The EU Digital Services Act
Antonia Herfurth, Attorney at law in Munich and Hanover
Sara Nesler, Mag. jur. (Torino), LL.M. (Münster)
The e-commerce directive from 2000 (RL 2000/31/EC) has so far provided the legal framework for digital services in the EU. It allowed the Internet to develop rapidly over the last 20 years and become what it is today. However, the directive is 20 years old. In 2000, the Big Five – Amazon, Apple, Facebook, Google and Microsoft – were already big, but today they dominate the global market. Furthermore, user behavior on the Internet has changed. Fake news and hate speech are commonplace. The Commission is now planning the Digital Services Act to redefine the role and responsibility of service providers. For three months, the public was consulted and could submit proposals.
The following Compact is not a legal analysis but raises awareness of the current legal situation and current discussion points and provides an outlook.
Previous legal situation – e-Commerce Directive
The e-Commerce Directive has played a significant role in allowing the development of the internet. Key points of the directive are the formal validity of contracts concluded electronically, the provider privilege, the country-of-origin principle, information obligations for operators of digital services and the prohibition of a general monitoring duty.
The provider privilege is a liability privilege for digital service providers. The privilege protects service providers from direct liability for content posted by users on platforms, Art. 12-14 e-Commerce Directive. If the provider forwards, transmits or temporarily stores content, only the user is liable, not the provider. The service provider only provides the infrastructure. The service provider is liable only if a user uploads illegal content and the provider does not delete it. This privilege has made it possible for the Internet to become a free communication space.
The country-of-origin principle regulates that service providers are subject to the law of the country in which they are based and not to the law of the country in which their services are offered, Art. 3 (1) e-Commerce Directive. The country-of-origin principle is a business-friendly regulation. Providers should be able to establish themselves freely within the EU, without barriers. Without the country-of-origin principle, service providers operating across borders would have to take 27 national regulations into account.
Prohibition of a general monitoring obligation
When the EU formulated the e-Commerce Directive, it deliberately decided against a general monitoring obligation, Art. 15 e-Commerce Directive. Service providers are not obliged to constantly and without cause monitor the content uploaded by their users or to actively search for illegal content. Of course, providers must sift through – allegedly – illegal content and delete it if necessary. However, the EU has intentionally not introduced permanent, complicated, time-consuming, and cost-intensive monitoring systems because, according to the EU, this not only inhibits development and is disproportionate, but also changes the character of platforms.
Digital services have outgrown the e-commerce directive. Digitization has led to Amazon’s market capitalization increasing by more than 1,400% since 2010, and Apple’s by 600%. In addition, platforms are used intensively, hate speeches and illegal content are posted, and fake news are spread. So far, there are no European regulations in this regard. Member states are countering this by enacting national laws. In 2017, Germany enacted the Act to Improve Law Enforcement on Social Networks (so-called Netzwerkdurchsetzungsgesetz), France in 2020 enacted the Act against Hate Speech on the Net (so-called Loie Avia), which, however, was overturned by the French Constitutional Court in the summer of the same year, and in Austria the Communications Platforms Act has been in force since April 2021. The consequence of this is that there is no uniform European legal framework, and therefore no EU supervisory authority, but a patchwork of national regulations with different specifications. Not only are smaller European providers disadvantaged, but it is also more attractive for service providers entering the market to establish themselves in the USA or China.
Future legal situation – DSA
The Digital Services Act (DSA), together with the Digital Markets Act (DMA), is part of an EU legislative package that aims to unify the digital single market, create a control framework, and ensure fair competition. The changes envisaged by the DSA are discussed below. The DMA, which seeks to combat unfair competition by platforms, is covered in the Compact “The EU Digital Markets Act”, December 2020.
The aim of the DSA is to promote fairness, transparency, and accountability in relation to the moderation of digital content, and to ensure respect of fundamental rights and the independence of legal remedies. To this end, the regulations are aimed at providers of intermediary services – pure transit, caching, and hosting – regardless of their domicile. Only the user must be domiciled in the EU.
Other than originally planned, the provider privilege for transit, caching and hosting will not be abolished. The European Parliament had also spoken out against the abolition. Instead, the provider privilege of the e-commerce directive will be adopted, supplemented by a Good Samaritan privilege for providers acting on their own initiative, Art. 3-5 of the DSA proposal. Service providers are allowed to conduct voluntary investigations but are not obliged to monitor the transmitted or stored information or to actively search for illegal activities, Art. 6 of the DSA proposal. However, there is a duty to cooperate with national authorities in combating illegal content as soon as they adopt a corresponding order.
This solution is a compromise. The lobby had objected that too strict controls and restrictions would inhibit the development of the Internet as in the last decade and restrict freedom of expression through upload filters and overblocking. Overblocking is the unwanted blocking or deletion of lawful content. On the other hand, it was argued that privatized law enforcement is a problem that would only be worsened by the lack of public control. Facebook, Amazon and others decide which content is illegal and which is not. Not only do the service providers apply different standards, but they are also acting as legislators and judges. This task must fall to a public, independent body.
Content moderation is to become more transparent in the future. According to the new regulations, service providers must introduce reporting procedures, which should simplify the submission of sufficiently substantiated reports. Reports from trusted whistleblowers, so-called trusted flaggers, will be examined and decided upon as a matter of priority. Trusted flaggers are designated by the Member States based on their expertise, their independent representation of collective interests and the timeliness, diligence, and objectivity of their reports. Whistleblowers who frequently submit obviously unfounded reports are to be blocked for an appropriate period following a warning. This is intended to counteract overblocking.
Fairness and transparency
There should be more transparency regarding the consequences of illegal actions. Users who provide illegal content should be blocked for a reasonable period and the content deleted. The procedure should be clearly and specifically justified. The handling of cases of abuse, the criteria for a decision on such cases and the duration of a suspension must be clearly regulated in the GTCs. If there is suspicion of a criminal act, it must be reported to the competent authorities.
To ensure that users can complain about the actions of digital platforms, providers should set up internal complaints management systems; this does not apply to online platforms that are small or micro-businesses. Users should also have the right to act against the platform before an authorized dispute resolution body. In the event of a decision in favor of the user, the platform must pay all fees and other reasonable costs.
Protection of fundamental rights
To promote the protection of fundamental rights, very large online platforms shall assess, at least annually, the systematic risks that exist in the operation and use of their platform. According to Art. 26 of the DSA proposal, special attention is to be paid to the dissemination of illegal content, the negative impact on fundamental rights and the intentional manipulation of services – especially regarding the consequences for public health, minors, civil discourse, election results and public safety. Platforms are required to take measures to mitigate risks. Accordingly, they must designate an internal compliance officer and provide access to data necessary to conduct external inspections of the online platform.
Enforcement of the DSA is to be carried out primarily by the member states. These appoint a so-called digital services coordinator, who is to have investigative and enforcement powers and can issue sanctions, such as fines of up to 6% of annual turnover in the previous fiscal year.
However, enforcement of the GDPR has shown that member states often lack the resources to establish EU-style data protection authorities. Contrary to initial assumptions, however, the reform proposal does not include the creation of a Union-level supervisory authority. The new European Digital Services Authority to be established shall have only an advisory role.
Instead, the possibility of cross-border cooperation and the involvement of the European Commission have been envisaged, the latter at the request of a Member State or ex officio in the case of very large platforms.
The DSA proposal has yet to be discussed by the European Parliament and the member states as part of the ordinary legislative procedure and to be adopted. It will then be directly applicable throughout the EU. This will be the case in 2022 at the earliest.
+ + +