European Digital Services Act Enforcement

✅ Starting yesterday, Europe’s Digital Services Act is fully in force. ✅ Heads up privacy lawyers: on February 17, 2024, the Digital Services Act (DSA) came into full force and effect. What does it mean for online businesses? Quite a lot actually. For an in depth overview, don't miss this indispensable piece by Dr. Gabriela Zanfir-Fortuna and Vasileios Rovilos https://lnkd.in/eArUMvS7 *** The DSA has been in effect since last August for a number of specifically designated “very large online platforms or search engines” (> 45 million MAUs), namely the largest tech companies. *** But now, it came into force for numerous other online hosting services (e.g., cloud services) and online platforms. This includes social media services, e-commerce sites, search, navigation and more. Like GDPR, DSA has broad extraterritorial reach, applying to online platforms with users in the EU.  And with sanctions reaching 6% of annual global turnover, DSA has teeth. It even provides EU individuals with a private right of action! (Article 54). So if you operate an online platform with users in Europe you should immediately take steps to comply. *** The DSA exempts small or micro enterprises from most requirements. But the thresholds are quite low = maximum 10m euros in annual revenue or 50 employees.   *** How does the DSA impact your business? It sets forth a plethora of transparency and accountability obligations, including appointing an EU representative, similar to Art 27 of GDPR. The main requirements for most online businesses are:   *** 1️⃣ DSA prohibits targeted ads based on sensitive data or based on profiling minors (meaning under 18; not COPPA’s under 13). Unlike GDPR, which allows for a consent override, DSA is framed as an absolute restriction. (DSA Articles 26(3) and 28(2). 2️⃣ DSA prohibits “dark patterns” in online UX. Dark patterns are already restricted by GDPR, but DSA adds additional language and heft to existing requirements (DSA Article 25).   3️⃣ DSA requires anyone serving targeted ads and recommender systems to provide users with full transparency about why they’re seeing specific ads or content. 4️⃣ Less privacy related, but the DSA sets forth notice-and-action mechanisms for content moderation and removal (remember DMCA?) 5️⃣ The DSA has a special provision dedicated to online T&Cs. (DSA Article 14) It requires businesses to provide users with a concise and easily accessible summary of the T&Cs in machine-readable format, and to inform them of any significant change made to the T&Cs.

Some big changes should be coming next week in the way very large online platforms and very large online search engines will be operating in the EU. Why? Because the DSA (Digital Services Act) is becoming applicable for those entities designated as Very Large Online Platforms and Very Large Online Search Engines. Who are these organizations? Here is the full list, as designated by the European Commission. 📲 Very Large Online Platforms: Alibaba AliExpress Amazon Store Apple AppStore Booking.com Facebook Google Play Google Maps Google Shopping Instagram LinkedIn Pinterest Snapchat TikTok Twitter Wikipedia YouTube Zalando 📲 Very Large Online Search Engines: Bing Google Search The DSA imposes significant obligations on these platforms - some at an interesting intersection with the #GDPR, such as: 🚫 a prohibition to present ads to users based on profiling them on the basis of sensitive personal data as defined by Article 9 GDPR (Article 26) 🚫 a prohibition to present ads to minors based on profiling them, "when they are aware with reasonable certainty that the recipient of the service is a minor" (Article 28) ❗an obligation to offer users an alternative feed of content which is not based on profiling as defined by the GDPR for the main parameters of their recommender systems (Article 38) 🚫 a prohibition to use manipulative design (Article 25) ❗an obligation to provide access to the data necessary to monitor their compliance with the DSA to the competent authorities and researches vetted by the authorities; platforms may be required to explain the design, logic of the functioning and the testing of their algorithmic systems (Article 40) I discussed with Tonya Riley for CyberScoop some of the implications of these legal obligations. #DSA #DataProtection #GDPR #Profiling #AlgorithmicTransparency #Profiling #OnlineAds #SensitiveData https://lnkd.in/ggGqNunA

As of today, the biggest online platforms will have to comply with the EU's Digital Services Act (DSA). The focus of this new regulation is content moderation of digital intermediary services (social networks, search engines, internet access services, and marketplaces) irrespective of their location as long as they offer their services in the EU. For now, DSA only applies to Very Large Online Platforms and Very Large Online Search Engines (VLOPs/VLOSEs). These are platforms with more than 45 million active monthly EU users. We are talking Meta, Instagram, Alphabet, Alibaba, etc., 19 platforms in total. In mid-February 2024, DSA will apply to all digital services. DSA imposes due diligence obligations on the providers of intermediary services and establishes clear responsibilities to protect their users from the risks they pose, such as illegal content, online disinformation, and risks to their fundamental rights. Failure of companies to comply with the DSA obligations will lead to fines of up to 6% of their annual global turnover. #digitalservices #policy #regulation #dsa #dataprivacy