EU Parliament adopts Digital Services Act, but concerns persist

The European Parliament's Internal Market and Consumer Protection Committee has adopted the Digital Services Act (DSA) proposal by 36 votes to 7 and 2 abstentions.

This voting was required to move the legislation forward and to place the amended proposal on the January 2022 calendar for negotiations with EU governments.

Giving power to regulators

The main goal of the DSA is to empower EU regulators to control large internet platforms and impose stricter mechanisms for removing "fake news" and "abusive content."

At the same time, tech giants will be held accountable for the illegal content detection and the removal algorithms they use, and must also oblige with certain transparency-related requirements.

Platforms are also expected to fully disclose how their content recommendation algorithms work, enabling regulators to understand what interests are served or prioritized.

Key changes introduced by the Members of the European Parliament (MEPs) this time are:

• certain exemptions from DSA obligations for micro and small enterprises;
• online platforms should be prohibited from using deceiving or nudging techniques to influence users' behaviour through "dark patterns";
• targeted advertising: the text provides for more transparent and informed choice for all recipients of services, including information on how their data will be monetised and to better protect minors from direct marketing, profiling and behaviourally targeted advertising for commercial purposes;
• more choice on algorithm-based ranking: VLOPs should provide at least one recommender system which is not based on profiling;
• additional obligations for platforms primarily used for the dissemination of user-generated pornographic content;
• enforcement of the DSA: clarification of the role of "Digital Services Coordinators" in member states and their cooperation with the Commission.

"We are now democratically reclaiming our online environment. The DSA is bringing EU tech regulation into the 21st century, and it is about time." - comments Rapporteur Christel Schaldemose.

"Algorithms challenge our democracies by disseminating hatred and division, tech giants challenge our level playing field, and online marketplaces challenge our consumer protection standards and product safety. This has to stop. For this reason, we are building a new framework so that what is illegal offline is also illegal online."

According to the draft law, a "notice and action" mechanism will be established, so hosting services, platforms, and all intermediaries will be obliged to act on receipt of content removal notices without delay.

The text adopted by the MEPs includes safeguards to ensure that this notice system won't be abused for censorship and that it won't hurt the fundamental right of freedom of expression.

However, not everyone is convinced that the DSA provisions are properly safeguarded against abuse.

Problematic points

As the EFF details in a post today, law enforcement remains largely unchecked, and the DSA practically lets authorities access sensitive user information on request.

"Only incremental improvements were put in place on the limits of surveillance advertising and on a requirement that platforms appoint in-country legal representatives, unaffordable for many small non-EU providers." - EFF's post warns further

"We also agree with the criticism that centralizing enforcement power in the hands of the EU Commission comes with democratic deficits and could lead to corporate capture."

MEP Patrick Breyer, of the Pirate Party, has shared the following comment with BleepingComputer:

From a civil liberties and digital rights perspective, the outcome of the negotiations is largely disappointing. The European Parliament made groundbreaking demands last year, but it seems now that it was mostly bark and no bite.

Anyone who had hoped for an end to the surveillance capitalist business model on the internet, an end to the monopoly position of a few internet corporations or the error-prone upload filter censorship machines will be disappointed. More transparency is simply not enough.

The Pirates also see a new threat to digital privacy and security in yesterday's decision to publish pictures and text on adult entertainment portals dependent on providing the operator with the uploader's personal mobile phone number. 

Because of the foreseeable hacking and leaks of these porn uploader databases, this identification requirement virtually invites stalking and threats against sex workers, LGBTQI persons, and politically exposed and vulnerable persons. 

If you want to learn more about the Digital Markets Act, its goals, challenges, and the next steps in the legislation process, there's a summarizing article on the EU Parliament's website that you can check out.