The Digital Services Act (DSA) and Digital Markets Act (DMA) are EU legislative initiatives which seek to harmonise the law for digital services within the European Union (EU). Whilst these are EU regulations and will not strictly form part of UK law, they will apply to all businesses who offer their services to the EU and may inform UK law reform. Reminiscent of the GDPR, the proposals have the possibility of applying to those who provide services to or in the EU but do not have an establishment in the Union.
The DSA is an update to the E-Commerce Directive 2000/31/EC and aims to regulate intermediary services, such as internet providers, social media platforms, or e-commerce intermediaries. It intends to increase online safety, by:
- Reducing illegal content
- Increasing advertising transparency
- Ensuring traceability of traders
- Put in place mechanisms to allow third parties to notify the presence of alleged illegal content (takedown procedures)
- Requiring the appointment of Authorised Representatives if outside the EU
In case of non-compliance, the Commission can adopt non-compliance decisions, issue fines which like the GDPR can be up to 6% of the annual turnover of the provider, and stipulate periodic penalty payments. Such fines are imposed on the very large online platforms.
The DMA is targeted at “gatekeeper platforms”, i.e. platforms which can connect various business users with several end users through their services. The draft sets out:
- Where an online platform may be designated as a gatekeeper
- Provides for a rebuttable presumption based on annual turnover or number of active users
The obligations for gatekeepers vary, but are contained within a chapter of the draft descriptively called “Practices of gatekeepers that limit contestability or are unfair”. It contains a mixture of “do’s and don’ts”, For example:
- Gatekeepers cannot require users to subscribe to or register with any other core platform services as a condition to access, sign up or register to any of their core platform services. This ensures control is limited and bargaining power cannot be used to gain advantages elsewhere.
- They must also refrain from combining personal data sourced from core platform services with any personal data from other services offered by the gatekeeper.
The fines for non-compliance with the DMA are larger than that of the DSA; the Commission may impose fines up to 10% of a company’s total turnover as well as periodic penalty payments.
As the UK will not form part of the EU, the DSA and DMA will not be directly effective legislation in the UK. They will, however, have the ability to affect UK businesses if they are offering services to the EU.
Online Harms, and Online Safety Bill Whilst the UK has not specifically said that it will impose the equivalent regime there is an intention to strengthen digital regulation. Following a White Paper by the government on Online Harms, an Online Safety Bill is expected to be introduced in the UK in 2021. This will establish a duty of care on companies to improve the safety of their users online and apply to a variety of online platforms, including search engines. Similarly to the EU approach, the legislation will apply to companies providing services in the UK, even if it is domiciled elsewhere.
There will be exemptions to the rules such as for journalistic content published on a news site and, again, similarly to the EU, the UK are taking a tiered approach depending on a platforms risk and reach.
Ofcom will act as the independent regulator and will be empowered to issue fines of up to £18 million or 10% of global annual turnover, whichever is the higher, along with some other enforcement action..
Whilst both the UK and EU proposals are currently just that – proposals, it is clear that digital regulation is changing. Getting ahead of the changes will be key to ensure compliance and to avoid hefty fines.