Large digital service providers will face a raft of new obligations after the European Parliament adopted two bills that seek to enhance online safety and combat unfair business practices.
On Tuesday, the European Parliament voted overwhelmingly in favour of adopting the Digital Markets Act (DMA) and the Digital Services Act (DSA). Both had been provisionally agreed upon by the European Parliament and the European Council this year, on March 24 and April 23 respectively.
Among the several new obligations, the DSA will ban targeted advertising on children and advertising based on sensitive data. Further, misleading practices that aim to manipulate users’ choice will also be banned.
Obligations under the DMA include a ban of self-preferencing a service provider’s own products on their platforms, a ban of processing users’ personal data for targeted advertising without explicit consent, and a requirement that platforms allow third-party services to inter-operate with their own services.
For example, this would allow smaller messaging platforms to request that dominant platforms allow their users to exchange messages, voice messages, and files across apps.
Following the adoption of the DMA by the European Council later this month, and the DSA in September, both acts will be published in the European Union (EU) Official Journal before coming into force 20 days later. The power to demand compliance will sit with the European Commission.
Acting eSafety Commissioner Toby Dagg said the Australian regulator welcomes the passage of the DSA through the European Parliament and emphasised that coordinated international action is needed to tackle online harms.
“This legislation has the potential to become an inflection moment in Europe and the world, with European rules often serving as the de facto global standard, as we have seen with the General Data Protection Regulation (GDPR),” Mr Dagg said.
“With Australia’s legislation, Europe’s new Act, the UK’s Online Safety Bill and other developments in Canada, the US and beyond, we can see a groundswell for more collaborative global action to hold the tech industry to account for user safety.”
A spokesperson for the Australian Competition and Consumer Commission said it was closely following the regulation of digital platforms in the EU and other jurisdictions. In particular the spokesperson said the regulator is interested to see to what extent the DMA leads global digital platforms to change in jurisdictions outside of the European Union.
The DMA aims to regulate against unfair business practices and will be applicable in the EU six months after it enters into force. Further, once digital service operators have been designated as a gatekeeper by the European Commission, they will have six months to comply with the obligations.
Gatekeepers are service providers controlling digital services that are hard to avoid given their market prominence. Gatekeepers are also firms that either have a market capitalisation of at least €75 billion (AU$112 billion) or an annual turnover of €7.5 billion (AU$11.2 billion) or more. The Commission will undertake market investigations to ensure obligations are met or are still appropriate.
Under the DMA, gatekeepers will also be obliged to give business users access to the data they generate and cannot prevent users from easily uninstalling pre-loaded software/apps, or using third-party applications and app stores.
If digital service providers designated as gatekeepers do not comply with the DMA, the Commission can impose fines of up to 10 per cent of the providers total worldwide turnover in the last financial year. This increase to up to 20 per cent if the non-compliance persists.
The DSA targets very large online platforms and online search engines, which are those with at least 45 million monthly users. Its aim is to tackle the spread of illegal content, online disinformation and other societal risks.
Under the DSA, the European Commission and EU member states will be given access to the algorithms or very large online platform. Service providers will also be required to take further measures to protect users from illegal content, goods, and services.
Obligations under the DSA will only be applicable across the EU fifteen months from its entry into force, or from January 1, 2024, with the later date favoured. Once designated, providers will only have four months to comply with the DSA obligations. Non-compliant platforms and search engines will be fined up to 6 per cent of their worldwide turnover.
Do you know more? Contact James Riley via Email.