Blog

Council of the European Union and European Parliament reach agreement on Digital Services Act

The Digital Services Act (DSA) would become a world-first for digital regulation in aiming to make the internet a safer space

Robb Hiscock
Content Marketing Specialist | CIPP/E, CIPM
April 25, 2022

Green gradient graphic

On April 23, 2022, the Council of the European Union (the Council) announced that it reached a provisional political agreement with the European Parliament regarding the Digital Services Act (DSA). The DSA aims to legislate against the spread of illegal content and to add further measures for ensuring the protection of the fundamental rights of European citizens.

The DSA includes specific requirements for the protection of minors, online marketplaces, online platforms, and search engines, with stricter requirements implemented proportionately for ‘very large online platforms’ (VLOPs) and ‘very large online search engines’ (VLOSEs). The DSA also includes rules for the use of misleading interfaces, including Dark Patterns, and for transparency in the use of recommender systems.

The agreement represents a step forward for the digital services package introduced by the European Commission in December 2020, which also included the Digital Markets Act (DMA). The package aims to define a framework to address the challenges posed by large digital organizations and the protection of their users while continuing to promote innovation in the digital economy.

What is the EU Digital Services Act?

The DSA is a digital regulation that follows the principle of ‘what is illegal offline must also be illegal online’ and aims to stop the dissemination of illegal content as well as protecting the fundamental rights of EU citizens. The DSA will try to achieve this by introducing requirements for VLOPs to analyze the systemic risks they create and to take action to reduce these risks. Such analysis must be conducted annually and should be aimed at reducing risks associated with:

  • Dissemination of illegal content
  • Adverse effects on fundamental rights
  • Manipulation of services having an impact on democratic processes and public security
  • Adverse effects on gender-based violence, and on minors and serious consequences for the physical or mental health of users

The DSA’s requirements aim to be proportionate to the size and nature of the service provider. As a result, VLOPs and VLOSEs (services with more than 45 million monthly active users in the European Union) will be subject to stricter requirements while small and medium enterprises (SMEs) with under 45 million monthly active users in the EU will be exempt for certain areas of the DSA to maintain a focus on innovation.

What requirements will the DSA introduce?

There are several new requirements that the DSA will impose including the protection of minors online, a duty of care for online marketplaces, and the introduction of a crisis mechanism. The new requirements placed on VLOPs and VLOSEs will be overseen by the European Commission which will have the exclusive supervisory power over these types of organizations.

Protection of Minors Online

The Digital Services Act places an obligation on platforms that can be accessed by a minor in the EU to implement special protection measures to ensure their safety. Including the prohibition of using a minor’s personal data for targeted advertising.

Online Marketplaces

Online marketplaces will have a duty of care imposed upon them in relation to the sellers that utilize their services and will have to meet requirements to ensure that consumers are properly informed about the products and services they are sold.

Crisis Mechanism

The draft of the DSA introduced a crisis response mechanism to assist in reducing the spread of misinformation. This will be done through an analysis of VLOP and VLOSE activity that has an impact on the crisis in question. The Commission, based on the recommendation of the Digital Services Coordinators, will decide on proportionate and effective measures to be put in place for the respect of fundamental rights.

Dark Patterns & Recommender Systems

The DSA will introduce new transparency requirements for organizations that fall under the Act’s scope in relation to Dark Patterns, misleading practices, and recommender systems (systems that allow users to quickly access relevant content). Under the DSA, Dark Patterns and other misleading practices will be prohibited, while VLOPs and VLOSEs will be required to offer users a system for recommending content that is not based on profiling.

Next Steps for Organizations

The DSA is still subject to approval by the Council and the European Parliament. In particular, the provisional agreement announced is subject to approval by the Permanent Representatives Committee, before proceeding through the formal steps of the adoption procedure.

While formal adoption is still awaited, organizations should assess whether they fall under the scope of the DSA’s requirements and analyze their practices in order to measure the impact of the Act on their operations. You can read the European Commission’s proposal for a digital services act to gain a better understanding of the Act. Alternatively, access OneTrust DataGuidance to keep up to date with the latest news on the DSA as well as the European Commission’s digital services package.


You may also like

Webinar

Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more

Webinar

Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more