May 7, 2024

Digital Services Act (DSA) of the European Union Explained

Delve into the EU Digital Services Act (DSA) – its provisions, compliance requirements, and implications for online platforms. Learn who must adhere to the DSA, the distinctions from GDPR, and the intersection with advertising transparency.

What is the Digital Services Act (DSA) of the EU?

The EU Digital Services Act (DSA) is a comprehensive legislation designed to regulate digital platforms, including large online platforms and search engines, enhancing safety and accountability online. It requires platforms to be transparent about their content moderation processes, decision-making on advertisements, and the operation of recommendation algorithms.

Other key provisions of the DSA include:

  • Requiring systems for users to report illegal content online and requires clear explanations for content removals as per the EU Digital Services Act.
  • Regular risk assessments by large platforms to address the potential spread of illegal content and the impact on fundamental rights, with necessary mitigation measures in place.
  • enhanced transparency in advertising, allowing users to understand the reasons behind targeted ads while prohibiting targeting based on sensitive criteria such as ethnicity or political opinions.
  • Safeguarding minors from harmful content and misleading ads.

Enforcement of the DSA involves new EU-level oversight structures and penalties for non-compliance can be as severe as 6% of a company's global turnover. This act complements the Digital Markets Act (DMA) by addressing the responsibilities of digital services, applying to all online intermediaries operating within the EU, with a particular focus on platforms serving over 45 million users.

The Digital Services Act was formally adopted by the European Parliament on July 5, 2022, and by the Council of the European Union on July 18, 2022. It was published in the Official Journal of the European Union on October 27, 2022.

It came into effect gradually in 2023 and 2024.

Simplify cookie compliance in today's privacy-focused online world. Our Cookie Compliance Checklist cuts through the complexity, making it easy to adhere to evolving regulations.

Download Your Free Cookie Compliance Checklist

Who must comply with the EU Digital Services Act?

If you run a small or medium business, it is likely that you don't need to comply with the DSA.

It applies to providers of online intermediary services and platforms that provide services in the European Union must comply with the EU Digital Services Act, regardless of where they are based. This includes a wide range of services such as large online platforms and search engines.

  • Online Marketplaces, including any platform that connects sellers and buyers. Amazon would be an example.
  • Social Media Platforms, including both large and smaller social networking sites, such as Instagram or YouTube, fall under the umbrella of online platforms and search engines regulated by EU law.
  • Content-sharing platforms, such as services that host and distribute user-generated content. Medium would an example of such a service, classified under hosting services for content online.
  • Search Engines doing all types of search services that help users find information online, such as Google or Duck Duck Go.
  • Very Large Online Platforms (VLOPs) and large online search engines are integral to the digital market's infrastructure. specifically targeted by the DSA, these are platforms with more than 45 million users in the EU. They face stricter regulations due to their significant impact on the digital market and society.

What are large online platforms according to the EU DSA?

According to the EU Digital Services Act, a "large online platform" is defined as a service that reaches at least 45 million users in the European Union. This number corresponds to roughly 10% of the EU's population, which is used as a threshold to determine the platforms that have a significant societal impact due to their large user base.

These large platforms are subject to more stringent obligations under the DSA due to their potential to spread illegal content, disinformation, and other societal risks more widely. These obligations include systemic risk assessments, greater transparency requirements, and enhanced accountability measures. The aim is to ensure these platforms operate responsibly, mitigate risks effectively, and provide a safer online environment.

What are the differences between the DSA and the GDPR?

The General Data Protection Regulation (GDPR) and the DSA are both European Union regulations aimed at improving the digital landscape, but they target different aspects.

The GDPR acts as a shield for personal information. It establishes a comprehensive framework for how companies can collect, use, and safeguard the data of EU citizens. This includes granting individuals a range of rights over their data,such as the right to access, rectify, or erase it. The GDPR ensures transparency and empowers users to control their digital footprint.

The DSA, in contrast, takes a broader approach, aiming to create a safer and more trustworthy online environment for EU users. It tackles illegal content, the spread of disinformation, and unfair practices by online platforms like social media and marketplaces. The DSA compels platforms to increase content moderation efforts and hold them accountable for the content they host. This fosters a more responsible online ecosystem.

There's an area of intersection, particularly concerning online advertising. The DSA prohibits the practice of targeting advertisements based on sensitive personal data categories protected by the GDPR, such as race or religion. In this instance, the regulations work in tandem to strengthen user privacy protections in the digital advertising sphere.

It's crucial to remember that the GDPR holds the upper hand. The DSA builds upon the existing data protection framework established by the GDPR, not the other way around. The GDPR lays the foundation for user control over their data, and the DSA leverages this foundation to create a safer online environment.

Simplify cookie compliance in today's privacy-focused online world. Our Cookie Compliance Checklist cuts through the complexity, making it easy to adhere to evolving regulations.

Download Your Free Cookie Compliance Checklist

What is required by the online platforms?

Compliance with the DSA means complying with the following requirements:

  • Content moderation. Platforms must establish clear mechanisms for users to flag illegal content and must act quickly to review and remove it if necessary. They are also required to provide clear reasons when removing or altering user content.
  • Transparency. Companies need to report regularly on their content moderation practices, including the criteria used for decisions on content and advertisements, to prevent the spread of illegal content online. This also extends to the workings of algorithms used for recommending content to users, ensuring users understand why they see certain content or ads.
  • Accountability in the context of EU law and online platforms and search engines. There must be systems in place for users to appeal content moderation decisions. Platforms must also conduct regular assessments of the risks associated with their services, including the potential for the spread of illegal content and impacts on fundamental rights, and take steps to mitigate those risks.
  • Advertising Transparency within online platforms and search engines as mandated by the EU Digital Services Act. Users should be able to see why they are being shown certain advertisements. Platforms are also restricted from targeting based on sensitive characteristics such as race, political opinions, or sexual orientation.
  • Protection of Minors. Implement specific measures to protect minors from harmful content and misleading advertising on online platforms and search engines are a must.
  • Design and Operation Requirements. Companies must ensure their systems and infrastructures are designed to manage risks and comply with the regulatory requirements efficiently.
  • Data Access and Scrutiny. Large platforms must allow independent researchers access to data to scrutinize how online risks evolve.

If your business needs to comply with the DSA, it doesn't mean that all these requirements will apply. What you'll need to do depends largely on the nature of your business, especially if it involves hosting services or managing content online.

The Digital Services Act Package of the European Union

The Digital Services Act is designed to regulate a broad spectrum of online intermediaries and platforms, such as online marketplaces, social networks, content-sharing platforms, app stores, and platforms for booking travel and accommodations. It sets a new standard for the accountability of these platforms, focusing on the management of disinformation, illegal content, and other societal risks. The DSA also emphasizes overarching principles that protect freedom of expression and other fundamental rights, ensuring that these platforms do not compromise on these critical values while managing content.

Meanwhile, the Digital Markets Act targets gatekeeper online platforms with specific rules to ensure fair behavior in the digital marketplace. The DMA's regulations are crafted to foster a level playing field, promoting innovation, growth, and competitiveness both within the European Single Market and globally. This act addresses the power dynamics in digital markets, aiming to prevent gatekeepers from exploiting their dominant positions and thus ensuring healthier competition and more opportunities for new entrants.

Start your Free Trial