Digital Services Act: EDPS's opinion and public consultation

On 15 December 2020, the European Commission (EC) published its proposal for a Digital Services Act (DSA). The DSA would replace the current exemptions of liability for online intermediaries and impose due diligence obligations on them which are adapted to the type and nature of the online intermediary concerned. Here, we briefly discuss the European Data Protection Supervisor’s (EDPS) opinion on the proposal and the feedback that was shared as part of the EC’s public consultation.

EDPS’s opinion

On 10 February 2021, the EDPS published its Opinion 1/2021 on the proposal for a Digital Services Act. In its opinion, the EDPS focuses on the due diligence obligations that are set out in the Digital Services Act (read more on the Digital Services Act). The EDPS considers that additional safeguards are required, in particular in relation to content moderation, online advertising and recommender systems.

As regards content moderation, the EDPS points out that several provisions of the proposal make clear that efforts to identify, detect or remove illegal content can involve processing of personal data, in particular where they make use of automated means. For that reason, the EDPS recommends to specify that content moderation should, in accordance with the requirements of data minimisation and data protection by design and by default, not involve any processing of personal data. This is to avoid the proposal further increasing the “endemic monitoring of individuals’ behaviour, in particular on online platforms.” The EDPS further recommends to stipulate that content moderation shall not involve the monitoring or profiling of the behaviour of individuals, unless the provider can demonstrate, on the basis of a risk assessment, that such measures are strictly necessary to mitigate the categories of systemic risks identified in article 26 of the proposal.

With respect to online advertising, the EDPS has included some recommendations that serve to further clarify article 24 and 30 of the proposal. The EDPS also invites the European legislator to consider additional rules going beyond transparency such as the phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking.

The last part of the EDPS's opinion focuses on recommender systems. The proposal defines a recommender system as “a fully or partially automated system used by an online platform to suggest in its online interface specific information to recipients of the service, including as a result of a search initiated by the recipient or otherwise determining the relative order or prominence of information displayed.” Article 29 of the proposal provides that very large online platforms shall ensure that recipients of the service shall at least have the option to make use of a recommender system which is not based on profiling within the meaning of article 4(4) of the GDPR. The EDPS recommends to modify that requirement to an opt-in rather than an opt-out.

Public consultation

As part of the public consultation organised by the European Commission, 138 organisations have submitted their feedback on the proposal. As is clear from the examples below, the feedback received varies greatly.

Online intermediaries’ feedback:

• Microsoft offers a variety of services, including Bing, LinkedIn, Azure, and Teams. Microsoft believes that the proposal requires additional nuance, both to the DSA’s definitions of covered services and to the obligations that apply to them. The example given by Microsoft is that hosting services used by enterprises should be expressly excluded from the Act’s obligations, as providers of these services typically do not have the technical and/or legal ability to identify and remove specific instances of content that customers store on these services.
• Booking.com is of the opinion that the proposal could have been more ambitious in tackling the problem of illegal short-term holiday rentals. In particular, Booking.com believes that where short-term vacation rentals are subject to an authorisation/registration scheme, platforms should be required to ensure that only properly registered/authorised properties are listed.

Rightsholders’ feedback:

• European Broadcasting Union asks the EU decision-makers to make the proposed DSA stronger to reflect the significant influence of online platforms on access to content and information and on opinion-making. In this respect, the DSA should protect editorial media content and services from interference by online platforms and ensure proper brand attribution of editorial media content.
• European Cultural and Creative Industries Alliance (ECCIA) considers that the DSA should clearly stipulate that sellers who repeatedly sell illegal products should be immediately and indefinitely suspended. The ECCIA further believes that the brand owners should be able to become trusted flaggers as they are in the best position to assess the validity of their rights.

NGOs’ feedback:

• Amnesty International believes that the proposed DSA does not go far enough in protecting people’s human rights and it should be more ambitious to protect them effectively. In particular, the DSA should not delegate responsibility to companies as adjudicators of content. Amnesty International broadly shares EDPS’s concerns regarding online advertising and recommender systems.
• Avaaz recommends to increase the transparency obligations. For example, users should have the right to know when they have been the target of a fake account, an influence operation or platform manipulation and who targeted them. In addition, the reports published by intermediary services should also include information on the measures they take to tackle disinformation.

If you require further information or legal advice in relation to the proposal for a Digital Services Act, please contact the authors.