The next Digital Services Act, or DSA of the European Union, has not yet been published in its final version, but the very ambition of the rules is becoming clearer every day. What’s coming are stricter guidelines that big tech companies, and indeed all companies that handle user data in any way, will have to follow. This will encompass everything including online content moderations, how algorithms work, dealing with misinformation on online platforms as well as data points that would be prohibited from targeted advertising. Severe penalties are also in place.
Even though this legislation, when it comes into force, will be applicable to citizens of European Union countries, it will have a global impact much like the EU GDPR, or General Data Protection Regulation has. done a few years ago. Tech companies may again find it simpler and more cost-effective to implement similar policies in other countries as well, as there really isn’t anything else quite as stringent as GDPR so far. now. Globally, there have been examples of countries looking to GDPR rules to reign in tech companies in their regions. That being said, local regulations will define the overall implementation, with necessary adjustments.
When will the DSA text be finalized and voted on? The European Commission has confirmed that certain elements of the DSA must now be agreed by all member states and then formally voted on to become law. The rules will apply to all companies doing business in EU states 15 months after the vote, or from January 1, 2024, whichever is later.
“The DSA will update the ground rules for all online services in the EU. It will ensure that the online environment remains a safe space, preserving freedom of expression and opportunities for digital businesses. This gives practical effect to the principle that what is illegal offline must be illegal online,” said Ursula von der Leyen, President of the European Commission, in a statement.
Talking Mystery Away From AI Recommendations
Algorithms will no longer be mysterious foundations, as they have been until now. The new rules are expected to require platforms to make details of how their algorithms work publicly. This is especially true for anything involving recommendations. The likes of Netflix, Google, and Facebook are just a few tech giants that will need to take heed.
The rules will also require that a recommendation system that does not rely on any algorithm be offered to users as well. For example, we understand that Instagram may also need to offer a “sort by latest post” option for the feed, instead of an AI-generated feed that we currently see in the app.
There should also be clear indications of why a piece of content is recommended to a user, with clear options to opt out of any recommendations that users no longer want to be a part of.
Advertising and choices would not be free for all
Online targeted advertising cannot be based on a user’s sensitive personal data (this may include ethnicity, religion, sexual orientation or beliefs) – data points that web platforms tend to to be collected, among other things, to create a virtual user profile.
Any user registered as a minor on a web platform cannot receive targeted advertisements. “Platforms will be prohibited from presenting targeted advertisements based on the use of the personal data of minors as defined in European legislation”, specifies the DSA.
There must also be full disclosure of the ads shown. “Meaningful information about advertising and targeted ads: who sponsored the ad, how and why it targets a user,” the DSA text reads.
EU rules will target what it calls dark patterns. This will be to ensure that platforms and web services don’t necessarily design interfaces and options in such a way that it ultimately leads users to make certain choices that the platform wants them to make – more like a constraint than a choice, from the user’s point of view.
A global fallout? Yes, if history tells us anything
Globally, tech giants have often implemented many privacy and data collection policies in other countries, similar to what they do in the EU, as dictated by the GDPR. For example, cookie and data agreements that you often encounter on websites and web pages.
At the same time, regulators in different countries have often analyzed the policies and practices of tech companies along similar lines. For example, Google has been in the EU regulatory crosshairs for practices that lead to dominance of the company’s own apps and services on the Android platform. Just like Microsoft over the years, for Internet Explorer browser monopoly. Google is still battling a 4.34 billion euro ($5 billion) fine imposed by the European Union in 2018 after it was found guilty of anti-competitive behavior with Android.
In India, the Competition Commission of India (CCI) analyzed Google’s policies for the perceived privilege granted to the Google Pay payment app, including preloading on Android phones sold in India. Google Pay was previously called Google Tez. The claim is that Google Pay rivals, which include PhonePe, Paytm, Amazon Pay and WhatsApp Pay, don’t have the same privilege.
The UK Competition and Markets Authority (CMA) released a report in December that Apple and Google have too much control over operating systems (iOS and Android), app stores (App Store and Play Store) and web browsers (Safari and Chrome) which together form their “ecosystems”. There is concern that when people buy a phone running either platform, they will be largely controlled by this ecosystem.
Alternative payment methods in app stores, or lack thereof, are scrutinized. In Korea, Google now offers alternative payment systems for Play Store developers to choose from. The country now has a new law that prohibits app platforms from monopolizing payment methods, which has forced tech giants including Google to expand the options available to developers.
The Korea Fair Trade Commission (KFTC) previously fined Google $176.64 million in September for antitrust practices. Google has since announced that globally, alternative payment methods will start rolling out before the end of the year, with Spotify being one of the torchbearers.