DSA: action required!

11 Jul '23

Author(s): Matthijs Gardien en Anamika Wilbrink

You have probably come across the abbreviations DSA (Data Services Act), DMA (Data Markets Act) and DA (Data Act) many times over the past year, the European Commission's new package of measures to better regulate the activities of tech giants in the European market. In this blog, we will take a closer look at the Digital Services Act ("DSA").

To whom do the obligations of the DSA apply?

The DSA applies to parties acting as providers of intermediary services, online platforms and online search engines. These include internet providers, online marketplaces (e.g. Amazon Store), online social network providers (e.g. LinkedIn, Facebook, etc.), content sharing platforms (e.g. Youtube.com), app stores (e.g. Apple Store and Google Play) and online travel and accommodation platforms (e.g. Booking.com).

In addition, very large online search engines (‘VLOSE’) and very large online platforms (‘VLOP’) are subject to further stricter rules. A party is a very large online search engine or very large online platform if it has a minimum of 45 million monthly users in the European Union. Based on user numbers, the European Commission has designated parties that fall into these categories. The first very large online search engines and very large online platforms were designated in April this year and have until the end of August 2023 to comply with the DSA's obligations. The others will have to comply with the DSA by 17 February 2024.

What are the obligations in the DSA?

In particular, there are transparency and due diligence obligations in the DSA to ensure a safer online environment, in which the fundamental rights of all users of digital services are protected. Below, we have listed some of the obligations.

All parties must have the following in place:

  • There must be a point of contact;
  • Offences must be reported;
  • Conditions should be user-friendly;
  • Transparency should be provided about ads, recommendation systems and user profiling.

VLOSEs and VLOPs are also required to identify risks that may be associated with their service. In particular, this should take into account risks related to illegal content, violation of fundamental rights, consumer protection and children's rights, public security and electoral processes, gender-based violence, public health and mental and physical well-being. This first test should be sent to the European Commission by August 2023.

Additionally, supervision is strengthened by requirements to establish a compliance function, to be audited once a year by an independent auditor and to share data with the European Commission and national authorities on DSA compliance.

Liability of online brokering service providers

The DSA does not only apply to tech giants. Besides having specific provisions for VLOSEs and VLOPs, specific provisions also apply to providers of intermediary services. These providers face a separate liability regime. The provider is not liable for illegal content provided by customers of the service within the communication network in the following cases:

  1. where the provider merely transmits information from one of its customers in a communications network ("mere conduit");
  2. where the provider provides automatic, intermediate and temporary storage of its customer's information to make subsequent transmission of that information to other customers of the service, at their request, more efficient or secure ("caching"); or
  3. when the provider stores the information provided by the customer at the customer's request.

Of course, this liability exemption does not apply when a provider of intermediary services deliberately collaborates with a customer of the services to engage in illegal activities. The mere fact that a provider of intermediary services offers encrypted transmission or some other system to make user identification impossible should not in itself be considered as facilitating illegal activities.

What’s next?

If your company falls under one of the parties to which the DSA applies, it is necessary to check whether your terms of use will comply with the upcoming legislation. From 17 February 2024, your company must at least comply with transparency and due diligence obligations (including updating your terms of use), even if your company is not a VLOSE or VLOP.

Want to know if your company falls under the DSA or check if your company has the right conditions in place? Feel free to contact Matthijs Gardien (m.gardien@ploum.nl) and Anamika Wilbrink (a.wilbrink@ploum.nl).

Contact

Attorney at law

Matthijs Gardien

Expertises:  Privacy law, IT-Law, Contract law, Litigation, Cybersecurity , Start-up en Scale-up, Commercial Contracts, E-commerce,

Share this article

Stay up to date

Click on the plus and sign up for updates on this topic.

Met uw inschrijving blijft u op de hoogte van de laatste juridische ontwikkelingen op dit gebied. Vul hieronder uw gegevens in om per e-mail op te hoogte te blijven.

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Personal data

 

Company details

For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.

* This field is required

Interested in

Create account

Get all your tailored information with a My Ploum account. Arranged within a minute.

I already have an account

Benefits of My Ploum

  • Follow what you find interesting
  • Get recommendations based on your interests

*This field is required

I already have an account

Benefits of My Ploum

Follow what you find interesting

Receive recommendations based on your interests

{phrase:advantage_3}

{phrase:advantage_4}


Why do we need your name?

We ask for your first name and last name so we can use this information when you register for a Ploum event or a Ploum academy.

Password

A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.