Key Changes Coming with the EU’s New Digital Regulation

The DSA requires risk assessments from designated VLOPs and search engines in order to assess and reduce the spread of illegal content on their services (as defined by EU or national-level laws) and potential negative impact on fundamental rights. These assessments and resulting risk-mitigating measures will be backed up by independent auditors to assess compliance.

The DSA also includes provisions for providing access to data for researchers, who must submit proposals for approval via national Digital Services Coordinators. Extensive outside work is also ongoing to ensure effective and safe mechanisms for researcher access to data. The European Digital Media Observatory’s Working Group on Access to Platform Data released a draft code of conduct in May 2022 outlining GDPR-compliant methods for data-sharing.

Under the DSA, the Code of Practice on Disinformation will be strengthened into a co-regulatory Code of Conduct for designated Very Large Online Platforms, including external audits of VLOPs on their application of the Code. The 2018 Code of Practice was updated in June 2022, with major platforms as signatories and with new commitments. The code emphasizes disincentivizing the spread of disinformation through demonetization, increasing transparency of political ads, tackling manipulative behavior, and strengthening reporting tools. Platforms will have to disclose quantitative and qualitative information about the functioning of their recommender systems, advertising, and bots; cooperate with a range of actors including fact-checkers; and provide country-by-country rather than EU-wide data.

US researchers are optimistic about piggybacking on these requirements to access platform data. Such initiatives are of interest for the wider public since more granular research will allow a targeted understanding and informed public debate over what’s going on under the hood of these platforms, including on content moderation or algorithmic decisions, and the resulting societal and political effects.

The DSA lays out redress mechanisms for users, who will be able to request information about why their content was removed. Users will have access to data about content moderation decisions and be able to appeal content takedown via several avenues, including directly with the platform or via dispute settlement bodies.

Users will have new mechanisms under the DSA to flag illegal content – including counterfeit goods on online marketplaces or illegal speech as defined under EU laws. “Trusted flaggers” will also be charged with working with platforms to find and remove illegal content.

Both the DMA and DSA increase transparency around targeted advertising, including by increasing price transparency and ad performance metrics. Users will be able to request information about who is behind an ad and the criteria used to display it. The DSA includes a ban on targeted advertising for minors and targeted ads based on sensitive information as defined by the GDPR – such as race, sexual orientation, and religion.

The DMA forces gatekeepers to allow users to download apps from outside their proprietary app stores. The DMA also blocks self-preferencing, or the promoting of gatekeepers’ own apps over third-party ones. While sideloading has been criticized for allowing potential security vulnerabilities, the DMA permits “duly justified” measures by gatekeepers to protect their software or operating systems.

Gatekeepers under the DMA will need to offer users choices for search engines, virtual assistants, or web browsers. Users must be able to install their choice of software instead of the one provided by default within the operating system.

The DMA mandates interoperability, which will require technical changes in order to connect different apps together. The key will be designing solutions that do not undermine end-to-end encryption or enable spam and phishing. What this will look like in practice for users is still under debate; for example, when sending a message from encrypted Service A to non-encrypted service B, a pop-up might warn that the message is leaving an encrypted service, providing transparency so users can make informed decisions. This could potentially be more difficult to scale in a US context, given that Americans have a higher use of SMS which is not encrypted, rather than encrypted messaging apps like Signal or Whatsapp.

Gatekeepers will be blocked from using data collected from third-party sellers to offer competing products. The DMA blocks gatekeepers from combining user data from disparate parts of their business to target ads in order to level the playing field with smaller companies without the same resources. Smaller users and businesses who advertise on these platforms will have more access to marketing and performance data.