By: Wail Jihadi
As the internet ecosystem evolves and technologies that were unimaginable in the mid-1990s become integrated into every aspect of our lives, regulators are struggling to find the appropriate intermediary liability approach. In the United States, the intermediary liability approach is built on Section 230 of the Communications Decency Act of 1996 (Section 230). Section 230 has largely provided an off-hands approach to online intermediary liability that has given online platforms immunity from most cases. However, as the tide turns, new examples of online intermediary regulations are emerging, including the most recent example in the EU’s Digital Services Act.
EU Approach
The EU approach to online intermediary liability began in 2000 with the adoption of the E-Commerce Directive, which provides intermediaries similar protections to Section 230 in the U.S.[1] The E-Commerce Directive includes a safe harbor framework that provides exemptions for online intermediaries that fall within Articles 12 to 14.[2] Generally, these Articles provide a safety harbor for intermediaries that are engaged through mere conduit, caching, or hosting activities. For example, Article 14 for hosting intermediaries provides an exemption from liability on the condition that the provider does not have “actual knowledge” of the information or illegal activity, and upon knowledge or awareness, the provider acts “expeditiously” to disable access to or remove the information.[3] The protection for these intermediaries is furthered through Article 15, where the EU has determined that providers that are covered by Articles 12, 13, or 14 do not have an obligation to monitor the information that they store or transmit, nor an obligation to actively seek facts or circumstances indicating illegal activity.[4] As a result, online intermediary providers in the EU have long benefitted from the immunity that the E-Commerce Directive has provided.
In December of 2020, the EU submitted a proposal to amend its online intermediary liability framework through the Digital Services Act Package, which included the Digital Services Act (DSA) and the Digital Market Act (DMA).[5] On January 20, 2022, the EU voted to give an initial approval to the DSA.[6] As a result, the DSA is set to transform online intermediary liability and alter the way technology companies operate in the EU. The successful implementation of this framework could create a blueprint for technology regulations in the United States, especially given the recent creation and first meeting of the U.S.-EU Trade and Technology Council.[7] Therefore, it is important for technology companies to understand how some of the newer obligations from the DSA will affect their operations in the EU and, likely, in the U.S. soon after.
Proportionality in Obligations
The EU has determined that its new intermediary liability framework should create categories that take the platform’s role, size, and impact into consideration. As a result, DSA categorizes intermediaries as “intermediary services,” “hosting services,” “online platforms,” and “very large online platforms.”[8] Platforms are then assigned various due diligence obligations depending on their category. This framework aims to not overburden smaller online intermediaries that are unlikely to pose as much of a threat as larger online intermediaries, and to protect their ability to scale up.[9] For example, Article 12 of the DSA outlines that all intermediary service providers are required to be transparent about any policies, procedures, measures and tools used for content moderation, including decision-making and human review, which needs to be easily accessible to the public.[10] However, Section 4 of the DSA outlines that very large online platforms, which cover at least 45 million EU users, shall have additional obligations including yearly risk assessments,[11] proportionate mitigation measures to address these risks,[12] and independent audits at the expense of the “very large online platform.”[13] The DSA also considers how the definition of “very large online platforms” could change in the future due to changes in the EU’s population, and provides a methodology for recalculating the required amount of users that a provider shall have to be considered as a “very large platform.” Therefore, online intermediaries should prepare for newer regulations that consider their size and impact. These requirements will affect their due diligence obligations in a manner that has not been seen before.
Increased Transparency
The DSA will require all online intermediaries to be transparent about their rules on the content, application, and enforcement of policies.[14] The DSA’s transparency obligations will be proportionate to the provider’s size and reach, but still require some level of transparency by every online intermediary.[15] For example, all intermediaries will be required to publish “easily comprehensible and detailed reports on any content moderation that they engaged in” during the year, including the type of content, number of notices, content moderation engaged in at their own initiative, and the average time needed to make each decision, among other requirements.[16]
In addition to the requirements outlined for smaller providers, the DSA includes increased transparency obligations for larger online intermediaries such as online platforms and very large online platforms. For example, these platforms must disclose their online advertising practices through a “clear and unambiguous manner and in real time” to the recipients of the advertising, which shall include the source of the advertisement and the meaningful information about the main parameters used to determine the recipient to whom the advertising is displayed.[17] Very large online platforms will have the additional responsibility of maintaining an advertising repository, or advertising library, that keeps records of advertisements for a year after the advertisement was shown for the last time.[18] This will include information such as the targeted audience, including specific groups using the platform, and the number of recipients reached.[19] The DSA will also require that very large online platforms must disclose how their recommender systems operate.[20] For example, very large online platforms would be required to report information on the parameters of their algorithms and how the platforms manipulate their algorithms.[21]
Increased Oversight and Enforcement
The DSA will also require online intermediaries to take on increased oversight and enforcement measures that compel each type of online intermediary to have some level of risk identification and mitigation that is appropriate for their size and reach. For example, an online intermediary liability in the EU will be required to designate a point of contact that allows for direct communications with relevant authorities.[22] This provision creates an obligation for online intermediaries to be conscious of their enforcement efforts, to continually mitigate risks associated with their service, and to remain responsive to DSA compliance authorities. The DSA adds an additional layer of oversight by directing Member States to appoint authorities that will help ensure thorough enforcement within various specific sections such as organizational and administrative structure, and electronic communications’ regulators. [23]
Moreover, the online platforms and very large online platforms will be required to install complaint and redress mechanisms for users to utilize.[24] This mechanism will allow users to notify the online intermediary of illegal content through an easy, user-friendly method that allows for submissions of notices by electronic means.[25] It will also require the online platforms and very large online platforms to provide a decision that considers the facts of the complaint and provides potential remedy options.[26] Similarly, the increased enforcement of complaints will also benefit users that are alleged to have posted objectionable material by including a statement of reasons about their decision, as well as a dispute process against the provider’s decision.[27]
Conclusion
Online intermediaries must prepare for the wave of change in technology regulations. Lawmakers are no longer permitting the off-hands approach that these intermediaries once benefitted from. In particular, companies that are operating in the EU should prepare for the DSA framework that will require proportionality in obligations, increased transparency, and increased oversight and enforcement. The example of the DSA framework could also soon find its way into online intermediary regulations in the United States, especially given the current U.S.-EU partnership in technology regulations and the bipartisan political climate when it comes to such regulations. Understanding the DSA is crucial for online intermediaries that intend to continue operating in the EU, and may soon be important to understanding the framework that lawmakers in the United States could develop.
[1] Council Directive 2000/3 I/EC of 8 June 2000 on Certain Legal Aspects of Information Society Services, in Particular Electronic Commerce, in the Internal Market, 2000 O.J. (L 178) 1-15 [hereinafter E-Commerce Directive], recital 3.
[2] E-Commerce Directive, arts. 12-14, at 12-13.
[3] Id. art. 14(1), at 13.
[4] Id. art. 15, at 13.
[5] See Id.
[6] European Parliament gives initial approval to rules that would change big tech data collection, advertising, https://www.washingtonpost.com/world/2022/01/20/european-union-digital-services-act/ (last visited Jan. 20, 2022).
[7] U.S.-EU Trade and Technology Council Inaugural Joint Statement, https://www.whitehouse.gov/briefing-room/statements-releases/2021/09/29/u-s-eu-trade-and-technology-council-inaugural-joint-statement/ (last visited Jan. 14, 2022).
[8] Proposal for a Regulation of the European Parliament and of the Council on a Single Market for Digital Services (Digital Services Act) and Amending Directive 2000/31/EC 2020 O.J. [Hereinafter DSA]
[9] Id., at 11.
[10] Id. art. 12, at 50.
[11] Id. art. 26, at 59-60.
[12] Id. art. 27, at 60-61.
[13] Id. art. 28, at 61.
[14] DSA, recital 38, at 26.
[15] See id. recital 39, at 26.
[16] Id. art. 13, at 50-51.
[17] Id. art. 24, at 58. See also art. 30, at 62.
[18] Id. art. 30, at 62.
[19] Id.
[20] See Id. art. 29, at 61-62.
[21] Id. art. 29, at 61-62.
[22] Id. art. 10, at 49.
[23] DSA, recital 72, at 36.
[24] Id. art. 14, at 51-52.
[25] See Id.
[26] See Id. art. 14(6), at 52.
[27] See Id. art. 17-18, at 53-55.