Partner and Head of Data and Privacy Litigation Kingsley Hayes comments on the roll-out of the Act and its implications for Big Tech in Reuters.
Kingsley’s comments were published in Reuters on 24 August 2023, and can be found here.
Kingsley said: “While the European Commission published the proposed Digital Services Act (“DSA”) – following consultations and a report in 2019 – on 15 December 2020, the DSA was not published in the Official Journal of the European Union until two years later, on 27 October 2022.
“The act has broad implications for relevant technology companies, particularly those providing hosting services, large online platforms, and search engines. The affected companies have however had ample time to prepare for its introduction. The largest companies – that is those with more than 45-million users per month in the EU – may feel particularly aggrieved as their time for compliance is set at 25 August 2023 (as opposed to 17 February 2024 for those companies that do not meet the user threshold aforementioned). Yet these larger companies – of which there are only 19 in total – include some of the most well-known companies in the world that have vast resources at their disposal. One would expect that with such resources they would have considered, with meticulous care, a holistic and strategic approach to complying with the myriad DSA obligations that are to be imposed upon them.
“All impacted platforms are on a level playing field in terms of the amount of time they have had to formulate and enact the necessary compliance measures to meet their new obligations. There is no one-size-fits-all approach of course, as each platform caters to particular service niches which demand a tailored strategy, but it will soon become apparent who has made the necessary preparations, and who has skirted their legal responsibilities.
“The DSA imposes an array of obligations on companies, which range from transparency around advertising to obligations in relation to illegal content. Ironing these out will be a tricky business for any platform with a large user base. For instance, companies will need to ensure they have the resources available to them that allow them to accurately track their numbers, so that they can report them to the European Commission on a quarterly basis. Companies need to understand the connection between their monthly users and their respective DSA obligations. That is to say, companies can be “promoted” to, or “demoted” from, very large online platform (“VOLP”) status, which will further complicate compliance efforts. This may not happen immediately, but it is an issue that requires thought.
“We are not aware of any companies openly refusing to comply with the DSA. It would not be prudent for companies to step out of line considering the possible penalties that could follow refusal. The DSA stipulates that fines for non-compliance can be as staggering as 6% of a company’s global annual sales. Saliently, so-called “repeat offenders” could be banned – outright – from operating in the EU’s single market. These heavy sanctions in the DSA’s arsenal will certainly discourage defiance of the new rules.
“Given that this is novel and far-reaching legislation it remains to be seen how a dispute would be hashed out. Notwithstanding, we can look to previous clashes between European regulators and VLOPs as a reference point for how long such a confrontation could last. It took more than five years of extensive litigation and decisions by the European Data Protection Board and Court of Justice of the European Union for Meta to finally announce that it would ask its users for consent before showing behavioural advertisements. We can expect that platforms will fight tooth and nail to defend their practices, especially when the new compliance obligations in the DSA encroach on their core business models.”