On April 22, the European Union (EU) passed landmark legislation called the Digital Services Act (DSA) that has the potential to transform societal harms caused by social media companies to residents of the European Union. Facing recent worldwide crises such as the COVID-19 pandemic, rising nationalism and racism, and the war in Ukraine, European lawmakers recognized the need to be able to respond quickly during a health crisis or threat to the national security of a nation.

The DSA will, among other things:

Require online platforms such as Facebook, Google, TikTok, Twitter, and YouTube to police, and create an “easy and effective way” for users to flag, harmful information, disinformation, and misinformation on their platform for removal, such as child sexual abuse, commercial scams, hate speech, terroristic content, misleading political advertising lacking, and other content deemed “illegal” by the various member states of the European Union (content that is illegal in one European Union country may not be illegal in all member counties—for example, Nazi content is illegal in Germany, but not all countries).

Stop online advertisements that use “dark patterns” to influence and trick consumers into revealing certain information, taking certain actions, or developing beliefs and decisions that are based on inaccurate informational foundations or that they otherwise might not make stop online advertisements that target sensitive information, such as ethnicity, labor union membership, political views, religion, or sexual orientation—advertising companies also would be prohibited from targeting children online with advertisements.

Reveal to certain societal groups and university researchers the algorithms used by online platforms to present content to individual users based on their prior usage and tastes, ban micro-targeted advertisements, and allow users to disable those behavioral algorithms that use the individual’s personal information.

Obligate online retailers to police and prevent resellers from selling illicit products on their platforms, which creates a previously nonexistent avenue of liability for companies like Amazon and eBay require affected companies to conduct annual risk-assessments with oversight by an outside auditor, and publicly publish the findings of those audits.

Following passage, European Union President Ursula von der Leyen tweeted “our new rules will protect users online, ensure freedom of expression and opportunities for businesses. What is illegal offline will effectively be illegal online in the EU. A strong signal for people, business & countries worldwide.”

The DSA will impact the largest online platforms, defined as having more than 45 million active users in the European Union—still, these are the companies that have the biggest impact on most residents.

In addition to requiring companies regulated by the DSA to implement changes to its business practices, those companies also could face fines of up to six (6%) percent of its global revenue, fines that have the potential to reach into the billions of Dollars for the largest regulated companies.

Unlike under the General Data Protection Regulation (GDPR) that follows a country of origin principle for regulation (whereby a service provider based in one European Union country was only bound by that country’s laws), regulated companies with more than 45 million monthly active users will be directly and exclusively supervised by the European Commission.

The text of the DSA has yet to be finalized, and remains subject to final votes by the member states, both of which will take at least several weeks, if not months, but are not expected to have a material impact on the legislation. Once finalized and passed, the DSA would take effect 15 months later after formal approval by the European Parliament or Jan. 1, 2024, whichever is later.

An additional component added to the text of the DSA recently as a direct response to the war in Ukraine is the Crisis Response Protocol. This tool allows the European Commission, in conjunction with the European Union member states, to force removal of online content following the declaration of a state of emergency, admittedly a very powerful and controversial tool.

The DSA comes on the heels on the European Union passing the equally landmark legislation known as the Digital Markets Act (DMA) in March of this year. Both the DMA and the DSA were introduced in 2020, and only after recent world developments and realizations of the impact of online behemoths on consumers did support for these laws materialize.

These regulations have two goals, according to the European Commission: “create a safer digital space in which the fundamental rights of all users of digital services are protected” and “establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.” The DMA specifically was passed to address anticompetitive activity of the largest technology and online platforms, such as control over online shopping, online advertising, and mobile application stores that are controlled by only a handful of companies.

Early responses to the DSA have been favorable, with countries such as Japan and India indicating they are interested in putting similar laws in place.

With the passage of the DSA and the DMA, Europe has (again, following passage of the GDPR) sent a message to the world that it is willing to set the global gold standard for reigning in anticompetitive behavior and harm caused to consumers by social media companies. No longer is the 27 member-state European Union willing to sit by while social media influences elections, companies compound misinformation to which consumers exposed by using algorithms that spoon feed the same, narrow view content to users, privacy of consumers is disregarded and treated as “dead,” and online retail giants use their market power to frustrate possible online competitors and destroy real world businesses.

Enforcement of the DSA and the DMA remains a huge question mark and source of concern. Unlike the GDPR that left enforcement to the individual member counties, enforcement of this new legislation will be handled by the European Commission in Brussels. Early estimates reveal that it is anticipated that only 230 staff members will be hired for enforcement. Compared to the staffs and professional services available to the companies being regulated, there is considerable concern that the European Commission will be severally outgunned and will struggle to have a meaningful impact.

In addition to the actual success enforcing the DSA, whether other countries follow the European Union’s lead and pass similar legislation may be the true test of its success. Online platforms have long faced criticism for their self-regulatory practices. The intent of the DSA is to end practices whereby those companies, arguably sometimes arbitrarily, decide what content is allowed to be viewed and what must come down.

Recent events have highlighted the perceived need to further regulate online platforms, such as the 2016 US presidential election when Russia masterfully used social media platforms to influence voters. Following the election, those online platforms promised to implement measures to stop disinformation, but those problems since have only worsened. More recently, the COVID-19 pandemic brought on shocking amounts of health misinformation, with the online platforms taking action only recently, in the meantime enabling anti-vaccine misinformation and bogus remedies to flourish on their platforms.

Despite those clear societal problems, regulatory efforts such as the DSA are largely off limits in the United States because of First Amendment protections, and the future success of a DSA-like law in the United States is far from certain. While there have been antitrust cases filed by the United States against some of the largest online platforms such as Facebook and Google, there has been no comprehensive federal law addressing the power and practices of online platforms. Although many now admit that they misjudged how quickly U.S. states would pass GDPR-like laws, not many expect a repeat performance with passage of federal DSA-like legislation.

Like almost any important topic in the United States, the regulation of online companies has become politicized, mired in partisan politics, opinions, and inaction that is the dumpster fire we call Congress. Calls for the end of a federal safe harbor for content moderation by online platforms because of a real or perceived view of censorship and free speech violations are met with equally raucous calls for shielding the public from hate speech and misleading and nationalistic content. Hope for action by the current (or really any) Congress that will address both of these concerns are seemingly hopeless.

However, support for a DSA-like law remains. Speaking to an audience at Stanford University, former President Barack Obama said regulation of online platforms is needed to stop the spread of online disinformation. “The act is the EU’s third significant law targeting the tech industry, a notable contrast with the U.S., where lobbyists representing Silicon Valley’s interests have largely succeeded in keeping federal lawmakers at bay.”

Contrasting the belief for a need for a DSA-like law, the potential owner of Twitter is in the camp of not censoring online platforms. Elon Musk has stated his position as follows: “like I said, my preference is to hew close to the laws of countries in which Twitter operates. If the citizens want something banned, then pass a law to do so, otherwise it should be allowed.”

Reprinted with permission from the July 3 issue of The Legal Intelligencer. (c) 2022 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.