Information Technology

EU Implements Comprehensive Legislation to Combat Digital Misinformation

EU Implements Comprehensive Legislation to Combat Digital Misinformation
Image Courtesy: Pexels

Facebook, Amazon and other large tech companies must curb hate speech, propaganda and other harmful content under the Digital Services Act. Smaller companies will face compliance next.

Dive Brief

  • If your company is still coming to grips with the European Union’s General Data Protection Regulation, you can take comfort if you’re not one of the handful of technology giants that have to comply with the Digital Services Act starting on Friday.
  • The law was enacted in 2022 to require companies that have at least 45 million monthly users to put in place systems to control the spread of misinformation, hate speech and terrorist propaganda, among other things, or risk penalties of up to 6% of global annual revenue or even a ban in EU countries.
  • The law has a built-in expansion to include all regulated companies, so starting next year in February, smaller companies will face scrutiny. At that point, the EU’s DSA information page says, “platforms with less than 45 million active users have to comply with all the DSA rules,” although compliance burdens won’t be as high as for the biggest companies.

Dive Insight

“The DSA is part of a bigger strategy to give more power to individuals, to the regulators, to civil society,” Suzanne Vergnolle, a professor of technology law at the National Conservatory of Arts and Crafts in Paris, told Agence France-Presse. “It is another step towards more accountability.”

The law follows GDPR, which has had the effect of driving global standards on online privacy, and will soon be followed by another law, the Digital Markets Act, an antitrust law that will govern how companies treat competitors’ ads and products, including apps.

Taken together, the laws amount to a sweeping effort to regulate online operations by creating restrictions on how companies manage people’s privacy and what information people see and how products are made available to them.

“The digital services package represents significant steps forward in internet regulation,” Paul Meosky of the Electronic Privacy Information Center says in an analysis.

Global impact

Even though the laws are EU-focused, U.S. companies will be impacted, just as they’ve been by GDPR.

Much of U.S. companies’ business is with EU customers and, as a practical matter, companies operate most efficiently by complying globally with the highest standards.

“I think it’s going to have like a Brussels effect, as GDPR had before, but it’s going to take years,” said Vergnolle, referring to how EU standards migrate beyond the bloc’s borders to impact standards elsewhere.

Compliance hurdles

The 300-page law adds to companies’ operations burden in significant ways.

Among other things, it requires them to disclose how their services push the spread of divisive content like hate speech and terrorist propaganda, and create systems for removing it. As part of their disclosure, they need to make details available publicly about how aspects of their platform work.

They also have to conduct an annual risk-assessment, reviewed by an outside auditor, whose findings are also to be made available publicly.

In other requirements, they have to offer consumers a way to turn off recommendation algorithms that are based on their personal information like race, religion and political views, and disable ads based on a person’s ethnicity, religion or sexual orientation. No data can be used to target ads to children.

They also have to stop the sale of illicit products by resellers.

Most of the big companies subject to the law are based in the United States, including LinkedIn, Pinterest, Snapchat, YouTube, Twitter (X), Instagram, Google, Microsoft, Amazon and Apple. Non-U.S. companies include TikTok and online retailers Zalando, in Germany, and AliExpress, in China.

In a blog post, Facebook President of Global Affairs Nick Clegg says the company supports the goals of the law and has had 1,000 people working to ensure compliance since last year, but it’s also important that other standards aren’t enacted later to force different compliance requirements in different jurisdictions.

“It is critical that the DSA now maintains its primacy over existing and new national laws, to protect the clarity it has created for services, maintain consistency in the way tech companies are held to account, and preserve the harmonious way people experience our platforms across the region,” he said.

Previous ArticleNext Article

Related Posts