Digital Services Act proposal: A primer

The European Commission's proposed Digital Services Act could impact some aspects of online advertising, but the European Data Protection Supervisor wants an all-out ban.

The EU is looking to overhaul its digital policies in a six-year strategic effort, "Shaping Europe's Digital Future." The changes aim to update the rules and regulations on digital services. As part of that initiative, in January, the European Commission introduced two pieces of legislation: the Digital Services Act (DSA) and the Digital Markets Act (DMA). The provisions, ostensibly, encourage fair competition within the European market and protect online users' privacy. 

The European Commission says the new rules would harmonize compliance for businesses that must comply with laws particular to 27 member states. 

While the Digital Markets Act isn't as relevant to the data protection and privacy space, the Digital Services Act would impact personal data treatment within the online advertising space. 

The DSA builds on the EU's eCommerce Directive framework and covers "online intermediary services," including internet access providers, cloud hosting services, social media companies, and big online platforms. In other words, a broad range of players. And pay attention: It applies to anyone doing business within the EU, no matter where headquarters is. It sets rules requiring companies to take action quickly on illegal content and contains measures to restrict the largest online companies from engaging in anti-competitive behavior. 

But it also includes rules on online advertising transparency. One provision says that "very large online platforms" must compile a repository on the online ads they served. The DSA also requires transparency measures such as allowing users access to information on why they were shown certain ads. 

In addition, the DSA requires covered platforms to conduct yearly risk assessments and be subject to annual audits. 

The European Data Protection Supervisor, Wojciech Wiewiórowski, said the DSA should do more. He called on legislators to create rules that go further than transparency, adding they "should include a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking … ." He also called for restrictions on the data categories allowed for targeted advertising purposes and for restrictions on data disclosures to advertisers or third parties that facilitate targeted advertising. 

The DSA would also require large platforms to be subject to research by "vetted researchers" to investigate their APIs and other data to identify potential "systemic risks" to individual and societal rights. 

As Protocol reports, big tech will likely put up a big fight to the rules as proposed, as these would be massive reform not seen for 20 years. 

The Commission must negotiate with the European Parliament and the European Council before anything can become official, and it's likely we're years away from a final text given expected lobbying against its passage.