Illegal offline, illegal online: Will EU rules for the internet have a global impact?
The upcoming Digital Services Act, or DSA of the European Union is yet to be released in their final version, but the very ambition of the rules is becoming clearer by the day. What’s incoming are stricter guidelines that big tech companies, and in fact all companies that handle user data in any way, will have to follow. This will encompass everything including online content moderations, how algorithms work, managing misinformation on online platforms as well as data points that would be off limits for targeted advertising. Strict penalties are in place too.
Even though this legislation when it goes into force, will be applicable to citizens in the European Union countries, it will have a global impact much like the EU’s GDPR, or General Data Protection Regulation did a few years ago. Tech companies may again find it is simpler and more cost effective to implement similar policies in other countries too, since there really isn’t anything else as strict as the GDPR thus far. Globally, there have been examples of countries looking at the GDPR rules to reign in tech companies in their regions. That being said, local regulations will define the global implementation, with necessary tweaks.
When will the DSA text be finalized and voted upon? The European Commission has confirmed certain elements of the DSA now must be agreed to by all member states and then officially voted to become a law. The rules will be applicable to all companies operating businesses in the EU states 15 months after the vote is done, or from January 1, 2024, whichever is later.
“The DSA will upgrade the ground-rules for all online services in the EU. It will ensure that the online environment remains a safe space, safeguarding freedom of expression and opportunities for digital businesses. It gives practical effect to the principle that what is illegal offline, should be illegal online,” says Ursula von der Leyen, President of the European Commission, in a statement.
Talking the mystery away from AI recommendations
Algorithms will no longer be mysterious foundations, as they have been thus far. The new rules are expected to mandate platforms to make the details of how their algorithms work public. This is particularly true for anything that involves recommendations. The likes of Netflix, Google, and Facebook are just some tech giants who’ll have to take notice.
The rules will also demand that a recommendation system that’s not based on any algorithms must also be offered to users. For instance, we understand that Instagram may have to also offer a “sort by latest post” option for the feed, instead of an AI generated feed that we see in the app at this time.
There also must be clear guidance on why any piece of content is being recommended to any user, with clear options to opt out of any recommendations that users no longer want to be a part of.
Advertising and choices wouldn’t be free for all
Online targeted advertising cannot be based on any user’s sensitive personal data (this could include ethnicity, religion, sexual orientation, or beliefs) – data points that web platforms tend to collect, among other things, to create a virtual profile of users.
Any user registered as a minor on any web platform cannot be served targeted advertisements. “Platforms will be prohibited from presenting targeted advertising based on the use of minors’ personal data as defined in EU law,” says the DSA.
There also must be complete disclosure about the ads being served. “Meaningful information about advertising and targeted ads: who sponsored the ad, how and why it targets a user,” says the text of the DSA.
The EU rules will target what it calls dark patterns. This will be to ensure web platforms and services don’t necessarily design interfaces and options in such a way that it eventually leads users to make certain choices which the platform wants them to make – more as a compulsion than a choice, from the user’s perspective.
A global fallout? Yes, if history tells us anything
Globally, tech giants have often implemented a lot of privacy and data collection policies in other countries, on the lines of what they do in the EU, as dictated by the GDPR. For instance, the cookie and data agreements that you often encounter on websites and web pages.
At the same time, regulators in different countries have often scanned the policies and practices of tech companies on similar lines. For instance, Google has been in the regulatory crosshairs in the EU for practices that lead to a domination of the company’s own apps and services on the Android platform. So has Microsoft over the years, for the Internet Explorer browser monopoly. Google is still fighting a €4.34 billion ($5 billion) fine imposed by the European Union in 2018 after being found guilty of anti-competitive behaviour with Android.
In India, the Competition Commission of India (CCI) has been scanning Google’s policies for perceived privilege given to payment app Google Pay, including being preloaded on Android phones being sold in India. Google Pay was earlier called Google Tez. The contention is that Google Pay’s rivals, which include PhonePe, Paytm, Amazon Pay and WhatsApp Pay, do not have the same privilege.
The UK Government’s Competition and Markets Authority (CMA) released a report in December, has said that Apple and Google have too much control over operating systems (iOS and Android), app stores (App Store and Play Store), and web browsers (Safari and Chrome) that together form their ‘ecosystems’. There is a concern that when people buy a phone running either platform, they are largely controlled by this ecosystem.
Alternate payment methods in application stores, or the lack of them, are being looked at closely. In Korea, Google is now providing alternative payment systems for Play Store developers to choose from. The country now has a new law that bans app platforms from monopolising payment methods, which has forced tech giants including Google, to widen the options available to developers.
The Korea Fair Trade Commission (KFTC) has already imposed a fine of $176.64 million on Google in September for antitrust practices. Google has since announced that globally, alternate payment methods will begin rolling out before the end of the year, with Spotify being one of the torchbearers.