Late last year, the Digital Services Act (DSA) came into force across the European Union. Initially the DSA applied only to the very largest online services like Facebook and Google, forcing them to institute safeguards against malicious content and several other important factors.

However, as of February, the DSA now applies to any online service that is used by EU citizens. Under the legislation providers must:

  • Describe their content moderation practices in their terms and conditions and publish annual transparency reports on content moderation practices.
  • Clearly identify online advertising including the advertiser and sponsor.
  • Not deliver targeted advertising by profiling children or based on special categories of personal data such as ethnicity, political views or sexual orientation.
  • Not use certain nudging techniques or deceiving practices that impair a user’s ability to make free choices on how they interact with a platform.
  • Provide information about how their recommendation systems work when displaying targeted information to users.
  • Provide information about the traders offering goods or services via online marketplaces that they operate.

Every company?

Yes. If a company offers digital services to EU citizens, they must adhere to these new rules. They are expected to set up complaints procedures and define how disputes will be resolved out-of-court. They must also cooperate with trusted flaggers (appointed by the governments of EU member states), take measures against abusive notices, deal with complaints and check the credentials of third-party suppliers. Failure to meet DSA obligations could see companies fined as much as 6% of their worldwide annual turnover.

Only the smallest companies are exempt from the Digital Services Act – those employing fewer than 50 persons and whose annual turnover and/or annual balance sheet total does not exceed €10 million.

What does this mean for users?

Since the DSA came into force, you may have noticed a number of apps and websites are asking you to confirm updated terms of service. Others, particularly Facebook, are prompting users to accept (or reject) personalized ads on their timelines.

Although a little annoying, these pop-ups offer a rare opportunity to regain some control over your privacy and personal data. If you are concerned about either, you should use this opportunity to ‘opt out’ of the data collection routines employed by big tech companies.

Two other things to note

There are two other important DSA issues to note. First, any company serving EU citizens must abide by the act, even if they are not based in the European Union.

Second, any businesses will make changes to their systems that apply EU rules to all users. However, non-EU citizens may not be able to make use of some of the additional features, such as dispute resolution mechanisms.

As things stand, DSA roll-out remains quite slow. And many EU members states are not yet ready to assume their responsibilities under the Act. Which means that we will see many more changes in the near future.

Read also: European cybersecurity that protects the world