After remaining a self-regulated industry, the internet in EU is looking to regulate digital services through the Digital Markets Act (“DMA”) and the Digital Services Act (“DSA”). The two legislations, approved on March 25, 2022, and April 23, 2022, respectively, are likely set precedence.
Digital services, at its broadest, govern a wide scope of online services, primarily those offered by online intermediaries and platforms – online marketplaces, social networks, content-sharing platforms, etc. In the final version of the enactment, web browsers, virtual assistants (such as Siri or Alexa), and connected TV were also included.
To be regarded as a significant player under DSA and DMA, the threshold is divided into two – qualitative and quantitative requirements.
Qualitative threshold require a company to meet all of the below –
- must have “significant impact” on the European market;
- the service provided must be an “important gateway” between businesses and end users; and
- must have or be likely to soon have “an entrenched and durable position.”
These parameters are elaborate with interpretive value and can act as the catch all phrase, or at least one requiring deliberation with the regulators as to what might run the exposure of an “entrenched and durable position”.
Quantitative thresholds include companies that –
- provide a core platform service in at least three EU member states;
- have either an annual turnover in the European Economic Area of at least €8 B in the last three financial years or a market capitalization of at least €80 B in the last financial year; and
- have at least 45 M active monthly end users and 10,000 yearly active business users in the EU.
In terms of the Quantitative parameters, India has similar regulations in Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Guidelines”) which has classified Significant Social Media Intermediary has a threshold number for the registered users.
Data privacy safety of users, triggered the need of these legislations. DSA brings in a host of security measures, and failure to meet these have very steep penalties of the range of upto 6% of global annual turnovers. With penalties like this, for a company like Meta, the parent company of Facebook, it could mean a penalty as high as $7 B based on FY2021 sales figures.
- limit how digital giants target users with online ads
- stop platforms from targeting users with algorithms using data based on their gender, race or religion
- transparency in the algorithm used to recommend content
- prohibit targeting children with ads
- ban the use of dark patterns to push people toward certain product and services
- Implementation of procedures to take down illegal content from the platform
Failure to comply with requirements specified under DSA and DMA may result in fines of up to 6% of companies’ global annual revenues.
GoI, for a while, has been trying to ensure that internet be a safe space and intermediaries to be liable for the illegal content published on their platform by limiting the benefits of safe harbour. Such intermediaries are subject to ‘duties of care’ and ‘notice and take down’ obligations to remove illegal content on their platform.
Under the similar analogy, the Indian Rules require the following to be fulfilled –
- place declarations as due diligence protocols to forewarn users not to violate the Code;
- Self-declarations;
- time bound removal and access denial to violators;
- co-operate with tracing origin and with investigations;
- set up and be part of self-regulatory bodies;
- subscribe to classification based on parameters of age and themes;
- appoint grievance and compliance officers and set up time bound redressal mechanism.
Read more about changes introduced by the Act here.
DSA and the present Indian law, have terms of grouping of significant players, with additional compliance requirements like appointing a compliance officer or ensuring the illegal data is taken down within specified time. A similarity in this legislations indicate that, this could become a global adaptation.
With the free flow of data on internet, data privacy is a concern intertwined with the regulations being implemented. EU’s GDPR has, in fact supported transparency requirement which is proposed in DSA and DMA for significant players.
In addition, the Indian law on data protection in its finalisation stages, has placed the similar requirements. Upon being implemented, data protection law will align with Intermediaries Ethics Guidelines. Which will require the intermediaries to seek consent from the users to access and use their personal/non-personal data.
– For example an intermediary targeting a user with ads based on the platform usage data, a explicit consent of the user will be required to use the data to target the online ads.
How corporations will adhere to this, whether in forms of disclaimers or by collecting active consents, is yet to be seen.
Taking this instance forward, when ONDC is rolled out pan India, all players will be required to play by the same rules. This is expected to be aspirational in achieving effective and uniform data privacy, transparency and traceability of data.
The world order is changing in many ways, and sooner than anticipated, the legislators have become cognisant that the management and reigning in of the digital space is a significant component of this. Although, the challenges the legislators will face in implementation and harmonising and empower the correct regulators through intersecting with existing legislations.
This is only for informational purposes. Nothing contained herein is, purports to be, or is intended as legal advice and you should seek legal advice before you act on any information or view expressed herein. Endeavoured to accurately reflect the subject matter of this alert, without any representation or warranty, express or implied, in any manner whatsoever in connection with the contents of this. This isn’t an attempt to solicit business in any manner.
Sources:
- https://www.cnbc.com/2022/04/22/digital-services-act-eu-agrees-new-rules-for-tackling-illegal-content.html
- https://prsindia.org/billtrack/the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021
- https://www.cnbc.com/2022/04/22/digital-services-act-eu-agrees-new-rules-for-tackling-illegal-content.html