The Digital Services Act: changing the rules of business

The latest policy initiative to come out of the European Union towards the provision and regulation of digital services in the market place is the Digital Services Act (DSA) and its sister piece of legislation – the Digital Markets Act (DMA) – which seeks to build upon , expand and evolve the reach of the EU in the data world which was initially predicated upon the E–Commerce Directive 2000.

The legislation

The DSA specifically: addresses how organisations deal with illegal or potentially damaging, harmful and exploitative material online and proposes the basis of liability for online providers of material of that nature which emanates from and is provided by third parties; imposes more stringent due diligence requirements concerning the origins of third party suppliers of data; and finally reflects the desire to protect the consumer / user and their fundamental data rights. It is not only relevant and applicable to businesses operating in the social media field, online marketplaces and as online platforms in the EU, but also for their users and customers of their services.

The DMA is aimed at addressing businesses that can best be described as “gatekeepers” who play a critical role in facilitating contact between businesses and their customers and have a key and perceived dominant role in the market. The DMA is aimed at preventing misuse of their dominant role in the market by preventing discriminatory behaviour which favours their own services being preferred over that of their commercial customers and placing restrictions on the sharing of data of their customers for financial and commercial gain.

The legislative intent

The legislative intent of both pieces of legislation is to reform the digital marketplace and in particular to control and regulate how big tech operates and does business within the EU borders.

It is an attempt by the EU to readjust the political narrative and to take power away from Silicon Valley, tech entrepreneurs and big tech, and to demonstrate political, democratic and regulatory control of a business sector which impacts on every citizen’s day to day existence.

This desire to protect and promote the political rights of the individual dovetails nicely with a duality of approach adopted by the EU to also promote fairer economic and commercial activity within the digital marketplace and to attack the perceived behemoths of corporate data having an adverse impact upon the plurality of the marketplace.

The approach of the EU mirrors the growing political clamour in the US against big tech, which has seen the House of Representatives report on the commercial activities of GAFA (Google, Amazon, Facebook and Apple) and the lawsuit issued by the Federal Trade Commission against Facebook which has the potential (if successful) for the company to be broken up in an attempt to prevent the monopolisation of the market, as well as China beginning to push back against market dominance by the likes of Alibaba in the data marketplace.

Businesses affected

The digital services affected by the new legislation are basically online services we use on a daily basis – websites, social networks, app stores, travel and accommodation platforms; it is that level of interaction with the public that fuels one of the subsidiary desires of the EU to ensure that people are protected from online criminal activity as the increase in the digitisation of crime concerning the supply, purchasing of goods or services undermines not only corporate trust but the trust of the public itself in the marketplace and in society in general. Just as one of the key reasons behind the development of the nation state was to protect and uphold the rule of law, the EU now sees itself as performing a role akin to the medieval nation state in its emergence in controlling, addressing and punishing pan European criminality.


In tackling big tech, the EU approach is designed to ensure greater clarity and transparency in the digital realm and as far as advertising is concerned to ensure that it is clear that the information being disseminated is an advert, who is behind its promotion and how and why a recipient is receiving such an advertisement. The transparency angle will allow people and of course regulators to know how many people have been targeted and affected by such bespoke advertising and the basis for such content being directed to individuals in the first instance.

Not only is there an expansion on the concepts of clarity and transparency but also, in the need for greater accountability, to be more at the forefront of the minds of business. These reforms will place a significantly increased burden on businesses and in particular social media platforms and advertising agencies. In addition there will be an obligation upon platforms to notify users/regulators of illegal content being present on their platforms, a duty to take that material down and for businesses to self report the infractions to their national regulator. This internal “police officer” role is expanded also to include obligations on “track and trace” provisions for identifying and reporting illegal suppliers of goods and improved due diligence checks on third parties using platform services to ensure that they are compliant with EU law.

What can be seen is that the DSA is an attempt to clean up the digital marketplace, to move away from the “Wild West” atmosphere of digital business and to ensure that Dodge City is safe for its customers and businesses alike.

Enforcement provisions

The EU does not do “light touch” regulation and as a result the intent of the legislation is backed up with measures to ensure effective enforcement of its provisions with fines of up to 6 per cent of turnover of annual income of the platform provider and 1 per cent fines being levelled if incorrect, incomplete or misleading information is provided to a digital services coordinator based in each of the 27 member states.

If one considers the powers and levels of fines imposed by national regulators under the GDPR, one can be left in no doubt that these proposed new powers will be attractive to national regulators and treasuries alike.

It is no doubt hoped by the EU that these legislative provisions will provide more choice, lower prices and greater protection from criminal and exploitative activity for consumers whilst businesses see the benefits in the long term of certainty and uniformity of approach on a pan European basis.

How is the UK affected?

A line from Godfather Part III springs to mind when one considers the position of the UK and its relationship with the new legislation. As Michael Corleone said “Just when I thought I was out, they pull me back in!” – even though the UK has now (eventually) left the EU, the legislation will still have a direct impact on UK online service providers and digital platforms who provide services to users based with the borders of the EU. Arguing that a business is primarily located outside the EU will not prevent the application of the legislation to the business which is operating commercially inside the EU.

Furthermore, on a practical business level, whatever system the UK eventually develops to regulate its own internal digital marketplace, it is unlikely to develop a regulatory system that causes undue friction with the EU and raises obstacles to effective trading in a sector that the UK is dominant within.

If the Brexiteers thought that UK PLC was going to become a 21st Century East India Style Trading Company, they are sorely mistaken – at least in the world of data.

The future

The consultation merry-go-round of consultations on the proposed legislation will begin with the usual parties (The Commission, Member States and the EU Parliament) each having a say on the provisions that will be finally (and eventually) enacted. However, what is clear from the present political narrative that exists around big tech and big data both here in Europe and across the Atlantic, is that there is a determined desire to address the economic and political power of big tech and address the perceived imbalance in data rights and protection between individuals and corporates. In short, the EU is about to change the rules of business.

Ian Whitehurst is a barrister practising at Exchange Chambers and is a specialist in criminal and regulatory law with an emphasis on information law. Email LinkedIn: ianwhitehurst1.

Image by Gerd Altmann from Pixabay

Leave a Reply

Your email address will not be published. Required fields are marked *

Blue Captcha Image