Digital Services Act

EU’s Digital Services Act enters into force — but no confirm if Twitter will feel its full force yet • ZebethMedia

By zebethcontrolPosted on November 16, 2022Posted in Digital Services Act, Government & Policy, Social, Twitter, VLOPsNo Comments

The European Union’s Digital Services Act (DSA) enters into force today — setting the clock ticking on designations that will determine which larger Internet platforms face an extra layer of rules in areas likes algorithmic transparency and risk assessment. Larger platforms will also face centralized oversight by the European Commission in a marked change to the bloc’s decentralized (and much criticized) enforcement of data protection rules. Platforms have three months to report their active user numbers to the Commission (by February 17, 2023) so it can make these designations. The EU’s executive will use reported figures to determine which platforms are named VLOPs (very large online platforms) or VLOSEs (very large online search engines) under the DSA — and therefore subject to the tougher oversight. The main criteria for the special regime to apply is a platform or search engine reaches more than 10% of the EU population or has more than 45 million users. Although the DSA allows the Commission some discretion in the information it can use to inform designations. Likely candidates are platforms operated by the usual US Big Tech ‘FAANG’ giants — but some larger European tech firms should also fall into the category. VLOPs and VLOSEs face an accelerated compliance timetable for the DSA as it provides them with just four months for this once a designation is made by the Commission — after which the bloc will be able to start enforcements against rule breakers. This means the DSA regime is likely to be up and running in 2023 for these larger entities, assuming the Commission doesn’t delay making designations. The flagship reboot of the EU’s ecommerce rulebook will also apply to smaller platforms and digital services but they have longer to comply — until 17 February 2024. To support its supervision of VLOPs/VLOSEs, the Commission is setting up a European Centre for Algorithmic Transparency (ECAT) — to provide in-house and external multidisciplinary knowledge to help with algorithmic auditing. “The Centre will provide support with assessments as to whether the functioning of algorithmic systems are in line with the risk management obligations that the DSA establishes for VLOPs and VLOSEs to ensure a safe, predictable and trusted online environment,” it said today. Will Twitter be designated a VLOP? One very pressing question for European regulators (and citizens) is whether Twitter will be designated a VLOP under the DSA or not? The (relatively small) social networking firm is not expected to meet the bar for regulation under the DSA’s sister regime, the Digital Markets Act — an ex ante competition reform which will only apply to intermediaries with gatekeeper levels of market power. So the DSA is the main instrument the EU can use to clip Twitter’s wings. And given drastic changes to how the microblogging platform is operating under new owner, Elon Musk, the Commission is already facing pressure to ensure the fullest force of the DSA regime is brought to bear on it and soon. A report in today’s Financial Times couches the bloc’s regulators as being on a “collision course” with Musk’s chaotic piloting of the platform — citing sources familiar with EU regulators’ thinking saying there is concern in Brussels over the company’s ability to comply with the DSA, including in light of the mass sacking of 50% of its staff soon after he took over. MEP, Christel Schaldemose, who will chair a group on the implementation of the DSA, told the newspaper that Twitter could “very well be the case to test DSA for the first time” — and urged the EU to make sure the DSA rules apply for Twitter, warning that if it does not do this the regulation “would be a failure”, adding: “I hope and expect the EU commission to act fast and firmly.” ZebethMedia has also heard concerns about Twitter’s ability to comply with the DSA from another direction. A source familiar with how Twitter was preparing for dialled up EU regulation — pre-Musk takeover — told us “lots” of work had been done but said it’s all been “stymied” by the transition. We reached out to the Commission to raise concerns we’ve heard and ask about the question of Twitter’s compliance with the DSA. A Commission spokesman declined to confirm whether the company will be designated a VLOP — saying the list and number of VLOPs will only be provided after the designation step has been completed. But they added: “The designation is relatively straightforward. If a company is around the threshold, it’s a good decision to go for compliance rather than to hover in an area where they are not complying.” Despite the official EU line on whether Twitter will be a VLOP remaining ‘wait and see’, it’s notable that immediately Musk took over the company last month the bloc’s internal market commissioner, Thierry Breton, tweeted to put him on public notice — warning that Twitter must “fly by” the EU’s rules. Which — at the least — demands that a meaningful set of rules gets applied. (And today Breton has doubled down with a Twitter subtweet in a DSA thread — writing: “Social media platforms will no longer behave like they are ‘too big to care’. Whether they have feathers or not 🐦”) Since then, plenty more has happened to increase regulatory concern over Twitter’s direction of travel under Musk — including the resignation last week of a number of senior privacy and security Twitter staffers who had held key compliance-facing roles. These departures included Twitter’s first (and until then only) data protection officer (DPO) — a role that’s required under long-standing EU data protection law. And yesterday we reported a further development: Twitter had informed its data supervisor in Ireland of the details of a replacement DPO. However it had only named an existing staffer as “acting” DPO. That’s notable since, under the EU’s General Data Protection Regulation, the DPO role is required to be quasi-independent — so the conditionality and precariousness of Musk-Twitter naming an “acting” appointee could raise

Elon Musk tells Europe that Twitter will comply with bloc’s illegal speech rules • ZebethMedia

By zebethcontrolPosted on October 31, 2022Posted in Digital Services Act, Elon Musk, Government & Policy, online regulation, Social, thierry-breton, TwitterNo Comments

Surprise! Elon Musk’s tenure at Twitter is already shaping up to be confusing and contradictory. Whether this dynamic ends up being more self-defeating for him and his new company than harmful for the rest of humanity and human civilization remains tbc. On the one hand, a fresh report today suggests Musk is preparing major staff cuts: 25%, per the Washington Post. (He denied an earlier report by the same newspaper, last week — suggesting he’d told investors he planned to slash costs by liquidating a full 75% of staff — so how radical a haircut he’s planning is still unclear, even as reports of fired staffers are trickling onto Twitter.) But, also today, Reuters reported that Twitter’s new CEO — the self-styled “Chief Twit” — reached out to the European Union last week to assure local lawmakers that the platform will comply with an incoming flagship reboot of the bloc’s rules on digital governance around illegal content. A move that will, self-evidently, demand a beefed up legal, trust and safety function inside Twitter if Musk is to actually deliver compliance with the EU’s Digital Services Act (DSA) — at a time when Musk is sharpening the knives to cut headcount. DSA compliance for a platform like Twitter will likely require a whole team in and of itself. A team that should be starting work ASAP. The comprehensive EU framework for regulating “information society services” and “intermediary services” across the bloc spans 93 articles and 156 recitals — and is due to start applying as soon as next year for larger platforms. (It’s February 17, 2024, for all the rest.) Penalties for violations of the incoming regime can scale up to 6% of global annual turnover — which, on Twitter’s full year revenue for 2021, implies potential fines of up to a few hundred million dollars apiece. So there should be incentive to comply to avoid such costly regulatory risk. (Er, unless Musk’s strategy for “saving” Twitter involves dismantling the business entirely and running its revenue into the ground.) Yet — in another early step — one of Musk’s first moves as owner of the social media platform was to fire a number of senior execs, including Vijaya Gadde, its former head of Legal, Policy, Trust and Safety. Musk had been critical of her role in a decision by Twitter, back in October 2020, to — initially — limit the distribution of a controversial New York Post article reporting on emails and other data supposedly originating on a laptop belonging to U.S. president Joe Biden’s son, Hunter. The action led to accusations that Twitter was censoring journalism and demonstrating a pro-Democrat bias, even though the company subsequently rowed back on the restrictions and revised its policies. Targeted harassment Musk waded into the saga earlier this year with a tweet that branded the Post’s story “truthful” and dubbed Twitter’s actions “incredibly inappropriate.” He also doubled down shortly afterward by retweeting a meme targeting Gadde by name — which led to a vicious pile-on by his followers that prompted former Twitter CEO, Dick Costolo, to tweet at Musk publicly to ask why he was encouraging targeted harassment of the Twitter exec. Put another way, a former Twitter CEO felt forced to call out the (now current) CEO of Twitter for encouraging targeted harassment of a senior staffer — who also happens to be a woman and POC. To say that this bodes badly for Twitter’s compliance with EU rules that are intended to ensure platforms act responsibility toward users — and drive accountability around how they are operated — is an understatement. what’s going on? You’re making an executive at the company you just bought the target of harassment and threats. — dick costolo (@dickc) April 27, 2022 While the EU’s DSA is most focused on governance rules for handling illegal content/goods and so on — that is, rather than tackling the grayer area of online disinformation, election interference, “legal but harmful” stuff (abuse, bullying, etc.), and such, areas where the EU has some other mechanisms/approaches in the works — larger platforms can be designated as a specific category (called VLOPs, or very large online platforms) and will then have a set of additional obligations they must comply with. These extra requirements for VLOPs include carrying out mandatory risk assessments in areas such as whether the application of their terms and conditions and content moderation policies have any negative effects on “civic discourse, electoral processes and public security,” for example; and a follow-on requirement to mitigate any risks — by putting in place “reasonable, proportionate and effective mitigation measures, tailored to the specific systemic risks identified” (including where risks are impacting users’ fundamental rights, so stuff like respect for human dignity and equality; nondiscrimination; respect for diversity, etc., among other core rights listed in the EU charter). The implication is a VLOP would face major challenges under the DSA if it was to ignore risks to fundamental rights flowing from, say, a decision to apply a “free speech absolutist” approach to content moderation, as Musk has, at times, claimed is his preference (but — ever mercurial — he’s also said that, as Twitter CEO, he would comply with all legal requirements, everywhere in the world they apply). Whether Twitter will be classed as a VLOP is one (now) very burning question for EU citizens and lawmakers. The Commission hasn’t specified either way — but internal market commissioner, Thierry Breton, has (at least) heavily implied Musk’s Twitter will face meaningful checks and balances under the DSA. Which suggests it will be designated and regulated as a VLOP. Hence Breton’s quick schooling of Musk last week — when, in response to Musk’s “free speech” base-inflaming “the bird is freed” tweet, the commissioner pointedly rejoined: “In Europe the bird will fly by our [EU] rules.” Musk did not respond publicly to Breton’s schooling at the time. But, according to a Reuters report today, he reached out to the Commission to “assure” it the platform will

Countdown to compliance as EU’s Digital Services Act published • ZebethMedia

By zebethcontrolPosted on October 27, 2022Posted in Commerce, Digital Services Act, DSA, Government & Policy, online regulationNo Comments

The European Union’s flagship reboot of long-standing ecommerce rules — aka the Digital Services Act (DSA) — has now been published in the bloc’s Official Journal. You can find the full (and final) text of DSA here. Le Digital Services Act (#DSA) est publié aujourd’hui au Journal Officiel! 📖 Ce texte majeur fera d’Internet un espace plus sûr pour tous les citoyens européens. Retour sur son adoption dans un délai record — un sprint en 7⃣ étapes 🧵 pic.twitter.com/8dMogdUYvV — Thierry Breton (@ThierryBreton) October 27, 2022 Tech firms’ in-house legal teams will be poring over the detail in the coming months as they figure out how to adapt their policies and procedures to ensure compliance and dodge penalties that can scale up to 6% of global turnover for the more egregious breaches. The rules are intended to drive accountability online by streamlining how platforms and marketplaces must tackle illegal content, goods and services, as well as bringing in specific provisions for larger platforms that are aimed at increasing transparency around powerful algorithms. As per EU process, the DSA regulation will enter into force in 20 days’ time (so in mid November). That’s not the real start date though as there’s still a delay before provisions become applicable to allow for a period of adaptation and alignment for businesses. The bulk of the DSA provisions will apply from January 1, 2024, per the Commission. But a subset of obligations — for so-called VLOPs (aka, very large online platforms) — will start to apply next year as the EU has stipulated that application for VLOPs and very large online search engines (aka VLOSEs) will begin four months after they are designated as entering the category. So a swathe of larger tech firms and Big Tech giants will likely have compliance requirements bearing down on them from early next year. For more on the rules digital firms will have to abide by in the EU under the new DSA regime, check out our earlier coverage. A sister regulation, the Digital Markets Act — which exclusively targets Big Tech for ex ante regulation — will also start to apply from early next year. So it’s all change and soon!