A Good Overview of the E.U.’s New Digital Services Act ⇥ cyberlaw.stanford.edu
Daphne Keller, writing at Stanford’s Center for Internet and Society blog:
For companies that handle user content, the DSA is something like the GDPR. It adds new compliance and process rules that will need new staffing, new internal tools, new external user interfaces, and new formal legal interactions in Europe. For Internet users, researchers, and platform critics, the DSA creates a range of new legal protections and tools for understanding or shaping platform behavior.
A final draft was announced this week, but we don’t yet have a public copy. This final version is the product of a “trilogue” reconciliation process, ironing out differences between earlier Commission, Council, and Parliament drafts of the law. Those earlier versions were largely similar in the big picture and in most of the smaller points, so for those wanting more detail this earlier draft is a decent source. (It’s also formatted for easy navigation using Google Docs’ left nav bar.) For those who want more recent language, the best sources are the leaked “four column drafts” from the trilogues. Those are harder to obtain and can be painful for even dedicated wonks to follow, though.
There will likely be some differences between the drafts upon which Keller has based her analysis, but this is a good summary of what will surely be an impactful new set of policies.
Most of it appears to be either uncontroversial or full of excellent ideas — I am glad there will be more transparency around algorithmic suggestions, and the mandated ability to opt out. Then there are the changes that seem worthwhile but could lead to some nasty side effects. For example, providing users the opportunity to dispute platform judgements against them could be beneficial, but it could also discourage platforms from moderating materials outside the scope of laws like these, thus incurring paperwork. Then there are things I have concerns about, like the requirement to rapidly remove speech flagged by E.U. governments. There are risks of abuse, slightly mitigated by the E.U.’s lackadaisical approach to reinforcing some of its other data regulations.
There is a lot to like in this policy for anyone concerned about a lack of oversight of the very powerful companies that now form the skeleton of much of our lives. Frankly, if self-governance is just so damn effective, maybe these companies should have been better at doing things before policies like these were seen as necessary. That is not to say everything is fine now or that all of these policies are great, only that many of the best ideas were proposed before but were ignored. Welcome to a new reality.