Edited DeepL translation into English:

2. In the case filed under ref. no. PL. ÚS 10/2024:

On the proposal of a group of 46 members of the National Council of the Slovak Republic to initiate proceedings under Article 125(1)(a) of the Constitution of the Slovak Republic on the conformity of Section 10(1)(c), (f) and (r), Section 11, Section 12(3) and (5), Section 16(4), Section 19, § 21, § 22, § 23, § 24, § 30(5), (6), (7), (8) and (9), § 31, § 32 and § 33 of Act No. 157/2024 Coll. on Slovak Television and Radio and on Amendments to Certain Acts with Article 1(1) and (2), Article 2(2), Article 7(2) and (5), Article 26(1), (2) and (3), Article 30(1) and (4), Article 31, Article 73(2), Article 78(2) and Article 86(a) of the Constitution of the Slovak Republic, Article 4(3) of the Treaty on European Union, Article 2(2), Article 288 and Article 291(1) of the Treaty on the Functioning of the European Union, Article 10 of the Convention for the Protection of Human Rights and Fundamental Freedoms and Article 11(1) and (2) of the Charter of Fundamental Rights of the European Union, has ruled as follows:

1. The Court of Justice of the European Union is asked to give a preliminary ruling on the following questions:

I. (a) Is the requirement for ‘effective and non-discriminatory procedures and transparent, objective, non-discriminatory and proportionate criteria established in advance’ under Article 5(2) of Regulation (EU) 2024/1083 of the European Parliament and of the Council (EU) 2024/1083 of 11 April 2024 establishing a common framework for media services in the internal market and amending Directive 2010/13/EU (European Media Freedom Act), known as the European Media Freedom Act (hereinafter also referred to as the ‘EMFA’), be interpreted as meaning that national law must directly specify the specific criteria according to which the successful candidate is selected, or is it sufficient for the law to specify only the basic eligibility requirements for potential candidates? b) Given the need for judicial review of decisions on the appointment and dismissal of a board member or senior manager, to what extent must such decisions be justified? To what extent must the selection procedure be subject to judicial review? Does the effectiveness of Article 5(2) EMFA, also in light of Article 11 of the Charter of Fundamental Rights of the European Union, require that judicial review may also be initiated by someone other than an unsuccessful candidate?

II. In the context of the appointment and dismissal of the bodies of a public service broadcaster and in the light of Article 4(2) of the EMFA, how should the requirement of ‘functional independence’ of public service media under Article 5(1) of the EMFA and the requirement of ‘independence’ of the most senior executive or members of the board of directors under Article 5(2) of the EMFA?

(a) Does it satisfy the requirements of such ‘independence’ if national law contains only an exhaustive and narrow list of incompatible functions without ensuring distance from the exercise of public power by means of a general exclusion of incompatibility based on a factual assessment of proximity to the exercise of public power?

(b) Does it satisfy the requirements of such ‘independence’ if the national law entrusts the appointment and dismissal of four of the nine members of the council to the Minister of Culture, three of whom are appointed and dismissed from among experts in the fields of media and audiovisual, economics, law, or information technology, and one is appointed and dismissed on the proposal of the Minister of Finance from among experts in the field of economics, while the other five members of the council are elected and dismissed by the parliament on the proposal of the relevant committee of the National Council of the Slovak Republic (hereinafter also referred to as “parliament” or “national council”) by a majority of the members present, so that so that the council includes one expert in the field of television broadcasting, one expert in the field of radio broadcasting, one expert in the field of economics, one expert in the field of law, and one expert in the field of information technology, with this appointment and election process being preceded by an open selection procedure? If so, can this structure of the Council be considered sufficient to ensure the effective independence of its members from the executive power, or what guarantees, apart from judicial review under question I, should be included in national law to ensure the EMFA’s presumed effective independence?

III. What requirements arise from Article 5(1) of the EMFA for the Ethics Committee, which is an advisory body to the Board and whose role is (only) to take positions on compliance with the statutes of program staff, other creative staff and collaborators of STVR, and the general principles of ethics by STVR employees and its external collaborators in the performance of their activities, and to propose appropriate measures to ensure compliance, because they must always be confirmed by the public broadcaster’s council if the requirement under Article 5(2) of the EMFA, also in light of the reasoning in point 31 of the EMFA, does not apply to members of the ethics committee?

IV. What specific guarantees should national law contain to ensure the “editorial independence” of creative employees of public service media vis-à-vis its administrative bodies or third parties pursuant to Article 4(2), (5), (1) and (6), and (3) of the EMFA? Is it possible for an independent regulator to supervise public service media in accordance with Article 5(4) of the EMFA and in accordance with the general provisions of media law, in particular Act No. 264/2022 Coll. on Media Services and on Amendments and Supplements to Certain Acts (the Media Services Act), as amended (hereinafter referred to as the “Media Services Act”), be considered sufficient to ensure compliance with such guarantees, or is it necessary for the effective application of Article 4(2), 5, paragraph 1 and 6, paragraph 3 of the EMFA, is it necessary to be able to sanction any violator, including the most senior manager and members of the board of a public service media organization or any other violator, for any violation of these provisions?

V. In relation to the expected result set out in Article 5 of the EMFA, can the decision of the legislator, who, by a law promulgated and effective before the entry into force of the (application) of the EMFA, replaced the original public service media with a new public service media, be considered a breach of the duty of loyal cooperation under Article 4(3) of the Treaty on European Union? If so, under what conditions?

2. The proceedings for the purpose of submitting preliminary questions to the Court of Justice of the European Union are suspended.

Preliminary reference in Slovak:

2. Vo veci vedenej pod sp. zn. PL. ÚS 10/2024:

O návrhu skupiny 46 poslancov Národnej rady Slovenskej republiky na začatie konania podľa čl. 125 ods. 1 písm. a) Ústavy Slovenskej republiky o súlade § 10 ods. 1 písm. c), f) a r), § 11, § 12 ods. 3 a 5, § 16 ods. 4, § 19, § 21, § 22, § 23, § 24, § 30 ods. 5, 6, 7, 8 a 9, § 31, § 32 a § 33 zákona č. 157/2024 Z. z. o Slovenskej televízii a rozhlase a o zmene niektorých zákonov

s čl. 1 ods. 1 a 2, čl. 2 ods. 2, čl. 7 ods. 2 a 5, čl. 26 ods. 1, 2 a 3, čl. 30 ods. 1 a 4, čl. 31, čl. 73 ods. 2, čl. 78 ods. 2 a čl. 86 písm. a) Ústavy Slovenskej republiky, čl. 4 ods. 3 Zmluvy o Európskej únii, čl. 2 ods. 2, čl. 288 a čl. 291 ods. 1 Zmluvy o fungovaní Európskej únie, čl. 10 Dohovoru o ochrane ľudských práv a základných slobôd a čl. 11 ods. 1 a 2 Charty základných práv Európskej únie, takto rozhodol:

1. Súdnemu dvoru Európskej únie p r e d k l a d á tieto prejudiciálne otázky:

I. a) Má sa požiadavka „účinných a nediskriminačných postupov a transparentných, objektívnych, nediskriminačných a primeraných kritérií stanovených vopred“ podľa čl. 5 ods. 2 nariadenia Európskeho parlamentu a Rady (EÚ) 2024/1083 z 11. apríla 2024, ktorým sa stanovuje spoločný rámec pre mediálne služby na vnútornom trhu a mení smernica 2010/13/EÚ (Európsky akt o slobode médií), tzv. Európskeho aktu o slobode médií (ďalej aj „EMFA“) vykladať tak, že vnútroštátny zákon musí priamo špecifikovať konkrétne kritériá, podľa ktorých sa vyberie úspešný kandidát, alebo postačí, ak zákon špecifikuje len základné požiadavky spôsobilosti možných kandidátov?

b) Vzhľadom na potrebu súdneho prieskumu rozhodnutí o menovaní a odvolávaní člena rady alebo najvyššieho riadiaceho pracovníka v akom rozsahu musia byť tieto rozhodnutia odôvodnené? V akom rozsahu musí výberové konanie podliehať súdnej kontrole? Vyžaduje účinnosť čl. 5 ods. 2 EMFA aj vo svetle čl. 11 Charty základných práv Európskej únie, aby súdny prieskum mohol iniciovať aj niekto iný ako neúspešný kandidát?

II. Ako sa v kontexte menovania a odvolávania orgánov verejnoprávneho vysielateľa a vo svetle čl. 4 ods. 2 EMFA má vykladať požiadavka „funkčnej nezávislosti“ verejnoprávnych médií podľa čl. 5 ods. 1 EMFA a požiadavka „nezávislosti“ najvyššieho riadiaceho pracovníka alebo členov správnej rady podľa čl. 5 ods. 2 EMFA?

a) Vyhovuje požiadavkám takejto „nezávislosti“, ak vnútroštátny zákon obsahuje len taxatívny a úzky zoznam nezlučiteľných funkcií bez toho, aby zabezpečil odstup od výkonu verejnoprávnej moci všeobecnou výlukou nezlučiteľnosti na základe faktického posúdenia blízkosti k výkonu verejnej moci?

b) Vyhovuje požiadavkám takejto „nezávislosti“, ak vnútroštátny zákon zveruje z deväťčlennej rady menovanie a odvolanie jej štyroch členov ministrovi kultúry, z ktorých troch vymenúva a odvoláva z radov odborníkov v oblasti médií a audiovízie, ekonómie, práva alebo informačných technológií a jedného vymenúva a odvoláva na návrh ministra financií z radov odborníkov v oblasti ekonómie, keď ďalších päť členov rady na návrh príslušného výboru Národnej rady Slovenskej republiky (ďalej aj „parlament“ alebo „národná rada“) volí a odvoláva parlament nadpolovičnou väčšinou prítomných poslancov tak, aby v rade bol zastúpený jeden odborník v oblasti televízneho vysielania, jeden odborník v oblasti rozhlasového vysielania, jeden odborník v oblasti ekonómie, jeden odborník v oblasti práva a jeden odborník v oblasti informačných technológií, pričom tomuto procesu menovania a voľby predchádza otvorené výberové konanie? Ak áno, možno takéto nastavenie kreovania rady považovať za dostatočné na zabezpečenie efektívneho odstupu jej členov od výkonnej moci, prípadne aké záruky okrem súdneho prieskumu podľa otázky č. I by mal obsahovať vnútroštátny zákon, aby sa EMFA predpokladaný efektívny odstup zabezpečil?

III. Aké požiadavky vyplývajú z čl. 5 ods. 1 EMFA pre etickú komisiu, ktorá je poradným orgánom rady a jej úlohou je (len) zaujímať stanoviská k dodržiavaniu štatútu programových pracovníkov, ďalších tvorivých pracovníkov a spolupracovníkov STVR a všeobecných zásad etiky zamestnancami STVR a jej externými spolupracovníkmi pri výkone ich činnosti a navrhovať príslušné opatrenia s cieľom zabezpečiť ich dodržiavanie, pretože musia byť vždy potvrdené radou verejnoprávneho vysielateľa v prípade, ak sa požiadavka podľa čl. 5 ods. 2 EMFA aj vo svetle odôvodnenia v bode 31 EMFA nevzťahuje na členov etickej komisie?

IV. Aké konkrétne záruky pre zabezpečenie „redakčnej nezávislosti“ tvorivých zamestnancov verejnoprávneho média voči jeho správnym orgánom alebo tretím osobám podľa čl. 4 ods. 2, 5, ods. 1 a 6, ods. 3 EMFA by mal obsahovať vnútroštátny zákon? Je možné dozor nezávislého regulátora nad verejnoprávnym médiom podľa čl. 5 ods. 4 EMFA a podľa všeobecných ustanovení

mediálneho práva, najmä zákona č. 264/2022 Z. z. o mediálnych službách a o zmene a doplnení niektorých zákonov (zákon o mediálnych službách) v znení neskorších predpisov (ďalej len „zákon o mediálnych službách“) považovať pre zabezpečenie dodržiavania takýchto záruk za dostatočný alebo je pre efektívne uplatňovanie čl. 4 ods. 2, 5, ods. 1 a 6, ods. 3 EMFA nevyhnutné, aby pre prípadné porušenie týchto ustanovení bolo možné sankcionovať každého porušovateľa vrátane najvyššieho riadiaceho pracovníka a členov rady verejnoprávneho média alebo akéhokoľvek iného porušovateľa?

V. Môže byť vo vzťahu k predpokladanému výsledku stanovenému čl. 5 EMFA rozhodnutie zákonodarcu, ktorý zákonom vyhláseným a účinným ešte pred účinnosťou (uplatnením) EMFA nahradil pôvodné verejnoprávne médium novým verejnoprávnym médiom, považované za porušenie povinnosti lojálnej spolupráce podľa čl. 4 ods. 3 Zmluvy o Európskej únii? Ak áno, za akých podmienok?

2. Konanie na účely predloženia prejudiciálnych otázok Súdnemu dvoru Európskej únie p r e r u š u j e .

If you wish to sign the letters, you are an expert in the field, and are affiliated with an academic institution, you can email me at martin (at) husovec (dot) eu.

• Open letter to Rep. Jim Jordan
• Open letter to Commissioner Henna Virkkunen

Initial list of signatories:

• Prof. Martin Husovec, Associate Professor of Law, LSE Law School, London School of Economics and Political Science (LSE), and Founder of Platform Regulation Academy
• Joan Barata, Visiting Professor, Catholic University Porto (Católica-Porto) and Senior Expert at Platform Regulation Academy
• Berin Szóka, President, TechFreedom and Ph.D. candidate, Dublin City University
• Prof. Andrej Savin, Professor in IT Law & Internet Law, Copenhagen Business School
• Prof. Damian Tambini, Associate Professor and Distinguished Fellow., Department of Media and Communications, London School of Economics and Political Science
• Prof. Andrew Murray, Dean of the LSE Law School, London School of Economics and Political Science
• Prof. João Pedro Quintais, Associate Professor, University of Amsterdam, Institute for Information Law (IViR)
• Prof. Matthias C. Kettemann, Department of Theory and Future of Law, University of Innsbruck, Austria
• Prof. Catalina Goanta, Associate Professor, Utrecht University
• Dr. Ethan Shattock, Lecturer in Law, Queens University Belfast
• Prof. Joris van Hoboken, Professor of Information Law, Institute for Information Law (IViR), Amsterdam Law School, University of Amsterdam and founding director of the DSA Observatory
• Prof. Lorna Woods, Emeritus Professor, Essex Law School, University of Essex
• Prof. Giovanni De Gregorio, Professor of Law and Technology, Católica Global School of Law, Universidade Católica Portuguesa, Lisbon
• Prof. Sally Broughton Micova, Assoc. Professor of Communications Policy and Politics, University of East Anglia
• Prof. Adriana Iamnitchi, Maastricht University
• Prof. Suzanne Vergnolle, Associate Professor and Director of the Chair on Content Moderation, Cnam
• Dr. Stefania Di Stefano, Postdoctoral researcher at the Chair on Content Moderation, Cnam
• Dr. Zuzana Adamova, Assistant Professor, Trnava University
• Prof. Martin Kretschmer, Professor of Intellectual Property Law and Director of CREATe (Centre for Regulation of the Creative Economy), University of Glasgow, Scotland, UK
• Prof. Lilian Edwards, Emerita Professor of Law, Information and Society, Newcastle University and Honorary Professor, CREATe, University of Glasgow
• Daphne Keller, Director of Platform Regulation, Stanford Program in Law, Science, and Technology
• Dr. Adriana Mutu. Assistant Professor, ESIC Business & Marketing School, Spain
• Sophie Stalla-Bourdillon, Co-Director of the Brussels Privacy Hub, Law, Science, Technology & Society, Vrije Universiteit Brussel., Brussels
• Prof. Kate Klonick, Associate Professor St. John’s University School of Law
• Dr Paddy Leerssen, Postdoctoral researcher, University of Amsterdam
• Prof. Vanessa Mak, Professor of Civil law, Leiden University
• Prof. Dan Jerker B. Svantesson, Professor Faculty of Law, Bond University
• Dr. Matus Mesarcik, Associate Professor, Comenius University
• Prof. Anupam Chander, Scott K. Ginsburg Professor of Law and Technology, Georgetown University School of Law
• Dr. Iva Nenadić, Assistant Professor, European University Institute and University of Dubrovnik
• Prof. Maria Bielikova, Director of Kempelen Institute of Intelligent Technologies
• Rachel Griffin, Doctoral researcher, Sciences Po Law School

Additional signatories:

• Prof. Kyung Sin Park, Professor of Law, Korea University Law School
• Prof. Gianclaudio Malgieri, Associate Professor of Law & Technology and a Board Member at eLaw – Centre for Law and Digital Technologies
• Prof. Alain Strowel, Professor at UCLouvain
• Prof. Miriam Buiten, Professor of Law and Economics, University of St.Gallen
• Magdalena Jóźwiak, Associate researcher, DSA Observatory Affiliation, Institute for Information Law (IViR), University of Amsterdam

The seventh edition summarises the long period from October 2024 to June 2025. It covers the first publication of risk management dossiers, new EC investigations into adult sites, acceptance of commitments by AliExpress, upcoming guidance on minors, new rules for data access for researchers, codes of conduct on disinformation and hate speech, news about ODS bodies, several pending court cases on the national level, and much more.

The full text of the newsletter has been migrated to the website of Platform Regulation Academy here.

Date & Time: Wednesday, 22.1.2025, 4:00 p.m. – 6:30 pm GMT

Place: Zoom or at LSE [Lecture Theatre, LSE Centre Building (CBG)]

Three experts with different backgrounds will join Dr Martin Husovec in a conversation:

• Agne Kaarlep (Tremau) is the Head of Policy and Advisory at Tremau
• Curtis Barnes (Delloite) is a Manager in the Delloite’s Algorithm and AI assurance team in London
• Prof. Lorna Woods (University of Essex) is a Professor of Internet Law at the University of Essex

The event will be recorded and later available online. You can register here (Zoom or in-person) here.

The risk assessments, audits and implementation reports are tracked by Alexander Hohlfeld here.

1. Big personal news

Let me start with my personal news first. Principles of the Digital Services Act (OUP, 2024) has finally landed in your bookshops. You can buy it from OUP or Amazon. Moreover, I have also launched two new online courses on the DSA:

• The DSA Mini Course — a free course that explains the fundamentals in under 45 minutes.
• The DSA Specialist Masterclass — a true comprehensive masterclass that includes more than 12 hours of video lectures of me explaining all parts of the DSA, and offering many hypotheticals, quizzes, additional resources, tests and a certificate.

The DSA Mini Course is ideal for anyone who wants to become familiar with the law. It is completely free. The DSA Specialist Masterclass is for everyone who wants to become an expert on the DSA. The Masterclass incorporates my teaching concept, enriched by two years of training experience of more than 300 professionals from regulators, companies, NGOs, and law firms. I explain why built this unique Masterclass in this video. In a nutshell: we lack professionals who understand the law; there is a huge demand for them but few options to get educated. Well, now there is. Go and try it out.

2. Private enforcement of the DSA

I have been preaching from the early days that the DSA is a hybrid enforcement model. Unlike the UK’s OSA, it is much more open to private enforcement. Not all obligations can be privately enforced in my view (e.g., Articles 34-35 cannot), but many can be and will be. I am glad that we see the first plaintiffs proving my point in courts of the Member States.

Mr Mekić recently secured a win in a dispute relying on the DSA in the Netherlands (see here). His story is about shadow-banning by X, probably triggered by his criticism of the EU CSAM regulation. X’s tools wrongly moderated his account and stopped showing it in the search box. My understanding is that Mr Mekić won on contractual and DSA grounds. Plus, he also won a separate case on data protection grounds. Paddy Leerssen has a nice blog post explaining the context here.

Another successful example is the German case of collective redress against Temu. Wettbewerbszentrale is a German Center for Enforcement of Unfair Competition Law. The Center has been using the collective redress in the unfair competition law to enforce the fairness of competition for more than 100 years (see more context). The Center initiated cases in German courts against Temu and Etsy, in both cases due to violations of Article 30 of the DSA which requires platforms to collect information about their sellers. Temu now decided to settle and signed a contractual undertaking to implement Article 30 DSA properly. The Center’s case against Etsy is still pending. Interestingly, the Center also started a proceeding against an entity that misled the public about its status as a Trusted Flagger under the DSA. The entity lacked any DSA certification.

Private enforcement by consumers (as contractual claims) and collective redress (as tortious claims) by associations of traders or consumers are both very likely in practice. Among other things, they benefit from the rules of international private law that allow the plaintiffs to bring actions in their home jurisdictions against EU-established platforms, provided that the activities are targeting that home jurisdiction (Article 17(c) Brussels Recast [consumer contracts]), or damage has occurred there (Article 7(2) Brussels Recast [tort and related actions]). While for tortious claims the case law insists on their territorial limitation, the issue with injunctive relief is that even if you have to comply with the DSA, e.g., Article 30, for one jurisdiction, in many cases, you effectively likely comply for others too. Unlike these two types of claims, contract-based claims of business users, on the other hand, can struggle with jurisdiction. A good example of this is the recent case of HateAid, an NGO incorporated as a limited liability company, which was rejected by the Regional Court of Berlin due to the lack of jurisdiction.

The jurisdiction issue is key because private enforcement is the only way how plaintiffs can overcome Europe’s ‘one-stop shop system’ that allocates the competence for public enforcement with Digital Services Coordinators (DSCs) of establishment and the European Commission (for VLOPs). For the majority of VLOPs in the EU, this is Ireland. Thus, the flexibility of the rules of private international law on jurisdiction determines the extent to which parts of the DSA can be enforced in the country of destination. If you are a student reading this, the issue makes for a terrific research problem.

3. The certification of ODS bodies is in full swing

One of the most experimental aspects of the DSA is undoubtedly Article 21 that grants the users a right to file an external appeal to an out-of-court dispute settlement (ODS) body. The decisions of these bodies are not binding but platforms must arguably explain why they do not implement them. Many aspects of the system are not properly solved by the DSA. The financing is subject to framework rules that allow various fee structures. As many of you know, I have been advocating for ODS-like systems for years before the DSA. Together with a co-author, we provided evidence for the potential benefits of the system in an experimental empirical study. However, abstract experiments need calibration on the ground to work. The DSCs, with their first certification decisions, and ODS bodies, with their early practice, are now doing that calibration.

There is a lot to be said about the system, and you can certainly expect that I continue to research and write in this area. I sincerely hope that the system can improve content moderation practices. At this point, I want to make several early observations about what is happening on the ground.

First, following the adoption of the DSA, there was a big concern that no one might actually seek certification as an ODS body. I am now aware of 10 organisations that are either certified (3), their application is pending, or are preparing for certification. This shows that there is a lot of interest in the system. At the time of writing, the following three bodies were certified: User Rights (Germany), ADROIT (Malta), and OPDR Council (Hungary). All of them are already processing the first cases.

Second, after the adoption of the DSA, we could see different predictions as to the future financing models. The DSA only sets a framework for financing. The basic rules are: (1) ODS bodies can only charge fees to platforms and complainants (users or notifiers); (2) complainants’ fees must be ‘nominal’; (3) if a platform loses, it must compensate complainants’ fees and reasonable cost (fee shifting, see Article 21(5)); (4) if the complainant loses, it does not have to compensate a platform, unless it ‘manifestly acted in bad faith’.

I changed my views on what is possible under the system over time. However, eventually, I prefer fee structures where users pay more than symbolic, yet still nominal fees, and the remainder is paid by the platform or an independent funder, such as the state or philanthropies. The initial certifications show that this is neither the preferred (by ODS bodies) nor the required model (by regulators). Nominal takes the meaning of symbolic instead of (very) small compared to the actual value/cost (see the dictionary). In the picture below, you can see several possible and prohibited fee structures. Of course, in reality, the options exist on a spectrum between the above options, so consider them only as models. Some might consider even Option 5 as prohibited.

The model of zero or symbolic nominal fees (Option 4) is clearly preferred by ODS bodies. Platforms are asked to pay hundreds of euros per case (e.g., User-Rights charges 200-700 euros per case [p. 3]). Complainants can file their cases free of charge.

I think the choice is legitimate and understandable if you want to educate the public about the possibility of such redress. After all, we cannot simply assume that the demand for this service exists. No one knows how this will work in practice yet.

However, the choice of Option 4 has consequences for the DSCs who will have to monitor more closely the upcoming practice. The in-built incentives differ substantially across the fee structures. While Options 5 and 6 (or similar options that get close) still preserve some link between the aggregate ODS costs and the success rate of platforms and therefore reward good internal content moderation, under Options 3 and 4, platforms are not able to influence the amount of ODS fees they pay by being right. Their only available strategy is to try to convince future complainants (notifiers and content creators) not to complain due to the merit of their decisions.

On the other hand, Options 3 and 4 remove the demand-side constraints because the service is free, or provided for a very low price. This makes it much more affordable and accessible. We have such models in some areas, such as flight compensation ADR. But those are much more narrow disputes than ones arising from content moderation.

For content moderation, the abusive behaviour of complainants is a given. And if the fee for them is non-existent, or symbolic, the only risk for complainants is having to pay platforms’ fees or costs for manifestly bad faith behaviour, as they do not have to worry about losing their own fees. However, such a threat is not credible if complainants pay nothing upfront as platforms are unlikely to recover anything on their own. Thus, the first challenge is curbing the abusive behaviour of complainants. Another challenge lies in the incentive structure for the ODS bodies that are incentivised by volume: more cases, means more fees. There are some in-built checks against this as well, such as de-certification, strategic rejection by platforms, or potential loss of reputation which can impact the demand, but these safeguards must be operationalised to work properly.

In other words, a lot of work is ahead of us all.

4. Guidance on Article 28

Over the summer, the Commission published a consultation asking for evidence for its future guidance on Article 28 which concerns the protection of minors. This will be by far the most consequential guidance that the Board and Commission will write in the first years.

Article 28 DSA, unlike anything that EC does with VLOPs, applies to thousands of online platforms operated by mid-sized companies (or mid-sized holding companies). The deadline is 30/09/2024. Four days before the deadline, there were only 53 submissions online, maybe one-third serious, from regulators (e.g., French and Slovak DSCs), NGOs and very few companies. Obviously, many might submit their briefs at the last minute. Even if the Commission consults again after the draft is released, this is the only chance to submit evidence or policy positions before the framework is already prepared.

The guidance will have an impact on how services ranging from adult sites, social media, and dating apps, to online marketplaces, discussion forums, or food deliveries, interact with children and the general public. The issues like age verification and recommender systems design will be clearly on the agenda.

5. New European Commissioner for the DSA

By now, you have surely heard that Mr Breton stepped down and will be soon likely replaced by Ms Virkkunen from Finland as the new Commissioner responsible for the DSA. While Mr Breton might have raised the profile of the DSA as a regulation, he also seriously politicised the public perception of the DSA, especially through his exchanges with Musk and letters that sometimes misrepresented the law.

Ms Virkkunen’s appointment is thus undoubtedly good news for the DSA enforcement. She has worked on several digital files in the European Parliament, including the Pegagus spyware investigation. The mission letter tasks her to enforce the DSA and develop responses to addictive design, influencers, online bullying, dark patterns, and e-commerce platforms. These are thus areas where we can expect further upgrades (or downgrades) of the DSA.

The addictive design discussions are very likely to be part of the debate about Article 28 guidance as the design of recommender systems and various gamification scenarios clearly fall in its scope. It is thus possible that some of the work on the guidance could also end up influencing this future policy file on a new piece of EU law. In other words, there are many reasons to submit your views to the open consultation.

6. Mr Durov’s [Telegram] case

Mr Durov’s case (see Tech Policy’s tracker) is fairly interesting in highlighting one issue about the EU legal landscape. After Mr Durov was arrested, many people wondered if this could have anything to do with the DSA. Hardly. The DSA does not include any criminal penalties and does not (unlike the UK’s OSA) link companies’ responsibility with that of their CEOs. Mr Durov’s case shows nicely why Chapter 2 of the DSA is still very important. According to numerous reports (see e.g., NYT reports), Mr Durov for years rejected to implement orders received from authorities around the world, including European ones. The only thing that protects hosting providers like Telegram from imposing criminal liability for aiding and abetting is one of the European liability exemptions (now in Article 6 of the DSA).

However, the liability exemption is conditional upon acting on acquired knowledge of manifest illegality. Thus, ignoring the orders is the surest way how to lose it.

French prosecutors therefore only need to show orders that were ignored and Article 6 does not protect Telegram or Mr Durov anymore. And once that provision fails to apply, the DSA is the least of Mr Durov’s concerns. At that point, French or any other national criminal law can impose criminal liability, including on the CEOs of the platform, for ignoring orders.

The due diligence obligations in the DSA in that sense are a law for good citizens who should only strive to do better. In contrast, those who systemically and on purpose lose liability exemptions, have much bigger issues to worry about anyway. They can face civil and criminal liability, including for their CEOs. Therefore the best analogy for allegations against Mr Durov is not the infamous Mr Somm’s case, as I have seen some people argue, but Mr Sunde’s case. Let me explain.

Mr Somm, was the CEO of the German branch of Compuserve, a discussion forum popular in 90ties. Before the European Union adopted the liability exemptions, he was initially held criminally liable by German courts for hosting CSAM content on its service. Despite the fact that Compuserve always acted upon notifications, he was found criminally liable for not knowing.

Mr Sunde, in contrast, was one of the founders of the Pirate Bay who was also held criminally liable by the Swedish Supreme Court for aiding and abetting copyright infringement. The liability exemptions were already in place. However, they did not apply because The Pirate Bay had full knowledge of specific infringing acts on its service. He only decided to ignore them. Mr Somm, in contrast, would today count as a good citizen who only should improve the service’s systems and processes under the DSA.

In short, new rules in the DSA are mostly for good citizens who can do better. Bad guys have other harsher laws to worry about, as they can face the full power of the legal system, including criminal law. They are left unprotected by the liability exemptions that are otherwise offered by the DSA to providers. And while losing liability exemptions does not imply liability, to be sure, ignoring valid legal orders is a different league. Chapter 2 of the DSA is thus usually a ticket to a better society. It is not too dissimilar to how our legal response is different for CEOs of banks intentionally assisting criminals laundering money from crimes through their financial services, and those CEOs whose banks only fail to be diligent.

7. Enforcement of the DSA

The Commission has only expanded its investigation into Meta and otherwise not opened new investigations since the last newsletter. Below is the updated table (with Meta’s new Article 28 (minors) related investigation).

The Commission did send a couple of new RFIs to companies, including Meta (regarding Crowdtangle), Amazon (transparency of recommender systems, and risk assessments), Shein and Temu (on several issues), Pornhub, Xvideos, Stripchat (on illegal content and minors), X (content moderation resources). The Commission also designated Temu (an online marketplace) and XNXX (an adult site) as two new VLOPs.

The key wins for the Commission are TikTok’s acceptance of commitments over TikTok Light and LinkedIn’s announcement to disable some advertising functionalities. TikTok’s acceptance of commitments is quite interesting. Given that the Commission’s win was mostly procedural, i.e. TikTok apparently did not carry out a specific risk assessment for a new feature with a critical impact, it is surprising that TikTok would commit to never launching the Light program in the EU.

The Commission also compelled Microsoft to hand over more information about how generative AI is integrated into Bing. It seems to have followed the same playbook as with TikTok because the Commission is likely asking for the disclosure of a separate risk assessment over the launch of a new feature that can have a critical impact (see Article 34). Given that nothing has happened since May, unlike in TikTok’s case, it seems that Microsoft had something ready to satisfy the requirement.

The first case that is likely to proceed to the stage of fines concerns Musk’s X. In July, the Commission sent X its preliminary findings. It singled out dark patterns (Article 25), advertising transparency (Article ) and data access for researchers (Article 40(12)). Here is what the PR states:

First [dark patterns: Article 25], X designs and operates its interface for the “verified accounts” with the “Blue checkmark” in a way that does not correspond to industry practice and deceives users. Since anyone can subscribe to obtain such a “verified” status, it negatively affects users’ ability to make free and informed decisions about the authenticity of the accounts and the content they interact with. There is evidence of motivated malicious actors abusing the “verified account” to deceive users.
Second [advertising transparency: Article 39], X does not comply with the required transparency on advertising, as it does not provide a searchable and reliable advertisement repository, but instead put in place design features and access barriers that make the repository unfit for its transparency purpose towards users. In particular, the design does not allow for the required supervision and research into emerging risks brought about by the distribution of advertising online.
Third [data access: Article 40(12)], X fails to provide access to its public data to researchers in line with the conditions set out in the DSA. In particular, X prohibits eligible researchers from independently accessing its public data, such as by scraping, as stated in its terms of service. In addition, X’s process to grant eligible researchers access to its application programming interface (API) appears to dissuade researchers from carrying out their research projects or leave them with no other choice than to pay disproportionally high fees.

The technicalities were overshadowed by the Musk/Breton exchanges. Musk claimed that the EU offered it a secret deal to censor its platform. Well, super secret, it turns out. Under the DSA, the enforcement train looks something like this:

That ‘secret deal’ was the offer of commitments, a tool used in competition law for years. Musk could publish his commitments. Moreover, commitments did not relate to content at all. It was about Musk’s “speech-absolutist practices”, like not sharing data with researchers (or suing them), and failing to implement transparency. The Commission’s pick of Articles 39 and 40 is very strong, and X is clearly only playing a delay tactic, nothing else.

Based on the fact that other points from the investigation did not progress this far (e.g., Community Notes claims), shows that the Commission is conscious of the evidentiary limits for risk management. While X is a good poster child for a first case, building an Article 35 case won’t be cheap or quick. I discuss this extensively in my book.

The dark patterns claim will be more interesting to watch, as the carve-out in Article 25(2) has an uncertain scope. The new Commission might even tinker with it if they legislate on dark patterns.

Finally, Irish CNaM now sent the first batch of its RFIs to platforms to understand their compliance with Articles 12 (user contact points) and 16 (illegal content). They have prepared a helpful fact sheet here. The action concerns (1) VLOPs: TikTok, YouTube, X, Pinterest, LinkedIn, Temu, Meta and Shein, and (2) non-VLOPs: Dropbox, Etsy, Hostelworld and Tumblr.

8. Miscellaneous

There is a lot of great work that has been published since May. But to properly review it, I need more time. However, here are some tidbits of news or papers that caught my eye:

• Approximately 20% of users would opt out of using personalized recommender systems, according to a study by Starke and others.
• A 2024 study by Bright and others concludes that: “Approximately 26% of respondents said that they had had a piece of content deleted by a social media platform at least once, with around 16% saying it had happened more than once. This indicates the widespread nature of content moderation. Of those who had had content removed, approximately 48% launched a subsequent appeal process, and 30% of these people received what they regarded as a satisfactory response.” 
• The UK Music and Streaming study from 2022 includes interesting stats about the impact of user-generated playlists on the listening habits of users. This can be relevant for Spotify’s DSA classification.

• Hungary seeks invalidation of European Media Freedom Act before the CJEU.
• Agne Kaarlep (Tremau) on risk assessments.
• Researchers call for access to conduct experimental evaluations of VLOPs.
• JD Vance says that NATO military support should be conditional upon the EU respecting the US freedom of speech values.
• My book launch takes place at LSE on 11.11, you can pre-register here. The proper registration opens soon.

How did the industry practices change since 2022? What are the wins, missed opportunities, and future issues that regulators, civil society, and companies will have to solve? To discuss these questions, Dr Husovec is organising a public event on 11th of November (Monday) at the London School of Economics. Mark the date in your calendars.

Date: 11.11 (Monday), 1pm-7pm (registration to open in September)

The goal of the public event is two-fold. Firstly, the event aims to take stock of the development during the two years of the pioneering trust and safety regulation in Europe. Secondly, the goal is to reflect upon the ideas offered by a new book authored by Dr Martin Husovec, Principles of the Digital Services Act (Oxford University Press, 2024).

The confirmed speakers include:

• Barbora Bukovska (Article 19)
• Anupam Chander (Georgetown University)
• Joris van Hoboken (University of Amsterdam)
• Daphne Keller (Stanford University)
• Martin Kretschmer (Glasgow)
• Irene Roche Laguna (European Commission)
• Sonia Livingstone (LSE)
• Andrew Murray (LSE)
• Benjamin Raue (University of Trier)
• Graham Smith (Bird & Bird)
• Damian Tambini (LSE)
• Lorna Woods (University of Essex)

If you want to get notified when the registration opens, you can sign up here.

European Commission’s activities

It is an understatement to say that the European Commission has been busy. The European Commission launched several DSA investigations. The table below provides an overview

I don’t think I have time to go into details of every single investigation but at least a couple of observations:

One interesting thing is that all five investigations concern not only special obligations but also standard obligations that are not an exclusive competence of the EC. This means that in theory the DSCs of the country of origin (Ireland and the Netherlands) could have been investigating some of these potential violations too. Now, the EC has assumed that competence (Article 66(2)). The Commission might be aiming to set the thinking on some of these provisions.

In terms of substance, the scope of investigations is rather wide-ranging. Two issues seem universal though. Five services seem to have issues with researchers’ access to public data via scraping or APIs (Article 40(12)). Five of them seem to have some shortcomings when it comes to the assessments of risks (Article 34). Four services seem to have an issue with interfaces for notices or their handling (Article 16), and three with advertising archives (Article 39). Everything else is a bit specific to each service. For X/Twitter, the risk mitigation doubts revolve around illegal content (esp. hate speech and terrorist content), but also efficiency of Community notes as tool against manipulation (see my note in N4). The EC’s decision explains the investigation as follows:

“The effectiveness of the mitigation measures put in place as regards those systemic risks also appear inadequate, notably in the absence of well-defined and objectively verifiable performance metrics, and suspicions linked to insufficient resources dedicated to mitigation measures. These suspected failures concern, in particular the functioning of X’s “Community Notes” system, as well as the consistent application of X’s platform manipulation policy, as set out in its terms and conditions and the effectiveness of mitigation measures linked to subscription products, such as the blue checkmark”.

For TikTok, the doubt about risk mitigation concerns the potential rabbit-hole effects and addictiveness of the TikTok algorithm. Here is how the explanatory note formulates the suspicion: “the Commission is assessing TikTok’s risk management related to its (i) potentially addictive design, (ii) the service’s risk of leading users down ‘rabbit holes’ of harmful content, and (iii) the effectiveness of TikTok’s measures for preventing minors from accessing inappropriate content, in particular age assurance tools.” This was extended later to cover also “the DSA obligation to conduct and submit a risk assessment report prior to deploying functionalities, in this case the “Task and Reward Lite” program, that are likely to have a critical impact on systemic risks. In particular negative effects on mental health, including minors’ mental health, especially as a result of the new feature stimulating addictive behavior.”

TikTok ended up in trouble after failing to submit a risk assessment for its new feature TikTok Lite (a program that rewards for using the app). When it turned out that the assessment wasn’t properly prepared, the Commission opened an investigation and threatened to seek interim measures (Article 70, see PR). The TikTok rather decided to suspend the rollout of the program in two days (see PR). As noted by Mathias Vermeulen, this shows the insistence on ‘Measure twice, cut once’. I think the episode is very useful as it shows to other companies what should have been obvious from the start. Significant new features require constant pretesting even outside the annual cycle (Article 34(1) “prior to deploying functionalities that are likely to have a critical impact on the risks”). It has to become part of the compliance culture. The case would have been almost perfect for the EC to seek the first interim measures, so TikTok was probably very wise to back down quickly.

For Alibaba, the risk mitigation concern is about the illegal conduct of third parties affecting consumers. There are number of intersting issues there, such as the interpretation of Articles 23, 30, 34 vs. Article 8 (the general monitoring prohibition), but I leave the commentary for when we know more facts. AliExpress’ and X’s grounds for investigation are now public (AliExpress, X).

The investigation into Meta’s Instagram/Facebook services (PR here) will clearly take the most news coverage. Some see it already as an important milestone. I prefer to wait to read the decision on the opening of the investigation and what evidence emerges (once it is published). The EC’s objection concerning de-prioritisation of political content depends on how that policy operates: is it more of an optimisation goal in the recommender system, or an actual rule down-ranking of anything that meets some definition? If the latter, which the EC’s investigation seems to imply, then the violation of Articles 14(1) and 17 are in order if it is true that FB fails to provide any explanation or redress. The objection to shutting down of Crowdtangle was a low-hanging fruit, as civil society has been complaining about this very effectively, which means that the EC will clearly have good arguments there. The user-friendliness of the notification interface is again fact-specific. So the biggest charge then is the following:

Deceptive advertisements and disinformation. The Commission suspects that Meta does not comply with DSA obligations related to addressing the dissemination of deceptive advertisements, disinformation campaigns and coordinated inauthentic behaviour in the EU. The proliferation of such content may present a risk to civic discourse, electoral processes and fundamental rights, as well as consumer protection.

Again, it is unclear what evidence the EC has on this. We will have to wait and see. It is significant that the charge seems mostly related to mitigation, i.e. failure to act against the risks, and not just to assess them. It is not yet clear if this part of the investigation builds upon the Election Guidance in any way. If it does, the Election Guidance in itself will not be sufficient to create some minimum expectations of risk mitigation. The Guidance is a list of many measures that companies can take. The Election Guidance documents the Commission’s view of what are the best practices (Article 35(3)). In this sense, any guidance issued by EC differs from Codes of Conduct which are actually adopted by the companies, and thus form a stronger evidence base for the minimum expectations of risk mitigation in the industry. I think it is possible that the Commission is trying to pre-enforce parts of the Regulation on Political Advertising (Regulation (EU) 2024/900) which will only apply from October 2025. Especially, some labelling and transparency requirements could be formulated as risk management obligations already under the DSA in some settings. This would explain why the focus is on misleading acts, and why the dark patterns provision is also thrown into the investigation (Article 25).

The information requests filed by the EC are very diverse (all of them are here). Many of them relate to Article 40(12) implementation. SNV has a nice tracker here. I think it is very good that the same questions are sent to all companies, as this creates a better understanding of where we are on compliance. It would be useful if the EC could turn some of such findings into factsheets going forward. Academics from Weizenbaum, European University Viadrina and SNV have also published their first impressions of compliance with Article 40(12) (definitely worth a read).

After the three adult site VLOPs were designated last time (see N4), the EC just designated Shein and is likely to soon designate Temu (due to reported numbers) as a VLOP. Both are Chinese marketplaces and based in Ireland (here, here).

According to the minutes and PRs from the first three Board meetings, the EC is currently finalising the draft Delegated Act on Transparency Reports (likely out in May 2024) and the draft Delegated Act on Data Acces (draft for consultation in May, and the final adoption planned for July 2024). The Commission has now also issued Guidelines on Elections and is apprently working on Guidelines about protection of minors to flesh out Article 28. These guidelines might become incredibly consequential because they will apply to hundreds if not thousands of services and not just two dozen VLOPs/VLOSEs. The same is true for another EC’s ongoing project. According to the Board minutes, the EC seems to be also working on the Trusted Flaggers guidelines. Finally, the EC is seeking to convert two codes, the Code of Practice on Disinformation and the Code of Conduct on Countering Illegal Hate Speech Online, into the DSA official Codes of Conduct. Although this will still not make the Codes legally binding, it turns them into evidence of industry best practice, which can help the Commission to set some prima facie risk mitigation expectations (see my point above). Moreover, VLOPs and their auditors will have to assess compliance explicitly against such codes.

DSA before the Court of Justice of the EU

EC succeeds in its appeal against the suspension of advertising archives

In the end of March, ECJ issued its decision on the appeal in the Amazon case (C-639/23 P(R)) dealing with interim measures suspending the public availiability of ad archives (Article 39 DSA). The Commission appealed the General Court’s grant of interim measures that allowed Amazon to avoid publishing its ad archive. The decision did not, however, suspend the obligation of Amazon to compile it. The ECJ decision is very interesting and clearly tries to sets the framework for future interim measures under the DSA, but also the DMA. Here are some key takeways:

• ECJ starts by restating the cumulative test for interim measures (“if it is established that such an order is justified, prima facie, in fact and in law and that it is urgent in so far as, in order to avoid serious and irreparable damage to the interests of the party making the application (..) [the court must] weigh up the interests involved”, para 66)
• ECJ finds that Amazon satisfies all but the last requirement: the balancing of interests does not speak in Amazon’s favour because the effects of publishing ad archives are not existential for Amazon’s business, and the downside can be somewhat restored, and/or ex-post compensated by money. The Court says the following about the three requirements:
• Prima facie case: ECJ held that the “direct legal connection” between the validity of Article 39 DSA (a measure of general application) and the designation decision (a measure of individual application) cannot be treated as “lacking in seriousness” (para 111). This point is key because Article 277 TFEU only allows review of the measures of individual application, unless “direct legal connection” extends incidentally the review to measures of general application. Amazon argued that Article 39 DSA violates Articles 7, 16, 17 of the EU Charter (that is, discrimination, freedom to conduct business, and protection of intellectual property). Amazon benefits from the GC not having examined this point fully, and it is likely that once Amazon case is decided, this argument cannot be easily replicated by others. On substance, ECJ only responds by zooming in on Article 7 and 16, saying that one cannot deny “major legal disagreement” on this point, which means that Amazon has a prima facie case because at least some information can be commercially sensitive and thus covered as interference by these provisions.
• Urgency: Amazon argued that ad archives will allow its competitors to learn about its business strategies, and will discourage advertisers from using their services as their strategies can be inferred from the archives. ECJ held that “it is clear that the harm that is liable to be suffered by Amazon due to the publication of its business secrets would differ, both in nature and in scale, according to whether the persons who acquire knowledge of those business secrets are its customers, its competitors, financial analysts, or indeed members of the general public. It would be impossible to identify the number and status of all those who in fact had knowledge of the published information and thereby assess the consequences that the publication of that information might have on Amazon’s commercial and financial interests” (para 135). The Court views at least some of such damage as irreparable (para 136). Amazon here benefits from uncertainty about what information is already in the public domain, or available to competitors. Amazon argued that its advertising market share might shrink and that advertisers might not come back even if it wins. ECJ accepts that it is arguable that some of this might materialise.
• Balancing of interests: Amazon finally loses on the point of balancing. ECJ notes that the publication concerns continuous stream of new data, and hence if it wins the case on merits, it will be put back in the previous position. The nature of the data is not such that one-time disclosure would destroy everything. Amazon can adapt, relying on business new strategies. The Court says, “It follows that, if the decision at issue is annulled, Amazon will no longer be required to compile the repository required by that Article 39. Accordingly, it will no longer be required to keep online information relating to advertisements presented on Amazon Store or to disclose information relating to developments in its advertising campaigns or new advertising campaigns. That annulment would therefore be such as to ensure that advertisers returned to a more attractive business environment and to enable Amazon to develop new strategies in the management of its advertising activities without its competitors being able to acquaint themselves with them by means of that repository” (para 147). The Court then proceeds to argue that while some harm might be irreparable, it is not existential for Amazon, and its long-term development (para 151). Advertising is only 7% of the revenues, and the situation would end up being only temporary. Plus, the carve-out from the VLOP set of obligations could frustrate the overall goals of the DSA (paras 159-162), and give Amazon a competitive advantage (para 163). Thus, “it must be held that the interests defended by the EU legislature prevail, in the present case, over Amazon’s material interests, with the result that the balancing of interests weighs in favour of dismissing the application for interim measures” (para 164).

The overal takeways: ECJ made it more difficult (compared to the General Court) but still far from impossible to argue the suspension of Article 39 DSA as part of the designation dispute. Balancing interests can play out very differently if a VLOP is essentially an ad business like Facebook or Instagram. However, even in thoses cases, the future applicants might struggle proving a prima facie case because Amazon’s case will eventually settle the objections as to the validity of Article 39. We will soon see how the General Court applies this in WebGroup Czech Republic v Commission T-139/24 (Xvideos) and Aylo Freesites v Commission T-138/24 (Pornhub) which both seek interim measures. It is unclear if the target of these measures is the same as in Amazon, or not. We now also have case numbers for the three new designation disputes: T-138/24 (Pornhub), T-139/24 (Xvideos) and T-134/24 (Stripchat). The pleas in law are still not published in the OJ, so we don’t know the details of the arguments made. Stripchat does not seem to seek any interim measures.

Fee fights: Three companies, Meta T-55/24, TikTok T-58/24 and Zalando (here, not in OJ yet), have filed cases against the decisions about fees. According to the DSA, VLOPs and VLOSEs must pay a fee the size of which depends on the profit derived of the respective company. Zalando also filed an access to information request and follow-up lawsuit (Zalando v Commission, T-203/24). Meta’s pleas in law state that the Delegated Act on Fees goes against Article 43 DSA, and that the methodology used to calculate the monthly active users is against the DSA too. TikTok’s pleas in law are based on similar arguments as Meta’s.

Just a reminder. The methodology at stake here differs from the self-assessment undertaken by companies for the purposes of the designation. As a context, it was reported by Bloomberg that Amazon, Pinterest, Snapchat, X and Wikipedia pay zero on the supervision fees, while Alphabet and Meta to pick up three-quarters of the overall supervision bill. The reason is simple, Article 43 is capped at 0.05 % of the worldwide annual net income of the VLOP. No reported profit? Others must shoulder the overall cost of supervision. Or put differently, this is who pays 45.2 million euros (thanks Bloomberg):

This means that there are currently 9 DSA disputes pending. Moreover, the Commission has initiated four infringement proceedings for non-implementation of the DSA against Cyprus, Czechia, Poland and Slovakia. Not too bad for a law that has been in full application only since February.

Various

Dutch ACM issued a draft guidance on the DSA, as the Irish CNaM on Trusted Flaggers, and Out-of-court dispute settlement bodies. IViR held an amazing conference on the DSA in Amsterdam. The recordings of the main sessions are here. My keynote on How to (not) enforce the DSA is here. The IViR’s Observatory also has a ton of interesting new articles on ODS bodies (e.g., here or here).

Academics now started publishing also the first analysis of SoR database data. Daria Dergacheva, Vasilisa Kuznetsova, Rebecca Scharlach, Christian Katzenbach have a nice paper about 24 hours in content moderation on VLOP-size social media. They report a lot of interesting findings. One that I like a lot is the following:

Another empirical piece is by Rishabh Kaushal, Jacob van de Kerkhof, Catalina Goanta, Gerasimos Spanakis, Adriana Iamnitchi analyzes a representative sample of (131m SoRs, just wow!) submitted to the EC Transparency Database in November 2023 to study platform content moderation practices. They have a similar chart but based on much larger and broader data set:

Another of their fascinating findings is this:

And there is much more in both papers. I have to say I am very impressed how much the SoR data already reveals about the content moderation ecosystem. As I write this, SoR database already has 16.750.366.296 entries. Yes, it is a huge experiment and far from perfect, but its real-time character shows that it is interesting tool even though we don’t have the public archive of decisions themselves. A lot of fine-tuning is needed to further improve the database (which BTW should also include non-VLOP platform data going forward).

I have a new(ish) piece on the DSA’s Red Line: What the Commission Can and Cannot Do About Disinformation. The article is part of a fascinating paper symposium that should be out soon. Rachel Griffin has a new paper on the ideology behind the DSA. Max van Drunen and Arman Noroozian have a new paper about how to design data access for researchers. Alexander Peukert has a thought-provoking piece on Verfassungsblog about the EC Guidance on Elections. Integrity Institute published a piece on risk assessments.

If you have an interesting DSA paper just let me know. I will try not to forget to mention it.

Biggest News

The European Commission just designated three porn sites as additional VLOPs: Stripchat, Xvideos and Pornhub. This move is hardly surprising given that the porn industry’s numbers did not add up from the very start. The civil society advocated for this move several weeks before the disclosures. The Commission also finally published its first batch of designation decisions (previously, we only had names, not the text of the actual decisions).

The biggest news is undoubtedly the opening of the investigation into X’s DSA compliance. The reasoning behind the suspicions is not public (and unlikely to be disclosed pending the investigation) but the press release shows that the Commission suspects that X might be violating the following provisions: Article 16(5/6) [submission interfaces & handling of illegal content notices], Article 25(1) [potential misleading character of blue checkmarks], Article 39 [the failure to implement proper ad archives], Article 40(12) [failing to allow accessibility of public data for research through APIs or scraping], Articles 34(1/2) and 35 [risk management]. While Breton’s rhetoric in his infamous Palestine/Isreal letters to TikTok, X, Facebook, and Youtube, focused a lot on “disinformation”, this scope of investigations is much more sensible (here is the European civil society’s justified response to those letters). The investigation goes after the obvious failures of X to live up to the DSA standards.

The Commission will now collect evidence to build a potential infringement case. Its case for most of the claims is rather strong. My only doubt is about claims about the violation of Article 35 DSA – insufficient risk mitigation measures. While Article 34 is a rule of a more procedural nature which can be easily violated if other parts of the DSA are infringed, this is different for substantive obligations under Article 35. If the claim here is self-standing (something extra), then the Commission will need substantial evidence to build a case. The Commission’s press release describes the potential problem as follows:

The effectiveness of measures taken to combat information manipulation on the platform, notably the effectiveness of X’s so-called ‘Community Notes’ system in the EU and the effectiveness of related policies mitigating risks to civic discourse and electoral processes.

The key question will be the evidence about what constitutes said (in)effectiveness. But then, this is only the opening of an investigation. I think it is very important the Commission acts swiftly. This is how it builds its reputation and will undoubtedly incentivise companies to better comply with the DSA. In my forthcoming book, I draw on the work of Axelrod, Scholz, Ayres and Braithwaite to argue that the Commission needs to act quickly and decisively whenever it sees clear violations. By practising a tit-for-tat strategy, it can achieve long-term reciprocity, and thus cooperation.

The Commission also adopted its delegated regulation on fees (Commission Delegated Regulation (EU) 2023/1127 of 2 March 2023), and already notified companies of their bills. The companies can still seek judicial review. I haven’t found any public information about which company pays how much. However, loss-making companies (you can guess who they are) and non-profits like Wikipedia will pay zero in fees.

Finally, the Commission has just published a useful summary of its data access consultation that was expertly prepared by Paddy Leerssen (see here). It has tons of useful recommendations for the upcoming delegated act on data access.

Big Tech Transparency

Online platforms issued another round of user-number disclosures in August 2023. I decided to archive some of them because some companies seem to be changing these public disclosures ex-post. You can find February 23 discloures here, and August 23 disclosures here.

The Commission also launched its database for the statements of reasons (SoR). The SoR detabase is a work-in-progress in many respects, but I think it suprised many that in a few days it will exceed 1 billion notifications. A group of Italian researchers (Amaury Trujillo, Tiziano Fagni, Stefano Cresci) just published the first analysis of the disclosures finding the following:

Based on our results, we conclude that large social media adhered only in part to the philosophy and structure of the database. Specifically, while all platforms met the requirements of the DSA, most omitted important (yet optional) details from their SoRs. This limits the usefulness of the database and hinders further analysis of this data by scholars and policymakers alike. At the same time, the structure of the database turned out to be partially inadequate of the platforms’ reporting needs. For example, the current structure lacks the possibility to explicitly report moderation decisions targeted at accounts rather than content. To this regard, our results can inform future developments of the database.

Social media platforms exhibited marked differences in their moderation actions, in terms of restriction and content types, timeliness, and automation. Part of the differences are due to the platforms’ varying degrees of adherence to the database. However, part are also due to the unique characteristics of each platform, which pose challenges when it comes to harmonizing their moderation practices, as envisioned by the DSA. Furthermore, we also found that a significant fraction of the initial database data is inconsistent. This resulted from both internal validity checks on the data itself, as well as from external checks against statements and data extracted from the platforms’ transparency reports. Of all the considered social media, X presents the most inconsistencies, as reflected by striking discrepancies found in multiple aspects of its moderation actions. Finally, we conclude that the self-reported nature of the database, and the widespread inconsistencies that we found, raise concerns on the reliability of the data contained therein. This begs caution when analyzing such data to make inferences and draw conclusions on the moderation practices of large social media platforms.

VLOPs/VLOSEs also published their first round of transparency reports according to Article 42. Tremau has a nice tracker here. Stay tuned for the analysis of these disclosures which include a lot of new information, such as country-by-country breakdown of the user numbers and order numbers, indicators of accuracy, and qualifications/linguistic competence of staff.

Finally, the Commission launched a repository of terms and conditions which it produces by scraping the websites of companies. Going forward, this can become a useful resource to get a quick overview what are the DSA-regulated businesses, as the obligation under Article 14 falls on all DSA-regulated services.

Big Tech RecSys Opt-outs

VLOPS started complying with opt-out obligation for their recommender systems (Article 38: “at least one option for each of their recommender systems which is not based on profiling”). Since companies can decide what type of option they offer, it will be interesting to watch how they comply. I did not have time so far to do a proper survey of adopted solutions. I have seen TikTok announcing some form of regional newsfeed as an opt-out, and Meta announcing chronological newsfeed for Facebook/Instagram. If you have more information about other VLOP services, just drop me an email.

DSA before Courts

After being designated, Amazon and Zalando filed their lawsuits against the designation decisions (Amazon v EC (T-367/23), and Zalando v EC (T-348/23)). Amazon also sought a preliminary injunction, which has been granted in part (regarding Article 39 [ad archives]). Zalando only sought invalidation of the designation. The cases are still pending. Amazon was successful before the General Court by suspending the application of Article 39 which imposes an obligation to create ad archives (T‑367/23 R). The President of the General Court rejected the suspension of Article 38 (opt-outs), but granted that of Article 39 arguing that:

62 Consequently, for the purposes of the present examination of the condition relating to urgency, the information at issue must be regarded as being confidential. On the other hand, the question of whether the advertisement repository provided for in Article 39 of Regulation No 2022/2065 will require the disclosure of confidential information of both the applicant and its advertisers falls within the scope of the assessment of a prima facie case in the third plea relied on by the applicant in support of its action against the contested decision.

63 In that context, the question of the extent to which the disclosure of allegedly confidential information will cause serious and irreparable harm depends on a combination of circumstances, such as, inter alia, the professional and commercial importance of the information for the undertaking seeking its protection and the utility of that information for other market participants which are liable to examine and use it subsequently (see, to that effect, order of 10 September 2013, Commission v Pilkington Group, C‑278/13 P(R), EU:C:2013:558, paragraph 42).

64 In the present case, it must be held that the obligations relating to the advertisement repository, which provides information about the advertisements on the applicant’s platform, enable third parties to access significant trade secrets concerning the advertising strategies of the applicant’s advertising customers. It reveals strategic information such as campaign duration, campaign reach and targeting parameters. By doing so, it will allow competitors and the applicant’s advertising partners to draw market insights on an ongoing basis, to the detriment of the applicant and its advertising partners.

65 The evidence put forward by the applicant therefore makes it possible to establish that it cannot await the outcome of the main proceedings without suffering serious harm.

I think the court has applied a very weak standard here. Basically, it invites all future VLOPs to seek suspension of Article 39. I would be surprised if the porn sites that have just been designated do not use the opportunity to suspend the application of Article 39 by seeking judicial review of the designation. It is not clear to me how Amazon is more impacted than any of the other VLOPs, and why the same advertisers who now have to be disclosed there will suffer so much when they disclose on Amazon. I can see some specifics that exist here for the marketplaces but the court does not mention any.

Disclosure: I represent a consumer organisation in Zalando v Commission seeking permission to intervene.

Something else

I will publish an update with new academic work in early January. Feel free to send me tips. The good news is that my book is already with the publisher, and so is the upcoming OUP commentary on the DSA by Saulius Kaleda, Paul-John Loewenthal and Folkert Wilman.

All the DSA enthusiast should also mark 15-16 of February 2024 in their calendars. Just a day before the DSA enters into force, the Institute of Information Law organises a big conference on the DSA. As a keynote speaker, I am obviously biased, but the conference programme looks very interesting. I encourage you to join us.

Finally, I am again running my LSE Course on the Digital Services Act. We still have some spots. This is the third edition. Former participants were professionals from regulators, providers, civil society, auditing firms, etc. Just get in touch if you are interested.

VLOP/VLOSE designations are out

EC runs three consultations

Some recent work

The Digital Services Act tries to split rulemaking and interpretation in content moderation. It mostly leaves providers’ rulemaking discretion intact but constrains the way providers can subsequently use their own policies against individuals. Providers must disclose a broad set of rules upfront and explain their individual decisions. Platforms, such as social media and marketplaces, must also allow internal free-of-charge appeals. One of the innovations is that unhappy users and notifiers, instead of resorting to the judiciary, can now also file “external appeals” that can be heard in front of certified out-of-court dispute settlement bodies of their choice. If they win, the platforms will pay some of their costs. This brief practical note explains the rationale of the system and considers the issues that the national Digital Services Coordinators (DSCs) will have to deal with in the certification process. Since the first certifications of the ODS bodies will not take place before February 2024, the goal is to start the conversation about the best practices before the first certifications are made.

• I have also updated my earlier explainer: DSA’s Scope Briefly Explained. It now includes more discussion of “mere hosting” services, such as content management systems, and of the Zalando/Commission case. Your feedback helps a lot, so keep it coming.
• Laura Edelson (New York University), Inge Graef (Tilburg University), and Filippo Lancieri (ETH Zurich) wrote an interesting report for CERRE on data access under the DSA/DMA.
• A stellar group of content moderation researchers brought together by Matthias Kettemann and Wolfgang Schulz prepared a collection of essays entitled “Platform://Democracy: Perspectives on Platform Power, Public Values and the Potential of Social Media Councils“. It looks at the concept of social media councils, including how they relate to out-of-court settlement bodies under the DSA. It is available here.
• Anna-Katharina Meßmer and Dr Martin Degelin (both Stiftung Neue Verantwortung) published a paper about risk auditing of the recommender systems under the DSA.
• Inge Graef (Tilburg University) has a new paper looking at the EU regulatory patchwork for dark patterns.
• Benjamin Raue and Franz Hofmann are editors of the first comprehensive commentary on the DSA that I am aware of. It is published in German by Nomos, and you can buy it here.

National and other developments

• France passed its new influencer law and is about to pass an age-verification law. While the former hardly poses problems for the DSA, as it mostly seems complementary, the latter is a tricky one. Compatibility with Articles 34 and 28 is really an issue.

Thus, the national attempts to legislate on digital services in the EU start looking very much like sports of obstacle course racing. The participants, in our case national legislatures, are presented with the barriers of increasing difficulty, such as crawling in the mud (notification) and barbered wire (pre-emption), and the only winners are those who manage to overcome them successfully because they have the necessary training and are not worn down by the arduous course.

• Carl Vander Maelen (Ghent University, Faculty of Law and Criminology) and Rachel Griffin (Sciences Po Law School) have a nice piece about Twitter & Codes of Conduct on IViR’s DSA Observatory. They have a related paper here.

• Advocate General Szpunar’s Opinion in Case C-376/22 is definitely worth a read. It advanced sensible reading of the country-of-origin principle.

Students’ work repository

LSE DSA Course is open again

This is an excerpt from a draft of Chapter 9 from my forthcoming book (Husovec, Principles of the Digital Services Act (OUP, [May] 2024)). It describes the main digital ecosystem of services that are regulated by the DSA as infrastructure services, hosting services, online platforms, very large online platforms (VLOPs), and very large online search engines (VLOSEs). It summarises the first disclosures made by companies on the 17th of February 2023, the first batch of designation by the European Commission in April 2023 and explains why certain companies likely fall in or outside the DSA’s regime.