A Dual Analysis of the EU Digital Services Act and the UK Online Safety Bill
-
2024年1月31日
-
The ever-increasing awareness of illegal and harmful online activity has led to the development of new protective regulations across Europe to improve safety for online users. The European Union (“EU”)’s Digital Services Act (“DSA”) aims to safeguard online users by protecting individual rights and creating a more equal playing field to foster innovation and growth among online businesses, while the United Kingdom (“UK”)’s Online Safety Bill (“OSB”) focuses on eliminating illegal and harmful online content to protect minors.
Online platforms with activities in both the EU and the UK will have to comply with both the DSA and OSB, in addition to the web of overlapping but differentiated regulations, including the General Data Protection Regulation (“GDPR”), the Digital Operational Resilience Act (“DORA”), and more. The potentially high penalties for non-compliance (see table below), and the technical challenges surrounding certain requirements for both the DSA and OSB, will have a significant impact on online platforms.
The Digital Services Act
The wide scope of the DSA covers all online intermediaries offering services in the EU, no matter where they were established. Organizations of different sizes have different requirements, with Very Large Online Platforms (“VLOPs”), defined as platforms that reach more than 10% of EU consumers, facing the most stringent requirements. In addition to obligations like transparency, criminal offense reporting, and providing specific information to users, VLOPs must fulfill requirements to have risk management and crisis response plans implemented and give users the option to opt-out of recommendations based on profiling.
The Online Safety Bill
The OSB makes social media platforms legally responsible for the protection of minors online, which mandates the quick removal of illegal content, the enforcement of age limits and restrictions on age-inappropriate content, published risk-assessments on the dangers of social media for minors, and accessible ways to report problems. The bill also requires large social media platforms to block and remove fraudulent advertisements. The OSB requirements apply to all social media content seen by citizens of the UK, regardless of where the content originated, and will be enforced by the UK Office of Communications (“Ofcom”).
Regulation Overview | DSA | Key Similarities | OSB |
---|---|---|---|
Regions Affected | EU | Compliance is required if services operate in the UK or EU, even if the providers are not based there | UK |
Scope | All digital services, with two key categories for services with average monthly active recipients greater than 45 million: Very Large Online Platform (“VLOP”) and Very Large Online Search Engine (“VLOSE”) | Both generally apply to all services which host and share information to the public | User-to-user and search services. Key categories are determined by number of users and functionalities (Ofcom still to provide further guidance) |
Content | Illegal content Data collection from advertisers and mandated disclosures Crisis response mechanisms to be put in place |
Illegal activities that already fall under UK or EU law Illegal content and content that could be harmful to children Controls to prevent fraudulent or misleading advertising Require clear and user-friendly Terms and Conditions, and notifications of breaches Include mechanism for content reporting |
Aims to reduce fraudulent advertising through notification and removal |
Assessments | Also covers human rights and effects on electoral processes | Require internal and external risk assessments Assess the risk of illegal content |
Determine the likelihood of children accessing the online service or search engine Assess how content is shown and targeted |
Reporting | Transparency reporting covering activity undertaken in relation to content moderation Reports must be more detailed and are required more frequently for the most regulated category |
Require annual reporting at a minimum | |
Penalties for Non-Compliance | Penalties and fines proportionate to active users: Less than 45 million: penalties determined by member states’ national laws More than 45 million: fines up to 6% of global turnover | Ofcom can issue fines of up to 18 million pounds ($22.3 million) or 10% of annual global turnover |
Technical Challenges of Compliance
The DSA and OSB create a new set of technical challenges for cybersecurity, privacy, and legal professionals to overcome as they work toward compliance. These include:
- Developing advanced algorithms capable of accurately detecting a wide range of content, including hate speech, misinformation, and harmful material, while minimizing false positives.;
- Implementing strong encryption and data anonymization techniques to safeguard user data while still enabling effective content moderation.
- Developing reliable age verification methods that are resistant to manipulation or fraud, without compromising user privacy.
- Designing systems that provide detailed insights into content moderation decisions without compromising the proprietary nature of algorithms or exposing sensitive information.
Next Steps for Compliance
The DSA came into effect for large organizations on August 25, 2023, and requires compliance for remaining organizations by February 17, 2024. While a date for compliance with the OSB has not yet been announced, organizations will likely need to comply in autumn 2024. Organizations should take the following steps to prepare for compliance with both regulations:
Allocate Sufficient Resources
Cybersecurity and data privacy regulatory compliance requires the support and collaboration of legal, technical, and operational departments in addition to the C-suite. Appropriate amounts of staffing, funding, and time should be allocated to each department to ensure continued compliance.
Conduct a Regulatory Gap Assessment
To begin complying with the DSA and/or the OSB, conduct a gap assessment to determine what policies and procedures are already in place, and what new steps will need to be taken for the new requirements.
Create Extensive Terms of Use and Content Reporting Requirements
The DSA and OSB both emphasize the importance of transparency, consumer protection, and limiting harmful content exposure to minors. Reevaluating terms of use agreements, and implementing easy-to-use controls for reporting will be the first step in meeting these requirements.
Develop Extensive Monitoring, Reporting, and Auditing Mechanisms
Compliance with the stringent demands of the DSA and OSB is an ongoing process. Developing robust systems for monitoring, reporting, and auditing platforms and processes will be essential for the maintenance of the compliance program.
While the DSA and OSB have similar goals, their scoping, focuses, and methods diverge. Therefore, compliance with one regulation does not fully cover compliance with the other. For organizations operating in both the UK and the EU, fully understanding the scope and impact of both regulations on business operations is essential for continued success.
出版
2024年1月31日