The European Parliament has passed a landmark legislation ‘The Digital Services Act (DSA)’ which can become the global benchmark for the provision of big tech services, while protecting the privacy of users.
Salient features of Digital Services Act (DSA)
- The Digital Services Act lays down the dos and don’ts about the removal of harmful, illegal content, offering or facilitating sales of illegal products or services, targeted advertising, and the way interfaces are designed.
- Large online platforms should assess in mandatory annual or semi-annual risk assessments about the dissemination of illegal content, the malfunctioning of the given service, and any actual and foreseeable negative effects on the protection of public health.
- The usage of certain data to target users for advertising has been prohibited. The GDPR (General Data Protection Regulation) classifies data about race, ethnicity, political opinions, religious beliefs, health and sexual orientation, as special categories.
- An online platform may not use such data under the DSA for targeting individuals for advertising.
- “Dark Patterns” are also forbidden. There are new requirements aiming to help in the tackling of malicious “deep fakes”. Dark patterns appear when websites and apps are designed to induce users to subscribe to services, or to click through to affiliate websites, or to advertising.
- The DSA prohibits platforms from using the structure, function or manner of operation of their online interface, or any part thereof, to distort or impair recipients of services’ ability to make a free, autonomous and informed decision or choice.
- The act also cites alleged practices that exploit cognitive biases and prompt recipients of the service to purchase goods and services that they do not want, or to reveal personal information they would prefer not to disclose.
About General Data Protection Regulation (GDPR)
- The European Union already had the General Data Protection Regulation (GDPR), which offers granular privacy protection to anybody (not only EU citizens) whose data is stored within the EU.