The Digital Services Act 101
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Subtitle |
| |
| Title of Series | ||
| Number of Parts | 542 | |
| Author | ||
| License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/61891 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
FOSDEM 2023443 / 542
2
5
10
14
15
16
22
24
27
29
31
36
43
48
56
63
74
78
83
87
89
95
96
99
104
106
107
117
119
121
122
125
126
128
130
132
134
135
136
141
143
146
148
152
155
157
159
161
165
166
168
170
173
176
180
181
185
191
194
196
197
198
199
206
207
209
210
211
212
216
219
220
227
228
229
231
232
233
236
250
252
256
258
260
263
264
267
271
273
275
276
278
282
286
292
293
298
299
300
302
312
316
321
322
324
339
341
342
343
344
351
352
354
355
356
357
359
369
370
372
373
376
378
379
380
382
383
387
390
394
395
401
405
406
410
411
413
415
416
421
426
430
437
438
440
441
443
444
445
446
448
449
450
451
458
464
468
472
475
476
479
481
493
494
498
499
502
509
513
516
517
520
522
524
525
531
534
535
537
538
541
00:00
Web browserInternetworkingDiagramLecture/Conference
00:29
Gamma functionYouTubeRight angleInstance (computer science)HypermediaTraffic reportingAlgorithmInformationWeb 2.0View (database)Computer animation
01:05
Open setSoftware frameworkIdentity managementInformation privacyControl flowComputer fileVector potentialInternetworkingTraffic reportingForm (programming)Computer animation
01:33
Different (Kate Ryan album)Uniform resource locatorLatent heatData conversionComputer animation
02:15
Web serviceComputer animation
02:37
Demo (music)Rule of inferenceWeb serviceHarmonic analysisWeb 2.0Macro (computer science)Internet service providerQuicksortStack (abstract data type)Physical lawHypermediaAddress spacePower (physics)Field (computer science)Multiplication signDifferent (Kate Ryan album)Data conversionComputer animation
04:27
Computing platformUser-generated contentDirection (geometry)Computing platformBlock (periodic table)Category of beingWeb serviceInternetworkingStack (abstract data type)Search engine (computing)Computer animation
05:16
InformationProcess (computing)Search engine (computing)Term (mathematics)Dependent and independent variablesComputing platformGoodness of fitComputer animation
06:02
Group actionInformation managementCodeEnterprise architectureSearch engine (computing)Data structureThresholding (image processing)Enterprise architectureNumberWord1 (number)AsymmetryKey (cryptography)Computer fontComputer animation
07:03
Surjective functionComputing platformPhysical systemExpert systemCodeThermal conductivitySet (mathematics)Content (media)Exterior algebraProcess (computing)Instance (computer science)Rule of inferenceTwitterInterface (computing)Physical lawSpacetimeDependent and independent variablesShared memoryType theorySingle-precision floating-point formatWeb serviceSoftware frameworkDecision theoryExtension (kinesiology)State of matterMeasurementFile archiverThresholding (image processing)AlgorithmInformation privacyCodeKey (cryptography)AreaLibrary (computing)Pattern languageComputer animation
10:07
Web serviceRight angleProcess (computing)ImplementationComputing platformCodeNumberSearch engine (computing)Thermal conductivityMoment (mathematics)BitCASE <Informatik>EmailMultiplication signInterface (computing)Standard deviationRegulator geneAddress spaceReal numberForcing (mathematics)Computer animation
12:10
Element (mathematics)Computing platformMassFeedbackSearch engine (computing)Regulator geneStandard deviationDifferent (Kate Ryan album)Computer animation
13:06
Regulator geneInformation privacyWeb serviceComputing platformRight angleOffice suiteCoordinate systemDigital electronicsMultiplication signMassCASE <Informatik>State of matterProcess (computing)Computer animation
14:28
Multiplication signBitComputer animation
14:57
Interface (computing)Right anglePhysical lawWeb 2.0Matrix (mathematics)Combinational logicComputing platformSoftware developerTelecommunicationFacebookOpen sourceGoodness of fitLecture/Conference
15:57
Computing platformRegulator geneSpeech synthesisNumberWeb serviceSoftware engineeringPoint (geometry)Interface (computing)Latent heatServer (computing)Physical lawProcess (computing)Right angleDependent and independent variablesInstance (computer science)Thresholding (image processing)Web 2.0Multitier architectureCartesian coordinate systemWeb pageFacebookLecture/Conference
21:10
Computing platformAreaInformation privacyCivil engineeringMetric systemInterface (computing)Direction (geometry)Pattern languageFeedbackRegulator genePhysical systemHTTP cookieCombinational logicObservational studyDecision theoryEmailInstance (computer science)Exterior algebraStandard deviationSelf-organizationAuthorizationMereologyQuicksortConnectivity (graph theory)BitCodePressureThermal conductivityProfil (magazine)Phase transitionGroup actionMultiplication signOnline helpDependent and independent variablesImplementationLecture/Conference
26:24
Multiplication signMatrix (mathematics)Lecture/ConferenceProgram flowchart
Transcript: English(auto-generated)
00:05
Thanks everybody for coming, so yeah I am not from the corporation, I'm from the Mozilla Foundation and so besides being the nonprofit behind the Firefox browser we do a lot of other cool stuff and so for those of you not familiar with it I do want to go briefly over that. So the Mozilla
00:22
Foundation of course like the corporation is mission driven and believes that the internet should be open accessible free fare and so at the Foundation side we do a lot of interesting research a lot of it into social media and a lot of it related to kind of accountability and transparency
00:40
of social media the kind of the systemic problems that we see on a lot of the web so some of you might have even participated in some of our research through for instance Regret's reporter through data donations from lots of people we were able to actually investigate YouTube's algorithm in a way that allowed us to get a view of it from the outside right because YouTube
01:00
is not necessarily handing over that information right now. We've also done we do policy work around kind of legislative files that either have great potential for our mission or might affect our mission in certain ways you might have also followed some of this work over the over the years I would do advocacy and campaigning and then we publish every year an internet
01:22
health report and so this year's internet health report is really worth checking out because it's actually in the form of a podcast so you can you can find that and listen to those episodes and MozFest also is taking place online in hubs in March and then it will take place physically in a
01:42
couple of different locations in June but I would definitely encourage you to attend some of those sessions happening. Okay but I'm going to talk to you about something very specific today and I'm curious how many people here have actually heard of the Digital Services Act just raise your hand if you've heard of it okay great so it's a big deal I think it's a big deal great and
02:02
as I'm going to go through really an overview of the Digital Services Act and particularly the obligations to a certain kind of actor this is yeah this is a ongoing conversation so I'm really curious in your thoughts as well about this so I'm going to talk about why did the EU decide to make a
02:20
Digital Services Act what is roughly in this and what are the next steps where we in the process because while the the Digital Services Act is agreed and is applied it's enforced sorry it's not actually been applied to the services yet we have to wait till the end of the year and to next year actually so first of all why create a Digital Services Act so the DSA is
02:44
really designed to update the e-commerce rules which are now almost two decades old so it really takes that for the internet stack and then it adds on to that looking at kind of the way that the web has changed today as we know in the last 20 years sort of a handful of large companies have essentially
03:02
taken over the web and so at the same time there are many countries that are trying to address social media and web policy and the idea is that the EU can do this in a harmonized way rather than having one law in one country and one law in another we kind of make a harmonized
03:20
playing field which is then easier for providers as well as for the end user and the DSA should really be seen also in conversation with the Digital Markets Act which is probably really interesting to many of you here and these really are two sides of a coin in a sense and they're both different ways of addressing a problem of fairness so the Digital Markets Act is really
03:41
intervening and saying okay there are certain gatekeepers that have actually used their market power in an unfair way and we need to update in a sort of consumer update our competition law in certain ways and then the and a sort of a macro level fairness fairness between different services and then you have the Digital Services Act which is fairness in a micro sense it's
04:03
fairness between a service provider and the end user you know is that service delivered to the end user and you know a legible way is it is it transparent is it accountable for the service that is ultimately giving them and it tries to kind of raise the bar instead of high bar when it comes to
04:21
fairness towards end users so two sides of the coin yes what is it what is the Digital Services Act what does it do well first of all we know who does it apply to right as I mentioned it's really taking the e-commerce directive so for the internet stack it's essentially moving that across so that
04:41
it categorizes the services that applies to these these four different categories and the the most interesting those important obligations are on this new category that it creates which is very large online platforms and very large online search engines of which there is one maybe two and also online
05:03
platforms themselves and the idea of an online platform being different than hosting services that is disseminating user-generated content publicly but we're I'm really going to be focused on this middle blue block so it comes up with this new term which is a vlog some people say vlog I like to say vlog it's
05:23
really up to you but the idea is that a vlog is a platform that is is serving over 10% of the EU population that it has a systemic role in our information ecosystem and therefore it deserves to have some you know some corresponding responsibilities so it relates to 45 million active monthly
05:44
users you might ask what is an active monthly user it is a good question and and platforms are in the process of counting this up right now and of course there are going to different ways that this can be counted the Commission has provided some guidelines around this there's still some
06:01
ambiguity and again also very large online search engines doesn't fit so beautifully into the DSA structure this was added by the council but the idea is that search engines that also have the same threshold are also should be accountable in the same in the same kinds of ways so the DSA takes an
06:25
asymmetric structure that's usually not difficult word for me but so the idea is that the larger you are the obligations that you have and and there are key exemptions for small and micro enterprises so this is important
06:40
to you know maybe a small fed averse actor right there there are exemptions if you have only a certain number of employees or only a certain certain revenue but for the other ones there there are real obligations and and there are you know the possibility of fines so the DSA is a thing to be taken seriously and this gives a kind of outline of the different
07:00
obligations that I can go over more so specifically for the very largest online platforms so the DSA it doesn't say what is illegal what is illegal is defined by you member states invite you law and the DSA really tries to take a systemic approach it's not trying to kind of whack a mole take down pieces of illegal content because we know we've been in the space for a
07:21
while we know it doesn't really work that way I used to work on disinformation it's not about a single piece of content it's about the way that the service is providing narratives and amplifying certain things but it's really structural and so the DSA is really trying to take the systemic approach and it asks each very large online platform to go and say what are
07:40
your systemic risks do they relate to you know it's a certain kind of online violence that your service might be perpetuating they relate to privacy so and and the platform then has to has to address that and actually propose their own ways of addressing that systemic risk it also does have some very clear ideas though about how platforms should be
08:02
addressing their systemic risks for instance they have to have advertising libraries where you can researchers can go through actually anyone can go through it and look at the archive of what has been you know published as as published as promotional content platforms that are over the threshold have to have a recommendation algorithm that is not based on user
08:24
profiling under the definition of the GDPR so experts in GDPR might say maybe we can still have a recommender system that's using some some kind of engagement type of data but the idea is that you have to have a really viable alternative there are rules about online infrastructure our online interface and and design so the idea that you shouldn't have deceptive
08:43
patterns that are that are tricking you into maybe making decisions online that you would normally take data access for better researchers it's critically important and we know this at the Mozilla Foundation having researched very large online platforms ourselves it's very difficult to know sometimes what's going on inside the platform so the idea is that
09:02
eventually there will be infrastructure for the largest platforms to actually share certain data sets related to their systemic risks with vetted researchers this is a very long process of building up this infrastructure making sure that it has really clear safeguards but this is really important and for those of you who you know read the news that Twitter
09:20
is going to get rid of its free API this is a really critical problem is how are we going to continue to hold platforms to account if we don't understand what's really happening inside of them so many caveats on this data access regime really is about systemic risks it really is about compliance and it is for researchers but but this is you know really really important thing that's going to change over the next couple of years
09:43
codes of conduct so like the code of practice on disinformation which now joins in the DSA there will be also codes of conduct related to accessibility and related to other kind of key areas where platforms and companies might be able to come together and decide for themselves to an extent what are important measures they can take and then that's backed up through the
10:02
rest of the regulatory framework and then crisis response which we can maybe talk about in the Q&A but so what are the next steps where are we in this legislative process or now it's the implementation process right we have we have the regulation now but there's a lot of things that are yet to be
10:21
determined so yeah we've had the draft was released in 2020 it's been a couple of years working on it with EU institutions and now we are coming on a very important moment which is so it's it's in force but who does it apply to and so on February 17th so mark your calendars platforms that are
10:42
likely very large online platforms a very large online search engines are supposed to notify the European Commission of this but this is actually something kind of funny happened here which is that it's not written in the DSA exactly how the platforms or how the Commission will find out which platforms are in it so platforms are told to put this number on somewhere on
11:04
their interface so the Commission might have to go and check a lot of platforms interfaces they've been encouraged platforms have been encouraged to actually email the Commission there's an email address that they can use but if some of you have some free time the next couple of weeks and wanna to find out if platforms are publishing their numbers
11:24
on their interface please do that would be great so yes we'll see what happens on February 17th and then so for the largest online platforms the DSA will actually apply to them already at the end of actually midway through this year in July and then for the other the rest of the stack and for the
11:43
smaller online platforms it won't apply until 2024 so we have a bit of time and this time is because there's a lot of kind of secondary legislation codes of conduct voluntary standards a lot of the real kind of details of the DSA are actually yet to be I really specified and spelled out and that
12:03
process is what's happening now and that's why it's great that you guys are in this room and if you're interested in some of these details which are in some cases really not details at all they're very very important yes the one of these things is the designation of the very large online platforms one of them is the data access regime we have you know a secondary a delegated act that will actually entail what is the data
12:23
access regime auditing requirements I think I might have skipped that but the very large online platforms and search engines have to submit themselves to an annual audit they actually they pay for this audit but they have to be submitted to this audit and this audit is all of their due diligence obligations the massive kind of audit and this the kind of details of what
12:43
this auditing regime will look like are actually being elaborated now in in a delegated act that's really important and we'll have a draft of that delegated after that you can look at and give feedback on that should appear in the next couple of weeks towards the end of the month yes and send guidelines various voluntary standards will come out on a lot of different
13:04
elements of the GSA and right now regulators are really getting prepared they have a massive amount of work to do the European Commission for the first time is going to become a regulator actually this was not the case with with GDPR right it was really the member states that were
13:21
regulating the GSA now for the largest online platforms the Commission will be overseeing them but of course everyone else is going to be overseen by by regulators in their member states so all EU countries are in the process of designating something called the digital services coordinator that will be responsible for overseeing the compliance and regulation in that
13:43
member state and a lot of online very large online platforms are based in Ireland right and so that means that the eventual Irish digital service coordinator will have quite an important role probably not as important as it had in the GDPR towards data protection issues but but still a very
14:01
important role and the European Commission has recently actually opened up an entire the new institution which is the European Center for Algorithmic Transparency ICAT it has offices in Brussels in Italy and in Spain and they're going to be really serving as kind of a additional kind of
14:21
technical support to the Commission to understand some of the the research challenges that it has in front of it and that's where I'm going to close as usual I talk fast so I have a little bit of time but that's okay and if you have questions yeah I'm on Macedon I'm also on Twitter but and this is my but
14:44
this feels like a Macedon crowd so yeah and went up really fast yeah yeah
15:00
thank you very much also I have a question in matrix say question for the DSA where does the platform have to publish communicate their monthly active users yeah that's a good question right so they're supposed to put it on there on their interface I don't really know what that means but they're supposed to put on their interface but they should also email the European Commission so if
15:23
that question is being asked by a very large online platform you should email the Commission hello thank you for the communication I was waiting to know more about the law in itself recently there have been a combination
15:41
of Facebook and the US have been lawsuit between LinkedIn and a small company about web scrapping and web scrapping right now is is is the way for us for developer and developer open source developers to access to the data on this platform because they are the only one that can have the
16:03
monopoly basically they have the monopoly on it yet the regulation actually is harsh it could it could be interpreted as forbidding that are scrapping in somehow that the point of this company they're saying that it's forbidden I wanted to know if they this new law push push obligation
16:26
requirements for the company for this vlog to have public APIs or at least not to block application want to to make the content free no that was
16:45
really clear so questions about web scraping and how the DSA will block or or help researchers essentially study the large online platforms I can't respond to web scraping specifically it's a really important question right but as to the kind of the ability of the DSA to encourage and facilitate
17:01
research and especially through API's it will encourage so for the largest online platforms again it will require them to share data it doesn't exactly say how it will do this it talks about interfaces right and it this is again to be elaborated through the Delegated Act so that your question
17:21
really is gonna be answered over the next you know year and a half or so but specifically the platforms will have to to share data and have to allow research it won't necessarily be with everyone there are clear specifications about what is a vetted researcher but it will and we have this already in the text at least an article on data access there are tiers so for a
17:44
tier of data which is quote-unquote manifestly made public so we can think about if we think about Facebook it's like a public page that data should be available through actually an interface it's essentially trying to mandate a kind of crowd tangle so this isn't everything that necessarily we
18:02
want to see and it's also this has to also itself still be elaborated but the DSA is trying to encourage this kind of research speaking of Mastodon so if like how does this definition of very large online platform come when it
18:24
comes to like a federated services like if Mastodon grows to like I don't know hundreds of million of users and all the European instances together hit this 10% like point of numbers of users but none of them individually
18:45
actually do this like is there any specification for this and the regulation yeah so this should I be taken as legal advice for people who run Mastodon servers this I can tell you my understanding and then I can say that the DSA was really not designed to try to penalize the
19:02
Fediverse the DSA is trying to encourage the Fediverse is trying to look at platforms that are largely profit driven right but it's in the Fediverse it would be treated I'm fairly in according to my understanding as an individual server would be a platform and so if you had one individual server that finally reached the threshold of 45 million active
19:22
monthly users which I think we're very very far from then there might be some obligations but at that point they have a lot of other problems otherwise it would be yeah I think we're really gonna be looking at small micro platforms that's such a really like that question and the question is is
20:07
there so the DSA is largely targeting no kind of companies right over platforms but what about applying to software engineers as such I mean it's challenging this is I'm speaking really my personal opinion here but to hold a person responsible for their company or the thing that they're
20:23
providing that's difficult but I think as far as there's some really interesting articles in the DSA that will be interesting to see how companies interpret them and how individuals interpret them like on the interface design I think this is really up to designers to do a really great and transparent job on that so yeah I don't think that I mean it's
20:43
difficult to have regulation apply to employees right that would be that would be tricky but but it's an interesting question so I didn't hear
21:18
the second part what were the examples at the end that you looked
21:21
that you mentioned yeah the question is what about the details which are really yet to come including also court decisions yeah I think there are going to be a lot of civil society organizations that are going to engage
21:42
probably in strategic litigation I think that would be a huge component of the next couple of years as for the Mozilla Foundation we're really interested in the implementation phase right the areas that that the Commission has very much asked for help on certain things they you know they are consulting with stakeholders they're basically our public processes the
22:01
delegated act where they publish them and they want feedback so really following those opportunities and I think a lot of civil society actors are as well and then there there is a lot of these codes of conduct I think are really interesting and the voluntary standards where organizations and civil society actors can come together and add some details so the research
22:21
community has a huge role I think to play so yeah definitely Mozilla and definitely a lot of other actors are engaging but there's there's so many opportunities to do that so if you if you're interested in them you can send me an email actually there is yeah so in a couple of I mean the
22:42
GDPR always always applies but it's sort of a bedrock for a lot of these things but there are a couple of really interesting articles where they have overlap so for instance the provision that very large online sorry the question was if the relationship between GDPR and DSA and I'm not going to give you a holistic answer on that at all you would ask a specialist but I can tell you the provisions that I'm really interested in that that overlap
23:03
so one of them is on the requirement for a very large online platform to have a recommender system not based on profiling this is typically an area where they have overlap because profiling is understood under the GDPR so it'll be really important to see how this is actually understood and how platforms
23:22
will implement that and then how you know that you know how regulators will also see their responsibilities to ensure that that's enforced and that's one area and there are there are a few other articles where they're also that kind of similar overlap we have a question in metrics do you fear any
23:42
backfire action from companies to happen like the GDPR created the pop-up consent the question is about backfire well technically it wasn't GDPR was the e-privacy directive is a combination of the two that is responsible for cookie banners but it is a really good question I mean and this is where
24:00
I think it's actually really important to be clear about what is compliance to the letter of the regulation and what is meaningful compliance for the actual end-user whose experience you want to help right so it's possible that companies might take the regulation and and in their kind of design of the of their new obligations make something really annoying for users to get them to not want to do it for instance take this
24:24
example again of the alternate recommender system you could hide it behind eight clicks and you could make it change back the next morning you know you could make it somehow like a really boring I don't know but there are ways that you could make it unattractive but it's still comply and so I think it's important that companies decide to comply in a way
24:41
that's also appealing and also fair because I don't think that cookie banners are really complying with GDPR privacy in a way that is really there we are a bit of time okay
25:29
yeah the questions about dark patterns are deceptive design and especially after GDPR and so there is a specific article in the DSA article 25 that looks at online interface so it's not looking at any kind of patterns but
25:43
it's looking at online interface design and it's obliging platforms to design their interface in a way that is yeah not not deceptive and doesn't leave the user down a path they wouldn't intend so very much the authors of the DSA are trying to not have that happen again through this one article
26:01
however the article isn't as strong as it could be and so a lot of civil study advocates that were pushing for it to be stronger didn't get everything they wanted that said I see this as being really really important and I think if platforms do look at this article and fully comply we shouldn't have some of these dark pattern issues but this yeah this is one of those details that will yet to be seen and I think there's going to be a lot of
26:22
pressure on this one provision and I hope it can withstand that pressure thank you very much we don't have time for more question but feel free to pop them in the matrix room and thank you very much