During the past four years, the European Commission worked on legislative initiatives to upgrade the EU’s digital services rules: the Digital Services Act (DSA) and the Digital Markets Act (DMA). The Digital Services Act is aimed to establish a new set of obligations for hosting services, marketplaces, and online platforms offering services in the EU and to create a secure and safe online environment. The Digital Markets Act (DMA) will ban certain practices used by large platforms acting as “gatekeepers” and enable the Commission to conduct market investigations and sanction non-compliant behaviour.
The Commission made its proposals for the DSA and the DMA in December 2020. On 25 March 2022, a political agreement was reached on the Digital Markets Act and on 23 April 2022 on the Digital Services Act.
Together they should form a single set of new rules that will be applicable across the whole EU and are supposed to create a safer and more open digital space.
With Facebook and Instagram being the main hotbeds for investment scammers, EFRI initiated in November 2021 an online petition for amendments to the Digital Services Act as proposed by the EU Commission as of December 2020 (more details here). We found the proposal for the Digital Services Act, although showing ambition to finally tackle the significant issues with the online platforms and marketplaces, missed out on clear words regarding the civil liability of social media platforms in case they fail their defined obligations. We expressed our definite concerns that considering the constantly increasing size of cybercrime, clear responsibilities, clear liability frameworks, clear enforcement procedures, and redress requirements have to be set for the future to address the cybercrime issue. More than 800 people supported our petition with explicit change requests.
The EU missed a big chance for a clear liability regime!
The Council praised the approved Digital Services Act with “what is illegal offline will also be illegal online” and states some of the major achievements as:
New rules to trace sellers on online market places, to help build trust and go after scammers more easily; a new obligation by online marketplace places to randomly check against existing databases whether products or services on their sites are compliant; sustained efforts to enhance the traceability of products through advanced technological solutions.
Users will have new rights, including a right to complain to the platform, seek out-of-courttlements, complain to their national authority in their own language, or seek compensation for breaches of the rules. Representative organisations will also be able to defend user rights for large scale breaches of the law and many more.
Our reality check gives a different picture. We found that although some of our requests have been allowed for, the European authorities still do not understand how urgently decisive action is necessary to curb the cybercrime threat – increasing in size on a daily basis – in Europe. We realized that our main important requests for amendement have unfortunately not been followed up at all.
NFTs are excluded (except for NFTs with fractionalized ownership). The Commission is expected to develop a new regime on NFTs within 18 months.
No strong and positive liablility framework for online market places
Contrary to our request Article 5.3 DSA in its final version does not at all include a clear and strong positive liability framework for online marketplaces in case the intermediary service provider is in breach of its obligations as required in the DSA and thereby enables the selling of illegal content or illegal goods to uprotected consumers.
The now set rules in Article 5.3 DSA providing that the general liability exemption does not apply to online marketplaces under certain circumstances in connection with the Recitals (17) up to (26) DSA will for sure not sufficiently address the widespread illegal activities in online marketplaces.
Recital (17) even outlines the (anyway very restrictive) liability rule as set in Article 5.3. should not be understood to provide a positive basis for establishing when a provider can be held liable, which is for the applicable rules of Union or national law to determine.
In Recital (17) up to (26) the European authorities definitely support the online marketplaces by restricting their liability considerably. Only … when the provider offers its service with the main purpose of facilitating illegal activities, for example by making explicit that its purpose is to facilitate illegal activities or that its services are suited for that purpose … the online marketplaces will be liable for illegal content.
According to the new DSA victims of scams being advertised on online marketplaces have to refer to their local law enforcement agencies and national courts for any redress from online marketplaces. With cross-border law enforcement in Europe having serious issues and lagging massively behind technical developments these new DSA rules will not at all help to curb cybercrime.
Being aware of the deep pockets of the social media compnaies for legal civil proceedings we are confident that the restrictions set by the recitals will have a negative effect on any court decisions of national courts and legal claims for refunds from online marketplaces.
Insufficient rules on the Traceabiity of Traders
Regarding our requests in relation to the Due Diligence requests for Traders (formerly Article 22 Traceability of Traders) we realized that neither one of our requests was dealt with. The wording in Article 24c (Section 3a – Provisions applicable to providers of online platforms allowing consumers to conclude distance contracts with traders) still avoids defining clear responsibility for online marketplaces in giving traders with illegal services and goods access to their platforms. .. word like ..if applicable… or make best efforts to assess whether the information referred to in paragraph 1, in points (a), (d) and (e) to (f) of paragraph 1 is reliable and complete.. will for sure not result in the desired effects of stopping scammers to use the online marketplaces.
Article 24d DSA provides that after allowing the offering of the product or service by the trader (!) , online platforms shall make reasonable efforts to randomly check whether the products or services offered have been identified as being illegal in any official, freely accessible and machine-readable online database or online interface. Reasonable efforts on checks will probably not fulfill the urgent task to curb cybercrime in Europe.
Considering the recklessness of the scammers and the greed of the online marketplaces “best efforts” and “reasonable effort” without any liability framework set in case the online market places do not comply with these anyway “vague” requirements will not be enough to induce online marketplaces for severe actions for misuse of their services.
No refunds for the victims
It is also a pity that the EU Council missed to empower one of the new authorities to be set up (the National Digital Services coordinators, the European Board of Digital Services Board resp. the Commission (for very large platforms)) to request compensation for the victims in case the non-compliance of the platforms with the new set DSA rules is determined.
So it remains for the victims to care for justice and redress. No improvement at all for victims.
Ineffective Monetary Fines
Article 59 DSA determines that the Commission may impose on the
provider of the very large online platform or the very large online search engine concerned fines not exceeding 6% of its total worldwide annual turnover in the preceding financial year where it finds that that platform provider, intentionally or negligently:
(a) infringes the relevant provisions of this Regulation;
(b) fails to comply with a decision ordering interim measures under Article 55; or
(c) fails to comply with a voluntary measurecommitment made binding by a decision pursuant to Articles 56.
As we already learned from the enforcement of the money laundering rules that fines – even huge fines – do not result in penalized banks adhering to the money laundering rules we propose to start out with effective penalties in this new Act!
We are definitly disappointed. The Digital Services Act does for sure not meet our expectations and for sure does not appropriately answer the cybercrime threat of our society. The lobbying armies of the big social media companies did an excellent job. The European authorities missed a big chance to step up the fight against the scammers. It is a shame!
Following the adoption of the Digital Services Package in the first reading by the European Parliament in July 2022, both texts now have to be adopted by the Council of the European Union.
The DSA will be directly applicable across the EU and will apply fifteen months or from 1 January 2024, whichever comes later, after entry into force. As regards the obligations for very large online platforms and very large online search engines, the DSA will apply from an earlier date, that is four months after their designation.