David Barnett's Brand Protection Articles: Taking action: EU Commission proceedings against online platforms under the Digital Services Act

by David Barnett and Richard Ferguson

Introduction

i. Overview of the Digital Services Act (DSA)

Around one year on from the full implementation of the Digital Services Act (DSA), we conduct a review of actions taken by the EU Commission regarding online platforms under the scope of the legislation, as reported on the Commission's own 'press corner' website^[1].

The DSA concerns the regulation of online platforms such as e-commerce marketplaces, social media platforms, app stores, and hosting and intermediary services (e.g. providers of cloud and web hosting, network infrastructure, Internet service providers, and domain registrars) and aims to "ensure user safety, protect fundamental rights, and create a fair and open online platform environment"^[2]. Specific measures under the DSA include the introduction of 'trusted flagger' status, obligations on traceability of business users, specific requirements for platforms over a specific size ('Very Large Online Platforms' (VLOPs) and search engines (VLOSEs) with over 45 million users in Europe)^[3], and out-of-court dispute resolution systems^[4].

ii. Routes for awareness of breaches

The EU Commission can become aware of potential breaches of the DSA through a number of routes:

Complaints and reports - Users, consumer organisations, and other stakeholders can file complaints or reports about potential breaches, including instances of illegal content, lack of transparency, or other non-compliance issues.

Digital Services Coordinators - Each EU member state has a Digital Services Coordinator (DSC) responsible for monitoring and enforcing the DSA at the national level, and can investigate and report breaches to the Commission.

Proactive monitoring - The Commission itself conducts proactive monitoring and investigations, which can include analysis of internal company documents, conducting interviews with experts, and co-operating with national authorities.

Transparency reports - VLOPs and VLOSEs are required to publish regular transparency reports detailing their content moderation practices, advertising policies, and other relevant activities. These reports can highlight potential areas of non-compliance.

External audits - The DSA mandates that VLOPs and VLOSEs undergo independent audits to assess their compliance with the regulations. The findings from these audits can inform the Commission of any breaches.

These mechanisms ensure a comprehensive approach to detecting and addressing non-compliance with the DSA.

iii. Sanctions for DSA breaches

The DSA includes provisions for several possible sanctions (primarily against VLOPs and VLOSEs) which may be imposed as a result of breaches. Key categories of sanctions include:

Fines - The EU Commission can impose fines of up to 6% of the global turnover of any VLOP or VLOSE found to be in breach of the DSA.

Periodic penalty payments - These may be imposed by the Commission to ensure compliance with its orders.

Corrective Measures - The Commission may order the provider to take specific measures to address the breach within a set deadline.

These sanctions are designed to ensure that providers comply with the regulations, with the aim of promoting greater online safety and transparency.

iv. DSA coordination in Ireland

Finally, it is also worth noting that the DSA has designated Comisiún na Meán (Media Commission) as the DSC for Ireland, as an EU member state. Also named as a competent authority for articles related to online marketplaces (Articles 30, 31 and 32) is the Competition and Consumer Protection Commission (CCPC). Under the terms of the DSA, Comisiún na Meán has powers to investigate, impose fines, and issue compliance notices, and is awarded trusted flagger status. CCPC also has the capacity to launch investigations and issue fines and compliance notices for marketplaces^[5].

Overview of EU Commission actions

The actions taken by the EU Commission relating to online platforms under the DSA fall into a number of high-level categories, and are collected together as such in the overview below. The summaries reflect the actions taken, and the associated grounds, at the time of the initial announcements.

Platform designations - This category of actions relates to the classification of individual platforms as VLOPs by the EU under the DSA, with the specific obligations which come with that designation. The first group of 17 VLOPs (including Alibaba AliExpress, the Amazon, Apple and Google Play app stores, Facebook, Instagram, LinkedIn, Pinterest, Snapchat, TikTok, Twitter, Wikipedia and YouTube) and two VLOSEs (Bing and Google Search) was announced on 25-Apr-2023^[6] and the second set (the adult sites Pornhub, Stripchat and XVideos) on 20-Dec-2023, together with an overview of more stringent rules for VLOPs^[7]. Subsequent designations as VLOPs followed for the e-commerce platforms Shein (26-Apr-2024)^[8] and Temu (31-May-2024)^[9], and the adult content platform XNXX (10-Jul-2024)^[10].

Formal proceedings - These can be taken against platforms in response to specific issues of concern. Those reported by the EU Commission are outlined below, categorised by the platform against which the action(s) was taken.

X (formerly Twitter) - The launch of formal proceedings against X related to the dissemination of illegal content (specifically in relation to the Hamas attacks against Israel), measures taken to combat information manipulation and increase transparency, and questions over the platform's 'Blue Checks' scheme (18-Dec-2023)^[11]. Preliminary findings on concerns relating to verified accounts, transparency on advertising, and data access were subsequently served to the platform, indicating the Commission had taken the view that the DSA had been breached (12-Jul-2024)^[12]. These formal proceedings had followed an earlier 'request for information' sent to the platform, concerned their policies on a range of issues. These areas of concern included the dissemination of illegal content and disinformation, gender-based violence, and security, mental well-being and other fundamental rights (12-Oct-2023)^[13].

TikTok - This action primarily related to concerns about the risk of negative effects and behavioural addictions caused by the platform’s algorithmic system, measures for the protection of minors, and the availability to the Commission of access to data (including questions about a searchable repository for advertisements (19-Feb-2024)^[14]. Subsequent proceedings related to possible non-compliance with the DSA surrounding the launch of TikTok lite in France and Spain - in particular, the potentially addictive nature of the 'Task and Reward Lite' programme (22-Apr-2024)^[15] - and on election risks - specifically, the possibility of manipulation or exploitation of the recommender systems, and questions over the policies on political advertisements and paid-for content (17-Dec-2024)^[16].

AliExpress - In this case, concerns were raised regarding content moderation and the handling of complaints by the e-commerce platform (particularly in regard to the availability of fake medicines and foods, and of adult content, and the practice of 'hidden links'^[17] to manipulate the platform and circumvent restrictions on the sale of infringing goods), advertising and other system transparency, and the availability of seller data (14-Mar-2024)^[18].

Meta (Facebook / Instagram) - Regarding the Meta platforms, concerns surrounded practices regarding deceptive advertising and the visibility of political content, in the context of the deprecation of the Meta public insights tool CrowdTangle, and the possible non-compliance of the mechanism to flag illegal content (30-Apr-2024)^[19]. A follow-up action centred on concerns about the physical and mental well-being of minors on the platform, including a lack of effective age-verification tools and privacy, safety and security measures (16-May-2024)^[20].

Temu - The proceedings in the case of the Temu e-commerce platform related to the sale of non-compliant products in the EU, the algorithms surrounding content recommendation and the addictive design of the service, including issues relating to data availability (31-Oct-2024)^[21].

EU Commission statements - In some cases, the Commission will issue a formal statement on an area of interest, distinct from an announcement of a formal proceedings action. Two examples in the 'press corner' database include a statement on the suspension of the TikTok Lite Reward programme in the EU (following a prior launch of formal proceedings) (24-Apr-2024)^[22] and one regarding steps announced by LinkedIn to comply with DSA provisions on targeted advertisements (07-Jul-2024)^[23], following a prior request for information (14-Mar-2024)^[24]. The former statement was followed by a subsequent press release announcing the permanent withdrawal of the TikTok rewards programme (05-Aug-2024)^[25].

Other press releases - the EU Commission 'press corner' archive also includes a number of other releases discussing a range of platform-specific issues. Examples in which the DSA is also referenced are outlined below.

Viagogo - The press release in this case outlines the commitment by the online ticket marketplace to improve terms and consumer information, following dialogue with the EU Commission and consumer authorities (16-May-2024)^[26].

Vinted - The e-commerce marketplace for second-hand goods made improvements to the provision pricing and seller information, in order to bring their practices more in line with EU consumer law, and to the quality of its information on refund policies in cases of purchase of counterfeit goods or the non-delivery of items, again following dialogue with the Commission (18-Jun-2024)^[27].

Meta - The EU Commission announced its coordination of action by national consumer protection authorities against Meta's 'pay or consent' model - essentially, a move by the platform to demand either a subscription fee or the use of customers' personal data in targeted advertising (22-Jul-2024)^[28].

Temu - The e-commerce platform was urged by the Commission and national authorities to respect EU consumer protection laws, relating to a range of issues surrounding misleading content (such as fake discounts and reviews), measures to influence decision-making (including pressure selling and gamification), and hidden contact details for the platform (08-Nov-2024)^[29].

Apple - This press release reports the notification to Apple of several potentially prohibited geoblocking practices, across a range of Apple Media Services platforms. Issues include the inability to access interfaces designed for use in other countries, no option for payment methods outside the country of account registration, and no ability to download apps offered in other countries (12-Nov-2024)^[30].

Discussion

Some of the issues raised by the EU Commission are still unresolved, but it is gratifying to see the organisation proactively taking actions against platforms on which problematic issues may be occurring - particularly those which impact consumer safety, have societal impacts, or are causing damage to brand owners. As time goes on, we hope to see the adoption of additional good practices by platforms within the scope of the DSA, such as the EUIPO recommendations for search engines outlined in their recent report^[31,32], and requirements for a more proactive approach to tackling infringements by e-commerce marketplaces, such as the platforms referenced in the 2024 Review of Notorious Markets for Counterfeiting and Piracy^[33,34].

As of the time of writing, no fines have yet been imposed by the Commission, but it may only be a matter of time before this takes place, especially if cases arise where platforms have made commitments, but fail to meet them. One potential example concerns TikTok which, in response to the proceedings referenced previously, has committed to withdraw its Lite Rewards programme from the EU^[35]. It also remains to be seen whether individual platforms may continue to challenge their designation status (i.e. as a VLOP or VLOSE), as a means of exempting themselves from obligations, as was done by Amazon when required to disclose its advertising information in an online archive^[36]. A final point to watch is how the newly-elected EU member state DSCs, responsible for local monitoring and enforcement of the DSA, may continue to develop in importance.

References

[1] https://ec.europa.eu/commission/presscorner/home/en?keywords=dsa

[2] https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/digital-services-act_en

[3] https://www.iamstobbs.com/opinion/digital-markets-act-eu-confirms-big-tech-gatekeepers

[4] https://www.iamstobbs.com/opinion/what-is-the-digital-services-act-and-how-will-it-protect-brands-and-support-online-enforcement

[5] https://enterprise.gov.ie/en/what-we-do/the-business-environment/digital-single-market/eu-digital-single-market-aspects/digital-services-act/

[6] https://ec.europa.eu/commission/presscorner/detail/en/ip_23_2413

[7] https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6763

[8] https://ec.europa.eu/commission/presscorner/detail/en/ip_24_2326

[9] https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3047

[10] https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3723

[11] https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6709