The Digital Services Act (“DSA”) is currently one of the hot topics in the industry. As previously outlined in this blogpost, the DSA is one step closer to becoming law but there are still a lot of questions to be answered. In this series of blog posts, we will look at the different implications of the DSA to give an indication of what it means for businesses and investors.
A short re-cap: What is the DSA about?
Under the legislative proposal, presented by the Commission in December 2020, online platforms like social media and marketplaces would need to fulfill a series of new obligations, which set s out new standards for the accountability of illegal and harmful content.
The DSA follows the principle of ‘what is illegal offline, must also be illegal online’ and aims to protect digital spaces against the spread of illegal content to ensure the protection of users’ fundamental rights. Even though the final draft of the DSA is still not available, from what it is known, service providers will be required to implement new procedures designed to take down illegal material such as hate speech. If they fail to comply with these obligations, they might face fines of up to 6% of businesses’ global annual revenues.
In this blog post,we look at the transactional implications specifically when drafting general terms and conditions, and outline what changes need to be made to existing contracts.
I. Limitation of liability
First things first, the DSA does not establish rules for when a provider of intermediary services can be held liable in relation to illegal content provided by the recipients of the service. This is still determined by the applicable rules of EU and national laws, e.g. the E-commerce-Directive. The DSA is about providing safe harbours for those intermediary service providers that provide services neutrally and by merely technical and automatic processing of the information of their service recipients. As long as these providers do not play an active role like have knowledge of or control over the information, the DSA states that they should not be liable.
How to get to limited liability
The specifications for the limitations of liability are rather strict. The exact requirements for a liability limitation differ depending on the kind of service provided. In general, the requirements aim to ensure that the service providers have no influence on the selection of or the content of the information itself and its dissemination other than through the provision of the actual technical service. Secondly, service providers must act as soon as they become aware of the illegality of the content by either removing the content or by blocking access.
Therefore, a provider of ‘mere conduit’ or ‘caching’ services can only benefit from the liability limitation if it is in no way involved with the information transmitted, eg by modifying it in a way that alters the integrity of the information. A provider of hosting services on the other hand must act expeditiously to remove or to disable access to the information as soon as it obtains actual knowledge or awareness of its illegality.
Luckily, the DSA also clarifies that - to not discourage activities aimed at detecting, identifying and acting against illegal content that intermediary services providers may undertake on a voluntary basis -, the exemption from liability is still available for providers undertaking these activities. Nevertheless, Recital 25 adds that this only applies as long as those activities are carried out in good faith and in a diligent manner and therefore doesn´t make contract drafting any easier.
But what does this mean for contract drafting in the future?
When granting rights to the service provider, there is a fine line between the neutrality of the service provider and that of its task performance when it comes to notice and take down requirements. Therefore, above all, attention must be paid to the exact scope of the rights granted to the service provider. If the service provider has too much influence over the content or its dissemination, it runs the risk of losing the liability relief. At the same time, however, it must be ensured that the rights granted are broad enough to take into account the take-down requirements of the liability relief provisions.
Additionally, neutrality and task fulfillment must be ensured even if the service provider is integrated into a chain of contracts. Flow-down terms might be recommended here to prevent deltas from arising in the middle of these contractual chains.
Similar difficulties arise if the service provider is to be granted the right to undertake activities aimed at detecting, identifying, and acting against illegal content on a voluntary basis. The boundary between permitted monitoring and moderation preventing the limitation of liability is unclear. The reference in the Recital to careful and good faith-oriented implementation - which is not yet reflected in Article 7 – imposes challenges when it comes to drafting. It might be advisable to draft rather restrictively in light of the risk of losing the liability limitation.
Side note: there is still no general monitoring requirement
Article 7 of the legislative proposal states that providers of intermediary services should not be subject to a monitoring obligation with respect to obligations of a general nature. Even though the EU negotiators reached a provisional agreement on the final draft of the DSA on 23 April 2022, changes, mainly of an editorial nature, were proposed following the negotiations. In this context, it has been proposed to include specific exemption conditions in recital 28, under which national legislators could have introduced blanket stay-down obligations. Nevertheless, according to media reports, the new draft only provides for corresponding orders by national authorities in individual cases, and in accordance with EU law, as interpreted by the European Court of Justice. National authorities and the courts are left to interpret how broad these individual cases can be.
II. General Terms and Conditions (GTC)
The DSA contains a colourful bouquet of new specifications that must be complied with in and around GTC in the future. Even though the regulations differ according to the type of service provider, all service providers will be affected in two ways. Firstly, the DSA introduces new requirements to improve transparency and secondly it contains duties to ensure the fair and unarbitrary enforcement of the GTC. The DSA does still highlight the importance of contractual freedom for service providers. Therefore, most of its regulations do not directly affect the content of the GTC apart from the relevant information regarding transparency. While the DSA does not influence the content of the GTC apart from information requirement, existing GTCs should be reviewed in the light of the new requirements, as they could indirectly be affected by the new regulations.
New requirements for transparency
The DSA shall improve transparency with two main sets of obligations on service providers.
First, service providers will be required to include certain information in their GTCs, which includes: whether; how (e.g. by means of algorithmic decision-making); and to what extent content restrictions in terms of moderation activities take place. Online platforms additionally need to include details about the rules for dealing with abuse. This must include the facts and circumstances that they take into account when assessing whether a particular conduct constitutes abuse, and the duration of the suspension.
Second, the DSA will introduce obligations regarding the format of the GTCs. These are to be written in clear and unambiguous language and made publicly available in an easily accessible form.
Uniform enforcement of the GTC
To ensure a non-arbitrary enforcement of the GTC, providers of intermediary services will explicitly be obliged to act in a diligent, objective and proportionate manner in applying and enforcing the restrictions due to moderation of user content. Providers will have to regard the rights and legitimate interests of all parties involved, including the applicable fundamental rights of the recipients of the service, as enshrined in the Charter.
The DSA also indirectly affects the contents of GTC
The DSA contains various specifications that refer to GTCs’ discretionary content. For example, the new transparency requirements will require service providers to account for how often content was blocked or removed because of their GTCs. Service providers must also monitor decisions made based on violations of the GTC. Businesses should review existing GTCs to evaluate if they grant rights that are broad enough to appropriately respond to undesired behaviour and content. At the same time, a broad granting of rights carries the risk - also due to the obligation for uniform enforcement - that the requirements for moderation, complaint management, and transparency will disproportionately get out of hand.
III. What should you do next?
The DSA should be taken into account when drafting contracts and GTCs for intermediary service providers. All service providers with existing contracts would be well advised to check whether they fall within the scope of the DSA and review their contracts to ensure that they comply with the requirements of the DSA and, if necessary, adjust or renegotiate them.