Christel Schaldemose, the European Parliament's rapporteur on the Digital Services Act (DSA), said that with the DSA "we are going to take a stand against the Wild West the digital world has turned into, set the rules in the interests of consumers and users, not just of Big Tech companies and finally make the things that are illegal offline illegal online too". The DSA (now adopted by the European Parliament on 5 July 2022) is designed as a general framework setting rules for providers of intermediary services like online platforms and part of a broader attempt by the European lawmakers to tighten regulatory screws in the online world.
Does the DSA affect the existing framework for dealing with IP rights and trade secrets? As the DSA also deals with “illegal content”, there seems to be an obvious overlap. Here, we are taking a closer look at the impact of the DSA on IP and trade secrets.
The DSA v. existing EU IP laws
Conceptually (and according to its draft bill), the DSA will generally not affect any other EU acts that apply to intermediary services as far as they establish specific rules and procedures. In particular, the DSA is without prejudice to the E-Commerce-Directive, the EU's law on copyright and related rights, especially the most recent directive on copyright in the digital single market (DSM-Directive), as well as the EU’s law on consumer protection and protection of personal data.
Even though the DSA does not introduce new and specific IP-related provisions, it touches upon some notable points relevant in the context of IP and trade secrets protection: For instance, the DSA incorporates and further contours the liability of intermediary service providers. It also creates some uncertainty in relation to trade secret protection since very large online platforms can now be under an obligation to open up access to their (confidential) data.
Service Providers’ liability for illegal content
The DSA incorporates Articles 12 to 15 of the E-Commerce-Directive, which defined exemptions of the liability of intermediary service providers for the past two decades. These exemptions are of particular relevance when thinking about “illegal content” on platforms which allegedly infringe third parties' rights. "Illegal content", under the DSA, has a very broad meaning: It is any information which is not in compliance with EU law or the law of a member state, i.e. in particular contents that infringe IP rights. In respect of copyrighted content, the DSA does not take prejudice, and it is emphasized that in particular the DSM-Directive, including Article 17 on the use of copyright-protected (user-generated) content by platforms, remains unaffected. In other words, Art 17 DSM-Directive will prevail, but outside its scope, the DSA will apply – also in respect of copyright infringements.
The DSA does not significantly change the existing regime of liability. In particular, the hosting defence established under the E-Commerce-Directive will remain "as is" and there is no general obligation for service providers to monitor information or actively investigate illegal content. However, a notable update is a more specific notice-and-action mechanism applicable to hosting providers including online platforms: Under the DSA, hosting providers shall put mechanisms in place to allow for the submission of sufficiently precise and substantiated notices on "illegal content". Such shall exist of the following elements:
- explanation on the reason why the content is considered illegal;
- a clear indication of location, in particular by naming an URL;
- name and email address of the person submitting the notice; and
- statement of good faith regarding the accurateness of the notice.
In case of such substantiated notices, the hosting provider will be deemed to have awareness of the (alleged) violation in question, triggering the provider’s obligation to act against the illegal content.
It is worth noting that, as it was previously the case with the E-Commerce-Directive, the DSA's exemptions for intermediary service providers do not affect IP rights holders’ option to obtain injunctive relief (i.e. the possibility for a court or administrative authority of requiring service providers to terminate or prevent an infringement under national law). However, it remains to be seen how such injunctive relief can be balanced out with the principle that service providers should not become subject to proactive monitoring obligations. This includes the question of whether injunctions would also cover "similar" content, thereby resulting in de facto monitoring obligations to keep such content off the platform.
Very Large Online Platforms and Data Access Requests
The DSA also introduces additional obligations for “very large online platforms”, i.e. online platforms which provide their services to a number of average monthly active users in the EU of 45 million or more. Article 31 of the DSA imposes an obligation on such big platforms to provide access to its data upon reasoned request by the competent national authority, the so-called Digital Services Coordinator.
The European Parliament's recent proposal and most current trialogue draft agreement even includes an additional obligation on such platforms to explain the design, logic and the functioning of their algorithmic systems – including their recommender systems – upon a respective request from the Digital Services Coordinator. The DSA justifies this by emphasizing the particular relevance of investigations and studies by researchers on the development and significance of systemic online risks.
This would mean that social media platforms, for example, would have to give researchers a glimpse "behind the scenes". But there is a caveat regarding data that can be considered trade secrets: Article 31 provides for the platform providers' possibility to apply for an amendment of the data access request if access to the data would lead to "significant vulnerabilities" for the protection of confidential information.
It can be expected that the specificities and scope of this "trade secrets defence" will become a contentious item in the final legislative discussions, and before courts once the DSA is in force. The question under which circumstances trade secret protection can effectively be invoked as a barrier to data access requests under the DSA, and how these conflicting interests can be balanced out, will be top of the agenda for "very large online platforms". It will be key for all affected stakeholders to receive clear guidance on the "trade secrets defence" from legislators – or consequently from the courts and ultimately the CJEU.
The DSA has just been adopted by the European Parliament and will now have to be formally adopted by the Council of the European Union. Stakeholders should keep an eye on where the final text ends up.