The European Commission is flooding Brussels with the last batch of
legislative proposals, including updated liability for software and AI
tools. Meanwhile online platforms are beginning to look into the
implementation of the Digital Services Act.
====
DSA Implementation
---
The very final version of the text of the Digital Services Act (a
corrigendum) is available [1] and will be nodded off by the Council and
Parliament in the coming days. After that it will be published in the
Official Journal of the EU and enter into force 20 days after publication.
Most obligations will apply 15 months after entry into force or from 1
January 2024, whichever is later. However, some obligations on providers of
online platforms, such as publishing the number of average active
recipients and obligations on Very Large Online Platforms (VLOPs) after
designation, will apply from three months after entry into force.
---
The European Commission is expected to lay out its plans on designation and
supervision of VLOPs by the end of this year. This will take the form of
so-called delegated acts (a.k.a. implementing acts). Apart from a
designation process we also expect the Commission to publish a supervisory
fee structure and how they intend to enforce the rules.
====
Data Act
====
The lead rapporteur for the Data Act, Pilar del Castillo Vera (EPP ES) in
the Industry Committee, has published her draft report with proposed
amendments. [2] One area where she suggests clarification is the provision
under which governments may request data from services during a “public
emergency”. She tries to integrate the notion of rapidity and explicitly
mentions public health emergencies and major natural disasters. Her
suggestions would also exclude all SMEs from the scope. Another limitation
that she proposed to write into the text is to explicitly exclude “personal
data or data covered by professional secrecy”. Our position on this is the
same as during the DSA: The term “public emergency” and the procedures that
trigger it must be clearly defined.
---
Meanwhile in the Council the Czech Presidency is moving ahead with the
negotiations among Member States in the Council. There is a proposal to
extend Article 35, which limits the sui generis database right (SGDR), even
further. Under the Czech proposal the SGDR would never apply to machine
generated data. Under the Commission proposal it wouldn’t apply only when a
user asks for access to data generated by a product or service they use. We
welcome the proposal and also spoke in favour of it with relevant MEPs.
Some background: [3]
======
AI Liability
======
The European Commission presented a new AI Liability Directive. [4] The
stated goal is to complement the AI Act in making sure people and companies
who were harmed by high-risk AI systems (think recruitment, admissions,
autonomous drones, self-driving cars) are able to seek damages. Under the
proposed text the burden of proof on the claimant would be reversed under
certain conditions, as it would be very hard for an outside person to
understand how the AI algorithm works. Also, courts will have the explicit
right to request companies to disclose technical information about their
algorithms.
---
In a related move, the Commission also presented its proposal for an
updated Product Liability Directive. [5] This Directive covers all unsafe
products, including software and digital services, meaning it also covers
machine learning algorithms. Under the new rules providers would be
responsible for software updates and patches. The proposal asle makes one
huge exception: free and open source software provided outside the course
of a commercial activity will not be covered. This provision appears in a
recital only. Perhaps it would be best to move it to a proper article.
========
EMFA
========
The European Media Freedom Act was proposed by the European Commission. [6]
It has the aim of helping journalists and media protect their independence
across the EU, but reads a little like a smörgåsbord covered with soft law
measures. It prohibits Member States from surveilling media or journalists,
except under a “national security” clause. It obliges Member States to have
“open and non-discriminatory” prodecudure for electing heads of public
broadcasters and to distribute public advertising funds fairly. The idea
seems to be that by stating these principles in EU law, citizens and media
would be able to enforce them in court.
---
As expected, an alteration of the so-called “media exception” resurfaced in
the proposal. Media companies had unsuccessfully tried to make it harder
for online platforms to remove or restrict visibility to their content in
the Digital Services Act. The new provision asks some online platforms to
send registered media outlets a prior warning before removing or
restricting their content. The provision will essentially only apply to
Very Large Online Platforms (as per DSA) that allow business users to offer
goods or services to consumers (as per Regulation on fairness for business
users of online intermediation services).
==============================
Combatting Violence Against Women
==============================
A directive on combatting violence against women and domestic violence [7]
is currently in the works of the European Parliament and the Council. While
the piece of legislation doesn’t focus on the online world it nonetheless
has provisions against the non-consensual sharing of intimate or
manipulated material, cyber harassment, cyber stalking and cyber incitement
of violence and hatred. It would mandate that all EU Member States make
these actions punishable as criminal offences. Member States must also
ensure that competent judicial authorities can issue binding legal orders
to remove or disable access to such material from online platforms.
=====================
Political Advertising Online
=====================
The EU is trying to come up with universal rules on political advertising
online. [8] The definition of what constitutes political advertising is
quite broad, which is one major point of discussion. It is not directly
related to payment, which causes quite a bit of confusion. Potentially even
a Wikipedia article about a candidate could fall into this category.
However, the obligations are mainly addressed at “providers of advertising
services”, which effectively leaves Wikimedia projects out of scope.
---
Another point of tension is whether political advertisements can be
targeted. The DSA will already prohibit the use of sensitive personal data
(e.g. political preferences, sexual orientation, religous beliefs), but
some lawmakers would like to go further. Others say that politicians should
be able to target voters online with ads only if they have explicitly
agreed to give some data like gender, age and location. A clear majority is
not in sight.
=====================
Big Fat Brussels Meeting
=====================
We have published the dates, location and a draft agenda for this year’s
Big Fat Brussels Meeting (2 &3 December). Feel free to add your name to the
participants list if you plan to come:
https://meta.wikimedia.org/wiki/EU_policy/Big_Fat_Brussels_Meeting_VIII
====
END
====
[1]
https://drive.google.com/file/d/1HaPpOkD5DdMsYlJXt-tBQtax7yduCcek/view?usp=…
[2]https://www.europarl.europa.eu/doceo/document/ITRE-PR-732704_EN.pdf
[3]
http://copyrightblog.kluweriplaw.com/2022/03/04/a-vanishing-right-the-sui-g…
[4]https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5807
[5]
https://single-market-economy.ec.europa.eu/document/3193da9a-cecb-44ad-9a9c…
[6]
https://drive.google.com/file/d/18YDbhYiSQVa2x2upKW4nBipgpgQdI2Xc/view?usp=…
[7]
https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_…
[8]
https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?refere…