The European Commission is flooding Brussels with the last batch of legislative proposals, including updated liability for software and AI tools. Meanwhile online platforms are beginning to look into the implementation of the Digital Services Act.
====
DSA Implementation
---
The very final version of the text of the Digital Services Act (a corrigendum) is available [1] and will be nodded off by the Council and Parliament in the coming days. After that it will be published in the Official Journal of the EU and enter into force 20 days after publication. Most obligations will apply 15 months after entry into force or from 1 January 2024, whichever is later. However, some obligations on providers of online platforms, such as publishing the number of average active recipients and obligations on Very Large Online Platforms (VLOPs) after designation, will apply from three months after entry into force.
---
The European Commission is expected to lay out its plans on designation and supervision of VLOPs by the end of this year. This will take the form of so-called delegated acts (a.k.a. implementing acts). Apart from a designation process we also expect the Commission to publish a supervisory fee structure and how they intend to enforce the rules.
====
Data Act
====
The lead rapporteur for the Data Act, Pilar del Castillo Vera (EPP ES) in the Industry Committee, has published her draft report with proposed amendments. [2] One area where she suggests clarification is the provision under which governments may request data from services during a “public emergency”. She tries to integrate the notion of rapidity and explicitly mentions public health emergencies and major natural disasters. Her suggestions would also exclude all SMEs from the scope. Another limitation that she proposed to write into the text is to explicitly exclude “personal data or data covered by professional secrecy”. Our position on this is the same as during the DSA: The term “public emergency” and the procedures that trigger it must be clearly defined.
---
Meanwhile in the Council the Czech Presidency is moving ahead with the negotiations among Member States in the Council. There is a proposal to extend Article 35, which limits the sui generis database right (SGDR), even further. Under the Czech proposal the SGDR would never apply to machine generated data. Under the Commission proposal it wouldn’t apply only when a user asks for access to data generated by a product or service they use. We welcome the proposal and also spoke in favour of it with relevant MEPs. Some background: [3]
======
AI Liability
======
The European Commission presented a new AI Liability Directive. [4] The stated goal is to complement the AI Act in making sure people and companies who were harmed by high-risk AI systems (think recruitment, admissions, autonomous drones, self-driving cars) are able to seek damages. Under the proposed text the burden of proof on the claimant would be reversed under certain conditions, as it would be very hard for an outside person to understand how the AI algorithm works. Also, courts will have the explicit right to request companies to disclose technical information about their algorithms.
---
In a related move, the Commission also presented its proposal for an updated Product Liability Directive. [5] This Directive covers all unsafe products, including software and digital services, meaning it also covers machine learning algorithms. Under the new rules providers would be responsible for software updates and patches. The proposal asle makes one huge exception: free and open source software provided outside the course of a commercial activity will not be covered. This provision appears in a recital only. Perhaps it would be best to move it to a proper article.
========
EMFA
========
The European Media Freedom Act was proposed by the European Commission. [6] It has the aim of helping journalists and media protect their independence across the EU, but reads a little like a smörgåsbord covered with soft law measures. It prohibits Member States from surveilling media or journalists, except under a “national security” clause. It obliges Member States to have “open and non-discriminatory” prodecudure for electing heads of public broadcasters and to distribute public advertising funds fairly. The idea seems to be that by stating these principles in EU law, citizens and media would be able to enforce them in court.
---
As expected, an alteration of the so-called “media exception” resurfaced in the proposal. Media companies had unsuccessfully tried to make it harder for online platforms to remove or restrict visibility to their content in the Digital Services Act. The new provision asks some online platforms to send registered media outlets a prior warning before removing or restricting their content. The provision will essentially only apply to Very Large Online Platforms (as per DSA) that allow business users to offer goods or services to consumers (as per Regulation on fairness for business users of online intermediation services).
==============================
Combatting Violence Against Women
==============================
A directive on combatting violence against women and domestic violence [7] is currently in the works of the European Parliament and the Council. While the piece of legislation doesn’t focus on the online world it nonetheless has provisions against the non-consensual sharing of intimate or manipulated material, cyber harassment, cyber stalking and cyber incitement of violence and hatred. It would mandate that all EU Member States make these actions punishable as criminal offences. Member States must also ensure that competent judicial authorities can issue binding legal orders to remove or disable access to such material from online platforms.
=====================
Political Advertising Online
=====================
The EU is trying to come up with universal rules on political advertising online. [8] The definition of what constitutes political advertising is quite broad, which is one major point of discussion. It is not directly related to payment, which causes quite a bit of confusion. Potentially even a Wikipedia article about a candidate could fall into this category. However, the obligations are mainly addressed at “providers of advertising services”, which effectively leaves Wikimedia projects out of scope.
---
Another point of tension is whether political advertisements can be targeted. The DSA will already prohibit the use of sensitive personal data (e.g. political preferences, sexual orientation, religous beliefs), but some lawmakers would like to go further. Others say that politicians should be able to target voters online with ads only if they have explicitly agreed to give some data like gender, age and location. A clear majority is not in sight.
=====================
Big Fat Brussels Meeting
=====================
We have published the dates, location and a draft agenda for this year’s Big Fat Brussels Meeting (2 &3 December). Feel free to add your name to the participants list if you plan to come:
https://meta.wikimedia.org/wiki/EU_policy/Big_Fat_Brussels_Meeting_VIII
====
END
====
[1]https://drive.google.com/file/d/1HaPpOkD5DdMsYlJXt-tBQtax7yduCcek/view?usp=sharing
[2]https://www.europarl.europa.eu/doceo/document/ITRE-PR-732704_EN.pdf
[4]https://ec.europa.eu/commission/presscorner/detail/en/ip_22_5807
[5]https://single-market-economy.ec.europa.eu/document/3193da9a-cecb-44ad-9a9c-7b6b23220bcd_en
[6]https://drive.google.com/file/d/18YDbhYiSQVa2x2upKW4nBipgpgQdI2Xc/view?usp=sharing
[8]https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2021/0381(COD)&l=en