Torsten Kraul: Das neue Recht der digitalen Dienste – Digital Services Act

1  

The Digital Services Act (DSA) is one of the cornerstones of the EU Digital Policies; it is meant to regulate basic issues of the platform economy including liability questions of different types of providers. In contrast to the former E-Commerce Directive, which is largely replaced by the DSA, this new act in the form of a directly applicable regulation seeks to find very detailed answers to different questions, such as the mitigation of risks for fake news and influences on democratic discourses or even elections. Whereas the E-Commerce Directive contained no more than 20 articles, the DSA encompasses more than 90 articles with a lot of subparagraphs. This fact already illustrates that the application of the DSA will have results in practice to many issues. Hence, the first commentaries on the DSA have been awaited. The new book of Kraul and others belongs to this category of “firstcomers”.

2  

The authors as well as the editor are practicing lawyers in relevant areas of the Digital Service Act, thus, having experience in the practical application of the provisions on which they have commented – who, however, are up to now not well known in the (German) discussion of legal issues of intermediary liability and their regulation. Moreover, the book is something like a hybrid between a handbook dealing with certain issues in a chapter and a real commentary, annotating every provision separately. With a volume of 216 pages it is also relatively small given the huge and detailed amount of provisions of the DSA.

3  

After a short introduction, which describes the historical background of the DSA and the legislative proposals (§ 1), the next chapter (§ 2) concentrates on the scope of275 application of the DSA and its relationship to other EU acts. This section contains one of the major and crucial points of the DSA regarding the covered services; unfortunately, the author just cites the covered services in the Recital 29 of the DSA and just mentions some discrepancies with national jurisdictions, such as in Germany. Important services such as Cloudfare are not coped with explicitly, neither is the open question of how hyperlinks can be classified, nor search engines regarding the safe harbour provisions in Article 4 et seq. Concerning the international scope of application, the author mentions parallel provisions in the GDPR, however, not the relevant decisions of the CJEU with respect of Article 6 Rome I Regulation – which have dealt with the same problem when a service is directed to a market (or a consumer).^[1] Also, the problematic relationship between the Digital Single Market Directive and the DSA is only shortly mentioned (§ 2 cif 42). Further, the interaction between the Digital Markets Act, the EU Data Act or the GDPR are just briefly mentioned – but without going into further details.

The next cornerstone of the DSA refers to the safe harbour privileges which the DSA carried on with respect of Article 12–15 E-Commerce Directive. Regarding the treatment of search engines, the authors want to apply Article 4–6 DSA according to the specific activity of a search engine – however, without specifying which criteria have to be used in order to assess whether the search engine has to be qualified as an access provider or as a hosting platform (§ 3 cif 22), a result which is a shortcoming as there are serious differences between access and host providers. As the DSA follows the provisions of Article 12–15 E-Commerce Directive, the authors refer widely to the former jurisdiction and discussions on the safe harbour privilege, without adding something new. Regarding content delivery networks such as Cloudflare, the authors obviously are disregarding the clarification in Recital 29 DSA which confirms the qualification as ancillary services to access providing (§ 3 cif 65). Regarding the privilege of the Good Samaritan, as it is enshrined in Article 7 DSA, the authors plead for a restrictive interpretation of the voluntary actions undertaken by providers in order to detect illegal activities (§ 3 cif 86 et seq) – which is quite justified as the safe harbour privileges should not be modified. Further, the authors correctly point out that there is a potential conflict between an obligation to ‘stay-down’ an illegal content and the prohibition of general monitoring obligations (§ 3 cif 110 et seq).

The next chapter is dedicated to a large bouquet of different obligations for providers according to their size and function (§ 4). The author bases his interpretations widely on the Recitals and the wording of the several provisions, such as Article 13 DSA regarding the obligation to nominate a representative in the EU (§ 4 cif 29 et seq) or Article 14 DSA concerning standard terms and conditions. The author276 criticizes with good reasons the overload of information (duties) and pleads for a stricter control of standard terms and conditions (§ 4 cif 53). In the same manner, the DSA provisions on Notice-and-take-down systems (Article 16–18 DSA) for hosting providers are discussed; here, the author stresses the fact that the DSA does not refer explicitly to a certain member state regarding illegal content rather than to ‘any’ member state, so that the most restrictive jurisdiction would be the standard when it comes to block an illegal content (§ 4 cif 79 et seq). However, the author just illustrates two approaches of how to solve the problem, but does not clearly favour one of these options. Moreover, the impact of the country of origin-principle (which should be left untouched by the DSA) is not discussed. Regarding the potential conflict between dispute resolution mechanisms according to Article 17 DSM Directive and Article 20 DSA, the author argues that both mechanisms should be applicable at the same time – a position that, however, creates follow-up problems regarding, for instance, deadlines to resolve conflicts (§ 4 cif 112). Regarding the alternative dispute resolution mechanisms, the author criticizes with good reasons the provision of Article 21 (5) DSA which contains an obligation for the platform provider to bear all the costs, regardless of the outcome of the dispute resolution – which creates adverse incentives for platforms not to moderate content etc. (§ 4 cif 128 et seq). Also, the regulation of dark patterns in Article 25 DSA is commented in depth and in detail (§ 4 cif 150–159). Besides the provisions of the DSA regarding transparency of advertisements and the protection of minors, a special focus lies on annotations of the obligations for online market places in Article 29–32 DSA (§ 4 cif 178 et seq), such as the know-your-trader duty (Article 30 DSA). Moreover, the provisions of the DSA concerning very large online platforms are discussed intensely, starting with the opaque rules on how to determine the relevant number of users (§ 4 cif 205 et seq), continuing with the general clause of Article 34 DSA which requires a general risk management of very large online platforms. The author scrutinizes the various elements of the necessary assessment of systemic risks, which could be compared to a human rights impact assessment (§ 4 cif 213). These duties are even more specified regarding the mitigation of risks (Article 35 DSA), however, here the author restricts himself to references to the Recitals (§ 4 cif 219). Regarding the opt-out-rule for ranking systems in Article 38 DSA, the author focuses with good reasons on the question if online search engines are encompassed as this provision was not foreseen by the trilogue result (§ 4 cif 234); as this provision was not formally agreed on, the author pleads for a nullity regarding online search engines. In contrast, the provision on compliance with organizational duties (Article 41 DSA) is just commented upon in three short paragraphs (§ 4 cif 247–249), which does not exhaust the relevant issues such as the required operative independency of the compliance officer.

The last chapter is dedicated to enforcement issues (§ 5). As the focus of the DSA lies on enforcement of public authorities, it goes without saying that the commentary277 follows this line and refers mainly to the different provisions in the DSA regarding the structure of authorities and of the European Commission, their powers to sanction infringements etc. However, this chapter lays more stress on a systematic overview rather than commenting on each provision separately (§ 5 cif 6–23), including the instruments to coordinate the monitoring and supervisory powers of the relevant authorities (§ 5 cif 24–33). The same is true for the description of investigation competences as well as enforcement powers (§ 5 cif 34 et seq), in particular for the European Commission (§ 5 cif 62–93) including the relevant penalties. The author doubts with good reasons if the provisions on public enforcement can really overcome one of the fundamental problems, the lack of manpower to cope with all these complex issues (§ 5 cif 109 et seq). Moreover, the principle that state authorities should not supervise media is not consequently followed as the Commission has its own competences to monitor media-relevant intermediaries (§ 5 cif 112 et seq). Given these deficits in public enforcement, the alternative – private enforcement – becomes more important than ever. Nevertheless, the commentary only briefly discusses the opaque provision Article 54 DSA which resembles to some extent Article 82 GDPR, however, without going too much into detail (§ 5 cif 122–123). The author simply states that Article 54 DSA lacks significant parts such as the burden of proof etc. – however, neglecting the fact that the same is true to some extent also for Article 82 GDPR. In sum, the author pleads for a broad understanding of Article 54 DSA, which should incorporate also some of the national preconditions of damage claims such as negligence (§ 5 cif 126). Claims according to unfair competition law are not being dealt with. In sum, the author gets to a skeptical conclusion which is quite justified given the focus on public enforcement (§ 5 cif 132).

4  

A final assessment of the (hybrid) commentary is not easy to do. Given the huge amount of provisions in the DSA, the commentary sometimes does not dive sufficiently into all the details. On the other hand, this commentary is one of the first that tries to evaluate and assess the new legal regime for online services, thus really providing a pioneer work. Moreover, the commentary takes a critical stance on several provisions, even based on a law-and-economics approach which is rarely to be found in legal commentaries. In sum, the book is worthwhile reading but will not spare the use of other commentaries and articles on the DSA.