Major changes are coming to the EU’s digital landscape. Will they take hold in the US?

The Digital Services Act (DSA) and the Digital Markets Act (DMA) are poised to remake the EU’s regulatory environment. Julia Tréhu explains how, and whether these rules will have an impact in the US
Facebook's Europe headquarters in Dublin, Ireland | Photo: Alamy

By Julia Tréhu

Julia Tréhu is a Fellow at the German Marshall Fund’s Digital Innovation and Democracy Initiative

18 Jul 2022

juliatrehu

The first half of 2022 saw both strikingly rapid convergence as well as continued divergence in transatlantic tech policy. Russia’s invasion of Ukraine lent new urgency to cooperation on key issues, and officials on both sides of the Atlantic nimbly shifted – aided by the collaboration and camaraderie forged through the EU-US Trade and Technology Council (TTC) – to coordinate sanctions and impose high-tech export controls. 

Yet when it comes to governance of the online platforms that shape our lives and work, the trends look very different. The Digital Services Act (DSA) and the Digital Markets Act (DMA) are poised to remake the European Union’s regulatory environment for the likes of Meta, Google, Amazon and others.  

The key question is whether and how the so-called “Brussels effect” – the tendency of EU standards to spread worldwide – will play out with this legislation. Will it have an impact in the US, even as Congress remains gridlocked in seemingly intractable partisan fights over peripheral questions? 

The DSA and the DMA are the most significant legislative proposals affecting the online environment since the EU’s General Data Protection Regulation (GDPR) came into effect in 2018. The e-Commerce Directive, adopted in 2000, already established a limited liability regime for platforms wherein they are governed by a notice-and-action mechanism. Once informed about illegal content, these companies must take action or be held liable. While the DSA does not change this mechanism, it does aim to create one set of rules for illegal content, with implications for users – such as mechanisms for flagging such material – and the subsequent actions required from platforms. 

Under the new transparency requirements, platforms must provide data to regulators, researchers and the public.

Most notable are the requirements in the DSA for very large online platforms (VLOPs), classed as having over 45 million monthly users, to assess the different systemic risks posed by their products, namely the spread of illegal content, their negative impact on fundamental rights, and deceptive practices. Moreover, their risk management measures will be subject to oversight though independent audits. 

The DSA’s transparency requirements could be particularly transformative. Both public debate and academic research are attempting to interrogate the extent to which social media platforms and technologies shape our media consumption, partisan politics and polarisation. These are crucial questions for our societies and democracies, but we lack the data to investigate and verify claims and hypotheses.  

Under the new transparency requirements, platforms must provide data to regulators, researchers and the public. Users will be able to request information about content takedowns and appeal these decisions. Researchers and regulators will be able to scrutinise data about advertising on platforms and peer inside the black box of recommender systems to examine how algorithmic amplification shapes the user experience.

The net effect is to shift the focus from individual questions about specific pieces of content to a more systemic focus on harms. US researchers are also optimistic about the transparency requirements, hoping to piggyback on these provisions and gain access to key data about platform decisions and algorithms.

On the DMA, officials often use the expression “breaking open, not breaking up” to describe their approach, which targets “gatekeepers”, companies with an EU market capitalisation of at least €75bn or with 45 million monthly users. The DMA could significantly change how these platforms operate in the EU. Self-preferencing – the boosting of proprietary services over third-party ones – will be blocked. Data from third-party sellers cannot be used by the platform to market its own competing products, and barriers for targeted advertising using data from across platform services are higher, requiring explicit user consent. Users will be allowed to install the software of their choice instead of default web browsers, search engines or virtual assistants. Sideloading – the ability to download apps from outside proprietary app stores – will allow developers to enter the market without paying these stores’ high fees. 

A notable change for users in the EU will be the DMA’s mandated introduction of interoperability. Technical changes will have to be put in place to enable communication between different platforms and communications services. It remains to be seen how these rules will work out in practice, especially for maintaining end-to-end encryption when communicating between services with different levels of protection. Interoperability could portend significant changes to the user experience and would likely look different in the EU, with its higher usage of encrypted messaging apps like Signal or WhatsApp, than the US, which generally favours non-encrypted SMS. 

Interoperability could portend significant changes to the user experience and would likely look different in the EU, with its higher usage of encrypted messaging apps like Signal or WhatsApp

Whether this legislation succeeds in its aims depends above all on enforcement. The DMA and the DSA lay out a range of mechanisms, including digital services coordinators with oversight and investigatory powers, and enhanced supervision of VLOPs by the Commission, which can monitor compliance and issue fines. Yet it is widely acknowledged that the proposed 80-member enforcement team specified in the DMA is inadequate. Officials have already warned that budgetary limits could hamstring enforcement in the crucial early years. 

Debates around (under-)enforcement of the GDPR, with the task falling disproportionally on the underfunded and understaffed data protection authorities in Luxembourg and Ireland, are still fresh. There are some key differences: penalties in the DMA and the DSA are higher than in the GDPR, and the Commission is the primary enforcer for the DMA and for VLOPs in the DSA, rather than the Member State in which a particular platform is domiciled. But the question is really one of personnel. A lot is riding on the major staffing-up efforts that must be undertaken in the coming months. 

While the EU prepares for major changes to the digital landscape, the US regulatory environment remains marred by partisan bickering. Two antitrust bills have managed to gain traction in the current Congressional session: the American Innovation and Choice Online Act, which addresses the conduct of large platforms that disadvantages competitors, such as self-preferencing, and the Open App Markets Act, which calls for large app stores to loosen restrictions on app developers. But as election season gears up in the US and the 117th Congress draws to a close, the window to pass these bills is closing rapidly. 

The partisan nature of US debates over reining in big tech can overshadow the encouraging progress made through the TTC. On platform policy, the formula remains one of separate tracks and separate speeds. But for Americans perhaps jealously eyeing EU tech policy developments, the nature of transatlantic regulation means Brussels’ rules may have global spillover, both in the way we as users interact with the platforms, and for our understanding about their broader effects on society.