The Commission has published a draft delegated act on audits to be performed very large online platforms (“VLOPs“) and very large online search engines (“VLOSEs“) pursuant to Article 37 of Digital Services Act Regulation (“DSA“) for public feedback.

Continue Reading Commission publishes Draft Delegated Act in respect of Audits conducted under DSA

Following the first designation of Very Large Online Platforms (“VLOPS“) and Very Large Online Search Engines (“VLOSEs”) under the Digital Services Act Regulation (“DSA“) on 25 April 2023, the European Commission has now announced a call for evidence from stakeholders to inform proposed delegated acts on data access mechanisms.

Continue Reading Commission Calls for Stakeholder Views on Data Access Mechanism under DSA

Last week, the European Commission (the Commission) adopted the first designation decisions under the Digital Services Act (DSA) which designated certain services as Very Large Online Platforms (VLOPs) and / or Very Large Online Search Engines (VLOSEs) in accordance with Article 33(4) of the DSA. 

17 VLOPs and 2 VLOSEs were designated under the decisions adopted by the Commission:

  • VLOPs: Alibaba AliExpress; Amazon Store; Apple AppStore; Booking.com; Facebook; Google Play; Google Maps; Google Shopping; Instagram; LinkedIn; Pinterest; Snapchat; TikTok; Twitter; Wikipedia; YouTube; Zalando.
  • VLOSEs: Bing; Google Search.

It has been reported that a second wave of VLOP/VLOSE designations by the Commission may follow. The Commission is currently investigating the user data of services such as Spotify, Telegram, Pornhub and AirBnB who have claimed that they have less than 45 million monthly active users (MAU) in the EU. These services may also be designated if their MAU numbers are revised.

When do VLOP/VLOSEs’ DSA obligations begin to apply?

The providers of the services that have been designated as VLOP/VLOSEs must comply with relevant obligations under the DSA from four months after the Commission’s notification of designation i.e. 25 August 2023. The obligations aim to empower and protect users online (including minors) by requiring the VLOP/VLOSEs to assess and mitigate their systemic risks and to provide robust content moderation tools. Some of the key obligations for VLOP/VLOSEs that will come into effect from 25 August 2023 include:

  • the obligations to perform risk assessments to assess the “significant systemic risks” that stem from the provision of their services. This would include risks in relation to the dissemination of illegal and other harmful content through their services. VLOP/VLOSEs will be required to put in place reasonable, proportionate and effective mitigation measures, tailored to the specific systemic risks identified in their risk assessment, with particular consideration for the impacts of such measures on fundamental rights;
  • the obligation to establish an independent compliance function that reports directly to the management body of the provider and can raise concerns and warn the management body of non-compliance risks;
  • the obligation to conduct independent audits which assess the provider’s compliance with certain obligations arising under DSA, as well as any commitments to the codes of conduct; 
  • the obligation to comply with detailed transparency reporting requirements including the requirement to make publicly available reports, setting out the main findings of the external audit and the results of the risk assessment;
  • The requirement to create, maintain and make available a publicly accessible repository of all ads that have been presented on their platform. The repository must include information on the period during which the advertisement was/is being presented to recipients of the service, and for one year after the ad’s final exposure. The repository must also contain additional information relating to ads, including the parameters used to specifically display the ad to one or more particular groups of recipients and the total number of service recipients reached (with aggregate numbers broken down by Member State, if applicable).

If you would like further information on this topic, please contact A&L Goodbody’s Commercial & Technology team.

In a recent significant judgment1 from the Irish Circuit Court, the judge concluded that “justice is best served” by granting a stay of a data subject’s damages claim pending determination of certain preliminary references currently before the CJEU. The court expressed a view that damages in the case, if awarded, were likely to be small and a stay would not impact the procedural efficiency of the proceedings, but a delay in granting a stay could substantially and unnecessarily increase legal costs for the defendant.

Continue Reading “Justice Best Served” – Data Subject Claims Stayed

Yesterday, 01 February 2023, the Commission published guidance on how online platforms and search engines within the scope of the Digital Services Act (DSA) should comply with their obligation to report user numbers in the EU.

As highlighted in our recent update, the DSA requires providers of online platforms and of online search engines to publish, by 17 February 2023, information on the average monthly active recipients of their services in the EU, on their publicly available online interfaces. The number must be calculated as an average over the period of the past six months.

Online platforms/search engines, whose numbers reach the threshold of 45 million average monthly active recipients in the EU, will be designated by the Commission as very large online service providers (VLOPs) or very large online search engines (VLOSEs). However, the Commission is not bound by information provided by online service providers, – it may use other available data or request additional information.

While the guidance is not ground breaking, it provides a helpful interpretation of certain provision of the DSA.

In relation to the calculation of active recipients of the service, the guidance stipulates the following:

Continue Reading DSA: Commission issues guidance on the requirement to publish user numbers in the EU

Coimisiún na Meán (the Media Commission), is currently in the process of being established in accordance with the Online Safety and Media Regulation Act (OSMR). Further information on its establishment and the appointment of the first four commissioners to Coimisiún na Meán can be read here.

In addition to its role as the supervisory authority under the OSMR and as Ireland’s Digital Services Coordinator under the Digital Services Act (DSA), the Irish Government also plans to designate Coimisiún na Meán as the competent authority under the Terrorism Content Online Regulation (the TCO).

What is the TCO?

The TCO is EU legislation aimed at preventing the misuse of hosting services for the public dissemination of terrorist content online. It requires that hosting services, and relevant competent authorities, move quickly to identify and remove terrorist content online, as well as facilitating cooperation between other member state authorities and Europol.

Under the TCO, “terrorist content” can be broadly defined as content which:

  • incites the commission of a terrorist offence through the advocation or glorification thereof;
  • involves the solicitation of a person or group of persons to commit or contribute to the commission of a terrorist offence;
  • involves the solicitation of a person or group of persons to participate in the activities of a terrorist group;
  • provides instruction on the making or use of explosives, firearms or other weapons or noxious or hazardous substances for the purpose or committing or contributing to the commission of a terrorist offence; and
  • constitutes a threat to commit a terrorist offence.

Role of Coimisiún na Meán

The TCO requires that member states adopt necessary national legislation to ensure that penalties for infringement under it are implemented. 

Due to the overlap of investigation and enforcement powers contained in the OSMR and envisaged in the TCO regulation, the Irish government has agreed that “it makes sense” that Coimisiún na Meán takes on the responsibilities under the TCO relating to the oversight and sanctioning of hosting service providers. It has been announced that the Irish government intends to introduce amending legislation to the OSMR to allow for Coimisiún na Meán’s powers to be used for the enforcement of the TCO. However, there is no indication as of yet on when this amending legislation will be put forward before the Oireachtas.

For more information on this topic, please contact Andrea Lawler, Partner, Commercial & Technology, Caitríona Lavelle, Solicitor, Commercial & Technology or any member of A&L Goodbody’s Commercial & Technology team.

Today, the Minister for Tourism, Culture, Arts, Gaeltacht, Sport and Media, Catherine Martin announced the appointment of four Commissioners to Coimisiún na Meán/the  Media Commission. The Media Commission, which  is currently in the process of being established in accordance with the Online Safety and Media Regulation Act (OSMR), will act as the supervisory authority under the OSMR and as Ireland’s Digital Services Coordinator under the Digital Services Act (DSA) and will have the responsibility to implement and enforce the Digital Services Act, an EU Regulation, in Ireland.

The following individuals are being appointed as commissioners:

  • Jeremy Godfrey as Executive Chairperson – with responsibility for coordinating the functions of the Media Commision;
  • Niamh Hodnett as Online Safety Commissioner – with responsibility for overseeing the regulatory framework for online safety under OSMR;
  • Rónán Ó Domhnaill as Media Development Commissioner – with overall responsibility for the funding and development of the wider media sector and for the implementation of a number of the key recommendations of the Report of the Future of Media Commission; and
  • Celene Craig as Broadcasting Commissioner – with responsibility for overseeing current functions of the Broadcasting Authority of Ireland. 

Recruitment for the Commissioner for Digital Services, that will lead the digital services function within the Media Commission, has also commenced but no appointment has been announced as of yet.

For more information on this topic, please contact Andrea Lawler, Partner, Commercial & Technology, Caitríona Lavelle, Solicitor, Commercial & Technology or any member of A&L Goodbody’s Commercial & Technology team.

The first draft delegated regulation supplementing the Digital Services Act (DSA) was published by the European Commission yesterday.

The regulation outlines the criteria to be used when calculating the supervisory fees which will be charged on very large online platforms (VLOPs) and very large online search engines (VLOSEs) under Article 43 of the DSA.

In particular, it includes:

Continue Reading DSA: Delegated Regulation setting the methodology and procedure for determining the Supervisory Fee

On 19 December 2022, the Commissioner for Internal Market of the EU published an update on the date when very large online platforms (VLOPs) and very large online search engines (VLOSEs) will be required to comply with the provisions of the Digital Services Act (DSA).

The Commissioner noted that VLOPs / VLOSEs will be required to comply with the new rules by no later than 1 September 2023. To meet the deadline the Commission would need to designate VLOPs and VLOSEs by 28 April 2023. Based on this update the current timeline of the DSA application is as on the graphic below.

Continue Reading Digital Services Act: Timeline

The Online Safety and Media Regulation Bill 2022 was signed into law on Saturday, 10 December 2022.

Online safety is one of the headline items covered by the new legislation, and it will be overseen by the newly-established Media Commission (Coimisiún na Meán). The legislation also seeks to implement a number of other key legislative reforms including the transposition of the revised Audiovisual Media Services Directive and the alignment of the regulation of video on-demand services with traditional broadcasting (please see here for an overview of the OSMR Bill published earlier this year).

The Media Commission will have broad investigative and enforcement powers under the legislation and is also set to be Ireland’s “digital services coordinator” under the EU’s Digital Services Act, making it an important new regulator of the technology sector in both Ireland and the EU.

The Media Commission will be empowered to make binding Online Safety Codes with which designated relevant online service providers will be required to comply and will set out rules regarding how those providers should tackle the availability of harmful and illegal content on their services. The Media Commission will also be empowered to introduce an individual complaints mechanism on a phased basis, which will allow users of these services to complain directly to it in respect of online content.

The new online safety law does not come into effect until commenced by the Minister for Tourism, Culture, Arts, Gaeltacht, Sport by way of a Statutory Instrument, although we would expect this to coincide with the formation of the Media Commission. The Minister recently stated that appointments to the Media Commission will be announced in the near future.

For more information on this topic, please contact Andrea Lawler, Partner, Commercial & Technology, Amaia Moore, Solicitor, Commercial & Technology or any member of A&L Goodbody’s Commercial & Technology team.