The Digital Services Act: The GDPR of Platforms?

January 22, 2021

Startups across the world have come to know the EU as the first-mover on privacy legislation with the GDPR. In December the European Commission put forward two landmark files to regulate the online platform economy: the Digital Services Act (DSA) and the Digital Markets Act (DMA). Given the potential replication of these rules worldwide, startup communities are all the more interested in what they mean for them. Moreover, is the legislation on the table the rocket fuel startups have been looking for or does it shackle innovation?

Taking a step back: The DSA was published on 15 December. It is a revision of the E-Commerce Directive. In a nutshell, the DSA lays down the rules and obligations for online platforms regarding illegal content, including the intermediary liability exemption for online platforms. On the positive side, the Commission’s proposal maintains the key principles of the E-Commerce Directive: intermediary liability exemption, the country of origin principle and the prohibition of general monitoring. It also includes a provision to allow companies to voluntarily detect and remove illegal content. On the other hand, the DSA is introducing different layers of requirements based on platform size, which means that at different stages of their growth startups will have to implement new rules. Moreover, the entire regulatory load of all due diligence measures can potentially be overwhelming for startups.

Although the DSA is an EU-made regulation, AFS Members from around the world are showing interest in it. This does not just reflect the fact that startups think global from day one. With Section 230 (which governs intermediary liability) in the political spotlight in the US and other regions considering the impact of illegal content on online platforms, eyes are on EU legislators as first-movers once again. This brings up memories of GDPR. With the GDPR, EU legislators were the first to build a comprehensive framework to protect personal data. Yet, one of the learnings of GDPR and its implementation also is that the most important thing isn’t just getting it done, but rather getting it right.

While the proposal put forward by the Commission updates and clarifies liability provisions, there is still room for improvement. Moreover, in the coming discussions on the DSA in the co-legislating European Parliament and European Council, it will be important to maintain some of the positive updates listed above.

At Allied for Startups we launched the DSA4startups campaign to bring the voice of startups to the discussion on rules that will affect them. Considering the proposed rules through the lens of a small startup provides a different perspective than just thinking about the big players. Ultimately we want to work towards a DSA that our members would be pleased to see scaling across the globe.