On 15 December 2020, the European Commission has adopted two legislative proposals to govern the digital sphere: the Digital Services Act (DSA) and the Digital Markets Act (DMA). These proposals have been eagerly awaited as there is a pressing need for a safer and more transparent online environment, where human rights are effectively protected, in particular in view of a few tech giants dominating and controlling the sphere. In our position paper, we address how these legislative proposals affect human rights and put forward recommendations on what changes are needed to put the protection of human rights at the core of these rules.
In particular, Amnesty International welcomes that the Digital Services Act (DSA) increases accountability of providers of online services, improves transparency of platforms’ practices and establishes clearer rules for content moderation. The fact that the DSA upholds the conditional liability exemptions and the prohibition of a general monitoring obligation to find illegal activity is equally welcome. Amnesty also supports the imposition of risk assessment and mitigation measures on very large online platforms to manage systemic risks.
However, Amnesty believes the proposed DSA does not go far enough in protecting people’s human rights and that it should be more ambitious to effectively protect them. In particular:
- • The DSA should not delegate responsibility to companies as adjudicators of the substantive legality of content and consequently, intermediaries should not bear liability for failure to remove content of which they are not aware and which they have not modified absent a judicial order. The DSA’s provisions on notice and action mechanisms should clearly reflect this principle.
- Amnesty considers that the DSA should impose stricter limits on the targeting of online advertising based on the processing of personal data and urges the co-legislators to consider restrictions on targeted advertising on the basis of invasive tracking practices, such as cross-site tracking and tracking based on sensitive data or other personal data that could lead to discriminatory outcomes.
- Amnesty welcomes the obligations imposed on very large online platforms (VLOPs) to address systemic risks stemming from the functioning and use made of their services but these obligations must go further and extend to compulsory and effective human rights due diligence in line with international human rights standards including the UN Guiding Principles on Business and Human Rights. VLOPs need to be required to take appropriate action not only to identify and mitigate, but also to cease and prevent any human rights abuses linked to their operations and underlying business model and be transparent about their efforts in this regard.
- To protect people’s privacy and to give them real choice and control, a profiling-free recommender system should not be an option but the norm. Therefore, algorithmic recommender systems used by online platforms shall not be based on profiling by default and must require an opt-in instead of an opt-out, with the consent for opting in meeting the requirements of the General Data Protection Regulation (GDPR) of being freely given, specific, informed and unambiguous.
With regard to the Digital Markets Act (DMA), Amnesty welcomes its focus on levelling the playing field and addressing the dominant role of gatekeepers over the online environment.
However, the DMA should put more focus on end-users and be more ambitious to allow competitors to the gatekeepers to emerge that offer more choice and better conditions to end-users. In particular:
- The DMA should affirm the principle that access to and use of essential digital services and infrastructure cannot be made conditional on ubiquitous surveillance and profiling. Gatekeepers must be prevented from making access to their service conditional on individuals “consenting” to the processing of their personal data for marketing or advertising purposes.
- The DMA should furthermore include obligations for cross-platform interoperability that would allow people to connect and communicate across core services and platforms without the need to sign up to the gatekeeper services, which would give a true chance for competitors to emerge with more human rights respecting and privacy-friendly terms compared to current gatekeepers.