Caroline CAUFFMAN,Catalina GOANTA

DOI: https://doi.org/10.1017/err.2021.8

2021-04-15

European Journal of Risk Regulation

Abstract:On 16 December 2020, the European Commission delivered on the plans proposed in the European Digital Strategy by publishing two proposals related to the governance of digital services in the European Union: the Digital Services Act (DSA) and the Digital Markets Act (DMA). The much-awaited regulatory reform is often mentioned in the context of content moderation and freedom of expression, market power and competition. It is, however, important to bear in mind the contractual nature of the relationship between users and platforms and the additional contracts concluded on the platform between the users, in particular traders and consumers. Moreover, the monetisation offered by digital platforms has led to new dynamics and economic interests. This paper explores the reform proposed by the European Commission by means of the DSA by touching upon four main themes that will be addressed from the perspective of consumer protection: (1) the internal coherence of European Union law; (2) intermediary liability; (3) the outsourcing of solutions to private parties; and (4) digital enforcement.

Maria Luisa Chiarella

DOI: https://doi.org/10.30958/ajl.9-1-2

2022-12-29

Athens Journal of Law

Abstract:The Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (known as DMA – “Digital Market Act”) sets clear rules for large online platforms. It aims to ensure that no large online platform that is in a “gatekeeper” position - to many users - abuses that position to the detriment of businesses wishing to access those users. The most innovative elements are the introduction of the legal figure of the “gatekeeper” and the provision of specific duties imposed on the same. The Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (known as DSA “Digital Services Act”) introduces a common set of rules on intermediaries’ obligations and accountability across the single market, aiming to ensure a high level of protection to all users. This paper aims to analyse the new provisions introduced by the Digital Service Package in the framework of market regulation policies. Keywords: Digital markets; Intermediary service; Online platforms; Online search engines; Market regulation; EU policies Ombudsman; Constitutional Institution; Unwillingness of Bureaucrats

Catalina Goanta,Thales Bertaglia,Adriana Iamnitchi

DOI: https://doi.org/10.48550/arXiv.2205.06666

2022-05-13

Computers and Society

Abstract:In the course of under a year, the European Commission has launched some of the most important regulatory proposals to date on platform governance. The Commission's goals behind cross-sectoral regulation of this sort include the protection of markets and democracies alike. While all these acts propose sophisticated rules for setting up new enforcement institutions and procedures, one aspect remains highly unclear: how digital enforcement will actually take place in practice. Focusing on the Digital Services Act (DSA), this discussion paper critically addresses issues around social media data access for the purpose of digital enforcement and proposes the use of a legal compliance application programming interface (API) as a means to facilitate compliance with the DSA and complementary European and national regulation. To contextualize this discussion, the paper pursues two scenarios that exemplify the harms arising out of content monetization affecting a particularly vulnerable category of social media users: children. The two scenarios are used to further reflect upon essential issues surrounding data access and legal compliance with the DSA and further applicable legal standards in the field of labour and consumer law.

Dominika Moravcová

DOI: https://doi.org/10.47078/2023.2.163-176

2023-12-29

Central European Journal of Comparative Law

Abstract:The activities of large online platforms based in third countries in the internal market pose potential risks to EU users. The EU aims to ensure a safe online environment not only for consumers, but also for all users active in this ecosystem. Increased security, legal certainty, consumer protection, transparency, and several other partial aims have led to the adoption of the Digital Services Package, which includes the so-called DSA Regulation. The present article aims to identify the key impacts of the new regulation on very large online platforms that are part of the daily routine of EU citizens and to highlight the benefits it brings to regular users. There are many changes brought about by the new legislation; therefore, we decided to focus only on those that we consider the most tangible, both from the perspective of the everyday user and for the platforms per se.

Philipp Hacker,Johann Cordes,Janina Rochon

DOI: https://doi.org/10.1017/err.2023.81

2023-12-13

European Journal of Risk Regulation

Abstract:Artificial intelligence (AI) is not only increasingly being used in business and administration contexts, but a race for its regulation is also underway, with the European Union (EU) spearheading the efforts. Contrary to existing literature, this article suggests that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act, but in the Digital Markets Act (DMA). We analyse the impact of the DMA and related EU acts on AI models and underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. We demonstrate that fairness, under the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on Court of Justice of the European Union jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final section sketches out proposals for a comprehensive framework of transparency, access and fairness under the DMA and beyond.

Elif Erdemoglu

DOI: https://doi.org/10.1007/978-94-6265-144-9_7

2016-01-01

Abstract:The discussion on the regulation on citizens’ right to privacy grows parallel to the widespread usage and collection of Big Data. This chapter analyses from a law and economics perspective the discussion on the European Union (EU) citizens’ rights to privacy with regards to collection, retention, analysis and transfer of personal data in light of the EU General Data Protection Regulation (GDPR). The GDPR is drafted in coherence with the EU Digital Market Strategy, which aims to create the correct incentives for digital networks and services to flourish by providing trustworthy infrastructure supported by the right regulations. A significant part of achieving this aim would require the EU citizens to trust in using digital services. The GDPR is designed to increase the citizens’ trust to use online and digital services by obliging the service providers to comply with the GDPR. This chapter analyses two key compliance requirements of the GDPR through the economic analysis lens and proposes possible changes to the GDPR in line with the Digital Single Market Strategy of the EU. The scope of this chapter’s analysis is limited to how to cure information asymmetries between the citizens and the data collectors in order to increase the citizens’ trust in using digital services given the fast-changing and delicate legal issues arising from collecting the personal data of the EU citizens. This chapter concludes by suggesting three improvements to the GDPR; more frequent controls for issuing the EU Data Protection Seal, increased independence of the Data Protection Controller and issuance of publicly available, frequent privacy ratings.

Rishabh Kaushal,Jacob van de Kerkhof,Catalina Goanta,Gerasimos Spanakis,Adriana Iamnitchi

2024-05-03

Abstract:The Digital Services Act (DSA) is a much awaited platforms liability reform in the European Union that was adopted on 1 November 2022 with the ambition to set a global example in terms of accountability and transparency. Among other obligations, the DSA emphasizes the need for online platforms to report on their content moderation decisions (`statements of reasons' - SoRs), which is a novel transparency mechanism we refer to as automated transparency in this study. SoRs are currently made available in the DSA Transparency Database, launched by the European Commission in September 2023. The DSA Transparency Database marks a historical achievement in platform governance, and allows investigations about the actual transparency gains, both at structure level as well as at the level of platform compliance. This study aims to understand whether the Transparency Database helps the DSA to live up to its transparency promises. We use legal and empirical arguments to show that while there are some transparency gains, compliance remains problematic, as the current database structure allows for a lot of discretion from platforms in terms of transparency practices. In our empirical study, we analyze a representative sample of the Transparency Database (131m SoRs) submitted in November 2023, to characterise and evaluate platform content moderation practices.

Computers and Society,Social and Information Networks

Gerhard Wagner,Martin Eifert,Axel Metzger,Heike Schweitzer

DOI: https://doi.org/10.54648/cola2021065

IF: 2.02

2021-08-01

Common Market Law Review

Abstract:Digital platforms have become a core feature of the digital economy. They facilitate the exchange of goods, services, and information, and create much social value. But at the same time, they come with harmful structural features, namely the promotion of market concentration, the rise of new forms of power imbalances, the appropriation of user data on an unprecedented scale, the facilitation of infringements of protected rights and entitlements, and the endangerment of the integrity of public discourse. While the existing legal framework has not been able to address these problems and risks adequately, the EU legislature has experienced difficulties in capturing the specific regulatory challenges caused by digital platforms so far. Now the European Commission has attained a new level in the confrontation with a double strike: the proposals for a “Digital Services Act” (DSA) and a “Digital Markets Act” (DMA) are designed to provide a coherent regulatory framework for digital platforms. This article reflects on the DMA/DSA package and provides a normative analysis of the proposals structured along the lines of market failures.

international relations,law

Philipp Hacker,Johann Cordes,Janina Rochon

2023-08-24

Abstract:Artificial intelligence is not only increasingly used in business and administration contexts, but a race for its regulation is also underway, with the EU spearheading the efforts. Contrary to existing literature, this article suggests, however, that the most far-reaching and effective EU rules for AI applications in the digital economy will not be contained in the proposed AI Act - but have just been enacted in the Digital Markets Act. We analyze the impact of the DMA and related EU acts on AI models and their underlying data across four key areas: disclosure requirements; the regulation of AI training data; access rules; and the regime for fair rankings. The paper demonstrates that fairness, in the sense of the DMA, goes beyond traditionally protected categories of non-discrimination law on which scholarship at the intersection of AI and law has so far largely focused on. Rather, we draw on competition law and the FRAND criteria known from intellectual property law to interpret and refine the DMA provisions on fair rankings. Moreover, we show how, based on CJEU jurisprudence, a coherent interpretation of the concept of non-discrimination in both traditional non-discrimination and competition law may be found. The final part sketches specific proposals for a comprehensive framework of transparency, access, and fairness under the DMA and beyond.

Computers and Society,Artificial Intelligence

Chris Jay Hoofnagle,Bart van der Sloot,Frederik Zuiderveen Borgesius

DOI: https://doi.org/10.1080/13600834.2019.1573501

2019-01-02

Abstract:This paper introduces the strategic approach to regulating personal data and the normative foundations of the European Union’s General Data Protection Regulation (‘GDPR’). We explain the genesis of the GDPR, which is best understood as an extension and refinement of existing requirements imposed by the 1995 Data Protection Directive; describe the GDPR’s approach and provisions; and make predictions about the GDPR’s implications. We also highlight where the GDPR takes a different approach than U.S. privacy law. The GDPR is the most consequential regulatory development in information policy in a generation. The GDPR brings personal data into a detailed regulatory regime, that will influence personal data usage worldwide. Understood properly, the GDPR encourages firms to develop information governance frameworks, to in-house data use, and to keep humans in the loop in decision making. Companies with direct relationships with consumers have strategic advantages under the GDPR, compared to third party advertising firms on the internet. To reach these objectives, the GDPR uses big sticks, structural elements that make proving violations easier, but only a few carrots. The GDPR will complicate and restrain some information-intensive business models. But the GDPR will also enable approaches previously impossible under less-protective approaches.

Júlio César Parente Patrocínio,Débora Barreto Santana de Andrade

DOI: https://doi.org/10.51799/2763-8685v3n2005

2023-12-01

Latin American Journal of European Studies

Abstract:The concept of artificial intelligence has been developed since the beginning of computing in the 1950s, and, since the 2010s, it has advanced more quickly, contributing to various applications. Artificial intelligence applications bring benefits and uses to various social sectors and activities. It improves optimisation and efficiency of factories and companies, diagnosis and treatment of diseases and disabilities, automating activities, operation of social networks and e-commerce platforms, and viability of autonomous cars. It is also present in the operationalization of banks, pharmacies, military forces, education system, among many others. However, along with benefits, artificial intelligence has also generated risks for society and, consequently, litigation. These disputes have been submitted to courts in different countries, generating discussions about specific regulations. In this sense, this article aims to analyse cases involving artificial intelligence in using data, biometric monitoring, algorithmic recommendation and decision-making discussed in European judicial and administrative lawsuits, as well as study the three main European Union regulations which approach that theme: the General Data Protection Regulation, the Digital Services Act, and the Artificial Intelligence Act Proposal.

English Else

Miriam Buiten

DOI: https://doi.org/10.2139/ssrn.3876328

2021-01-01

SSRN Electronic Journal

Abstract:The proposed Digital Services Act (DSA) aims to reconcile the responsibilities of online platforms with their position as key intermediaries and essential sources and shapers of information. The DSA proposes new, asymmetric obligations, while maintaining the liability exemption for hosting providers. This article calls into question whether the liability exemption based on playing a passive, neutral role reflects the extensive moderation that online platforms undertake as part of their business model. It considers the consequences of taking the responsibility of online platforms out of the domain of liability and into the domain of regulation and suggests alternative approaches to the liability regime.

Alpo Olavi Värri

DOI: https://doi.org/10.23996/fjhw.122310

2023-04-06

Finnish Journal of eHealth and eWelfare

Abstract:The European Parliament has approved new legislation, the Digital Services Act (DSA) and Digital Markets Act (DMA) to improve the functioning of the internal market of intermediary services in the European Union (EU) where there is a risk that the major so-called gatekeeper companies can exercise unfair control of core platform services. The purpose of this study was to investigate, what health information systems could be in the scopes of these acts and what requirements the acts may have for the production, the sale and the use of health information systems. The act texts were examined bearing in mind what types of health information systems exist and what their user bases are. Those health information systems that can belong or do not belong to the groups of systems regulated by the DMA and DSA were identified. The most relevant requirements for these systems were also identified from these acts. The result of the study is that these acts have only minor consequences for the healthcare information systems sector as they are not often intermediary (hosting) services in the meaning of the DSA or gatekeepers in the meaning of the DMA. The emerging digital healthcare platforms are most affected by the new DSA and secondly such peer support patient portals where patients can supply content for others to see. Apparently, no digital healthcare platform has yet reached such a size or a dominant role within the EU that it would fall under the scope of the DMA. The two above mentioned healthcare related intermediary services have due diligence obligations to remove illegal contents from their services and to treat their business and consumer customers fairly. The obligations include clear and fair terms and conditions, the provision of a single point of contact for users and authorities, content moderation, complaint handling, marking advertising clearly, annual reporting, and responding to the contacts from the authorities. The obligations increase when the size of the enterprise increases. It is still too early to produce healthcare information systems specific guidance to support the implementation of these two acts as the acts themselves and potential upcoming general guidance documents can serve the health information systems community sufficiently well.

Janos Meszaros,Jusaku Minari,Isabelle Huys

DOI: https://doi.org/10.3389/fgene.2022.927721

IF: 3.7

2022-10-05

Frontiers in Genetics

Abstract:Despite its promising future, the application of artificial intelligence (AI) and automated decision-making in healthcare services and medical research faces several legal and ethical hurdles. The European Union (EU) is tackling these issues with the existing legal framework and drafting new regulations, such as the proposed AI Act. The EU General Data Protection Regulation (GDPR) partly regulates AI systems, with rules on processing personal data and protecting data subjects against solely automated decision-making. In healthcare services, (automated) decisions are made more frequently and rapidly. However, medical research focuses on innovation and efficacy, with less direct decisions on individuals. Therefore, the GDPR's restrictions on solely automated decision-making apply mainly to healthcare services, and the rights of patients and research participants may significantly differ. The proposed AI Act introduced a risk-based approach to AI systems based on the principles of ethical AI. We analysed the complex connection between the GDPR and AI Act, highlighting the main issues and finding ways to harmonise the principles of data protection and ethical AI. The proposed AI Act may complement the GDPR in healthcare services and medical research. Although several years may pass before the AI Act comes into force, many of its goals will be realised before that.

genetics & heredity

Sanchit Alekh

DOI: https://doi.org/10.48550/arXiv.1806.03253

2018-06-01

Computers and Society

Abstract:The GDPR, or the Datenschutz Grundverordnung (DSGVO) in German, is an EU Law which addresses the subject of safeguarding privacy of personal data of the citizens of the EU and EEA. It also specifies how data the collected data might be transported out of the EU/EEA. It is the first genuine effort to unify the plethora of disparate privacy regulations put forward by different regulatory bodies. The GDPR aims to not only give more control over their personal data to the citizens, but also make conformance for businesses easier by defining unified guidelines. It also presses businesses, especially those dealing with sensitive personal data, to build their information systems in a way that confirms with Privacy by Design. These regulations aim to ensure a more transparent handling and processing of personal data, and create an environment of trust and awareness on both sides, i.e., the data owner as well as the controllers/processors.

Alexandre Veronese,Alessandra Silveira,Amanda Nunes Lopes Espiñeira Lemos

DOI: https://doi.org/10.21814/unio.5.2.2294

2019-07-02

Abstract:The article discusses the ethical and technical consequences of Artificial intelligence (hereinafter, A.I) applications and their usage of the European Union data protection legal framework to enable citizens to defend themselves against them. This goal is under the larger European Union Digital Single Market policy, which has concerns about how this subject correlates with personal data protection. The article has four sections. The first one introduces the main issue by describing the importance of AI applications in the contemporary world scenario. The second one describes some fundamental concepts about AI. The third section has an analysis of the ongoing policies for AI in the European Union and the Council of Europe proposal about ethics applicable to AI in the judicial systems. The fourth section is the conclusion, which debates the current legal mechanisms for citizens protection against fully automated decisions, based on European Union Law and in particular the General Data Protection Regulation. The conclusion will be that European Union Law is still under construction when it comes to providing effective protection to its citizens against automated inferences that are unfair or unreasonable.

Jukka Ruohonen,Sini Mickelsson

DOI: https://doi.org/10.1007/s44206-023-00041-7

2023-03-30

Digital Society

Abstract:The European Union (EU) has been pursuing a new strategy under the umbrella label of digital sovereignty. Data is an important element in this strategy. To this end, a specific Data Governance Act was enacted in 2022. This new regulation builds upon two ideas: reuse of data held by public sector bodies and voluntary sharing of data under the label of data altruism. This short commentary reviews the main content of the new regulation. Based on the review, a few points are also raised about potential challenges.

English Else

Andreas Hauselmann,Alan M. Sears,Lex Zard,Eduard Fosch-Villaronga

2023-09-20

Abstract:This article sheds light on legal implications and challenges surrounding emotion data processing within the EU's legal framework. Despite the sensitive nature of emotion data, the GDPR does not categorize it as special data, resulting in a lack of comprehensive protection. The article also discusses the nuances of different approaches to affective computing and their relevance to the processing of special data under the GDPR. Moreover, it points to potential tensions with data protection principles, such as fairness and accuracy. Our article also highlights some of the consequences, including harm, that processing of emotion data may have for individuals concerned. Additionally, we discuss how the AI Act proposal intends to regulate affective computing. Finally, the article outlines the new obligations and transparency requirements introduced by the DSA for online platforms utilizing emotion data. Our article aims at raising awareness among the affective computing community about the applicable legal requirements when developing AC systems intended for the EU market, or when working with study participants located in the EU. We also stress the importance of protecting the fundamental rights of individuals even when the law struggles to keep up with technological developments that capture sensitive emotion data.

Computers and Society,Human-Computer Interaction

Chiara Drolsbach,Nicolas Pröllochs

2023-12-08

Abstract:The Digital Services Act (DSA) requires large social media platforms in the EU to provide clear and specific information whenever they remove or restrict access to certain content. These "Statements of Reasons" (SoRs) are collected in the DSA Transparency Database to ensure transparency and scrutiny of content moderation decisions of the providers of online platforms. In this work, we empirically analyze 156 million SoRs within an observation period of two months to provide an early look at content moderation decisions of social media platforms in the EU. Our empirical analysis yields the following main findings: (i) There are vast differences in the frequency of content moderation across platforms. For instance, TikTok performs more than 350 times more content moderation decisions per user than X/Twitter. (ii) Content moderation is most commonly applied for text and videos, whereas images and other content formats undergo moderation less frequently. (ii) The primary reasons for moderation include content falling outside the platform's scope of service, illegal/harmful speech, and pornography/sexualized content, with moderation of misinformation being relatively uncommon. (iii) The majority of rule-breaking content is detected and decided upon via automated means rather than manual intervention. However, X/Twitter reports that it relies solely on non-automated methods. (iv) There is significant variation in the content moderation actions taken across platforms. Altogether, our study implies inconsistencies in how social media platforms implement their obligations under the DSA -- resulting in a fragmented outcome that the DSA is meant to avoid. Our findings have important implications for regulators to clarify existing guidelines or lay out more specific rules that ensure common standards on how social media providers handle rule-breaking content on their platforms.

Social and Information Networks,Computers and Society

Sébastien Fassiaux

DOI: https://doi.org/10.1017/err.2023.58

2023-08-05

European Journal of Risk Regulation

Abstract:Personal autonomy is at the core of liberal societies, and its preservation has been a focus of European Union (EU) consumer and data protection law. Professionals increasingly use artificial intelligence in consumer markets to shape user preferences and influence their behaviours. This paper focuses on the long-term impact of artificial intelligence on consumer autonomy by studying three specific commercial practices: (1) dark patterns in user interfaces; (2) behavioural advertising; and (3) personalisation through recommender systems. It explores whether and to what extent EU regulation addresses the risks to consumer autonomy of using artificial intelligence in markets in the long term. It finds that new EU regulation does bring novelties to protect consumer autonomy in this context but fails to sufficiently consider the long-term consequences of autonomy capture by professionals. Finally, the paper makes several proposals to integrate the long-term risks affecting consumer autonomy in EU consumer and data protection regulation. It does so through an interdisciplinary approach, drawing from legal research and findings in the study of long-term thinking, philosophy and ethics and computer science.