Home AdExplainer AdExplainer: The Digital Services Act Vs. The Digital Markets Act

AdExplainer: The Digital Services Act Vs. The Digital Markets Act

SHARE:

A tide of online accountability has come to Europe.

In July, the European Parliament adopted the Digital Services Act (DSA) and the Digital Markets Act (DMA). Although they were passed as one legislative package, they function as two distinct laws.

The DSA creates new obligations for online platforms to moderate content and be transparent about how they collect and use data.

The DMA, meanwhile, is an anticompetition law designed to rein in what it calls “gatekeeper platforms,” such as Google, Amazon and Meta, including a requirement to get consent before combining personal data for targeted advertising.

The common thread between them is that both the DSA and the DMA call for Big Tech providers to be more accountable for what happens on their platforms.

The fine for noncompliance is even steeper than GDPR, which could result in sanctions of up to 4% of global annual turnover. Companies face fines of up to 6% of annual worldwide turnover for violations of the DSA and 10% for the DMA.

The DMA is expected to come into force by the end of the year, while the DSA will take full effect by 2024.

Service, please

The DSA enforces stricter content moderation, mandates certain disclosures about paid ads and fully bans targeted ads to children under 18 for just about all online platforms. (But heavier responsibility falls on platforms that have 10% of the EU population in their user base.)

EU member states will also have access to the inner workings of platforms’ recommendation algorithms, breaking open their black boxes. Algorithmic transparency will also be user-facing – platforms will have to briefly explain why certain ads were targeted to individual users. This includes allowing users to see ads that aren’t based on “profiling,” for example, or scroll through their social feeds based on chronological, not algorithmic, order.

Platforms also have to release a biannual report on their content moderation efforts.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

And they’re specifically prohibited by the DSA from using dark patterns, or language that results in users inadvertently agreeing to share their data.

Paired with the prohibition against targeting ads to kids, the explicit ban on dark patterns makes the DSA a strong data privacy play, said Elle Todd, an attorney and partner at London-based firm Reed Smith LLP.

“The DSA is very UX-focused – it’s all about changing interfaces and changing the ways consumers are interacting with platforms online,” she said. “People will see far more impact on a day-to-day basis as everyday consumers from the DSA than the DMA.”

The digital marketplace

The DMA applies to a much smaller subset of companies, specifically those with 45 million monthly active users and/or that have an annual turnover of at least 7.5 billion euros. Amazon, Google, Meta, Apple and Microsoft would all qualify.

Whereas the DSA focuses more on protecting the rights of individual users, the DMA gives European regulators unprecedented power to crack down on anticompetitive and unfair business practices, including over how large Big Tech platforms collect and use data.

The DMA prohibits platforms from combining data sources without explicit opt-in as well as from preferencing their own products and services.

Google, for example, would be barred from combining data from across its services to show targeted ads without consent, and it would be illegal for Amazon to use data from third-party sellers to inform its own competing products.

Picking up where GDPR left off

Once they go into effect, the DSA and the DMA will be enforced by different enforcement bodies. The European Commission is the primary enforcer of the DMA, but EU member states will have to coordinate their own governing bodies for DSA enforcement.

But despite the difference in enforcement, there’s a common goal: reining in data abuse to protect children.Comic: "Protect consumer privacy!"

Both laws are largely consistent with international demands for data privacy laws, especially when it comes to protecting kids online and limiting data collection without the proper consent, said Seth Redniss, co-founder and chief legal counsel of Qonsent, a data platform that helps companies with privacy compliance.

Specifically, the DSA and the DMA provide added protections for children online.

“The GDPR doesn’t say too much about children beyond general statements about processing children’s data,” Todd said. “The DSA is new in that it superimposes a specific prohibition against using children’s data for targeted advertising.”

Next stop America?

The DSA and DMA are both European laws, but the sentiments expressed within them will likely make it to the US sooner or later.

Not to mention that nearly all the gatekeeper companies the DMA targets are based in the US, and that US companies will have to comply with both the DSA and the DMA if they want to do any business in Europe, Redniss said.

The DSA and the DMA have overlapping consent requirements with the GDPR, meaning platforms that don’t comply now can be hit with multiple violations at once, said Susan Israel, a privacy attorney at Loeb & Loeb LLP.

Platforms generally apply user interface changes globally because it’s less complicated to implement.

But whether companies choose to apply European privacy expectations to American users before they’re eventually forced to, Israel said, will be their own decision to make.

Must Read

Comic: Off-Platform Media

How RMNs Use MFA And Cheap Inventory To Game Attribution Rules

Retail media is built on its attribution quality, but real purchases can be gamed by programmatic metrics and create perverse incentives for RMNs to serve ads across low-quality inventory.

There’s A Lot Wrong With Google’s And Meta’s Non-Transparent ‘Refund’ Practices

Google and Meta are playing with fire. Their opaque refund practices have already exposed them to customer blowback – and could lead to class-action lawsuits by disgruntled advertisers.

Comic: The Great Online Privacy Battle

How US Intelligence Agencies Buy And Use Programmatic Data For Surveillance

Mike Yeagley, an independent contractor who has scouted and acquired commercial data and technology on behalf of intelligence agencies, is one of the earliest evangelists of using ad tech tracking information to identify and surveil government targets.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Comic: The MFA Cafe

Adalytics Report Torches Ad Tech For Touting MFA Prevention While Scarfing MFA Supply

Practically every ad tech vendor has put out a press release in recent months full of bluster about cutting out made for advertising sites – and yet supply sources remain oversaturated with garbage inventory.

Cloud-Based Collaboration Is Ad Tech’s Post-Cookie Lifeline – But Will It Last?

Cross-cloud data collaboration technology is the best bet for a post-cookie solution. But it’s vulnerable to similar privacy concerns.

Topsort Raises $20 Million To Seize The Post-Cookie Market Opportunity This Year

Topsort raised $20 million, with plans to seize the 2024 opportunity for post-cookie ad tech.