Author: Jakub Chlebiej

Introduction

In the digital age, where gigantic amounts of data are processed on a daily basis and social interactions increasingly take place via the Internet, regulation of the operation of online platforms is becoming crucial. One of the most discussed pieces of legislation in this context at the moment is the Digital Services Act (DSA). It introduces a number of obligations for so-called very large online platforms (VLOPs), including the obligation to publish advertising repositories.

What are very large online platforms?

At the outset, it is worth defining what very large online platforms are. According to the DSA, very large online platforms are considered to be those with at least 45 million monthly active users in the European Union. Such platforms, due to their reach and impact on society, are subject to stricter regulation than smaller players. The status of very large online platform, or very large search engine, is granted by a decision of the European Commission. Currently, the following entities have very large internet platform or very large search engine status:

Obligation to publish advertising repositories

One of the key obligations imposed by the DSA on VLOPs, is the obligation to publish ad repositories. These platforms must collect and make available information on all advertisements displayed on their sites. These repositories must include, among other things:

1. the content of the advertisement – including the name of the product, service or brand and the subject of the advertisement as displayed to users.

2. advertiser data – information about the entity on whose behalf the advertisement is displayed.

3. data of the entity that paid for the advertisement, if this person is not the advertiser – if the advertisement was paid for by a person other than the advertiser, it is also necessary to indicate the data of this entity. The purpose of such a requirement is to indicate the entity in whose interest the advertisement is presented. In practice, meeting this requirement can cause challenges. Usually, providers are forced to rely in this respect on a statement by the advertiser as to whether he himself pays for the presentation of the advertisement or acts on behalf of another entity. It should be emphasised that providers are required to make “reasonable efforts to ensure the accuracy and completeness of the information” (Article 39(1) DSA).

4. impression period – the period during which the advertisement was presented (date of first and last presentation of the advertisement within the provider interface).

5. target group – information about which group of users the advertisement was targeted at (if the advertisement was intended to be presented specifically to one or more particular groups of users of the service). In the case of targeted advertising, targeting criteria must also be indicated. These criteria could be, for example, age, gender, previous activity on the platform, geographical area. If any negative criteria are also applied, i.e. criteria aimed at excluding the targeting of a given advertisement to a specific group or groups of recipients, such criteria should also be indicated. Negative criteria may be analogous to the positive criteria indicated above.

6. Total number of recipients of the service reached by the advertisement – this is an indication of the number of users to whom the advertisement was displayed; in addition, in the case of targeted advertising – VLOP providers are required to indicate the aggregated number of recipients of the advertisement by Member State.

The DSA also provides that the ad repository is to:

1. be accessible within a specific section of the VLOPs’ web interface;

2. allow searching for advertisements on the basis of multiple criteria and a reliable tool and via application programming interfaces (APIs). The obligation to provide search functionality via APIs, in practice, is intended to provide third parties with easier access to the information contained in the repository and for them to create their own search tools.

VLOPs should ensure that the repository does not contain any personal data of the recipients of the service to whom the advertisement was or could have been presented.

Purpose and significance of the regulation

The purpose of making the publication of ad repositories mandatory is to increase transparency in the area of online advertising. This enables users to better understand who is trying to influence their purchasing decisions through advertising and how. In addition, the regulations aim to prevent electoral manipulation and misinformation that can be spread through targeted advertising campaigns.

Consequences for online platforms

The introduction of mandatory publication of ad repositories imposes a number of new challenges on online platforms. They must invest in appropriate technology and human resources to comply with the new legal requirements. In addition, they must operate in a transparent and legally compliant manner, which may require modification of existing business practices. Failure to comply with the new regulations can result in serious consequences, including heavy financial penalties.

Impact on users and advertisers

The new regulations aim to protect users’ interests by providing them with greater control and awareness of the ads they see. Users will have access to information about ads, allowing them to make a more informed use of online services.

For advertisers, this means more transparency and accountability for advertising campaigns. They may face new barriers and challenges, especially in terms of compliance with the new regulations. The need to publish detailed information about advertising campaigns may also affect marketing strategy and campaign budgeting.

Summary

The Digital Services Act introduces significant changes to the operation of very large online platforms. While the new regulations, including the obligation to publish ad repositories, may pose challenges for VLOPs and advertisers, they aim to increase transparency and protect users from unethical advertising practices.

More information on the obligations imposed on very large online platforms is available in Chapter IX of the publication “Implementation of the Digital Services Act in e-commerce”, 2024, C.H. Beck Publishers, which I co-authored.

https://www.ksiegarnia.beck.pl/22073-wdrozenie-aktu-o-uslugach-cyfrowych-w-e-commerce-mateusz-borkiewicz

In this article, I will focus on discussing the obligations that online platform providers have under the Digital Services Act (DSA).

Many services qualify under online platforms. These can be social media (e.g. Meta services such as Facebook or Instagram), a market place type service (e.g. Allegro, Amazon), or venues for publishing videos (e.g. Youtube). In recent years, the provision of services in the form of online platforms has become one of the leading sectors of the digital economy. Therefore, the EU legislator decided to pay a great deal of attention to these entities when creating the DSA and imposed a number of obligations on them.

Who is an online platform provider?

At the outset, it is important to identify who an internet platform provider is.

An online platform under the DSA is a hosted service (see our blog article [__] for more information on this) that stores and disseminates information to the public at the request of the recipient of the service.

However, the DSA provides exceptions to whether a particular service qualifies as an internet platform. Such an exemption applies where the activity is an insignificant or solely ancillary feature of another service or an insignificant function of the main service, and for objective and technical reasons cannot be used without such other service, and the inclusion of such feature or function in such other service is not a way to circumvent the application of the DSA.

Merely establishing that a particular provider meets the prerequisites of being an online platform does not at all mean that the DSA will need to be applied to it. If a provider is a micro or small enterprise as defined by the European Commission Recommendation 2003/361/EC, then – with one reporting exception – it will not be required to implement the arrangements provided for online platform providers. These are as follows:

– micro enterprise – has fewer than 10 employees and a turnover or annual balance sheet total of less than EUR 2 million;

– small enterprise – has fewer than 50 employees and a turnover or annual balance sheet total of less than EUR 10 million.

But here, too, we have an exception to the exception 😊 Even if the online platform provider is a micro or small enterprise, it will have to comply with these obligations if, at the same time, it has the status of a very large online platform provider. This is because, with this qualification, the size of the provider and, above all, its outreach (more on this below) does not matter.

Below is a general summary of the obligations provided for DSA online platform providers only (Chapter III Section 3 DSA):

But beware: we still need to remember the following rules:

I. The online platform provider must also comply with the obligations that are provided for each intermediate service provider (Chapter III Section 1 DSA) and hosting service provider (Chapter III Section 2 DSA). This is because an online platform provider is, by definition, also a hosting provider, one of the types of intermediate services.

II. Further obligations for an online platform provider will arise if its platform allows consumers to conclude distance contracts with traders (so-called B2C platforms) (Chapter III Section 4 DSA).

III. Even more obligations will arise when the provider has the status of a very large online platform provider, i.e. it has an average number of monthly active service customers in the Union of at least 45 million and has been designated by the European Commission as a very large online platform.

IV. Last but not least, notwithstanding the obligations imposed by the DSA, an online platform provider must comply with the obligations imposed on it by other legislation (such as Regulation 2021/784 on the prevention of the dissemination of terrorist content on the internet, or the RODO).

The obligations of online platform providers that I have listed above are briefly summarised below.

Internal complaint handling system

This is an extension of the obligations imposed on each service provider relating to the moderation of content on its resources. Provider platform online must enable odbiorcom service, in that people who make the notification, by at least six months from the decision related to the moderation to the internal system of the complaint internal.

Po some time supplier platform issued a decision in which came to the position of the user A and removed with platform XYZ content user B, which was informed about it. User B does not agree with this decision and therefore files a complaint against it, which will be dealt with by that provider’s just internal complaint handling system.

Of course, this is one of the scenarios where the internal complaints handling system is applicable.

More information about this procedure can be found in this article.

Out-of-court dispute resolution mechanism

A further obligation on online platform providers is to ensure that users and eligible persons (i.e. filers who are not users) can use an out-of-court dispute resolution mechanism.

It is important to note that this is not another stage of the online platform provider’s handling of the case. The case is resolved by an external entity. The online platform provider must indicate to the interested party that the right to use this measure.

The interested party may refer the dispute resolution request to an out-of-court (e.g. certified) body. As a general rule, the online platform provider may not refuse to enter into such a case.

Prioritisation of requests

It is incumbent on the provider of the online platform to implement the necessary technical and organisational measures within its organisation to ensure the prioritisation of notifications made by trusted whistleblowers. These are entities identified by the Digital Services Coordinator that:

1. have specific expertise and competences to detect, identify and report illegal content;
2. are independent of online platform providers;
3. take steps to report accurately and objectively and with due diligence.

Meeting such an obligation may involve, for example, establishing a separate reporting channel for these entities, independent of reports made by others.

Mechanisms for responding to abuse of services

The DSA requires the provider of an online platform to implement mechanisms that the provider can use when abusers use the services it provides. Very often, this is done by those engaged in ‘trolling’.

Firstly, the provider suspends for a reasonable period of time and after issuing a prior warning the provision of services to recipients of the service often transmitting obviously illegal content.

Secondly, the provider suspends for a reasonable period of time and after issuing a prior warning, the processing of reports made through the reporting and action mechanisms and complaints made through the internal complaint handling systems by persons or entities making frequently obviously unfounded reports or by complainants making frequently obviously unfounded complaints.

For example, user A, who has an account on the social networking platform XYZ, reports to its provider as potential illegal content any post by user B that concerns the political situation in the country. User A does not agree with the views of user B, as he himself advocates a different political option. On the other hand, without the need for expertise, the provider of the XYZ platform notices that none of user B’s contributions contain illegal content and that the contributions themselves are constructive criticism. In such a situation, the XYZ platform provider warns user A that he or she is abusing his or her reporting rights and calls on him or her to stop this practice. Despite the call, user A continues to make reports of user B’s statements. Consequently, the provider suspends the processing of user A’s submissions for 1 month.

Additional reporting obligations

An online platform provider has more reporting obligations than a standard intermediate service provider. Below are examples of these obligations.

In addition to the information contained in Article 15 of the DSA (see the article at this link for more information), the online platform provider must also make the following data publicly available (usually on the online platform’s website):

1. related to the conduct of disputes by the online platform provider:

• the number of disputes submitted to out-of-court dispute resolution bodies;
• the results of the resolution of those disputes; and
• the median time taken to conduct dispute resolution proceedings; and
• the share of disputes in which the online platform provider has implemented the decisions of that body.

2. The number of service suspensions broken down by suspensions made due to:

• transmission of manifestly illegal content;
• making manifestly unfounded claims; and
• the filing of manifestly unfounded complaints.

In addition, at least every six months, providers shall, for each online platform or search engine, publish information on the average number of active monthly users of the service in the Union on a publicly accessible section of their online interface.

At the same time, providers of online platforms or search engines shall, upon request and without undue delay, provide information on the average number of monthly active recipients of the service in the Union to the digital services coordinator responsible for the place of establishment and to the European Commission.

Prohibition on the use of dark patterns

An online platform provider must not design, organise or operate its online interfaces in a way that misleads or manipulates the recipients of the service or otherwise materially interferes with or impairs the ability of the recipients of their service to make free and informed decisions. The DSA refers to these types of practices as ‘deceptive web interfaces’, but the business most commonly uses the phrase ‘dark patterns’. The use of dark patterns is an extremely common phenomenon, including in e-commerce. Through such interfaces, users often buy products they do not need at all, or buy more than necessary.

It should be noted here that the regulations of the RODO and the Unfair Market Practices Directive (implemented in the Polish legal order as the Act on Counteracting Unfair Market Practices) take precedence over the DSA provision in this respect.

Transparency of online advertising

Online platform providers that present advertisements on their online interfaces shall ensure that – with regard to each specific advertisement presented to each individual recipient – the recipients of the service are able to clearly, explicitly, concisely and unambiguously and in real time:

• state that the information is an advertisement;
• state, on behalf of a natural or legal person is presented advertisement;
• identify the natural or legal person who paid for the advertisement, if that person is not the natural or legal person referred to in point b;
• find relevant information, extracted directly and readily from the advertisement, on the main parameters used to determine the target audience to which the advertisement is presented and, if applicable, how those parameters are varied.

In addition, providers provide a function for service recipients to make a declaration as to whether the content they provide is or contains commercial information (do you sometimes see on platforms that a particular material is ‘sponsored’? 😊).

Another important obligation imposed on online platform providers is the prohibition to present profiling-based advertising to the recipients of the service under the provisions of the RODO using special categories of personal data (e.g. data on health status or political views).

Use of a transparent recommendation system

Online platform providers that use recommender systems shall set out in simple and accessible language in their terms of service the main parameters used in their recommender systems, as well as any options for service recipients to change or influence these parameters.

The main parameters explain why certain information is suggested to the service recipient. These include, at a minimum:

1. the criteria that are most relevant in determining the information suggested to the service recipient; and
2. the contribution of each parameter (‘how much they weigh’) in determining the recommendation to the user.

In other words, this way we should know that we often see pictures of funny cats on the platform because we watch a lot of videos with them in attendance 😊.

If several options are available for recommender systems that determine the relative order of the information presented to the recipients of the service, providers shall also provide a function that allows the recipient of the service to select and change the preferred option at any time. This function must be directly and easily accessible in the specific section of the web interface of the online platform where the information is prioritised.

Protection of minors on the internet

A final area of obligation for online platform providers relates to the use of their services by minors. These obligations are as follows:

1. the introduction of appropriate and proportionate measures to ensure a high level of privacy, safety and protection of minors in the services provided by providers (the solutions developed in the RODO are very helpful here);
2. prohibiting providers from presenting profiling-based advertising on their interface using the service recipient’s personal data if they know with reasonable certainty that the service recipient is a minor.

Compliance with the above obligations does not oblige online platform providers to process additional personal data in order to assess whether the service recipient is a minor.