Home AdExplainer AdExplainer: The Digital Services Act Vs. The Digital Markets Act

AdExplainer: The Digital Services Act Vs. The Digital Markets Act

SHARE:

A tide of online accountability has come to Europe.

In July, the European Parliament adopted the Digital Services Act (DSA) and the Digital Markets Act (DMA). Although they were passed as one legislative package, they function as two distinct laws.

The DSA creates new obligations for online platforms to moderate content and be transparent about how they collect and use data.

The DMA, meanwhile, is an anticompetition law designed to rein in what it calls “gatekeeper platforms,” such as Google, Amazon and Meta, including a requirement to get consent before combining personal data for targeted advertising.

The common thread between them is that both the DSA and the DMA call for Big Tech providers to be more accountable for what happens on their platforms.

The fine for noncompliance is even steeper than GDPR, which could result in sanctions of up to 4% of global annual turnover. Companies face fines of up to 6% of annual worldwide turnover for violations of the DSA and 10% for the DMA.

The DMA is expected to come into force by the end of the year, while the DSA will take full effect by 2024.

Service, please

The DSA enforces stricter content moderation, mandates certain disclosures about paid ads and fully bans targeted ads to children under 18 for just about all online platforms. (But heavier responsibility falls on platforms that have 10% of the EU population in their user base.)

EU member states will also have access to the inner workings of platforms’ recommendation algorithms, breaking open their black boxes. Algorithmic transparency will also be user-facing – platforms will have to briefly explain why certain ads were targeted to individual users. This includes allowing users to see ads that aren’t based on “profiling,” for example, or scroll through their social feeds based on chronological, not algorithmic, order.

Platforms also have to release a biannual report on their content moderation efforts.

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

And they’re specifically prohibited by the DSA from using dark patterns, or language that results in users inadvertently agreeing to share their data.

Paired with the prohibition against targeting ads to kids, the explicit ban on dark patterns makes the DSA a strong data privacy play, said Elle Todd, an attorney and partner at London-based firm Reed Smith LLP.

“The DSA is very UX-focused – it’s all about changing interfaces and changing the ways consumers are interacting with platforms online,” she said. “People will see far more impact on a day-to-day basis as everyday consumers from the DSA than the DMA.”

The digital marketplace

The DMA applies to a much smaller subset of companies, specifically those with 45 million monthly active users and/or that have an annual turnover of at least 7.5 billion euros. Amazon, Google, Meta, Apple and Microsoft would all qualify.

Whereas the DSA focuses more on protecting the rights of individual users, the DMA gives European regulators unprecedented power to crack down on anticompetitive and unfair business practices, including over how large Big Tech platforms collect and use data.

The DMA prohibits platforms from combining data sources without explicit opt-in as well as from preferencing their own products and services.

Google, for example, would be barred from combining data from across its services to show targeted ads without consent, and it would be illegal for Amazon to use data from third-party sellers to inform its own competing products.

Picking up where GDPR left off

Once they go into effect, the DSA and the DMA will be enforced by different enforcement bodies. The European Commission is the primary enforcer of the DMA, but EU member states will have to coordinate their own governing bodies for DSA enforcement.

But despite the difference in enforcement, there’s a common goal: reining in data abuse to protect children.Comic: "Protect consumer privacy!"

Both laws are largely consistent with international demands for data privacy laws, especially when it comes to protecting kids online and limiting data collection without the proper consent, said Seth Redniss, co-founder and chief legal counsel of Qonsent, a data platform that helps companies with privacy compliance.

Specifically, the DSA and the DMA provide added protections for children online.

“The GDPR doesn’t say too much about children beyond general statements about processing children’s data,” Todd said. “The DSA is new in that it superimposes a specific prohibition against using children’s data for targeted advertising.”

Next stop America?

The DSA and DMA are both European laws, but the sentiments expressed within them will likely make it to the US sooner or later.

Not to mention that nearly all the gatekeeper companies the DMA targets are based in the US, and that US companies will have to comply with both the DSA and the DMA if they want to do any business in Europe, Redniss said.

The DSA and the DMA have overlapping consent requirements with the GDPR, meaning platforms that don’t comply now can be hit with multiple violations at once, said Susan Israel, a privacy attorney at Loeb & Loeb LLP.

Platforms generally apply user interface changes globally because it’s less complicated to implement.

But whether companies choose to apply European privacy expectations to American users before they’re eventually forced to, Israel said, will be their own decision to make.

Must Read

Why Vodafone Is Giving Out Grades For Its Creative

One way to get a handle on your brand creative is to, well, grade your homework, according to Anne Stilling, Vodafone’s global director of brands and media.

Inside The Fall Of Oracle’s Advertising Business

By now, the industry is well aware that Oracle, once the most prominent advertising data seller in market, will shut down its advertising division. What’s behind the ignominious end of Oracle Advertising?

Forget about asking for permission to collect cookies. Google will have to ask for permission to not collect them.

Criteo: The Privacy Sandbox Is NOT Ready Yet, But Could Be If Google Makes Certain Changes Soon

If Google were to shut off third-party cookies today and implement the current version of the Privacy Sandbox, publishers would see their ad revenue on Chrome tank by around 60% on average.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Platforms Are Autogenerating Creative – And It’s Going To Be Terrible

This week, we’re diving into the most important thing in advertising – the actual creative – and how major ad platforms are well on their way to an era of creative innovation. Actually, strike that. I meant creative desolation.

Comic: TFW Disney+ Goes AVOD

Disney Expands Its Audience Graph And Clean Room Tech Beyond The US

Disney expands its audience graph and clean room tech to Latin America, marking the first time it will be available outside the US. The announcement precedes this week’s launch of Disney+ with ads in Latin America.

Advertible Makes Its Case To SSPs For Running Native Channel Extensions

Companies like TripleLift that created the programmatic native category are now in their awkward tween years. Cue Advertible, a “native-as-a-service” programmatic vendor, as put by co-founder and CEO Tom Anderson.