In recent days, there has been a loud and largely enthusiastic response to the European Union’s final agreement on the Digital Services Act (DSA). The DSA is intended to control online content, including social media platforms and video sites. It was touted as a victory for rights and a statement of the EU’s commitment to privacy and data protection – comparing Europe favorably to the US.
There’s some truth to that view – and the EU faced some of the aggressive lobbying from Big Tech while crafting the law. However, the full story of the DSA could be more complex and present harsh lessons for Ireland going forward.
On the positive side, the DSA contains useful provisions. Now, surveillance organizations will have access to Big Tech’s opaque and harmful algorithms. Technology companies will also have to pay more attention to the security of the products sold on their marketplaces. And image-based sexual abuse will be more strictly controlled.
But it also tackles many big problems that should have been solved under the existing General Data Protection Regulation (GDPR), which the EU introduced in 2016 and enforced in 2018. Strong GDPR enforcement should have already solved the problem of micro-targeted ads. based on Cambridge Analytica-style intimate profiles. Misleading consent requests are also already illegal. Yet European lawmakers felt the need to ban these things again. This is partly due to the failure of European regulators – and in particular the Irish Data Protection Commission – to apply the GDPR to Big Tech companies.
Unless Ireland shows it is serious about enforcing EU digital law, it has little hope of becoming a key digital hub
Curiously, the DSA refrains from tackling the most dangerous online danger: the algorithmic recommendation systems that operate behind the scenes to spread hate and confusion on Facebook and YouTube.
Illegal content and hate groups thrive because the algorithmic recommendation systems of Facebook and YouTube promote it. Facebook’s own studies have concluded that recommendation systems amplify illegal content on a massive scale and drive people to join groups that have driven them to extremism. These systems have threatened democracy elsewhere. They can do it here.
While some forms of recommender systems may be safe, it is very clear that others are not. When an algorithm is designed to probe its darkest instincts and serve a poisoned regime, it should not come pre-installed and enabled by default. The DSA could have banned these systems or forced Big Tech to turn them off until someone turned them on. This would have instantly slowed down the torrenting of illegal material and hateful discussions online.
The GDPR has given Ireland the opportunity to become the key location for digital regulation, which would make us a central player in the global digital economy. But more than a year ago, the Irish Council for Civil Liberties warned the government that the DPC’s failure to uphold the rights of 448 million Europeans creates strategic economic and reputational risks for Ireland. .
Unfortunately, while the government is still talking about taking action, the damage to Ireland has piled up and continues to grow.
The new DSA initially envisioned a GDPR-like mechanism that would give Ireland EU-wide enforcement powers for all online content. This is a vast digital market that would have reinforced Ireland’s pre-eminence as a place of business in the EU. Ireland would have been the super enforcer for all online content issues in the EU, cementing Dublin’s place as the capital of Europe’s digital market. But this project was abandoned. Instead, the European Commission stepped in and will exclusively oversee Big Tech companies under the DSA.
While Ireland remains the lead GDPR enforcer for Big Tech, this is a lost opportunity. The EU clearly sees Ireland as having failed in its role as lead regulator under the GDPR. Promoting Dublin as a global technology hub is a cornerstone of Ireland’s industrial strategy. This should worry the Irish government and the Irish Treasury.
Last year, the Oireachtas Justice Committee recommended that the government launch an independent review of how to strengthen and reform the Data Protection Commission – a move the European Commission has endorsed. It also recommended the appointment of two additional data protection commissioners.
Unfortunately, while the government is still talking about taking action, the damage to Ireland has accumulated and continues to grow. The European Parliament has just signaled that it also wants to take the same approach with the upcoming law on artificial intelligence. Unless Ireland shows it is serious about enforcing EU digital law, Ireland has little hope of becoming a key digital hub not only for online content, but also for artificial intelligence.
While the DSA is to be commended, the failure of the European Commission to ensure enforcement of the latest big digital law – GDPR – should give us all pause. Despite all the hype, the DSA may not be relevant because without enforcement all EU regulations are moot.
Moving the application from “very large online platforms” to the commission does not necessarily change anything. The commission is not currently taking action to ensure that the GDPR is implemented by Ireland. Why should we anticipate that the commission currently overseeing Big Tech will solve the enforcement problem?
The DSA is like all other digital laws in the EU: it is meaningless if it is not applied.
Johnny Ryan is Senior Researcher at the Irish Council for Civil Liberties