Taking aim at hate speech, disinformation and other harmful content online, the European Union is nearing agreement on a sweeping law that would force big tech companies to police themselves harder, make it easier for users to flag problems, and empower regulators to punish noncompliance with billions in fines.
EU officials negotiated into the late hours of Friday night over the final details of the Digital Services Act, which would overhaul the digital rulebook for 27 countries and cement Europe’s reputation as the global leader in reining in the power of social media companies and other digital platforms, such as Facebook, Google and Amazon. But midnight passed without an agreement announced, though several EU officials tweeting about the proceedings expressed optimism that things were getting close.
The act would be the EU’s third significant law targeting the tech industry, a notable contrast with the U.S., where lobbyists representing Silicon Valley’s interests have largely succeeded in keeping federal lawmakers at bay.
While the Justice Department and Federal Trade Commission have filed major antitrust actions against Google and Facebook, Congress remains politically divided on efforts to address competition, online privacy, disinformation and more.
The EU’s new rules, which are designed to protect internet users and their “fundamental rights online,” would make tech companies more accountable for content created by users and amplified by their platforms’ algorithms.
“The DSA is nothing short of a paradigm shift in tech regulation. It’s the first major attempt to set rules and standards for algorithmic systems in digital media markets,” said Ben Scott, a former tech policy advisor to Hillary Clinton who’s now executive director of advocacy group Reset.
Once agreed to in principle, the law would still need to be approved by the European Parliament and European Council, though that is not expected to be a major hurdle. It has not been decided when the law would go into effect.
Negotiators had been hoping to hammer out a deal before the end of Friday, ahead of French elections Sunday. A new French government could stake out different positions on digital content.
The need to regulate Big Tech more effectively came into sharper focus after the 2016 U.S. presidential election, when Russia was found to have used social media platforms to try to influence the country’s vote. Tech companies like Facebook and Twitter promised to crack down on disinformation, but the problems have only worsened. During the pandemic, health misinformation blossomed and again the companies were slow to act, cracking down after years of allowing anti-vaccine falsehoods to thrive on their platforms.
Under the EU law, governments would be able to request companies take down a wide range of content that would be deemed illegal, including material that promotes terrorism, child sexual abuse, hate speech and commercial scams. Social media platforms like Facebook and Twitter would have to give users tools to flag such content in an “easy and effective way” so that it can be swiftly removed. Online marketplaces like Amazon would have to do the same for dodgy products, such as counterfeit sneakers or unsafe toys.
These systems will be standardized so that they will work the same way on any online platform.
Companies that violate the rules face fines amounting to as much as 6% of their annual global revenue, which for tech giants would mean billions of dollars. Repeat offenders could be banned from the EU market.
The tech giants have been lobbying furiously in Brussels to water down the EU rules. Google said in a statement on Friday that it looks forward to “working with policymakers to get the remaining technical details right to ensure the law works for everyone.” Amazon referred to a blog post from last year that said it welcomed measures that enhance trust in online services. Facebook didn’t respond to requests for comment, and Twitter declined to comment.
The Digital Services Act would ban ads targeted at minors, as well as ads targeted at users based on their gender, ethnicity and sexual orientation. It would also ban deceptive techniques companies use to nudge people into doing things they didn’t intend to, such as signing up for services that are easy to opt into, but hard to decline.
To show they’re making progress on limiting these practices, tech companies would have to carry out annual risk assessments of their platforms.
Up until now, regulators have had no access to the inner workings at Google, Facebook and other popular services. But under the new law, the companies will have to be more transparent and provide information to regulators and independent researchers on content-moderation efforts. This could mean, for example, making YouTube turn over data on whether its recommendation algorithm has been directing users to more Russian propaganda than normal.
To enforce the new rules, the European Commission is expected to hire more than 200 new staffers. To pay for it, tech companies will be charged a “supervisory fee,” which could be up to 0.1% of their annual global net income, depending on the negotiations.
Experts said the new rules will likely spark copycat regulatory efforts by governments in other countries, while tech companies will also face pressure to roll out the rules beyond the EU’s borders.
“If Joe Biden stands at the podium and says ‘By golly, why don’t American consumers deserve the same protections that Google and Facebook are giving to Europe consumers,’ it’s going to be difficult for those companies to deny the application of the same rules” elsewhere, Scott said.
But the companies aren’t likely to do so voluntarily, said Zach Meyers, senior research fellow at the Centre for European Reform think tank. There is just too much money on the line if a company like Meta, which owns Facebook and Instagram, is restricted in how it can target advertising at specific groups of users.
“The big tech firms will heavily resist other countries adopting similar rules, and I cannot imagine the firms voluntarily applying these rules outside the EU,” Meyers said.
The EU reached a separate agreement last month on its so-called Digital Markets Act, a law aimed at reining in the market power of tech giants and making them treat smaller rivals fairly.
And in 2018, the EU’s General Data Protection Regulation set the global standard for data privacy protection, though it has faced criticism for not being effective at changing the behavior of tech companies. Much of the problem centers on the fact that a company’s lead privacy regulator is in the country where its European head office is located, which for most tech companies is Ireland.
Irish regulators have opened dozens of data-privacy investigations, but have only issued judgements for a handful. Critics say the the problem is understaffing, but the Irish regulator says the cases are complex and time consuming.
EU officials say they have learned from that experience and will make the bloc’s executive Commission the enforcer for the Digital Services Act and Digital Markets Act.
AP Technology Writer Barbara Ortutay contributed to this story.