The Net could soon become a safer and more reliable place for those who surf it, because it could be soon for the giants of the web denied access to sensitive user data for sending targeted advertisements. Let’s clarify, egr sensitive data means information about the racial or ethnic origin, sexual orientation, health conditions, religious, political or philosophical beliefs of users, which internet companies appropriate every day for (also) commercial purposes .
The credit for this initiative goes, once again, to the European Union: last January 20, the European Parliament approved, with 530 votes in favor, 78 against and 80 absences, the draft of a bill, called Digital Services Act, which puts a stop to the invasive activities of online platforms and redesigns the relationship between tech platforms and users. A sort of “digital constitution” that aims to reduce the excessive power of the giants of the web, first of all those gathered under the great hat of GAFAM, acronym for Google, Amazon, Facebook (now Meta), Apple and Microsoft.
About twenty years after the introduction of the e-commerce directive, L’the latest European legislation dedicated to this issue, it is therefore time to inject new life into today’s digital ecosystem to increase its transparency and security.
Before clarifying what will change with the provision, let’s take a small step back.
THE NETWORK: A GREAT BROTHER
The digital world offers endless opportunities, but it also hides numerous pitfalls. Browsing the Net, users deliver – more or less consciously – an enormous amount of personal data directly into the hands of tech companies, the main interlocutors with whom they communicate when they are online.
By accessing the Internet, we “limit” ourselves to calling search engines and viewing web pages, advertisements and our virtual counterpart imprinted on social platforms; in reality, on the other side of the screen, silently hidden in the dim light, like an Orwellian Big Brother, the giants of the web take note of our every action for various purposes, including sending targeted advertisements. In fact, a large part of their turnover is based on user targeting to target advertisements in a targeted manner, a process that clearly exploits their personal data, which thus become strategic and economic assets.
Google monitors our every search, Amazon knows tastes, purchasing habits and potential new expenses of those who use it, social networks have the tools to reconstruct the puzzle of our life thanks to the boundless amount of data they possess. This process, born from what in data science takes the name of “datification“, constitutes a sort of compromise for us users: by choosing to take advantage of the services made available to us by the tech giants, often free of charge, we accept at the same time to hand over the data we enter daily using them into their hands.
Of cases of personal data breach unfortunately, newspapers and future history books are full of them at the hands of the tech giants: just think that in 2021 there were 365 reports of personal data breaches in Europe per day, a figure up by 7.5% compared to the previous year, for a total of 130 thousand cases of “data breach” in a single year (and only in the Old Continent). Among the most striking cases, how not to mention the Cambridge Analytica scandal, which involved Facebook and the data analysis company, accused of having stolen the personal data of about 90 million social network accounts without users’ consent. Not to mention the numerous fuss that have engulfed Google, dragging it to court several times, most recently the controversy surrounding the location.
It certainly does not end here: in addition to raiding data, online platforms can also be used for the dissemination or exchange of illicit content, goods and services, becoming dangerous vectors of illegality.
THE DIGITAL SERVICES ACT
The Digital Services Act (DSA) aims to counter, or rather discipline, all this. The bill is part of a broader package of regulations that also includes its complementary, the Digital Markets Act, and which represents the pillars of the reform of the digital space announced in 2020 by the European Commission. With the proposal, the EU is a candidate as a point of reference for the legislation of the Network, pursuing the objectives of digital sovereignty introduced by the Commission of Ursula von der Leyen.
After having received the green light from the European Parliament, the draft text of the DSA will be discussed with the governments of the member states. Once the interinstitutional negotiations (the so-called “trilogues”), which kicked off with a first round of talks on 31 January, there is a good chance that the measure will go into effect. The first results, like like explained the EU Commissioner for the Internal Market, Thierry Breton, would be expected by the summer:
The Commission, together with Parliament and the Council, will complete this important text for our citizens. I am fully committed to achieving this by the summer.
The goal of the DSA is to making the Internet a safer space, regulated by a directive shared by all Member States that replicates the success of the European regulation on privacy and data, the GDPR (General Data Protection Regulation), which remains the main regulatory reference for data protection in the EU. With the DSA, the European Union plans to impose the same measures on the online universe so that what is illegal is made illegal even offline, guaranteeing an even more solid protection of the rights and privacy of Internet users.
Should the DSA become law, users would have more control over their sensitive data and the content that appears to them online. It would be possible to refuse consent to the processing of your data in a much simpler, faster and more linear way and, in case of refusal, you would still have the possibility to access the platform through fair and reasonable alternatives. In addition to this, there would be a simplification of instant messaging programs and procedures for withdrawing from services.
Platforms will also be asked greater transparency on algorithms and the renunciation of the use of deceptive techniques to influence the behavior of those who surf. Which means absolute veto of the so-called “dark patterns”, graphic tricks that induce users to consent to the processing of their data against their will, misled by brightly colored buttons for acceptance and gray for refusal. Turn of the screw also for sites used for the diffusion of pornographic material, to which more stringent obligations will be imposed.
FIGHT AGAINST ILLEGAL CONTENT
Under the magnifying glass also i illegal and violent content, whose removal process would be faster and more effective thanks to a new “notification and action” mechanism. In the past, the European Union had repeatedly urged giants such as Google, Facebook and Twitter to remove illegal content from the web more quickly, with the promise of continuing to monitor their work and to intervene with new legislation if it did not found improvements. Evidently, therefore, the progress made to date has been little, or not very significant. The legislation would also fight political and health disinformation with greater incisiveness, introducing new rules that govern content and protect freedom of expression.
Another novelty concerns the possibility for users to ask compensation for any damage suffered with the non-compliance of the obligations by the platforms. For the latter, hefty fines could be envisaged in case of infringement of the regulation (we are even talking about 10% of the global turnover of the companies themselves).
KNOTS AND DETRACTORS
There is certainly no shortage of detractors from the proposed regulation: some argue that it is incorrect to regulate the digital market in an a priori manner, as it is subject to sudden and frequent changes; others, on the other hand, consider it excessive to apply such massive regulation to the sector, which could slow down its development.
Slight discrepancies have also arisen within the Council itself: as reported Handle, States such as Italy, Spain, Denmark and Poland claim greater protection for the protection of users, while Ireland and the Czech Republic do not fully support the changes to the original text made by the European Parliament, including the granting of greater supervisory power over Big Tech in Brussels.
Net of the small knots still to be solved and the skepticism of a minority of users, it is undeniable that the DSA (in tandem with its “brother” DMA) brings with it a wave of digital democracy more than ever necessary to move an ecosystem – that of the web – paralyzed by a regulatory framework that has been stagnant for years and dominated by the power of the stars and stripes.
The time has come for the EU to do so establish the rules of the game to its legislators, and no longer to big techs.