EU Digital Services Act

The European Parliament and council agreed on a proposed Digital Services Act.

We reviewed the draft text and also contacted the involved Directorate-General for some more insights.

EU Digital Services Act, in summary. These are our key takeaways for online marketplaces:

  1. The DSA holds obligations for online platforms explicitly mentioning marketplaces. You can find the definitions in art. 2
  2. Traders on marketplaces will have to certify that they comply with GDPR. See art. 22
  3. Traders that make no incomplete or faulty certifications, must be suspended from the marketplace. See art 22
  4. The marketplace interface, will have to make it possible for the trader to publish their privacy policy. See art. 22

You can read our analysis in extenso below.

Digital Services Act – Takeaways

The Covid pandemic boosted E-commerce throughout the EU and the world. This heightened activity and also reinvigorated the desire of the EU to assure the rights of its citizens, in the E-commerce ecosystem.

The European institutions committed themselves to update the rules that define the responsibilities, and obligations, of online platforms and marketplaces. This was done by finalising the Digital Services Act proposal in an agreement between the European Parliament and council.

The Digital Services act will compel online marketplaces to take an active role in confirming the compliance levels of traders, who do business through that marketplace. Also to organise their interface, in a way that enables traders to inform consumers on how they comply with EU law.

Article 22, for instance, makes online marketplaces actively check if traders are compliant with GDPR. The Directorate-General (DG) for Communications Networks, Content and Technology, clarified that Article 22(1)(f) of the DSA, indeed obliges the party concerned to self-certify that it complies with applicable EU law, which includes GDPR. Where the trader fails to provide correct or complete information, the online marketplace shall suspend the trader from its marketplace.

The online marketplace must also make the GDPR privacy policy of its traders available to the end customer, in a clear, easily accessible and comprehensible manner. Furthermore, the online marketplace must design and organise its interface in a way that enables traders to comply with their GDPR obligations.

DG explicitly confirms that the DSA obliges marketplaces to put in place a mechanism that will allow traders to present privacy policies on the interface of the online platform.

The DSA targets online platforms and marketplaces, because the European Union firmly believes Europe requires a modern legal framework that ensures the safety of users online. This will establish governance with the protection of fundamental rights at its forefront, and maintain a fair and open online platform environment.

Failure to comply with these obligations may give cause to fines running up to 6% of the annual turnover. Do note that these fines are additional to the GDPR fines and liabilities already in place.

Don’t forget : online marketplace and retailers are, in most cases, joint controllers, as pointed out by The European Data Protection Board in their September 2020 guidelines on the concept of controller in the GDPR.

When talking about joint controllers, the EDPB mentioned the example of an internet booking platform. To the EDPB it is clear that all participants in this platform are joint controllers. And joint controllers are jointly liable! So if a retailer on the platform is in breach with GDPR, the platform operator can also be liable for the breach by this retailer.

Digital Services Act – summary

In sum : if marketplace and platform operators want to shield themselves from GDPR claims and fines, they need to ask for actual proof of GDPR compliance, and need to refuse any retailer who didn’t put in the GDPR effort.

The platforms that enable their retailers to be compliant, in a simple and economic way, will have a competitive advantage over the competition. Retailers will flock to these marketplaces, disregarding the platforms where they are left to sort things out themselves.

Are you involved in an online marketplace? Contact us to discuss how we can help your platform take a more active role in confirming the GDPR compliance of your traders.