Putting the brakes on Big Tech’s uncontrolled power

by Claudia Prettner, Legal/Policy Adviser, Amnesty Tech

Will 2022 go down as the year the EU tamed Big Tech? In the very early morning hours of Saturday, after 16 hours of final negotiations, EU lawmakers reached an agreement on the Digital Services Act (DSA), which is certainly a watershed moment for our digital future. As the deal reached is a top-level political agreement, the final text of the law is yet to be released.

It was amidst the Covid-19 pandemic when this piece of legislation unfolded, a time when the “infodemic” was similarly raging across the internet with conspiracy theories and divisive information spreading like wildfire.

In January 2021, just a few weeks after the DSA proposal was out, supporters of Donald Trump stormed Capitol Hill, seeking to overturn his defeat in the 2020 presidential elections. Social media played a clear role in the preparation and organization of this attack, leading Facebook, YouTube and Twitter to indefinitely suspend Trump’s accounts and demonstrating the enormous power tech giants have in controlling speech and access to the online public square. 

The damning revelations of the Facebook Papers, leaked by brave whistle-blower Frances Haugen in September 2021, showed how the company put profits over safety over and over again, to the detriment of its users’ rights and society at large.  

Russia’s military invasion of Ukraine not only triggered a massive human rights, humanitarian and displacement crisis, but similarly turned social media into a battleground, spurring propaganda and disinformation. This underlines how online platforms are being weaponised to amplify such harmful content and divide society. 

All these examples show once again that online platforms are not neutral, that their algorithms can fuel hateful and misleading content and exacerbate real world harms. These seismic events – from the Covid-19 disinformation to the Facebook Papers and the ongoing information warfare in the context of the Ukraine crisis– have underlined the urgency for legislative action, which has potentially contributed to the record speed in which the DSA has been negotiated. 

Even though the DSA partially builds upon existing law (the eCommerce Directive), its core innovation lies in the novel obligations it imposes on very large online platforms, such as Facebook, Instagram (both owned by Meta), YouTube (owned by Google) and TikTok.

These tech giants will need to assess and mitigate the systemic risks of their services, such as incitement to violence, online harassment, manipulation and other content impacting fundamental rights or people’s health. They also need to probe how their algorithmic systems, such as recommender algorithms, their advertising business model and their data practices impact these risks, and they will be required to adapt their systems and processes accordingly.  

In addition, Big Tech platforms will need to submit themselves to yearly independent audits and they will have to give regulators and researchers access to platform data, allowing them to scrutinize their algorithmic “black boxes”. These measures will ensure increased transparency and proper accountability for violations and harms stemming from these systems. 

The DSA also takes important steps to transform surveillance-based business models into more rights-respecting ones by giving people more transparency and choice over how content is ranked and presented to them online, and allowing for alternatives to algorithmic profiling, such as having your newsfeed in chronological order or sorted by favourites.

Furthermore, this landmark regulation will for the first time protect EU citizens from the invasive use of their sensitive personal data for targeted advertising, which has for years been weaponized to undermine people’s right to privacy, amplify disinformation and divisive content, fuel racism and even influence our own beliefs and opinions. This means, Facebook, YouTube and similar platforms will no longer be able to target you with intrusive ads using your religious beliefs, your political opinion or your sexual preferences in ways you would have never expected or wanted.  

EU member states did however miss an opportunity to make the DSA even stronger by extending the ban to cover all intrusive surveillance-based advertising and ensuring people are not profiled by default for algorithmic ranking, upholding peoples’ right to privacy and data protection. The hefty lobbying by Big Tech certainly played its part in this as they were trying hard to undermine the rules and in particular the ones that cut to the core of their surveillance-based business model. States should build on the provisions of the DSA and impose a ban on surveillance advertising. 

Along with its sister law, the Digital Markets Act, which reached the finish line last month, the DSA is no doubt a pioneer law and has huge potential to set global standards, following in the footsteps of the General Data Protection Regulation (GDPR). And while the successful conclusions of the trilogue negotiations is a milestone, what matters next is how the rules are applied and enforced in practice. 

The question remains as to whether the DSA will have learned from the GDPR’s mistakes. The fact that it has chosen a slightly different enforcement model, giving the Commission full enforcement powers over the tech giants, gives reason for optimism. However, States must ensure that this model is robustly backed by adequate resources and technical expertise to ensure effective implementation. 

Countries beyond the EU must now follow suit, with the spotlight turning across the Atlantic watching US lawmakers’ next move. Other legislators around the world should build on the DSA, learn from its achievements and shortcomings to ensure people are properly protected against Big Tech’s harms across the globe.