.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.png?width=148&height=200&name=Privacy%20Insider%20Book%20(mock%20w%20shadow).png)
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
One of the more influential data privacy laws in the world (or at least data privacy-adjacent) just reached an important milestone; the EU’s Digital Services Act (DSA) is now in effect for "very large online platforms" and "very large online search engines."
In essence, this means the Googles and Metas of the world must moderate hate speech and disinformation on their respective platforms. While the DSA is primarily concerned with combating harmful content, it enters the privacy sphere in that it also requires VLOPs and VLOSEs (i.e., very large online platforms/search engines) to provide options for recommended content that does not rely on user profiling, to be transparent around digital advertising, and generally protect consumer rights.
The DSA’s got teeth, too—businesses risk being fined up to 6% of their total worldwide annual turnover.
That being said, enforcement is a bit of a head-scratcher. The level of effort that it would take to moderate harmful content online seems enormous. And moderating harmful content requires a clear consensus on what content is considered harmful. What happens when VLOPs and VLOSEs’ idea of harmful content doesn’t match with what the regulators’ ideas of harmful content are?
Well, the developers of the DSA considered this issue.
The act addresses this concern by relying on “trusted flaggers”—entities with experience around identifying harmful content, most likely non-government organizations and advocacy groups. Still, it seems like content moderation on this scale will be messy.
Watching this law and its enforcement in the next few years and months will be illuminating, both because smaller organizations will gradually become subject to the DSA as time goes on and because this regulatory approach to internet content moderation has never been tried before.
Best,
Arlo
Top Privacy Stories of the Week
Global Warning Issued on Social Media Data Scraping
The Office of the Australian Information Commissioner (OAIC) and 11 other international data privacy protection organizations have issued a joint statement on the rise in the use of data scraping technologies to collect personal information from social media accounts. Among other subjects, the statement discusses the responsibilities of social media companies, how publicaly available personal information is still subject to regulation, how to protect your own data, and more.
Overview of India’s New Data Privacy Law
India’s Digital Personal Data Protection Act, 2023 (DPDP Act) was enacted on August 11. Learn about how the law treats digital personal data, what requirements data controllers face, what rights the law provides, and more here.
Data Protection: One of These Incidents Is Not Like the Other
All data breaches are data incidents, but not all data incidents are data breaches. This article dives into the difference between the two and provides key, actionable information organizations can take into account to prevent an incident from evolving into a full-blown breach.
DSA Enforcement Takes Effect
As of August 25th, the EU Digital Services Act regulations governing the obligations of "very large online platforms" and "very large online search engines" are in effect. As a result Facebook, Amazon and other large tech companies must curb hate speech, propaganda and other harmful content.
Regulators and Litigators are Investigating Data Flows Through SDKs
Software development kits, or SDKs, are widely used to accelerate software development, but they often contain data collection and transmission through tracking technologies—sometimes without the developers’ knowledge.
Osano Blog: What Is a Cookie Notice, and Why Do You Need One?
Cookie notices can feel like an unnecessary intrusion into an otherwise-peaceful web browsing experience, but they’re absolutely essential to the user experience. Find out why, what’s required in a cookie notice, and what major regulations have to say about cookie notices in this blog.
If you’re interested in working at Osano, check out our Careers page!
