1 NEW EUROPEAN REGULATIONS ON DATA USE AND CONDUCT OBLIGATIONS FOR DIGITAL CORPORATIONS
The Digital Markets Act (DMA, EU Regulation 2022/1925) and the Digital Services Act (DSA, EU Regulation 2000/31) introduce rules of conduct for digital platforms in the European Union (EU) to ensure the fundamental rights of users of digital services and the conditions to foster innovation, growth and competitiveness. This is based on the consideration that, despite sector-specific measures at EU level, a digital economy has emerged which sometimes leads to unfair conditions for businesses and consumers using these platforms. The aim of the unitary EU Digital Services Act package is to create a legal framework that maintains a safe, fair and open online platform environment. The EU Digital Services Act package entered into force in November 2022 and is expected to be applicable from spring 2024.
As of September 2023, the EU Digital Services Act package has been complemented with the entry into force of the European Data Governance Act (DGA, EU Regulation 2022/868). This regulation establishes rules for the transfer and re-use of confidential, (non-)personal data from EU public sector bodies and aims at creating trusted data sharing and data pooling as well as strengthening the free flow of data.
The DSA creates the legal framework for a safe and fair online environment.
1.1 The Digital Services Act
The DSA determines uniform obligations for digital service providers across Europe. It replaces the provisions of the E-Commerce Directive (Directive 2000/31/EC) regarding liability for the distribution of illegal content and the requirements for deletion and disclosure orders.
Digital services primarily include online intermediaries (e.g. internet access and search engines) and online platforms, such as online marketplaces (e.g. Amazon), social networks (e.g. Meta and Instagram), content sharing platforms (e.g. Box) and app stores as well as online travel and accommodation platforms (e.g. AirBnB).
Different new and far-reaching due diligence obligations apply to these digital service providers, depending on their size, importance and role. The most important obligations include the exchange of data with the authorities on the reporting and cooperation of criminal offences, the obligation to set up a notice-and-takedown procedure for illegal content, as well as comprehensive rules for digital advertising (including a ban on targeted advertising to children) and the design of websites. Strict requirements apply to very large platforms and search engines with at least 45 million monthly active users in the EU. These very large online services must investigate the societal risks of their services, for example regarding the spread of illegal content and the impact on elections, human rights or the mental health of users, and take measures to minimise the identified risks.
Obligations are set for all online providers in the EU.
1.2 The Digital Markets Act
The DMA complements the EU Digital Services Act package and aims to prevent large online platforms, so-called gatekeepers, from imposing unfair conditions on businesses and end-users and to ensure the openness of important digital services.
Gatekeepers are platforms that have a significant impact on the European single market by serving as an important gateway for business users to reach their end-users. This can put them in the position of acting as private rule-setters between businesses and end-users. The DMA defines a total of ten such significant platform services, such as online search engines (e.g. Google Maps), operating systems (e.g. Microsoft and Apple), web browsers (e.g. Firefox), virtual assistants (e.g. Alexa) and social networks (e.g. Meta). For classification as gatekeepers, the DMA defines threshold values that are comparable to the criteria for very large online services according to the DSA.
Gatekeepers are required to implement a number of measures to ensure that end-users can easily log out of central platform services or uninstall pre-installed central platform services and remove default installation software along with the operating system at any time. These rules of conduct are accompanied by compliance, monitoring and reporting obligations of the gatekeepers.
In addition to far-reaching investigative and decision- making powers, the DMA provides the EU Commission with the power to impose sanctions, namely fines of up to 20% of the annual worldwide turnover.
2 IMPACT ON THE SWISS DIGITAL MARKETS
For the Swiss digital markets, the current developments in EU law are relevant in two respects: On the one hand, numerous companies in Switzerland will be directly affected by the new legislation. On the other hand, the new EU legislation will have an indirect impact on market participants in Switzerland.
2.1 Direct Effects
The most important direct effects will affect Swiss businesses who offer services and goods in the EU market, i.e. who are involved in the EU's Digital Single Market. They are obliged to appoint an EU legal representative.
The DSA as well as the DMA and DGA have an extraterritorial effect and impose obligations on all providers in the EU Digital Single Market. In order to enable the enforceability of these obligations, the EU relies on the requirement of an EU legal representative. This representative must have its registered office within the EU and can be hold directly liable in the event of violations of the regulation.
In some cases, there are far-reaching obligations that also apply to Swiss online platforms. These range from obligations to report and cooperate with the authorities to combat illegal digital content to the establishment of a reporting system by means of which users can report content that they classify as illegal.
To increase transparency, online service providers must also publish annual transparency reports describing moderation practices. Hosting providers must clearly and specifically justify any restrictions on their services. Users must also be able to challenge these through an internal complaints system.
Finally, strict regulations apply to advertising. It should be recognisable as such and the advertiser as well as the advertising's financing source (if different) must be communicated. Finally, advertising based on profiling of sensitive data is prohibited.
However, the particularly strict due diligence requirements for very large online platforms (with an average of more than 45 million active users in the EU) or for online platforms with a gatekeeper function will not be directly applicable to Swiss providers, at least for the time being, as no very large online platform is currently based in Switzerland.
A strategy for digital marketplaces is also needed for Switzerland.
2.2 Indirect Effects
Swiss users will benefit from the increased transparency and the far-reaching due diligence obligations of online platforms. Indeed, it can be assumed that platforms operating across Europe will not operate a "Switzerland"-specific solution with different technical standards.
In addition, it may be expected that the Swiss online platforms voluntarily, fully or partially, adopt the protective mechanisms of EU law for public communications and for the fight against illegal digital content as these represent general legal advantages for all users and make online offerings attractive.
Whether the EU governance measures will promote data altruism and data transfers to Switzerland is still unclear. The practice of the online intermediaries and the case law of the EU authorities will show whether the protection of intellectual property rights and, in particular, of trade secrets in Switzerland as the transfer country will be deemed legally sufficient and trustworthy which might lead to the free circulation of more non-personal data between Switzerland and the EU countries.
3 DIGITAL MARKETS AND WHAT NEXT?
In Switzerland also, a concrete strategy for digital marketplaces must be developed as it is necessary to create a trustworthy legal framework to better exploit the innovation potential of data. In particular, this is important in regard to the regulation of online platforms because they play an increasing economic role in Switzerland. Not to be forgotten are regulations on access to and use of digital technologies such as cloud computing and big data, as well as on the development of ICT infrastructures.
The extent to which the legal standards of the EU Digital Services Act package will prevail in Switzerland is still unclear today. It is clear though that the EU has a pioneering role in regulating the digital markets. Swiss online platforms that want to be active in the EU Digital Single Market must adapt to the EU digital standards. The size and importance of the EU Digital Single Market suggests that the EU standards will also be observed and enforced autonomously outside the EU.
Switzerland regularly monitors and analyses the EU digital policy and its measures, as was the case most recently in the analysis document of the Federal Government's Interdepartmental Coordination Group on EU Digital Policy (IC-EUDP) (most recently in March 2023). Initial steps have already been taken to promote trustworthy data spaces in Switzerland and abroad (https://www.bakom.admin.ch/bakom/en/homepage/digital-switzerland-and-internet/strategie-digitale-schweiz/data-policy/digital-self-determination.html). Furthermore, a "Digital Switzerland Strategy" for the federal administration already exists and provides binding guidelines for the digital transformation (https://digital.swiss/en/strategy/strategie.html). In the area of digital economic markets, however, there is still a need for action and until then the EU digital measures will play an important role in guiding the legal standards for online platforms.
In this context, the Data Act (EU Commission legislative proposal of 23 February 2022) is also of interest which shall determine when and how personal and non-personal data generated in the EU can be used commercially. Finally, one should also pay attention to the developments of the AI Act (legislative package of the EU Commission of 21 April 2021) which should determine the obligations for AI applications depending on the level of risk for users.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.