23 May 2023

A New European Enforcer?

Why the European Commission Should Not Stand alone in the Enforcement of the Digital Services Act

As a key piece of the European Commission’s digital agenda, the Digital Services Act (DSA) is drawing a lot of attention from civil society, industry, and regulators. So far, aspects like implementation, particularly new due diligence obligations, including what an audit should look like, what services are designated as Very Large Online Platforms and Search Engines (VLOPs and VLOSEs), and crisis protocols received most attention. Less analysis, however, has been directed to the execution of the DSA’s enforcement scheme. One particularly interesting development in that regard is the Commission’s current transformation from being the institution leading the DSA’s negotiations to the one enforcing it. On the occasion of the publication of a new report on possible collaborations between the European Commission and CSOs (Civil Society Organisations), this article explores the challenges faced by the Commission in this transformation. It also offers analysis on the growing trend where courts are “substituted” by specialised authorities which are entrusted with similar prerogatives than the ones traditionally given to the judiciary (thereafter referred to “judicial enforcement powers”).

By law, the European Commission is the executive power of the European Union and is supposed to have judicial enforcement powers. The few times the Commission is referred to being an enforcer is in the competition field. These powers were recognised by article 85 of the Treaty of Rome of 1957, therefore tracing them back to the early days of the European Community. Entrusting the Commission with enforcement powers was deemed necessary at the time to ensure a unified application of rules necessary for the development of the internal market. The Commission is now the “principal enforcer of the EU’s competition rules. As the judicial enforcer, the Commission has “the power and responsibility to investigate suspected anticompetitive conduct, to issue prohibition decisions, to impose fines, and to conclude binding agreements with companies”, all powers very similar to the ones traditionally attributed to courts. Similarly to the enforcement system in competition law that relies on a “combined working of the EU and national authorities”, the DSA’s system relies on a multi-layered approach.

Brief overview of the Digital Services Act’s multi-layered enforcement system

The DSA’s predecessor, the e-commerce directive, strongly relied on self-regulatory initiatives by covered entities (art. 16 of the directive) and enforcement by Member States (art. 20 of the directive). While the DSA still relies on self-regulatory principles with due diligence obligations, its enforcement system has been substantially revisited. Shaped by the delicate balance between harmonised and coherent enforcement on one hand and the Member States’ desire to exercise power over online actors directly on the other hand, the DSA outlines an intricate interaction between national enforcement and European authorities.

At the national level, each Member State shall designate a Digital Services Coordinator (DSC) who will be responsible for matters relating to supervision and enforcement of the DSA and will coordinate national enforcement with sectoral authorities. While the DSCs are presented as the main enforcers, they are left outside most of the enforcement against VLOPs and VLOSEs where the Commission “has exclusive powers” for the supervision of their due diligence obligations. On top of this dual system, the DSA sets up the European Board for Digital Services as an independent advisory group of Digital Services Coordinators, to be chaired by the Commission. Therefore, the DSA’s enforcement system, learning from the pitfalls of the one-stop shop approach of the General Data Protection Regulation (GDPR), establishes a multi-layered and multi-institutional approach where the Commission holds a crucial role. However, as the Commission’s services have not been built to embrace judicial enforcement duties, one might wonder if the Commission has (or will have) the resources to tackle this challenge and meets the highest standards of independence and impartiality usually built-in in the court system.

The European Commission as a new enforcer

Most disputes around the law’s implementation are traditionally resolved by courts where trained magistrates apply and interpret the law. In contrast, an increasing number of legislations have been empowering specialised authorities with judicial enforcement duties. The data protection field illustrates this trend where legislators entrusted authorities outside of the court system to implement, interpret and enforce the law. Courts have a very modest role since they are only involved if there is a disagreement between the data protection authority and the plaintiff or the defendant. At the time, this system seemed justified because the field requires specific understanding of the technology, which often lacked in the traditional court system.

While specialised authorities present some benefits, such as expertise and knowledge of the field, they also have their own challenges. Usually, there are two recurring concerns relating to specialisation: myopia and politisation. Myopia because where agents working on a special legal field usually have a less systemic view of the general framework and pay less attention to the broader legal corpus. The debates between data protection authorities on Facebook’s contractual legal basis is a good example of this challenge. Interpretation of what is “necessary for the performance of a contract” as laid down in article 6 of the GDPR would probably have been a lot smoother if the litigation had not been handled by data protection authorities which are not used to work on the interpretation of contracts but by the judiciary which has much broader experience and knowledge of this area. The enforcement of the DSA will be no exception to this challenge. Enforcers will need to build from the expertise located outside of their institution to avoid this myopia. The second difficulty associated with specialisation is politisation. As Professor Cooper Dreyfuss points out, when issues are considered by generalist courts spread over the territory, “interest groups have limited ability to influence the direction of the law” and the “resources – money and power – of these groups must be spread over the entire judiciary”. On the contrary, “neither resources-spreading nor influence-dilution would occur” for specialised authorities leading to greater risks of influence. Big technology companies’ influence in Brussels is already well-documented and recognised. The enforcement team at the Commission will certainly be an important target of such influence. Aside from these two recurring concerns, another question also arises: why should we keep on creating new specialised authorities and capture litigation from our traditional court system? The digital system is a great example of this specialisation trend where each specific sector has its own specialised enforcer. This over-specialisation creates silos in enforcement and might hurt the coherence of the law.Under the DSA, the “Commission” is the sole authority to supervise and enforce the specific obligations that apply only to the biggest providers. Article 65 of the DSA refers broadly to the “Commission”, without specifying which directorate will oversee enforcement. This role was attributed instantly to the Commission’s team that negotiated the DSA, namely the Directorate‑General for Communications Networks, Content and Technology (DG Connect). Historically, this directorate has mainly been developing and carrying out policies on digital economy as well as research and innovation initiatives. Therefore, new enforcement powers will require a swift and well-designed transition. That transition is a great opportunity for the Commission to put in place strong independence guarantees, draw on collective intelligence and explore expending collaborations with civil society.

A key transition for the European Commission

While the concrete distribution of powers between the Digital Services Coordinators, the Board and the Commission will probably trigger its own difficulties, this article will only focus on the potential challenges facing the Commission as it becomes an enforcer. Two different points will be discussed: recruitment and collaboration.

      Recruitment

While the DG Connect was drafting the DSA, it did not have to develop specific expertise in enforcement. It is therefore safe to assume that most of the current staff has no experience or special training in this area. To reiterate, in principle, most Commission directorates deal with crafting legislation – not with implementing the legal rules against private actors. This will probably prove difficult in the months to come because enforcement not only includes decision making but also involves monitoring, investigating, drafting, implementation of fair procedures. Evidently, training of justice professionals is considered “an essential tool to ensure the correct and effective application of EU law” and as the DG Connect takes upon a similar role, it will be crucial to take into account these specific needs. One can therefore wonder, who will be the agents recruited and how they will be trained to execute their enforcement duties? Can we expect experienced lawyers who worked at the DG Comp to build up the ranks? Will trained magistrates come and join the effort? The first wave of job openings within the “Digital Services Act Enforcement Team” did not give much clarification. Four types of profiles were opened (legal officer, data scientist / technology specialist, economist, and policy officer for digital policies and regulations) for an estimate of 30 jobs over the year 2023. Looking closer at the legal officer position one might regret that it does not refer more explicitly to litigation experience. Among other experiences mentioned, the characteristics expected only briefly refer to “knowledge/experience of regulatory supervision and enforcement in any related domain” as an asset. Will that be enough to effectively guide enforcement against what can be expected army of trained and experienced lawyers working for the biggest online services?

Aside from the stricto sensu Enforcement Team, the recent opening of the European Centre for Algorithmic Transparency shows good potential for developing “in-house technical and scientific expertise to ensure that algorithmic systems (…) comply with the risk management, mitigation and transparency requirements in the DSA”. While strengthening DG Connect and opening an institutional structure to provide in-house expertise is an important step toward an effective enforcement of the DSA, it should not be the only step taken by the Commission.

      Collaboration

The implementation of the DSA is a great opportunity for the Commission to create a system based on collaboration with civil society and building upon outside expertise. Various references in the European Treaties (including for example art. 11 of the TEU and art. 15 of the TFEU) and in the DSA (including for instance art. 40, 45, 46 and 47) encourage collaborations outside of the institutional realm. Another strong argument is the preeminent role given to the protection of fundamental rights as well as the safety of users in the DSA (see notably article 1), both of which are at the core of many civil society organisations’ missions.

An efficient enforcement of the DSA can be achieved by broader collaboration mechanisms between the European Commission and CSOs as recently argued in a recent report. One valuable way to do so could be by setting up an independent expert group on enforcement that should be composed by the Board and civil society actors, such as academics and CSOs. The creation of this group finds its roots in multiple references of the DSA, notably in article 64 and recital 137 which require the Commission to develop Union expertise and capabilities. Once established, experts of this group could bring evidence-based information directly to the Commission and specific expertise on the protection of fundamental rights and the safety of users online. By establishing an expert group, the Commission will not only benefit from valuable expert knowledge but will also demonstrate its willingness to put in place an efficient enforcement system based on collective intelligence.

To sum up, while the Commission’s enforcement powers are expanding outside of the competition law field, one might wonder if the services are equipped to answer this challenge. One sure thing is that the Commission does not have to stand alone: civil society, particularly CSOs and researchers, can help shape an effective enforcement strategy and ensure that the DSA holds up to its promises.