How the DMCA Anticipated the DSA’s Due Process Obligations

Introduction

In 1998, Congress enacted the Digital Millennium Copyright Act (DMCA), a major copyright reform act intended to modernize copyright policy for the next millennium. Among other provisions, the DMCA established the well-known “notice-and-takedown” scheme that reduces the copyright liability exposure of user-generated content (UGC) services. The DMCA puts the burden on rightsowners to monitor online activities and affirmatively take action to stop perceived infringement.¹⁾

In Europe, the DMCA and its notice-and-takedown paradigm became the blueprint for the liability exemptions in the e-Commerce Directive of 2000, the prevailing legal framework in the European Union (EU) for UGC services for two decades. Unlike the DMCA, the e-Commerce Directive applies to all types of illegal content, not just copyright-infringing items. More recently, the EU reformed the liability framework for user-caused copyright infringement in the 2019 Directive on copyright in the Digital Single Market.  In 2022, the EU followed that reform up with an even more comprehensive UGC liability reform in the Digital Services Act (DSA).²⁾

Among other things, the DSA requires UGC services to provide “due process”-like protections for user-authors. This regulatory approach is an important Internet Law development, but it’s not completely novel. The DMCA also contains several due process-like protections for user-authors. This post identifies some of the DMCA’s due process elements, compares them to the DSA’s analogous provisions, and discusses the lessons from the DMCA for the DSA. Though the DSA uses a different policy paradigm than the DMCA, it’s unclear if it will achieve better outcomes.

Comparison of the DMCA and DSA

The DMCA has several design features that anticipate the DSA’s due process approaches. We discuss four such features: notice-and-appeal, disclosure of editorial policies, trusted flaggers, and user recourse for wrongful takedown demands.

Notice-and-appeal

The DMCA’s notice-and-takedown scheme (17 U.S.C.§512(c)) provides rightsowners with a lot of leverage to remove allegedly infringing UGC. Knowing that rightsowners would sometimes make mistakes or even intentionally abuse their privilege, the DMCA contemplated that services would notify users when their items were targeted by rightsowners and provide an opportunity to correct mistakes. However, instead of expressly requiring services to provide notice-of-action or an appellate process, the DMCA provides services with a liability safe harbor if they honor users’ “putback” notices (17 U.S.C. §512(g)). In other words, if users ask to restore the targeted content and provide the service with sufficient assurances, then the service could restore the content without incurring additional liability. Aggrieved rightsowners must then pursue the matter in court or drop it.

The DMCA’s indirect approach to notice and appeals doesn’t provide full due process protections to users. First, services don’t have to notify users about the rightsowner’s complaint or the service’s action in response, though services may voluntarily choose to do so. Second, services do not have to inform users about the putback mechanism, so many users may be unaware of the possibility. Third, and most importantly, services do not have to honor putback requests. There are few legal downsides if the service chooses to ignore it. Thus, the DMCA’s putback safe harbor only vaguely resembles a proper notice-and-appeal process.

In Europe, the e-Commerce Directive remained silent on notice-and-appeals. In contrast, the DSA now provides both notice-of-action (Article 16 DSA) and an appellate process (Article 20 DSA). The DSA requires UGC services to provide a notice-of-action along with an explanation for the removal (Article 17 DSA). In addition, the services must provide a complaint-resolution function that includes human review (Article 20 DSA).

Disclosure of editorial policies

To qualify for the DMCA safe harbor, services must publicly announce their rules for recidivist (alleged) infringers (17 U.S.C. §512(i)(1)(A)). This provision nominally provides transparency about the governing rules to facilitate user compliance, but the statute doesn’t specify any details about the required disclosures. Not surprisingly, many services make complex disclosures that users aren’t likely to understand (see, e.g. Reid 2021, also available here).

Though ruleset transparency is an essential part of due process, users probably aren’t the main audience for the DMCA-compliant disclosures. Instead, the disclosures are more likely intended to help rightsowners monitor if services are appropriately disciplining recidivists. Given that audience focus, the ruleset disclosures don’t provide the level of notice required for due process.

The DSA requires services to make much greater policy disclosures (e.g., Articles 14 and 27 DSA). The disclosures apply to all policies about all types of illegitimate content, not just copyright infringement. Further, the disclosures must provide details about what facts and circumstances will influence the service’s decision, including what considerations affect the service’s decisions.

Trusted flaggers

The DMCA’s scheme of removing the safe harbor upon notice creates substantial incentives for services to honor takedown notices, and remove content on the sender’s demand, regardless of the request’s legitimacy. To protect targeted users from improper removal demands, only notices from rightsowners or their designees implicate the service’s safe harbor, and only when the sender declares that it is “authorized to act on behalf of the owner of an exclusive right that is allegedly infringed” (17 U.S.C. §512(c)(3)). Implicitly, this provision classifies copyright owners and their designees as “trusted flaggers” by giving their notices enhanced legal significance.

However, copyright owners do not always deserve that privileged status. For example, copyright ownership is often disputed. In those circumstances, the trusted flagger status gives one putative owner extra leverage over their ownership rivals online. Furthermore, rightsowners widely use automated means to detect alleged infringement, producing a flood of “robo-notices” with dubious margins of error inconsistent with their “trusted” status (see, e.g., Karaganis & Urban 2015). Instead of protecting users, the DMCA’s trusted flagger paradigm exacerbates content over-removal.

The DSA requires services to prioritize handling of notices submitted by trusted flaggers (Article 22). Regulators can designate a limited number of flaggers who are accorded enhanced legal standing for their notices due to their expertise and competence. Services must notify the regulators if trusted flaggers are submitting too many erroneous reports, which may cause the entity to lose its trusted flagger status. Next to the trusted flagger status awarded by regulators, UGC platforms can voluntarily designate other trusted flaggers (for detailed analysis of the trusted flagger regime, see Rosati’s contribution to this symposium).

User recourse for wrongful takedown demands

To provide users with recourse if the notice-and-takedown process is misused, the DMCA allows users to sue the senders of abusive takedown requests (17 U.S.C. §512(f)). However, 512(f) has helped only a trivial number of users. A 2004 Ninth Circuit Court of Appeals ruling (Rossi v. Motion Picture Association of America Inc., 391 F.3d 1000 (9th Cir. 2004)) permits 512(f) claims only when takedown notice senders subjectively believed their notices were wrongful. However, users almost never have evidence of the sender’s subjective beliefs when initiating the lawsuit. Thus, the DMCA’s main mechanism to curb overreaching takedown notices doesn’t properly function.

The DSA does not enable users to sue submitters of takedown notices. Instead, users may seek compensation from services for inadequately performing their content moderation duties. The DSA also requires services to suspend users who submit manifestly unfounded takedown notices (Article 23 DSA).

DMCA’s Rightsowner Focus v. DSA’s User Focus

As this post shows, the DMCA online safe harbors contain several features that nominally provide users with some due process protections. However, those features were incidental to the DMCA’s primary goal of facilitating interactions between rightsowners and services.

In contrast to the DMCA, the DSA imposes affirmative obligations that services must comply with, rather than safe harbors that services can choose to opt-into. In that vein, the DSA repeatedly dictates how services must interact with users. Will the DSA’s emphasis on user protections, compared to the DMCA’s focus on rightsowners, lead to better outcomes?

Uncertainty #1: Traditionally, “due process” governs the actions of government actors, not private actors, due to structural differences between the two types of entities. Government actors have far greater powers over, and remedies against, their citizens than private companies have towards their “customers.” Furthermore, government actors are sole-source providers of constituent services, and constituents must deal with them even if they don’t want to. Thus, constituents need due process from government actors and constituents because of the government actor’s powers and constituents’ lack of choice.

It can be tempting to analogize large services like Google and Facebook to nation-states, but no private actor has the same monopoly or remedial powers over their “constituents” as any government entity. (Plus, the DSA doesn’t limit its regulatory reach only to big services, such as very large online platforms and search engines). Within the US regulatory context, this raises questions about the appropriateness of imposing government-like due process obligations on private actors.

Uncertainty #2: Government actors fund their procedural mechanisms using mandatory taxes; but when it’s a mandatory cost to for-profit businesses, they will implement it as cheaply as possible (i.e., minimal viable compliance). The DSA’s enforcers surely will question the sincerity of the regulated entities’ implementations. What will the enforcers do about it?

The costs of providing due process may exceed the economic value of any individual user to the for-profit business, so services have incentives to disregard those users’ interests–a common outcome under the DMCA (see, e.g. Keller 2021). The DSA’s due process mandates may raise costs to the point where the services no longer can afford to support users at all. To the extent that the costs cause services to exit the industry or reduce their commitment to user-generated content, some users might lose authoring rights online due to the DSA’s economic impact. Furthermore, increased regulatory costs usually reward incumbents over startups and reduce competitive dynamism (the DSA’s micro- and small-enterprise exemption in Article 19 doesn’t eliminate all compliance costs), which suggests further shrinkage of online expression.

Uncertainty #3: Regulatory enforcement of the DSA’s due process obligations may be hard to distinguish from censorship. Regulatory investigations and enforcements will send strong signals about what the government wants services to do, and those signals may not be bias-free. The DMCA didn’t pose the same risks because it focuses on copyrights, whereas the DSA cuts across all content categories, including topics of substantial political and partisan interest. The DSA’s obligations for very large online platforms to do risk assessments and risk mitigations (Articles 33 to 35) provide a heightened potential for censorial interventions.

Conclusion

The DMCA shows how policymakers have been thinking about user due process since the earliest days of Internet regulation. However, solutions like the DMCA prioritized the interests of rightsowners over those of users. The DSA flips those priorities, substantively structuring the interactions between services and users. In theory, those revamped priorities might protect users better, but they also pose risks of unwanted regulatory-caused outcomes as highlighted in this post. As a result, by significantly extending the limited due process principles attempted in the DMCA, the DSA raises important questions about the appropriateness and implications of imposing due process obligations on private entities.