Eucrim has regularly reported on the EU's new major legislation regulating the digital space, i.e., the Digital Services Act and the Digital Markets Act (→ eucrim 1/2024, 12-13 with further references). The Digital Services Act (DSA) is designed to foster a safer, fairer, and more transparent online environment (→ eucrim 4/2022, 228-230). It establishes new obligations for online platforms, thereby ensuring that EU users are safeguarded against the dissemination of illicit goods and content and that their rights are respected when they engage in interactions, share information, or make purchases online. The DSA is also highly relevant for law enforcement purposes (→ eucrim 1/2024, 13). This news item continues the reporting on the latest developments concerning the DSA in the form of a chronological overview.

• 21/23 April 2024: Adult entertainment platforms Pornhub, Stripchat, and XVideos have been designated Very Large Online Platforms (VLOPs) and now face the strictest obligations under the Digital Services Act (DSA). These platforms must submit risk assessment reports to the Commission, implement measures to mitigate systemic risks associated with their services, comply with enhanced transparency obligations, including those related to ads, and provide data access for researchers.
• 26 April 2024: The Commission has designated Shein, a prominent online fashion retailer, as a Very Large Online Platform (VLOP) under the DSA, based on the company's average of over 45 million monthly users in the EU. This designation necessitates that Shein comply with rigorous regulations within four months. These regulations focus on enhanced user protection, particularly for minors, and diligent oversight of illegal products. Consequently, Shein is required to evaluate and mitigate the risks associated with the sale of illicit products, including counterfeit items, and to enhance its moderation processes and algorithms to prevent the promotion of prohibited items. Next to addressing risks to consumer health and safety, Shein must also undergo annual independent audits, publish repositories of advertisements served on its interface, provide data access to researchers, and issue transparency reports every six months.
• 30 April 2024: The Commission initiates formal proceedings against Meta, the parent company of Facebook and Instagram, to assess whether it violates the DSA. The investigation focuses on several suspected infringements, including Meta's handling of deceptive advertisements, disinformation, and political content. Additionally, the Commission is concerned about Meta's decision to phase out its real-time election-monitoring tool, CrowdTangle, without providing an adequate replacement, potentially jeopardizing the transparency of civic discourse and electoral processes. The Commission also questions the adequacy of Meta's mechanisms for flagging illegal content and handling user complaints. If these suspicions are confirmed, Meta could be found in breach of multiple DSA articles, leading to potential penalties.
• 31 May 2024: The Commission designates Temu as a VLOP under the DSA. Temu is a Chinese online marketplace with over 45 million monthly users in the EU. The company is now obligated to comply with the strictest DSA rules within four months. These obligations include thorough risk assessments and measures to address the sale of illegal or unsafe products, particularly those that might harm minors. Temu is to enhance consumer protection by adjusting its platform's design and algorithms. Additionally, the company must ensure transparency and accountability through annual independent audits, regular risk assessments, and public reporting on content moderation and systemic risks.
• 7 June 2024: The European Commission acknowledges LinkedIn's decision to fully disable the functionality that allowed advertisers to target users based on their membership in LinkedIn Groups within the EU Single Market. This change follows a request for information from the Commission after a complaint from civil society organisations. They raised concerns about the business and employment-focused social media platform LinkedIn potentially enabling advertisers to target users based on sensitive personal data, such as racial or ethnic origin, political opinions, religious beliefs, or trade union membership - in violation of the DSA.
• 10 July 2024: The Commission designates XNXX as VLOP under the DSA. XNXX is a pornographic video sharing and viewing website with over 45 million monthly users in the EU; thus, XNXX surpasses the DSA threshold for this designation. As a VLOP, XNXX must comply with the strictest DSA rules (see also above) within four months, by mid-November 2024.
• 12 July 2024: The Commission informs X (formerly Twitter) of its preliminary view that it breaches the DSA in areas related to dark patterns, advertising transparency, and data access for researchers (for the opening of the investigation → eucrim 3/2023, 245-246). Following an in-depth investigation, the Commission found first that X designs and operates its interface for "verified accounts" with the "blue checkmark" in a way that deviates from industry practice and deceives users. Since anyone can subscribe to obtain this "verified" status, it negatively impacts users' ability to make free and informed decisions about the authenticity of accounts and content. Malicious actors are abusing the "verified account" to deceive users. Second, X does not meet the required transparency on advertising, as it fails to provide a searchable and reliable advertisement repository. Instead, it implements design features and access barriers that render the repository unfit for transparency purposes. This design flaw hinders the required supervision and research into emerging risks associated with online advertising. Third, X fails to provide researchers with access to its public data, as required by the DSA. Specifically, X prohibits eligible researchers from independently accessing public data, such as by scraping, as outlined in its terms of service. Additionally, X's process for granting access to its application programming interface (API) discourages researchers from pursuing their projects or forces them to pay disproportionately high fees. X now has the opportunity to exercise its right of defense by reviewing the Commission's investigation file and responding in writing to these preliminary findings. The European Board for Digital Services will also be consulted.
• 5 August 2024: The Commission makes legally binding TikTok's commitment to permanently withdraw the TikTok Lite Rewards programme from the EU and not to launch any other programme that would circumvent this withdrawal. This commitment addresses concerns raised by the Commission in formal proceedings initiated on 22 April 2024, ensuring compliance with the DSA. Any breach would immediately constitute a violation of the DSA, potentially leading to fines. This case marks the first instance where the Commission accepts commitments from a designated online platform under the DSA and closes formal proceedings as a result. Another proceeding against TikTok under the DSA (opened in February 2024) linked to the protection of minors, advertising transparency, and data access for researchers is ongoing.