New EU Rules for Digital Services: Why Germany Needs Strong Platform Oversight Structures

Publications

Author: Dr. Julian Jaursch

Topics: Strengthening the Digital Public Sphere and Platform Regulation

German version:  Neue EU-Regeln für digitale Dienste: Warum Deutschland eine starke Plattformaufsicht braucht


Note: All information on the contents and paragraphs of the DSA is still preliminary and based on the latest publicly available text versions. An overview can be found at the European Parliament. If there are any changes compared to the final version of the law, this briefing, including the interactive figures, will be updated accordingly.

Executive Summary

With the Digital Services Act (DSA), for the first time, the European Union (EU) will have common rules for platforms such as Instagram, Twitter, Amazon and also smaller online services. While the DSA has some weaknesses, it is still an important step toward a “transparent and safe online environment” for people in Europe, as the document itself states. For example, it obliges platforms to facilitate user complaints and to deal more transparently with online advertising. Researchers are to be given access to platform data to better understand content moderation and deletion, for example. But as helpful as these innovations are: Even the best rules are of little use if no one enforces them. The most pressing question is therefore: Who will ensure that platforms follow the DSA’s rules?

For very large platforms, it is mainly the European Commission that will be responsible. For all other digital services, member states will have to ensure that the rules are followed. For this purpose, each country must appoint a “Digital Services Coordinator” (DSC). The DSC not only coordinates all national and European authorities on the DSA, but is also involved in supervision. The DSC therefore has a central role to play, which is why answering the question as to who in the member states will take on this task is so significant.

In Germany, it is still unclear who will monitor compliance with the DSA and take over the function of the DSC. A whole range of German authorities and institutions are involved with platform regulation issues, but on their own, no body fulfills all the requirements. This is not surprising, as new laws often require new responsibilities and resources. But for the German government and German parliamentarians, there is now a need to re-think platform oversight in Germany.

It seems obvious to start by looking at existing authorities in the search for a suitable platform oversight body. But leaving it at that would be a missed opportunity. Instead of asking which entity is most likely to meet the requirements of the DSA, the question should be: How can the best possible authority be created? Policy makers in Germany should seize the opportunity to reform platform oversight. Not only is this urgently needed anyways, but the timing is better than ever: The DSA is far from the only EU legislative project on platforms and the data economy; others have recently been passed (Digital Markets Act) or are in the works (Artificial Intelligence Act). In addition, the German government has set out to revise media and telecommunications legislation.

If the federal government is serious about strong platform oversight, it should specifically develop new and combine existing competences at the DSC to create a specialized, independent oversight body. This authority could focus on the specifics of algorithmic content moderation or recommender systems, among other things, without simultaneously having to continue to perform its traditional tasks. Recognizing in this way that a separate supervisory body makes sense for digital services – as is the case for many other industries – would strengthen the implementation of the DSA. It would also be a first step toward resolving the general reform backlog in platform regulation in Germany. Such a technically strong and well-equipped independent authority is needed to supervise platforms in Germany and to provide the best possible support to the Commission at the EU level.

1. Introduction

In the European Union (EU), consistent rules, some of them entirely untested, will soon apply to digital platforms such as Instagram, Twitter, YouTube and also online marketplaces such as Amazon. The EU no longer wants the regulation of such platforms to focus solely on the moderation and deletion of certain content (although there are new rules on this as well). Instead, the Digital Services Act (DSA) introduces corporate due diligence requirements that demand more transparency and accountability from platforms. Very large platforms are required to report regularly on risks associated with their business practices. In addition, in certain cases, they must grant researchers access to platform data, so that scientists can better understand how the platforms’ algorithms work, for example. Online advertising should be more clearly labeled and platforms must offer citizens the opportunity to report potentially illegal content quickly and easily. There will also be complaints offices in the member states for users to report violations of the DSA. The set of rules will most likely have an enormous impact on the online space in which many people move every day. Many of the rules have not previously been in place across the EU. There is also little experience in the member states themselves. In addition to the question of what exactly these rules should look like, the main issue now is who should implement them and ensure that platforms adhere to them.

For millions of internet users in the EU, the question of oversight and enforcement will show how well the DSA actually works in everyday life. The best rules are of little use if platforms can easily circumvent them or if it is difficult to sanction non-compliance– for example, because individual authorities are too weak or European-level supervision is too full of holes. Such problems have been observed for years in European data protection, where progressive rules exist but enforcement is poor. In the DSA, too, there is a risk that without strong, consistent enforcement, the EU’s ambitious goal of ensuring a “transparent and safe online environment” (as the DSA states) will fall flat. In the law, therefore, oversight structures are spelled out that differ considerably from those applying to data protection rules. The European Commission and national authorities are to implement the rules jointly, instead of relying mostly on individual public authorities. The Commission plays an important role in supervising very large online platforms, while bodies at the national level are responsible for smaller platforms. Each member state must designate an authority to coordinate enforcement of the DSA – both between authorities within the country and at the European level. This body can be an existing one or newly created. It is supposed to take on the role of the “Digital Services Coordinator” (DSC). But the name is deceptive, because the DSC is more than just a coordinator: It also has specific oversight tasks.

Who can and should be the DSC in Germany? The German government will have to answer this question. The Federal Ministry for Digital and Transport (“Bundesministerium für Digitales und Verkehr”, BMDV) will be primarily responsible for this, because it is in charge of the DSA. The ministry will submit a draft law proposing a potential DSC, and this proposal will then be discussed in the German parliament (“Deutscher Bundestag”).

The establishment of the DSC will be a central tech policy issue for the German government, as this authority will play an important role in the oversight of digital platforms that shape the everyday lives of virtually all German citizens and companies. In addition to its important role, three other reasons create a certain urgency to answer the question of who is to be the DSC:

  • First, there are already German authorities overseeing platforms under German law. For example, the country was one of the first to introduce regulatory frameworks for content moderation and deletion as well as obligations for transparency reports and explanations of recommender systems. The extent to which these oversight structures have proven their worth and how they might fit into the DSA (and also other European and German legislative projects on platforms) needs to be clarified.
  • Second, the DSA encompasses many other topics that are scattered across different policy areas and political levels in Germany or for which no authorities are responsible at all as of now. Responsibilities must be distributed and expertise developed for these topics.
  • Third, there are deadlines. The DSA is to apply from 2024 at the latest. In the meantime, Germany must have found a DSC and made it operational.

A first step in determining the DSC is to take stock and analyze which tasks it has to fulfill, to what extent German institutions are already fulfilling these tasks and where gaps exist. In a subsequent step, the DSC’s concrete design must be found.

This text mainly deals with the first step: It first explains what the DSC is supposed to do and why it is so important (section 2). From this, it becomes clear that the DSC is more than just a coordinator because, in addition to coordination tasks, it must also perform supervisory tasks. Then the text provides an overview of German platform oversight, analyzes its strengths and weaknesses and shows which questions remain open (section 3). The most important conclusion from this analysis is that none of the existing bodies can take on the task of the DSC on its own and without considerably expanding its competences. This in turn leads to two options for the DSC: a “weak” DSC that is mainly focused on coordinating and a “strong” DSC that can handle the important oversight tasks (section 4).

German legislators should now seize the opportunity to create a strong, independent DSC and thus strengthen platform oversight in Germany as a whole. The DSA provides an impetus to consider not only its own platform regulation rules, but also other EU proposals such as the Artificial Intelligence Act as well as long-discussed reform plans for German digital and media policy. That is why now is such a good time to reorganize German regulatory structures instead of cementing the status quo, which is partly characterized by coordination difficulties and turf battles. Further analyses of legal and political issues are necessary for the development of new platform oversight structures. SNV will also accompany this second step with concrete proposals in the future.

2. The “Digital Services Coordinator” (DSC): Tasks and requirements

In a nutshell
The DSC has an important function in German and European platform supervision. It is more than just a coordinator for the DSA. Coordination is indeed one of the most important tasks for this authority – it must ensure the exchange of information between authorities at the state, federal and EU levels in several policy and legal fields. But it is also the point of contact for citizens and researchers. Enforcing the DSA regarding very large platforms is mainly the Commission’s responsibility but the DSC also plays a role here. In addition, the DSC is responsible for ensuring that smaller platforms comply with the rules.

The DSA sets out rules for digital services and platforms. For the first time, it creates EU-wide regulation that goes beyond the previously valid rules on platform liability. The law contains requirements on reporting mechanisms for illegal content, transparency of online advertising and access to platform data for researchers. Some of the planned rules will only apply to so-called “very large online platforms”. These are platforms with at least 45 million monthly users in the EU. A detailed analysis of which criteria should apply to distinguish between platforms, which due diligence rules exist in detail and how these could be improved cannot and should not be undertaken here. It is sufficient to note that the DSA covers platforms of very different types and sizes, from cloud providers to online marketplaces, social networks, video sharing sites and search engines.

For all these services, the DSA aims to create a “transparent and safe online environment” – as one of its chapter headings puts it. What makes the online space of EU citizens “transparent and secure” is interpreted broadly in the legal text. It can mean, for example, understandable, easily accessible information about how social media networks’ algorithmic recommender systems work. Product safety can also be meant, for example, when it comes to counterfeit or unsafe products on online marketplaces. The protection of fundamental rights is also covered: The DSA stipulates that major platforms must prepare reports in which they explain potential risks to privacy and freedom of expression, for example. The DSA thus goes well beyond issues of platform liability, which formed the core of the E-Commerce Directive from 2000. The DSA updates and expands the directive and revolves more around transparency obligations. It thus touches on many different topics, such as consumer protection, data privacy, media regulation and telecommunications law.[1]

Oversight of such diverse platforms’ compliance with rules on such diverse topics is to rest with national authorities and the European Commission. The Commission largely takes over the supervision of “very large online platforms”. For “not very large” online platforms, member states are responsible (with very small platforms exempt from DSA rules). Each member state must designate which authorities are responsible for enforcing the rules. Because the DSA touches on so many issues, in most member states, many different authorities come into question for this. Therefore, countries must additionally determine which national authority will have lead responsibility for oversight and enforcement as a so-called “Digital Services Coordinator” (DSC). It is therefore possible that rules from the DSA will be enforced by several authorities in one member state. In this context, the DSC is a kind of first point of contact for enforcement and a hub for EU-wide coordination. It is also explicitly assigned certain enforcement tasks. Two broad areas of responsibility for the DSC can be described (see figure 1):

Made with Flourish

 

Please click or tap on the words in the chart to view the related DSA articles.

The DSC is therefore not just a coordinator, but is involved in enforcing the DSA, too. A closer look at the supervisory tasks illustrates this (see figure 2). The DSA provides for special “due diligence obligations” that apply specifically to very large online platforms (Articles 25 to 33). For example, such large platforms must prepare risk reports, have enhanced transparency obligations and must create a database of all online advertisements. But these due diligence requirements are only at the top of the DSA pyramid: The basis of the framework is formed by rules that apply not only to very large online platforms, but to all online platforms (Articles 8 to 24; excluding very small platforms). These rules stipulate, among other things, that platforms must have reporting channels for potentially illegal content, that they must explain their algorithmic and human content moderation in an understandable way, and that they must produce transparency reports on this.

Made with Flourish

Please click or tap on the words and icons in the figure to view the related DSA articles and additional information.

The role of the DSC as an important pillar of enforcement also becomes clear when considering the criteria it must meet. According to the DSA, each member state must ensure that its DSC is independent, well-equipped, transparent and has certain competences (see figure 3). These requirements also apply to all other national authorities tasked with enforcing the DSA.

Made with Flourish

Please click or tap on the words in the figure to view more information.

Behind the individual tasks and powers lie important broader questions that member states need to answer: What should a complaints body for citizens look like? What needs to be done to establish a system for vetting trusted flaggers for illegal content? What exactly does “independence” in the case of the DSC mean and how can it be ensured? Which possibilities for coordination and information exchange already exist, which ones need to be created and how? Such questions arise in all EU member states. What is peculiar in Germany, is that the country has already developed some legal regulations on platform regulation and must now consider how these can be brought in line with the DSA. In addition, the federal system raises questions about how authorities at different political levels may and can cooperate.

 

3. Platform oversight in Germany

In a nutshell
Taken on its own, no German body can take on all the functions of the DSC without comprehensive adjustments. This is not surprising: New laws often require new expertise and powers. Knowledge on some of the topics covered in the DSA already exists among German authorities. However, this is distributed among various agencies and needs to be significantly expanded. A holistic approach to platform supervision, which the DSA encourages, does not yet exist.

Germany has undertaken several legal reforms in recent years that provide for stronger and more specialized oversight of platforms. As a result, some of the rules of the DSA are already being tested in Germany, such as those for transparency reports on content moderation. In addition, there are bodies that address specific issues from the DSA, for example, the platforms’ self-regulatory bodies that provide a reporting system to check potentially illegal content.

The following overview (see figure 4) maps some of the German institutions and laws touching upon platform regulation. It does not only highlight entities that are eligible to be a DSC or actively seek out this role. The DSC must be an “authority”, which is why associations without the status of a government authority, for example, are ruled out. Rather, the chart is intended to show how many different issues the DSA touches. The overview does not claim to be exhaustive: There are many other agencies in Germany that deal with the topics of the DSA in a broader sense. For example, customs plays a role in dealing with counterfeit or unsafe products, as do authorities at the state level – here, too, there could be links to the DSA. When it comes to algorithmic discrimination, the Federal Anti-Discrimination Agency (“Antidiskriminierungsstelle des Bundes”) could also be relevant (and again, there are similar agencies at the state level). The Federal Office for Economic Affairs and Export Control (“Bundesamt für Wirtschaft und Ausfuhrkontrolle”) is required to conduct risk-based audits of companies to monitor their compliance with due diligence requirements on their supply chains[2], which could be linked to the risk assessments required by the DSA. Private sector organizations could also contribute to the implementation of the DSA, such as the company TÜV Rheinland regarding standardization and auditing.[3] There are also laws, compliance with which has not yet been monitored by an authority, that play a role in considerations of the DSA: For example, there are already transparency regulations and obligations to explain algorithms for platforms that have commercial users (“Platform-to-business” regulation, or P2B regulation for short). However, Germany has not appointed a competent authority for this, but leaves enforcement to the courts.

On the one hand, the figure 4 overview shows that experience in dealing with platforms already exists in some places in Germany, but on the other hand that no authority alone can fulfill all the requirements of the DSA.[4]

Made with Flourish

Please click on the authorities in the figure to view more information. Open the full-size chart in a new tab.

3.1 What expertise on the tasks of the DSC exists in Germany, where are gaps? Supervision and enforcement

Supervision and enforcement

By making the term “coordinator” part of the name of the new position, the aspect of coordination at the DSC is emphasized. However, the DSC is not only supposed to coordinate the enforcement of the DSA, but also takes on enforcement responsibilities itself. For those platforms that are not considered “very large”, the DSC provides oversight, and it may also be involved in oversight for “very large” online platforms (see figures 1 and 2 in section 1). In addition, there are specific areas of responsibility in which the DSC is to be active, regardless of platform size. In Germany, expertise in some areas the DSA covers is missing, while in others, it is scattered across many bodies. This means that a holistic view of platform supervision, which the DSA at the very least encourages, is lacking.

An important task of the DSC concerns data access and analysis. There is little experience in this area in Germany to date, which is why existing structures would have to be significantly expanded. The DSC must be able to request and analyze large amounts of data from platforms. The DSA stipulates that, upon request, very large online platforms must provide data so that the DSC where the platform is headquartered and also external researchers can conduct investigations. In the past, misconduct by tech companies mainly came to light when journalists or researchers obtained internal data through leaks or whistleblowers. For example, Sophie Zhang exposed misconduct at Facebook in dealing with disinformation[5] and Frances Haugen denounced the platform for condoning the potential negative impact of its service on minors[6]. The DSA is intended to make it easier to obtain data from the platforms and thus better understand how they work, which should ultimately also help to improve the rules for content moderation and transparency, among others, in the long term. Even considering that many very large platforms do not have their headquarters in Germany: Which authority would even be able to handle large amounts of data, analyze it and draw conclusions from it?

In many German authorities, data-driven regulation is still in its infancy. The need for and potential of data science in regulatory agencies is recognized, but the structures for it are still being built in many cases. One example of an agency that already works with data and is expanding these activities is the BNetzA. For example, it receives extensive data sets as part of market analyses. Moreover, a sub-department is being set up there specifically to focus more on data science: In addition to the historically established sector-specific oversight tasks for electricity grids or telecommunications, the “Internet, Digitization Issues” sub-department now does not look at individual sectors, but rather works on studies and market analyses on platforms or certain topics such as “artificial intelligence”, independently of preexisting regulatory rules. Other agencies also work with large data sets and their own databases, for example, the media authorities with their media database or the market observations conducted at the Federation of German Consumer Organisations (“Verbraucherzentrale Bundesverband”, vzbv). Such expertise would need to be significantly expanded so that data can be used to better understand systems for content moderation, algorithmic recommendations or the placement of online advertising. This requires specialized experts in computer and data science[7]. In addition, practical experience and knowledge of sociology, anti-discrimination, human rights and psychology are also needed. Apart from the necessary expertise, there must also be the motivation to request and evaluate platform data, which has so far rarely been part of the self-image of German authorities.

However, it is not only the DSC that will be able to request platform data in the future. One of the most important innovations of the DSA is that researchers will also have this option. Here, too, the DSC has a role to play: Before researchers can obtain data, the DSC must vet the applicants, for example, by checking the data protection concepts and research purposes. Such prior checking of researchers for data use is not yet provided for in German law, at least not by authorities. Each platform can decide according to its own rules whether to make data available and, if so, to whom and in what way. There are guidelines in Germany on how to deal with requests for data access. However, firstly, it is up to the companies and not the authorities to check these requests and, secondly, there is hardly any experience to date in this regard, as the rules have only been in force since the beginning of 2022 (based on the NetzDG; see below). An indirect link to the vetting process are certification procedures, for example, at the BNetzA or at the media authorities, although these often involve technical systems, for instance, regarding age verification, and not people. This means there is also a competence gap in Germany with regard to vetting researchers. Here, it might be worth taking a look at the strengths and weaknesses of the different approaches taken by tech companies.

Shaping the rules on data access is thus an important task specifically assigned to the DSC, and one for which there is no long-standing experience in Germany. Expertise already exists on other supervisory tasks of the DSA, although this expertise is spread among several bodies and only covers parts of the DSA in each case. For instance, this is true for the issue of content moderation and the removal of possible illegal content.

The DSA stipulates that platforms must explain their content moderation to users in a comprehensible way and report on it annually. There should also be notice-and-action mechanisms for potentially illegal content. If platforms have been informed by authorities about illegal content, the companies must delete this content. These rules affect many authorities and areas of law in Germany – they may have to do with product safety, freedom of expression, other fundamental rights protections, the criminal code or all of the above. Different sets of rules and authorities deal with these diverse aspects. Some important German laws that touch on these parts of the DSA are the Interstate Media Treaty (“Medienstaatsvertrag”, MStV), the Network Enforcement Act (“Netzwerkdurchsetzungsgesetz”, NetzDG) and the Youth Protection Act (“Jugendschutzgesetz”, JuSchG). They explicitly address some types of online platforms that are also covered in the DSA. Based on these laws, the strengths and weaknesses of German platform supervision become visible.

The MStV is the key piece of legislation on media regulation in Germany. It is an “interstate treaty” because it is agreed upon by the German federal states. After years of reform, it came into force at the end of 2020, with some of the associated statutes not coming into force until the beginning of 2022. With this reform, state media authorities are responsible for “media intermediaries” for the first time, a definition that partly overlaps with “online platforms” from the DSA. Media intermediaries include social networks, video portals and search engines, but not online marketplaces, which are also covered in the DSA. For example, the media agencies are to ensure that these services explain their recommendation systems. In contrast to the broader goals of the DSA, however, this transparency requirement is mainly about ensuring media pluralism and diversity of opinion. Other issues of fundamental rights protection are not explicitly addressed, whereas this is the case for the DSA, which refers to all fundamental rights and specifically mentions consumer protection and the right to privacy, for instance.

The Federal Office of Justice (BfJ) also focuses explicitly on the supervision of online platforms due to the NetzDG.[8] The NetzDG uses the term online platforms to refer to social networks and not online marketplaces, which are also covered by the DSA. Since 2017, the NetzDG has stipulated, among other things, that platforms must provide users with notice-and-action mechanisms for potentially illegal content and submit reports on content moderation and deletion. These rules apply to platforms with at least two million registered users in Germany, which is a much lower threshold than the 45 million monthly users in the EU, which according to the DSA constitute a “very large online platform”. The BfJ is supposed to ensure compliance with the rules, but for a long time had only limited powers to do so. It was only through a subsequent NetzDG reform, which has been in force since the end of 2021, that the BfJ was given any supervisory powers at all for online platforms. Before that, the office was a “prosecuting authority” and therefore was not allowed to actively contact tech companies on regulatory matters, but only to communicate with them in lengthy, formal processes regarding possible violations of the law.[9] This weakened NetzDG oversight for a long time.[10] But there were weaknesses even in the measures that were allowed before the reform: For instance, the BfJ imposed a fine on Facebook, but the corporation refused to pay it for years without any consequences.[11]

Unlike the BfJ, the Federal Agency for Youth Media Protection (“Bundeszentralstelle für Kinder- und Jugendmedienschutz”, BzKJ) is explicitly following a regulatory approach focused on a dialogue with companies. It is based on the Youth Protection Act, which came into force in 2021 after long and sometimes conflictual discussions between the federal and state governments. Similar to the state media authorities, the thematic focus here is very narrow, as it deals exclusively with the protection of children and young people.

These examples highlight that there is an awareness in Germany for the need for separate rules for platforms. This is fundamentally in line with the DSA. In addition, the laws have had the effect of building up specialized expertise on platforms in the relevant authorities. This also applies to other authorities, for example, the BNetzA and also the BKartA. However, weaknesses also become apparent when the tasks of the DSC are considered: One lesson from the development of the BfJ is that the DSC should be allowed to communicate with platforms and needs sufficient clout to be able to assert itself against them, if necessary. Media regulation and youth media protection are concerned with key aspects of protection of fundamental rights on platforms, which is in line with the goals of the DSA. However, they only cover partial aspects of the DSA, which goes beyond social networks and beyond issues of media pluralism and youth media protection. Another challenge for the DSC is to take into account the special features of smaller platforms. In Germany, the platform oversight often focuses on very large online platforms, but after the entry into force of the DSA, these are to be supervised mainly by the Commission. This is the case, for example, with the BKartA, where the field of activity, by its very nature, mostly encompasses larger companies and corporate mergers. After the entry into force of the Interstate Media Treaty, the media authorities also focused their attention on very large platforms[12] on the one hand and on individual blogs and websites[13] on the other. Yet, in Germany, there are also many smaller social networks and online marketplaces that could be affected by the rules of the DSA. Unlike large, global tech corporations, they are less in the spotlight, often follow in the tradition of medium-sized businesses (“Mittelstand”) and have fewer resources for political and economic networking.[14] Even more than larger platforms, they could benefit from exchanges with an authority that knows these conditions and takes them into account in its own communications work.

Considering this, it becomes clear that there are promising approaches to platform oversight in several places in Germany, be it the development of data-based supervision, be it on important topics covered in the DSA, be it on regulation that relies on a dialogue with platforms. However, there is a lack of focus on a holistic, fundamental rights-based platform oversight structure that particularly takes into account small to medium-sized platforms. The DSA does not directly demand such a focus from an individual DSC, but the envisioned oversight tasks at least encourage building the relevant expertise. It is therefore worthwhile to draw lessons from existing structures. This is not to say, however, that these structures are or should be the only blueprint. Parallels to other industries and regulatory approaches need to be considered, but social networks are not television broadcasters and online marketplaces are not postal service providers. Accordingly, the “institutional design” of platform regulation must also be based on a “holistic” rather than a fragmented understanding of platforms and content moderation.[15] Germany, thanks to several reforms in media regulation, the NetzDG and also in digital youth and consumer protection, is further along than other countries, but is still far away from such a holistic approach to platform oversight.

Coordination and cooperation

Germany already has a lot of experience regarding the coordination of different agencies, which could help the DSC. However, even with this experience, it is an open question whether the coordination tasks of the DSC are already being fulfilled by existing bodies.

Examples of intra-German coordination mechanisms can be found in many places. The need for this is particularly pronounced in policy areas in which the federal states play an important role. This applies, for example, to data protection: The state authorities are responsible for supervising the private sector in their federal state. In the Data Protection Conference (“Datenschutzkonferenz”, DSK), they draw up joint statements or resolutions under an annually rotating chairmanship. The Federal Commissioner for Data Protection and Freedom of Information (“Bundesbeauftragter für den Datenschutz und die Informationsfreiheit”, BfDI) is also represented in the DSK and is responsible for data protection supervision of the federal authorities (and some private sectors).

In media regulation, too, institutions at the state level are responsible for the supervision, in this case of TV stations, radio stations and some online services. But there is no federal authority as there is in data protection. At the federal level, however, there is a “Joint Management Office” of the state media authorities, which was created expressly to serve as a “central point of contact” for the state media authorities and to coordinate their work. It also supports bodies of the state media authorities at the federal level, such as the Directors’ Conference (“Direktorenkonferenz”, DLM), the Commission for the Protection of Minors in the Media (“Kommission für Jugendmedienschutz”, KJM) and the Commission on Licensing and Supervision (“Kommission für Zulassung und Aufsicht”, ZAK). These bodies not only coordinate the exchange of information or the drafting of opinions, but also make regulatory decisions on media supervision. Their structures vary: In some cases, they consist exclusively of representatives of the state media authorities (as in the case of ZAK; the costs for this are borne by the state media authorities); in other cases, other representatives of authorities and interest groups also participate (as in the case of KJM).

These examples reveal how differently coordination structures can be set up in Germany, depending on the legal basis and also historical developments. The “Joint Management Office” is a permanent point of contact and does not itself issue coordinated opinions. This means that it is set up differently from the Data Protection Conference, whose office changes annually depending on the chairmanship and whose coordination work consists, among other things, of drafting joint opinions. Both, in turn, differ from the other bodies of media regulation, which not only bring together representatives of the media institutions, but also have a say in supervision and enforcement.

There is an additional level of coordination that is required of the DSC: Its task is decidedly not only a matter of coordinating authorities from one policy field, as is the case with data protection and media regulation, respectively. The DSC must deal with issues that were previously the responsibility of different authorities. For example, the DSA regulates which data may be used for targeted online advertising, which has a strong connection to data protection, and it also prescribes reporting channels for potentially illegal content, which touches on issues of criminal law.

There are also examples for this type of cross-sectoral communication between authorities in Germany. These range from informal and sporadic discussions to regular meetings and formalized cooperation. At the working level in particular, employees from different authorities engage in informal exchanges. At the management level, there are both ad-hoc meetings (for example, when representatives of media institutions and the Federal Office of Justice discuss the NetzDG[16]) and regular formats (such as the annual talks between state media authorities and the Federal Cartel Office[17] or the exchange between the BfDI and the Federal Office for Information Security (“Bundesamt für Sicherheit in der Informationstechnik”, BSI). Formal cooperation can relate, for instance, to a joint investigation into messenger and video services (as happened between the Federal Cartel Office and the BSI[18]) or a joint procedure for dealing with complaints (as agreed by the BNetzA and the media authorities[19]).

These very different coordination mechanisms should be thoroughly evaluated for the establishment of the DSC: What kind of coordination should the DSC actually take on? How does this function relate to its own enforcement tasks? What forms of information exchange and what coordination mechanisms have proven effective? What degree of institutionalization is needed? Does a chair make sense, and if so, what kind?

The DSC would have to combine several components of previously known formats: Like the Data Protection Conference, it would have to bring together federal and state authorities. Like the KJM, it would have to combine coordination and supervisory tasks. Like the procedural rules of the BNetzA and the media authorities, it would have to enable the formal exchange of information between policy areas (see also section 4.1). Such an oversight body at the federal level, which assumes both coordination and supervisory functions across policy areas, does not yet exist for platforms.

In addition to coordination within Germany, exchange at the European level is also a task for the DSC. German authorities have experience in this area, too, particularly because of their work in European regulatory networks. Such networks exist on almost all topics (see Figure 4 in section 3), but they vary in strength and institutionalization. The European Regulators Group for Audiovisual Media Services (ERGA), for example, is still relatively young, has no office of its own and can issue opinions to the Commission upon request. The Body of European Regulators for Electronic Communications (BEREC), meanwhile, was established as an EU body in a legal text, maintains an office and its opinions must be taken into account by the Commission. In both cases – and also, for example, in competition law or consumer protection – such EU networks enable German bodies to exchange information with other European authorities as well as the European Commission. This is an important task of the DSC, where many German bodies already have experience.

Some of the European networks are also linked to each other or at least exchange information with each other. One example are meetings between BEREC and ERGA[20] or the participation of the BNetzA in the Europe-wide network of consumer protection authorities (Consumer Protection Cooperation, CPC) on geoblocking. This type of exchange at the EU level across several topics is less pronounced, however. The DSC will still have to do this, for instance, as part of the newly created “European Board for Digital Services”. This body is to consist of all DSCs, which means that regulators from different areas could be represented here. For example, France had brought its reformed media regulator into play as a DSC. In other countries, meanwhile, it could be consumer protection or telecommunications regulators, or completely newly created agencies. Beyond cooperation within the body, there may also be specific cases where different DSCs jointly conduct investigations or exchange information. For the German DSC, therefore, it is useful to collect best practices on interdisciplinary and cross-border oversight structures.

3.2 Where does Germany meet the requirements for the DSC, where are gaps?

Independence

The DSC, or platform oversight in general, must help ensure that people’s fundamental rights take precedence over political and profit-driven intentions. This is why the “complete independence” that the DSA demands of the DSC is so important. Precisely because the DSA is also about content moderation systems, the risk of capture by corporate and political interests must be kept as low as possible. Neither politicians nor tech companies should be able to assert their interests in the DSC without public scrutiny. At the same time, external expertise must be taken into account, for instance, from science, civil society and business. This is especially true since it would not be in the interest of the EU legislators to create the DSC in a vacuum in which it is accountable to no one. Such a set-up would also be incompatible with German constitutional law. The question therefore arises as to what exactly is meant by “complete independence”.

A look at previous regulatory structures can at least provide some clarity and reveals that not many institutions in Germany come close to the required complete independence. An important clue as to what this means is provided by a European Court of Justice ruling on Germany’s data protection oversight. In 2010, the court ruled that the German BfDI was not “fully independent”. As a result, Germany had to change its own data protection rules. After a long reform process, the BfDI was transformed in 2016 from a “higher federal authority” based at the Federal Ministry of the Interior to a “supreme federal authority”.[21] The latter is not subject to technical or legal supervision by a federal ministry. If a ministry has technical supervision of an authority, it can intervene in the substantive work of the authority. Legal supervision is more limited: Here, it is only a matter of checking whether the administration is acting lawfully.[22] Thus, more independence has been ensured by changing the structure of the authority, namely its assignment to a ministry. In addition, the BfDI also has its own budget. This brings additional independence, but also means that the authority has to fight for its budget on its own and cannot rely on a higher-level federal ministry for this, as other authorities can.

Reforms to ensure greater independence may also be pending at the BNetzA as a result of a different court sentence. This authority can be considered partially independent. It is a higher federal authority and is therefore subject to the supervision of the federal government. But regulatory decisions – for example, on charges for gas network access – are made in decision chambers whose decisions cannot be overturned by federal ministries. However, this independence must be further strengthened, initially at least for energy regulation. In the fall of 2021, the European Court of Justice complained that the federal government could pre-structure regulatory decisions too much.[23] So, here, too, changes will be necessary. Until these are implemented, it is questionable to what extent the “complete independence” is given.[24] The situation is similar at the BfJ. It is subject to the technical and legal supervision of the Federal Ministry of Justice. This set-up has long been criticized with regard to the agency’s NetzDG tasks. The Cologne administrative court elaborated on this in a ruling on the NetzDG and confirmed the BfJ’s lack of independence.[25] The situation is different for bodies such as the German Institute for Human Rights (“Deutsches Institut für Menschenrechte”, DIMR) and the vzbv, which are heavily dependent on the Bundestag and the federal government, respectively, for funding (although they also raise third-party funds) but are not subordinate to any ministry.

The media authorities are seen to be very close to complete independence, even though their structure and legal basis cannot be directly compared with the structures of federal authorities. The independence of the state media institutions can be traced back to the “distance to the government” (“Staatsferne”) of public broadcasting in Germany, as coined by the Federal Constitutional Court.[26] The media authorities repeatedly emphasize this independence from the government, especially with regard to EU legislative projects such as the DSA.[27] One aspect of this independence is that the respective management of the media authorities is usually elected by a pluralistic body. This body cannot have any members who also belong to a legislative body, such as the state parliament. However, there are few restrictions on the management of the media institutions themselves, resulting in many directors having previously worked in state ministries or at regulated media companies.

The restructuring at German authorities due to European laws and rulings shows that the demands for “complete independence” are high. There are not many role models for this complete independence of the DSC in Germany. To refrain from a technical supervision by the federal government and to introduce accountability to parliament (instead of a ministry) seems to be a minimum requirement. The legislators could also stipulate that the DSC’s management level may not work for the regulated platforms during as well as for a few months before and after their activities at the DSC (i.e., a kind of cooling period not only for politicians and civil servants). Ensuring the independence of the DSC thus raises many questions. This will be one of the key challenges in setting up the German DSC. The other requirements, such as transparency or competences, pose less difficult questions for policymakers.

Transparency

A regular reporting obligation is common for many German authorities, so there are numerous examples for the DSC. For instance, the reporting obligation that the BfDI must follow could serve as a model (§ 15 of the Federal Data Protection Act): It must not only transmit its annual activity report to the federal parliament, Federal Council and federal government, but also make it available to the public, the Commission and the European Data Protection Committee. Transmission to the European Parliament could additionally be considered.

However, it is not only the legal basis that is important for the DSC reports. Rather, lessons should be learned from the design and content of the activity reports. A comparative assessment of different reports of existing authorities could be helpful to collect good examples. For the DSC, it should also be explicitly stated that the reporting obligation applies to the tasks of platform supervision. The BfJ, for example, does publish activity reports, but only on specific areas of work. There is no reporting obligation on the NetzDG – i.e., the topic related to platform supervision – which makes public scrutiny of the authority’s work in this field harder.

In connection with the considerations on the independence of the DSC, thought could be given to a separate transparency registry documenting in real time (and not just in annual reports) the contacts of the supervisory authority, in particular with the business community. This is not yet common practice among German authorities. The public documentation of contacts could increase both transparency and independence of the DSC.

Resources

Adequate technical and financial resources and qualified personnel are especially important for platform oversight because, first, it requires specialized technical expertise and, second, the companies supervised are among the richest and most influential in the world. There are certainly complex, technical issues in many other industries that have been regulated for a long time, but these are rarely as intertwined with fundamental rights issues as algorithmic recommender systems, data-based advertising and content moderation are. Oversight of large companies is part of the daily work for many agencies, be they electricity providers, television broadcasters or telecommunications service providers. But even these heavyweights pale in comparison to tech corporations like Amazon, Meta and TikTok, all of which are covered by the DSA. These companies, even when plagued by scandal, can lure top programmers and lobbyists with big money.[28] In order to operate on an equal footing, not only the Commission but also the DSCs must become attractive employers.

Therefore, the DSA provides that national bodies must have sufficient resources to fulfill their tasks. Similar terms can also be found in other European and German laws, for example, for the telecommunications sector (for the BNetzA) or for data protection with the General Data Protection Regulation (GDPR). In reality, however, there are not only significant differences between the authorities (see figure 5), but also bottlenecks in resources despite the legal obligations. The BfDI and state data protection authorities, in particular, have been known for years to be underfunded. The additional tasks of the GDPR have still not been reflected in adequate resources, which in turn makes it more difficult to enforce data protection rules.[29] New staff is also needed for the expanded tasks of the Federal Cartel Office. The media institutions are financed by the broadcasting fee. Under the MStV, they now also oversee online platforms, but whether there will be a budget increase in this context is an open question.

Made with Flourish

Consideration should already be given to the financial requirements that the new tasks of the DSC will entail (see section 3.1). This certainly involves hardware and software, but it is much more important to hire suitable experts. For instance, expertise is needed on data analysis, statistics and computer science when it comes to analyzing large amounts of data. Understanding platform risk assessments requires knowledge of algorithmic decision-making as well as human rights and anti-discrimination. Any discussion about the “adequate equipment” of the DSC must therefore go beyond mere numbers games and must address the question of how qualified people can be recruited and retained (see also section 4).

Against this background, the leadership of the DSC must also be considered. Top priority should be given to professional expertise across the board, but there must also be an accomplished and committed person at the top. How well an agency director can make their voice heard in politics and how prominently they are represented in the public depends on many factors that the head cannot change on their own and in a hurry. These factors include the agency’s legal powers, the current focus of the federal government and the media and the external perception of the regulated companies. For example, the leaders of the BKartA and BfDI might be in the media spotlight when they announce high-profile decisions against large tech companies, which is simply not possible for other agencies. Nevertheless, the heads of the respective authorities have a lot in their hands to enforce regulations energetically and consistently, explain their work and gain political advocates.

Competences

The powers that are required of the DSC are already laid down in law for some bodies in Germany. Like with the transparency obligations, there should be little friction here with the provisions of the DSA. For example, the BNetzA, BKartA, BfDI and media authorities are allowed to inspect documents at companies and demand information from them.[30] They may also search business premises in certain cases.[31] The DSC should also be allowed to impose fines and periodic penalty payments – something many German agencies are already able to do. For instance, the BNetzA imposed a fine of 260,000 euros on a call center for unauthorized telephone advertising[32] and the BfDI imposed one of 9.55 million euros on a telecommunications service provider[33], although a court reduced this to 900,000 euros[34]. The media authority for Berlin and Brandenburg enacted several penalty payments on the broadcaster RT.DE[35]. German authorities are also already using “interim injunctions”. For example, the BKartA had ordered Facebook not to link user data (this order did not hold up in court, however)[36].

Similar to the transparency reports, it would make sense to analyze and evaluate how well the legal powers actually work in practice. Here, reference should again be made to the BfJ fine against Facebook, the payment of which the corporation delayed for years (see under section 3.1). A comprehensive analysis could help to identify how well and quickly the process of fining companies works, what expertise is needed for searches or questioning and whether orders can be implemented.

 

4. Why Germany needs a strong DSC

In a nutshell
The federal government could set up a minimal DSC that acts as a kind of secretariat, passing on most of the tasks of platform supervision to other authorities. Alternatively, it could specifically build up and pool competences at the DSC, making it a central authority for platform supervision. This is the sensible solution, as an expert and independent body is most likely to meet the requirements of European platform oversight.

For new, EU-wide rules for platforms to actually be enforced and help people, a strong, motivated oversight agency is essential. The unfavorable alternative, when progressive rules are in place, but their European enforcement is spotty, has been demonstrated in data protection (see section 3.2). National supervisory failures in industries such as finance and automobiles also underscore the serious consequences that can result from inadequate supervision. The DSC must therefore be a strong, independent supervisory authority with not only legal but also technical expertise, with particular knowledge of and consideration for the peculiarities of smaller platforms, with sufficient competences and with checks and balances on its power in place. Much more than in the past, platform supervision must utilize data analyses, incorporate even more different perspectives, try out different approaches to regulation and view itself as part of a system with experts from civil society and academia.[37]

How can such a DSC be established in Germany? Two options appear possible, a weak and a strong DSC. A weak DSC would take on only the absolutely necessary supervisory and coordination tasks specifically earmarked for it, while general oversight tasks would remain largely with existing authorities. This minimal DSC would thus be a sort of forwarding office or secretariat. For a strong DSC, the federal government would bundle various existing competences in the DSC and would also push for a considerable expansion of competences, thus shaping the DSC into a true oversight agency.

In the following, I argue for a strong DSC, that combines existing and specifically develops new competences for platform oversight. The federal government should not limit itself to a weak DSC that is more of a secretariat than an oversight agency (see also figure 6). In the long term, and ideally, it would make sense to create such an oversight agency as a new, independent body that can specialize in platforms from the outset: a “German Digital Services Agency” (“Deutsche Digitale-Dienste-Agentur”, 3DA). In the short term, however, it is more realistic for policymakers to select an existing agency as the DSC. Therefore, I also address the extent to which a strong DSC can be built there. In both cases, there are still many substantive legal and political questions that can be raised here but not yet definitively answered. Detailed research, analysis and proposals in this regard will be the subject of future SNV work.

Made with Flourish

Please click or tap on the icons in the figure to view more information. 

4.1 Why a strong DSC is important and what it could look like

There are numerous reasons for building a strong DSC that can actively shape the online space. If platform supervision competences are pooled in the DSC and new thematic knowledge is built up in a targeted manner, expertise on online platforms would be gathered in one place. With strong expertise and the appropriate competences, the DSC would be in the best position to make technical decisions itself and also facilitate coordination between many different authorities. There would also be a point of contact for European authorities that would not have to refer every request to other agencies. An independent, strong body would also be the best way to support the Commission in enforcing the DSA at the European level or, if necessary, to push it along or counterbalance it. Some of the rules of the DSA, such as those on data access or reporting requirements, offer good starting points for setting common standards with non-European partners.[38] Here, too, a strong DSC could make a better contribution than a body without its own expertise and practical experience. More fundamentally, the targeted expansion and bundling of competences would recognize that platforms need supervision tailored specifically to them – as has been the case for companies such as TV and radio broadcasters, network operators and banks for decades. Lessons should be drawn from the strengths and weaknesses of these supervisory systems for the development of German platform oversight structures.

Why a strong DSC is beneficial and how it might be designed also becomes clear when looking at the key requirements for this authority:

  • Independence: The DSC must be as independent as possible from political and economic influence. In Germany, federal authorities without specialized supervision or media institutions that are independent of the state offer examples of this. The development of a strong DSC along the lines of such examples would make it possible to consider additional safeguards, for example, in the form of its own transparency and lobbying rules. A pluralistic, specialized and independent advisory body that not only has thematic expertise, but can also identify and publicize potential outside attempts to exert influence, could support the DSC. It could also possibly be involved in proposing who should lead the DSC. The leadership could then be elected by the German parliament. These points would also help avoid a rigid and overbearing super-agency. This is important precisely because the DSA touches on fundamental rights issues such as privacy or freedom of expression. The final answer to questions on such matters must remain with courts and not with a non-elected regulator.
  • Resources and structures: According to the DSA, the DSC needs sufficient resources for its coordination and supervisory functions. For this purpose, a body with its own identity is a good idea, one that does not merely pass on tasks to other authorities and does not see platform supervision as a secondary activity. The DSC should build up expertise itself and be able to deliberately draw on additional external expertise. The DSC should be headed by a leader with the appropriate expertise, for example, in the areas of fundamental rights protection, platforms or the data economy, who can network nationally and at the European level and give the DSC a profile through public relations and science communication. The DSC must be an attractive employer for people with these diverse backgrounds, precisely because it competes with tech companies for these talents. To do this, there needs to be a certain openness and flexibility in the agency structure, for instance, regarding recruitment and pay, that is not always the case for existing authorities.[39]
  • Technical expertise and creative drive: The DSA takes much stronger aim than previous rules at the processes of online content moderation. It also focuses much more than before on using data from regulated platforms to check compliance with EU rules and to enable research. A dedicated, specialized expertise is needed to work at this intersection of data analysis, corporate compliance, content moderation and fundamental rights protection. The DSC should be designed to build and expand this expertise. For example, a chief technology officer (CTO) and a data science department could be established. This will require experts from a variety of disciplines, including computer and data science, sociology, psychology, design, political science, economics and law, and with a range of practical experiences. In-house data analyses should be an expression of the self-image of actively shaping the online environment. This also includes other activities, such as the DSC acting as a forum for companies, civil society and science, or informing users about their rights.

In short, platforms need their own approaches to supervision, and a strong DSC would provide them. The fact that platform supervision needs its own approach is already reflected in the everyday work of some German agencies, such as the state media authorities, the BfJ and the BNetzA. But the expertise that is being built up in many places is embedded in structures that were not originally created for online platforms. The way media pluralism can and should be secured online differs from how it is secured in radio and television: The way content spreads via algorithmic recommender systems and the scale of digital communication spaces require their own approaches. Regulation of large telecommunications companies differs from that over search engine providers, social networks and video sharing sites precisely because it also involves freedom of expression and other fundamental rights. Recognizing this allows an appreciation for why it is worthwhile to develop and pool competences for this in a new, independent agency, also considering that specialized platform oversight currently plays only a secondary role in the allocation of resources, too.

The German DSC should take over the supervisory tasks for platforms that already lie with other authorities. Specifically, this means that the tasks of the BfJ should be absorbed into the DSC if NetzDG rules remain in place after the DSA. A much more extensive (and legally much more difficult; see “Open questions” below) bundling of competences would make sense in the long term if, for example, tasks regarding digital consumer protection at the BNetzA and possibly at the BSI, regarding youth media protection at the BzKJ and regarding platform supervision at the state media authorities were combined. This would work best in a new, independent agency that can place the above-mentioned points of independence, resources and expertise at the center of its work from the very beginning. Such an agency would clarify and streamline German platform oversight structures and create a specialized platform regulator that is distinct from other regulatory fields. In addition, conflicts between existing authorities could potentially be avoided if competences are not shifted between them but handed over to a new body.

Open questions on cooperation between the federal government and the states

Other countries are already pooling platform supervision competences in a single authority. France, for example, merged the two authorities for audiovisual and digital communications at the beginning of 2022 to form the new ARCOM (“Autorité de régulation de la communication audiovisuelle et numérique”). The United Kingdom has longer experience, as its media regulator Ofcom (“Office of Communications”) is a kind of large umbrella for different specialist areas such as telecommunications, radio and internet regulation. This structure is known as a “converged regulator”.[40] From these experiences, German lawmakers can learn lessons about what contributes to strong, dynamic supervision and where weaknesses lie. However, oversight structures from other countries cannot be transferred one-to-one to the German situation. Even if it were desirable to establish an authority like Ofcom in Germany, difficult legal issues would first have to be resolved.

One of the biggest open questions is how the federal structures in Germany can be taken into account when enforcing the DSA. The law is justified on the grounds of safeguarding the EU’s internal market, which clearly places responsibility with the federal government. But the rules in the DSA also concern oversight of content moderation. This in turn is related to safeguarding media and opinion pluralism, and on these issues, the German federal states claim their competences.

In its statement on the first draft of the DSA, the “Bundesrat” (Federal Council), which is Germany’s legislative body representing the federal states, had already emphasized that the “supervisory structures in the media sector”[41] must be observed. This refers to the state media authorities. If the state media authorities were to regulate issues jointly with federal authorities, legal questions arise about “mixed administration”. Mixed administration here means that the federal and state governments jointly perform administrative tasks. However, Germany’s constitution, the Basic Law (“Grundgesetz”), sets strict limits on this: In principle, the responsibilities of the federal government and of the states should be separate.

This makes joint media supervision by the federal and state governments more difficult. But even within these limits, there are possibilities for cooperation.[42] For example, in certain cases it would be conceivable for one authority, such as the BNetzA, to obtain the consent of another authority, such as a state media authority, before making a regulatory decision (via consultations or agreement).[43] Platform oversight that brings together expertise from the federal and state governments thus seems possible. Political decision-makers should work with other legal and administrative experts to create legal clarity so that the federal and state governments can supervise platforms together.

At least in the short term, however, an independent agency is unrealistic, since the DSA sets tight deadlines and there are probably neither the financial resources nor the political will to set up a new agency quickly. Therefore, it is more likely that existing structures will be expanded. One advantage of this could be that some of the personnel, expertise and processes of the existing authority could be leveraged. In more practical terms, questions about the location of the DSC could probably be avoided if sufficient space is available at the authority.[44]

Especially if an existing authority becomes DSC, however, a significant expansion of existing expertise as well as a pooling of competences from other agencies is necessary and possible. A “German Digital Services Agency” could then be established on a smaller scale within an existing authority. It is foreseeable that the Federal Ministry for Digital and Transport will bring its “own” authority BNetzA into play as a DSC and that the federal states will continue to emphasize the role of the media authorities in ensuring media pluralism. At the BNetzA, competences could be bundled in a separate “Online Platforms” department, for which the existing sub-department “Internet, Digitization Issues” could be further expanded. It would have to be independent, i.e., not within the realm of the ministry’s technical supervision. Depending on the scope of the DSC’s tasks, there could also be a separate decision-making chamber for regulatory decisions, which would coordinate with other bodies if necessary (see “Open questions” above). In the case of the state media authorities, the internal coordination effort is already high between the 14 agencies, but at least there is already a body in the form of the Directors’ Conference which brings together all media authorities and has a representative responsible for European affairs. In any case, the requirements for a strong DSC mentioned above should also be taken into account if it is located in an existing authority: Its independence must be guaranteed, its technical expertise must be further developed and its self-image as a significant actor in platform oversight must be recognized.

4.2 Why now is the right time for a strong DSC

Germany has already undertaken many reforms, for example in competition law, media regulation, telecommunications and also in the form of the NetzDG (see section 3). Authorities such as the BNetzA have experienced a significant increase in competence to also cover digital services. This shows that there is an awareness of the need to respond to new companies, business models and challenges that were unknown when, for example, broadcasting or telecommunications regulation came about. These reforms took place in separate policy areas. This has resulted in competences for platform oversight being scattered across many agencies and at various political levels. Since long before the DSA, there have been discussions to expand, pool and centralize competences in order to improve supervision for platforms or more generally for the data economy.

Previous reform proposals are not directly applicable to the DSC because they do not explicitly address issues from the DSA. However, they do show that the need to reorganize oversight of platforms and the data economy has been known for a long time. This should be taken into account when building the DSC, as it could ideally help deal with some of the stalled reforms. A by no means comprehensive look at the debates follows here:

  • A centralization of data protection supervision has been the subject of controversial discussion for years (for the structure of German data protection oversight, see section 3.1).[45] Even if centralization still seems unrealistic, the federal government has at least announced that it will “institutionalize” the Data Protection Conference[46], which can be understood as strengthening federal-state coordination.
  • The idea of a “digital agency” has been circulating in Germany for a long time. This idea, which has not been fully developed, should not be revived for the DSA and does not fit because the agency was thought to mainly take on tasks relating to digital infrastructure projects. Yet, the discussion on this agency has shown the need to consider data protection and competition law together. That was the original approach presented in a report for the Federal Ministry for Economic Affairs and Energy (“Bundesministerium für Wirtschaft und Energie”, BMWi) that appeared in 2017 and showed “competence gaps”[47], for example, in market supervision in the digital area. Another paper for this ministry analyzed steps to establish such an agency.[48] A study by the Friedrich Ebert Foundation added questions on “algorithm transparency” to the tasks of a digital agency, which is closer to the DSA.[49] The digital agency was mentioned in the 2018 coalition agreement[50], but its development was never seriously pursued. Instead, there was progress in the further development of competition law through the amendment of the Competition Act (“Gesetz gegen Wettbewerbsbeschränkungen”, GWB) and at the EU level through the Digital Markets Act (DMA).
  • The Data Ethics Commission (“Datenethikkommission”) identified further gaps on oversight, especially for algorithmic systems, which are also used by search engines and social networks. The commission advocated for both new laws as well as new supervisory structures in this area, for example, through expanded and/or new authorities and a “Competence Center for Algorithmic Systems”.[51] Here, too, there have been important developments since the Data Ethics Commission’s report, not least through the DSA, which provides for transparency rules for recommender systems. The MStV also addresses algorithmic systems.
  • Proposals regarding German media regulation have been around for years, based in part on clear criticism of the fragmented supervisory system (for the structure of German media oversight, see section 3.1) and accordingly calling for reorganization at the federal level. While important reforms have been achieved, such as the MStV and the revision of youth protection rules, both sets of regulations hardly addressed the respective fundamental, structural issues.[52] The “Institut für Medien- und Kommunikationspolitik” (Institute for Media and Communication Policy) has long criticized that decision makers have largely lacked the will to move away from the “dogmatic” concept of broadcasting and create a newly structured, holistic supervisory body.[53] But the criticism does not only emanate from academia and civil society, but also from the ranks of media policy and regulation itself.[54] To cite just one example: Hans Hege, head of the media authority for Berlin and Brandenburg for decades, publicly explained why new approaches to regulation were needed for the supervision of Google or Facebook. He said the current model was outdated and “useless” if it continued to operate “with a decision-making body of volunteers and a monocratic administrative top management”.[55] The State Media Treaty has not changed this model. It remains to be seen whether the federal-state working group envisaged in the coalition agreement, which is to “revise rules relating to media law and media politics”[56], will redesign these structures.

 While Germany’s platform supervision is spread across many policy areas, the DSA considers media regulation, consumer protection, product safety, competition and data protection together. Different platforms and topics are dealt with together that are supervised at different political levels and in different places in Germany. Resolving this dichotomy is one of the most important tasks facing the German government in shaping the DSC. But it is not just the DSA that provides new rules for platforms and the data economy. A whole host of other planned or already implemented laws touch on platform oversight. It makes sense to consider these EU regulations together to avoid duplicating structures. This is another reason why now is such an opportune time to question the distribution of competences in German platform supervision.

In addition to the DSA, there are at least half a dozen other general or sector-specific laws with links to tech regulation (see figure 7). Without claiming to provide a complete and critical analysis, the following legislative projects have recently been completed or are about to be completed at the EU level alone:

Made with Flourish

Please click or tap on the words and icons in the figure to view more information. 

Even this non-exhaustive list shows how important knowledge regarding online platforms, data, algorithmic systems and data-based business models will be for enforcing many different laws. In some cases, the draft legislation provides for new supervisory structures; in others, explicit references are made to the DSA and the DSC, respectively. The latter is the case, for example, for the draft on online political advertising. A strong DSC could therefore also build up expertise in this area. There are also links to the planned “Artificial Intelligence Act” and the P2B Regulation, for which there is currently no regulatory oversight at all.

So, there is experience with weak oversight of EU rules. There has been a reform backlog on platform oversight in Germany for years. There are several EU legislative projects for the data economy that require suitable oversight structures. There is no body in Germany that can easily take on all the tasks of platform supervision. Now, with the DSA, there is a law that, by calling for a DSC, can provide the impetus to look at all these developments together and create a strong, new authority that pools and develops competences. To view the DSC only as a type of forwarding body would disregard all these developments.

4.3 Why a minimal DSC is not enough

The DSC could be set up to perform only those tasks directly assigned to it and otherwise act in a coordinating capacity. Most DSA enforcement and supervisory tasks would thus be left to other authorities. At first, this sounds sensible because existing authority structures can be used and a variety of regulatory approaches can be applied. Precisely because existing structures can be used, it may seem less burdensome and costly to set up the DSC as a kind of secretariat or forwarding office. The DSC would need fewer staff and no extensive organizational structures would have to be built up, so that it might be able to be operational more quickly.

However, it is a fallacy to think that building a mini-DSC is cheap. For one, even such a weak DSC would need to be able to vet researchers requesting data access, use data and act as a complaints office. Resources are needed to do this. In addition, to fulfill the other enforcement functions of the DSA, there would still need to be investment in German platform oversight, just at existing authorities rather than a separate body. The argument that a DSC as a secretariat would keep German administrative structures leaner is thus invalidated. Instead, resources would be needed in many different places at all political levels, which would entail the risk of costly duplicate structures. There is also the risk that there is little incentive to build up technical expertise at the DSC for the assigned tasks and for platform supervision in general. The DSC would thus not be a body that helps shape the online space but would have to rely on others to do so. A DSC with weak expertise and equipped only for a minimum of the intended tasks also risks being overshadowed in its coordination duties by established, large authorities. This also applies to its role at the European level, where it would probably not be able to act as a strong force vis-à-vis the Commission and in the European Board for Digital Services.

A mini-DSC would challenge the status quo of German platform oversight much less so than building up and pooling competences in a separate body would. While several authorities would have to take on new tasks from the DSA, the structure of German platform supervision would not be altered significantly. For some, this may be an advantage because no authority would feel deprived of its power. However, even without the creation of new structures, some oversight tasks will move to the Commission with the DSA. Thus, it is not the case that a minimal DSC ensures that powers remain with existing agencies. Perhaps such a design could avoid disputes over who cedes what authority to a new body. But even this is doubtful, because conflicts of interest can still arise between the various authorities, and these conflicts harbor the danger of blockades and turf battles, especially with a weak DSC. Stalled enforcement of the DSA could be the result. Finally, and most fundamentally, sticking with the status quo, even if there were no major conflicts, would further delay the reforms of digital oversight structures that have been needed for years and would fail to recognize that separate oversight structures for platforms are necessary.

5. Outlook

How the German DSC will be designed is both a technical and a political question. German lawmakers are thus faced with a landmark decision. They have the chance to ensure a “transparent and safe online environment” for millions of people by building a strong DSC. Never before has there been such a comprehensive, specialized EU-wide regulatory framework for platforms, online marketplaces and other digital services. National authorities in EU member states will play a key role in implementing the new rules in cooperation with the Commission. To contribute to a strong European platform supervision in the best possible way, Germany should create a well-equipped, independent authority as a DSC that pools existing competencies, builds up new ones and can thus focus holistically on platform oversight. Setting up a mini-DSC primarily as a forwarding office is clearly not advisable. This apparent solution would fail to recognize the important oversight tasks that the DSC assumes and would entrench the fragmented platform supervision structures in Germany.

Because the DSC is of such central importance and the implementation of the DSA will affect almost all people and companies in Germany, these issues should be discussed publicly. Debates in parliament, in the media and in civil society can help to gather positive examples and ideas for strong platform oversight in Germany.

Acknowledgements

The research for this analysis benefited significantly from interviews with experts. The written and/or oral interviews with representatives of public authorities and discussions with experts from academia, civil society and business were designed to ensure as best as possible that both self-assessments and assessments by others of German platform oversight and, particularly, of the landscape of public authorities in Germany were included in the analysis. This would not have been possible without the openness of the experts involved. I would like to express my sincere thanks for this willingness to engage in dialogue. In addition to the SNV team, I would like to thank representatives of the public authorities as well as Aline Blankertz, Christina Dinar, Lisa Dittmer, Dr. Stephan Dreyer, Torben Klausa, Martin Madej and Dr. Abel Reiberg for their helpful criticism and comments on previous drafts. Furthermore, the SNV team deserves great thanks for their, as always, excellent support during the entire research and publication process.

The views expressed in the text do not necessarily reflect those of the experts with whom I have exchanged views or of their employers, and any remaining errors are my own.

The paper is part of a project on German and European platform oversight funded by Stiftung Mercator and Reset.

Creative Commons License

This content is subject to a Creative Commons license (CC BY-SA 4.0). The reproduction, distribution and publication, modification or translation of the content of the Stiftung Neue Verantwortung marked with the “CC BY-SA 4.0” license as well as the creation of products derived from it, are permitted under the terms “Attribution” and “ShareAlike”. Detailed information on the license conditions can be found at Creative Commons.

Sources and footnotes

[1] Cf. on the interlinking of different policy areas with regard to platforms Australian Competition and Consumer Commission, “Digital Platforms Inquiry - Final Report” (Canberra: Australian Competition and Consumer Commission, July 26, 2019), 5; Torsten J. Gerpott, “Wer reguliert zukünftig Betreiber großer Online-Plattformen? Aufsichtssysteme in den Vorschlägen der Europäischen Kommission für Gesetze über digitale Märkte und über digitale Dienste,” Wirtschaft und Wettbewerb 71, no. 9 (July 1, 2021): 486.

 

[2] Many thanks to Anna Würth and Melanie Wündsch for this hint.

 

[3] Many thanks to Alexander Ritzmann for this hint. Regarding possible risks on auditing algorithms, see Mona Sloane, “The Algorithmic Auditing Trap,” OneZero, March 17, 2021; Julian Jaursch, “Why The EU Needs To Get Audits For Tech Companies Right,” Techdirt, August 19, 2021; Hans-Jakob Schindler, “Proposed EU Digital Services Act (DSA): Provisions Concerning Auditing and Recommendations for Strengthening This Mechanism,” (Berlin: Counter Extremism Project, June 7, 2021); more generellay on artificial intelligence, see Leonie Beining, “Vertrauenswürdige KI durch Standards? Herausforderungen bei der Standardisierung und Zertifizierung von Künstlicher Intelligenz” (Berlin: Stiftung Neue Verantwortung, October 2020).

 

 

[5] Julia Carrie Wong, “How Facebook Let Fake Engagement Distort Global Politics: A Whistleblower’s Account,” The Guardian, April 12, 2021.

 

[6] Simon Hurtz et al., “Facebook Files: Die Erkenntnisse aus den internen Dokumenten,” Süddeutsche Zeitung, October 25, 2021.

 

[7] Cf. Tommaso Valletti in Adam Satariano, “E.U. Takes Aim at Social Media’s Harms With Landmark New Law,” The New York Times, April 22, 2022; Alex C. Engler, “Regieren braucht Datenwissenschaft,” Tagesspiegel Background Digitalisierung & KI, March 24, 2022; Giorgio Monti and Alexandre de Streel, “Improving EU Institutional Design to Better Supervise Digital Platforms” (Brussels: Centre on Regulation in Europe (CERRE), January 17, 2022).

 

[8] Many thanks to Dr. Daniel Holznagel, Dr. Matthias C. Kettemann and Marie-Therese Sekwenz for comments on previous drafts of the text, especially concerning these points on the NetzDG.

 

[9] Katrin Gessinger, “Weitere Vorgaben im Kampf gegen den digitalen Hass: Zur Novellierung des NetzDG im Jahr 2021,” Kriminalpolitische Zeitschrift, no. 6 (2021): 364–71.

 

[10] Martin Eifert et al., “Evaluation des NetzDG im Auftrag des BMJV” (Berlin: Humboldt-Universität zu Berlin, 2020), 143–44, 153.

 

[11] Tomas Rudl, “Blackbox: Wie Facebook das NetzDG aushöhlt,” netzpolitik.org, February 26, 2021; Torben Klausa, “Hass im Netz: Facebook zahlte fünf Millionen Euro Strafe”, FinanzNachrichten.de, September 3, 2021.

 

[12] See, for example, Medienanstalt Hamburg / Schleswig-Holstein, “Kooperation Google mit Bundesministerium für Gesundheit: MA HSH leitet medienrechtliches Verfahren ein,” December 17, 2020.

 

[13] Die Medienanstalten, “In den Blick genommen: Journalistische Sorgfaltspflichten im Netz," February 12, 2021.

 

[14] Many thanks to Christina Dinar for hints on this; see also Christina Dinar and Lena Hinrichs, “Superwahljahr 2021: Mapping von kleinen, mittleren und Nischenplattformen online,” Hans-Bredow-Institut, August 4, 2021.

 

[15] Cf. evelyn douek, “Content Moderation as Administration,” Harvard Law Review 136 (January 10, 2022): 82; for further discussion of the specifics of platform oversight and content moderation, see, for example, Jennifer Cobbe and Jatinder Singh, “Regulating Recommending: Motivations, Considerations, and Principles,” European Journal of Law and Technology 10, no. 3 (2019); Amélie Heldt and Stephan Dreyer, “Competent Third Parties and Content Moderation on Platforms: Potentials of Independent Decision-Making Bodies From A Governance Structure Perspective,” Journal of Information Policy 11 (2021): 266–300; Sarah T. Roberts, Behind the Screen: Content Moderation in the Shadows of Social Media (Yale University Press, 2019), ; Robyn Caplan, “Content or Context Moderation?” (New York, NY: Data & Society, November 14, 2018); Christina Dinar, “The State of Content Moderation for the LGBTIQA+ Community and the Role of the EU Digital Services Act” (Brussels: Heinrich-Böll-Stiftung, June 2021); Natali Helberger, Katharina Kleinen-von Königslöw, and Rob van der Noll, “Regulating the New Information Intermediaries as Gatekeepers of Information Diversity,” Info 17, no. 6 (January 1, 2015): 50–71; for the need for specialized oversight structures for platforms, see the debate in the US, for example, Tom Wheeler, Phil Verveer, and Gene Kimmelman, “New Digital Realities, New Oversight Solutions in the U.S.: The Case for a Digital Platform Agency And a New Approach to Regulatory Oversight,” (Cambridge, MA: Harvard University, August 2020); Paul M. Barrett and Lily Warnke, “Enhancing the FTC’s Consumer Protection Authority to Regulate Social Media Companies” (New York, NY: NYU Stern Center for Business and Human Rights, February 2022); Harold Feld, “The Case for the Digital Platform Act: Market Structure and Regulation of Digital Platforms” (Washington, DC: Public Knowledge, May 2019); partly based on these discussions, there are also legislative proposals for a platform oversight agency, see Justin Hendrix, “Digital Platform Commission Act Introduced in U.S. Senate,” Tech Policy Press, May 14, 2022; Justin Hendrix, “Reps. Trahan, Schiff & Casten Introduce Digital Services Oversight and Safety Act,” Tech Policy Press, February 23, 2022.

 

[16] Die Medienanstalten, “Schnell und effizient gegen rechtswidrige Inhalte im Netz,” January 15, 2019.

 

 

[18] Bundeskartellamt, “Bundeskartellamt legt Zwischenbericht zur Sektoruntersuchung Messenger- und Video-Dienste vor,” November 4, 2021; see also Bundeskartellamt, “Bundeskartellamt und BSI: Partner im Dienst der Verbraucherinnen und Verbraucher,” Bundeskartellamt, January 22, 2021.

 

 

 

[21] Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, “Update BfDI 2.0 - Ausblick 2016,” December 29, 2015; Nikola Schmidt, “Ohne öffentliche Ausschreibung keine unabhängige Datenschutzbehörde,” Verfassungsblog, December 9, 2014.

 

 

[23] dpa/pdi/LTO-Redaktion, “EuGH: Bundesnetzagentur nicht unabhängig genug,” Legal Tribune Online, September 2, 2021.

 

 

 

[26] Cf. Holznagel, “Kein Staatsfernegebot für das NetzDG”; for a more in-depth discussion, see Wolfgang Schulz, Peggy Valcke, and Kristina Irion, eds., The Independence of the Media and Its Regulatory Agencies. Shedding New Light on Formal and Actual Independence against the National Context (Bristol: Intellect, 2014).

 

 

[28] Cf. Max Bank et al., “The Lobby Network: Big Tech’s Web of Influence in the EU” (Brussels: Corporate Europe Observatory and LobbyControl, August 31, 2021).

 

[29] Johnny Ryan and Alan Toner, ““Europe’s Enforcement Paralysis: ICCL’s 2021 Report on the Enforcement Capacity of Data Protection Authorities” (Dublin: Irish Council for Civil Liberties, September 13, 2021); German Data Protection Authorities, “Evaluation of the GDPR under Article 97: Questions to Data Protection Authorities/European Data Protection Board. Answers from the German Supervisory Authorities” (Brussels: European Data Protection Supervisor, 2020), 15.

 

[30]  § 203 TKG, § 59a GWB, §16 BDSG and MStV, e.g., § 16, § 56, respectively.

 

[31] § 205 TKG, § 59b GWB, §16 BDSG and §56 MStV, respectively.

 

[32] Bundesnetzagentur, “Bußgeld gegen Call-Center wegen unerlaubter Telefonwerbung,” February 17, 2021.

 

[33] Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, “BfDI verhängt Geldbußen gegen Telekommunikationsdienstleister,” December 9, 2019.

 

[34] Axel Kannenberg, “Datenschutzverstoß bei 1&1: Gericht senkt Millionenstrafe deutlich ab,” heise online, November 11, 2020.

 

[35] Joachim Huber, “Zwangsgeld von 50.000 Euro: RT.DE ignoriert weiter Sendeverbot,” Tagesspiegel, March 29, 2022.

 

[36] LTO, “OLG setzt BKartA-Anordnung gegenüber Facebook aus,” Legal Tribune Online, August 26, 2019.

 

[37] Cf. Alexandre de Streel and Michèle Ledger, “New Ways of Oversight for the Digital Economy” (Brussels: CERRE, February 2021); Tom Wheeler, “A Focused Federal Agency Is Necessary to Oversee Big Tech,” Brookings, February 10, 2021; Feld, “The Case for the Digital Platform Act.

 

[38] Cf. the idea of “modularity” in transatlantic platform regulation, see Susan Ness and Chris Riley, “A Safe, Open Internet with Transatlantic Rules Is Easier than It Sounds,” The Hill, May 6, 2022.

 

[39] Cf. Stefan Heumann, “Scheinlösung Digitalministerium: Welche tiefgreifende Reformen von Regierung und Verwaltung für eine erfolgreiche Digitalpolitik nötig sind” (Berlin: Stiftung Neue Verantwortung, March 17, 2021); many thanks to Alexandre de Streel for hints on the oversight structures, see also Monti and de Streel, “Improving EU Institutional Design to Better Supervise Digital Platforms.”

 

[40] Digital Regulation Platform, “Regulator Structure and Mandate,” September 1, 2020.

 

 

[43] Dreyer, Oermann, and Schulz, 41–43.

 

[44] The coalition has issued the guiding principle that new federal authorities should be located “in the eastern German states and structurally weak regions”, see SPD, Bündnis 90/Die Grünen, and FDP, “Mehr Fortschritt wagen: Bündnis für Freiheit, Gerechtigkeit und Nachhaltigkeit” November 24, 2021, 130.

 

[45] Stiftung Datenschutz, “Die Zukunft der Datenschutzaufsicht,” Stiftung Datenschutz, September 17, 2020; Christiane Schulzki-Haddouti, “Wirtschaftsminister: Landesdatenschützer sollen Kontrolle über Firmen verlieren,” Golem, June 3, 2020; Datenethikkommission, “Gutachten der Datenethikkommission. Kurzfassung” (Berlin: Datenethikkommission, 2019), 11; Kommission Wettbewerbsrecht 4.0, “Ein neuer Wettbewerbsrahmen für die Digitalwirtschaft” (Berlin: Bundesministerium für Wirtschaft und Energie, September 9, 2019), 84–85.

 

 

[47] Bundesministerium für Wirtschaft und Energie, “Weißbuch Digitale Plattformen des BMWi - Kurzfassung,” (Berlin: Bundesministerium für Wirtschaft und Energie, March 20, 2017).

 

[48] Thomas Fetzer, “Bausteine für einen sektorenübergreifenden institutionellen Ordnungsrahmen für die Digitale Wirtschaft (Discussion Paper No. 18-026)” (Mannheim: Leibniz-Zentrum für Europäische Wirtschaftsforschung, December 2017), 39–48.

 

[49] Christoph Busch, “Regulierung digitaler Plattformen als Infrastrukturen der Daseinsvorsorge” (Bonn: Friedrich-Ebert-Stiftung, March 2021).

 

 

 

[52] Stephan Dreyer, “Jugendschutzgesetz: Neu, aber auch besser?,” Tagesspiegel Background Digitalisierung & KI, April 7, 2021; Lutz Hachmeister, Justine Kenzler, and Fabian Granzeuner, “Das kalkulierte Vakuum der deutschen Medienpolitik,” Medienkorrespondenz, January 7, 2019; Stephan Dreyer and Wolfgang Schulz, “Schriftliche Stellungnahme zum zweiten Diskussionsentwurf eines Medienstaatsvertrags der Länder vom Juli 2019” (Hamburg: Hans-Bredow-Institut, August 2019).

 

[53] Lutz Hachmeister, Kai Burkhardt, and Claudia K. Huber, “Das Ende der Rundfunkpolitik,” Aus Politik und Zeitgeschichte, no. 9–10 (February 17, 2009); see also Hachmeister, Kenzler, and Granzeuner, “Das kalkulierte Vakuum der deutschen Medienpolitik”; for a response, see Kai Burkhardt, “Aus der Mottenkiste,” Medienkorrespondenz, December 19, 2014; for further criticism and suggestions, see Otfried Jarren, “Kommunikationsrat Für Facebook, Google & Co?,” Schrader Stiftung, May 4, 2018; Christoph Bieber, Leonhard Dobusch, and Jörg Müller-Lietzkow, “Die Internetintendanz,” Medienkorrespondenz, April 28, 2019.

 

[54] Hamburgischer Senator für Kultur und Medien, “Neuer Medienstaatsvertrag 2020 ersetzt Rundfunkstaatsvertrag,” hamburg.de, November 6, 2020; Carsten Brosda and Wolfgang Schulz, “Aufruf an die Bundesländer: Wir brauchen eine neue Medienpolitik,” Frankfurter Allgemeine Zeitung, June 10, 2020; nonetheless, Brosda is critical of the DSA oversight structure, see Carsten Brosda, “Rede beim Mediendialog 2022,” hamburg.de, May 3, 2022; Jürgen Brautmeier, “Mehr Mut: Moderne Medienregulierung ist möglich,” Medienkorrespondenz, February 20, 2015; Anja Zimmer, “Wie Medienvielfalt zukunftsfest machen? 20 Bausteine für eine konvergente Medienregulierung” (Bonn: Friedrich-Ebert-Stiftung, March 2022).

 

[55] Hans Hege, “Zukunft der Medienpolitik: Warum keine Medienagentur?,” Frankfurter Allgemeine Zeitung, June 23, 2020; for earlier criticism, see also Stefan Niggemeier, “Was ist noch zeitgemäß?,” Frankfurter Allgemeine Sonntagszeitung, May 3, 2015.