Response to the European Commission’s consultation on a draft implementing regulation regarding the information sharing system under the Digital Services Act (DSA)

SNV participated in the European Commission’s consultation on an information sharing system under the Digital Services Act (DSA). This is an important technical part of EU platform oversight, although the corresponding draft implementing regulation remains hard to grasp in some parts, as project director Julian Jaursch comments in the feedback contribution. A summary of the feedback can be found below and the full text here. 

The implementing regulation on the functioning of an information sharing system under the Digital Services Act (DSA) is an important pillar of platform oversight in the EU. Another complementary implementing regulation on the interoperability of the information sharing system should follow, as the DSA calls for. Without an infrastructure to share information and ensure timely communication between regulators, enforcing new rules for online platforms will not work. As the DSA stipulates in Article 85, this information sharing system mostly concerns the Commission itself and the member states’ Digital Services Coordinators (DSCs), but also touches upon other national regulators. 

The draft implementing regulation reflects this constellation of organizations reasonably well by spelling out the respective roles of the Commission, DSCs and other regulators in an information sharing system. However, the draft almost exclusively focuses on roles regarding data protection matters between the given regulators. This is of high importance and compliance with the General Data Protection Regulation (GDPR) requires thorough attention. Yet, in addition to this necessary emphasis, a clearer explanation of the information sharing system and a more substantive list of tasks or use cases could be included, for instance, regarding joint investigations or data sharing with external partners. It remains unclear what exactly the information sharing system is supposed to be and do. For instance, only a recital states that it is a “software application accessible via the Internet”. Overall, the draft leaves it somewhat open what the information sharing system looks like and whether it should be used for some or all DSA oversight communication. 

Understandably, this might be done purposefully to not create a framework that is too narrow. Yet, some more clarity about the use and design of the information sharing system could be helpful. This would underline that the information sharing system is supposed to be a useful tool for regulators’ day-to-day work and not merely a legal and technical exercise, which might slow its uptake and use. The attached consultation submission focuses on such additional topics, leaving comments on the legal aspects of data protection to experts in that field. 

While there could be a downside to being too specific about use cases, this risk could be minimized by detailing some cases in a list that is explicitly described as non-exhaustive and that does not just recite individual DSA articles. Such a list of tasks might seem obvious but would give regulators a clearer picture of what is expected of them beyond GDPR details and what benefits the information sharing system brings them and – in extension – consumers. In particular, national regulators, which contrary to the Commission have not had some months of initial DSA enforcement practice already, could profit from this. Moreover, this might allow a better consideration of if/how the Commission, the DSCs and specifically the European Board for Digital Services can share information with non-regulatory actors. 

The final text should also make clearer by what date the information sharing system should be functional, because it so far remains open as to whether all functions are available right away. Provisions around data security could be strengthened. Useful ideas that should be kept in the final implementing regulation are the multi-language approach, regular evaluation and the coverage of costs via the DSA supervisory fee. 

We thank the European Commission for the opportunity to provide feedback on the draft implementing regulation and look forward to further engaging with the Commission and other stakeholders.