27th Annual BTLJ-BCLT Symposium: From the DMCA to the DSA: Panel 4: Industry Perspectives

Moderator: Daphne Keller, Stanford Cyber Policy Center   

DSA represents a shift to operational mandates compared to
DMCA, Art. 17—thoughts?

Sabrina Perelman, Pinterest: Important to remember what DSA
is and isn’t. We’ve preserved the safe harbor, prohibition against general
monitoring. Good Samaritan provision still exists. What drastically changed is
what we have to do around content and what we have to be transparent about—operational
and technical concerns. You can understand the reasons for transparency and
user efficiency, but putting it into practice is another matter. How do you
navigate sending 100s of millions of statements about actions per week? How do
you avoid giving away the store to bad actors/give away competitively sensitive
information about user safety when giving your explanations? Could be good for
consistency: there may be some things we’ll have to do for DSA that we’ll
choose to do more broadly. But there are EU inconsistencies: Prevailing
interpretations of local laws may stick around—not clear that Germany will
repeal NetzDG/change interpretation of law.

Canek Acosta, Microsoft: DMCA goes further in some ways/losing
conditional immunity, DMA goes further in others/transparency, Art. 17 goes
further in staydown. Scale is important: the content moderation team’s job is
mostly to keep stuff up, which represents the balance of fundamental
rights/free expression—but if you get 4 million requests in 6 months that’s
very challenging.

Chris Riley, Data Transfer Initiative: It could have been very
different—we weren’t far away from a world where the EU passed a law saying “don’t
let illegal content up or you’ll be liable”—magic filter demand was with us for
a while. We’re better off than that! We’re not out of the woods on magic filter
demands, so have some perspective.

Remy Chavannes, Brinkhof: theory of harmonization is great;
platforms will have to stick their necks out and challenge bad laws because nations
will resist getting rid of old laws or their courts will insist that EU
directives are just the preexisting law of the member state.

Keller: does DMCA have lessons?

Holly Hogan, Automattic: it’s very different in being about liability
instead of accountability. But checks and balances between complainants and
users is a core value of DSA as well. Experience of DMCA is that it can be
efficient for legit complaints, it’s also something that can be abused by
people w/an interest in silencing speech. We reject 75% of notices we get for
being incomplete or not actionable. Good chunk, 10%, are flatly abusive—addressing
uncopyrightable subject matter, attacking clear fair use/permissible
exceptions, or just fraudulent—a scam run by an international charitable org trying
to remove
anything critiquing it. Users are scared by notices and so we
have to create a system that protects them as best we can.

Rob Arcamona, Meta: We can’t expect any one stakeholder to
do any of this alone. If there are going to be answers to these questions we’ve
talked about, they can only come by understanding the different pressures,
tradeoffs, and intentions that each party has. Discussing how there are
ambiguities and how things operate in practice is the only way forward.

Keller: DSA creates complex ecosystem with multiple roles,
some funded and some less so—that may be a positive development where there are
recognized roles for stakeholders.

Arcamona: you have to understand others’ roles, not just
your own role.

Clemens Molle, Bird & Bird: DSA’s stringency is hard to
evaluate: clients ask for the most stringent approach so we can determine
whether we will follow it, but that’s not so simple/possible.

Keller: what about operating under all 3 regimes, DSA, DMCA,
Art. 17—what are the complexities?

Arcamona: Concerns about stacking/different components of
service may be subject to different regimes. Individual member states that have
legislated particular actions beyond Art. 17 under its guides: in Germany, user
associations can file against overblocking; Sweden has an individual right to
sue; Italy: can issue rules about how appeals can go, including staydown
appeals, in contrast to Germany where content is supposed to stay up as long as
possible. Preflagging in Germany/Austria differs in some respects. Spain=maximalist
for ©. All these differ from Art. 17. Are any of these valid? Did the DSA
overtake the extra bits over the top of Art. 17?

Chavannes: platforms will have to litigate; no opinion is
valid until the CJEU gives an answer in 5-10 years, if you know that a particular
service is under Art. 17—and if you aren’t, you have entirely different regime
under the YT case. The definitions are a mess, overlapping in uncertain ways,
and there’s no way to find out whether if you’re in scope before lawsuit. You have
to make up your mind whether you’re going to challenge national regulators;
platforms have complex incentives and internal stakeholders not keen to

Annemarie Bridy, Google: You have to build for compliance
while you’re deciding—there are workflows that need to be created or rejiggered.
What if a service adds features or grows into scope?

Keller: what are people most/least prepared for?

Perelman: we’re ok on statements of reasons, terms &
conditions disclosure, etc., stuff on our side. Not clear: how many appeals
will we be getting? What is transparency reporting really meant to cover?

Riley: easier ability to prepare for what’s in control of
company—you can build a capacity to issue a transparency report, but things
that are interactive/dependent on further assessments and guidance like audit reports
are very hard to figure out—no shared knowledge base.

Hogan: core concepts like transparency and reasons for
decisions are already part of our company, so that’s the clearest path. Challenge:
figuring out who’s a good faith actor or a bad faith actor—mistakenly posted © content
or running up against mature content—French Vogue is ok but maybe something
else isn’t. The spam exception exists but who else deserves more attention is
not clear.

Chavannes: How to cope with the uncertainty? US lawyers may
find the uncertainty offensive with all the different definitions and lack of
clarity over simple things like which bits of which services fall under which
rules—even something as basic as territorial application: does an American
complainant complaining about Italian user get coverage, and vice versa? Need
to avoid panic and paralysis.

Bridy: questions about ADR and how it doesn’t recognize that
© is different from TOS violation. The real parties in interest in an ordinary
demotion are platform and user—the real parties in interest. For © it’s
different—the real parties in interest are rightholders and users, and the
platform is an intermediary, which the DMCA lets get out of the way so the real
parties in interest can litigate if they want to. Should © disputes go to the
same process with the same parties?

Arcamona: Amount of focus and attention is high, but we’re
least prepared for deharmonization of © regimes across Europe. Digital Single Market
was supposed to harmonize rules. However, if small nuances continue in member
state implementation continue to require big operational differences, you’ll
end up with different types of services and access to content in one part of EU
than in others.

Acosta: Transparency reporting is already happening; we have
to collect additional data and format it right, but that will be fairly
straightforward. Risk assessment is thorny—there’s not a lot of specificity,
even w/examples. How do you measure the risk of freedom of expression v. copyright
takedowns? Now that generative AI is built into our products, is it UGC? Where
does it fall and how does the DSA affect it?

Keller: people are more prepared for the things w/the soonest
deadlines. Researcher access to data can’t come into effect until all the
national coordinators exist, so that has a longer timeline. Non-VLOPs who may
not be paying attention to Europe and aren’t obligated until 2024: don’t know how
many of them are thinking about this.

Arcamona: Rule that became Art. 17 was supposed to be 2018;
we started implementation then and hoped to interact w/member states about
implementation. Compliance starts far earlier than you anticipate b/c of
operational and engineering runup time.

Keller: what to be grateful for?

Perelman: we dodged staydown.

Chavannes: democratic mandate: plaintiffs said this was 20
years old, and judges were sympathetic: should they really be interpreting the
rules this way and preserving safe harbors? That’s really important.

Keller: lawful but awful, which UK wants as a whole new
category—de facto illegal online but liability falls on platform rather than
speaker. Many other parts of the world are in paroxysms about age verification.
But maybe it would have been better to get a Brussels standard.

Chavannes: no bullet is ever fully dodged in Europe—all these
things are coming again: must pay/must carry; bans on advertising; these things
never really die.

Keller: how will audits work?

Riley: not clear. Financial accounting has established
procedures and bodies. Chicken and egg: there’s no agreed upon thing to measure
qualifications against. This is an opportunity and a challenge—reaching out to
different stakeholders and there’s a way to create a knowledge playbook from
social scientists and others to find questions to be asked.

Keller: ADR?

Hogan: Intent is for when a mistake was made—to reach the
light of day/deter bad decisions. But the other clear bad outcome use is trolls
that harass you b/c you won’t host their content any more. Folks who feel most
entitled to do this can be very abusive and leverage that system to their advantage
for a while. But Bridy also points to different types of disputes, not really
about TOS. We see real attempts to remove critical content. In GDPR, we have a
number of complaints to data protection regulators captioned as privacy/right
to be forgotten/sprinkling in © where there’s a headshot, but it’s really a
defamation case. We’re stuck in this gobetween role; users are often scared and
there’s a powerful player on the other side. What do we do in that case? We
have a user-absent case in front of a data regulator where we say “we’re just a
processor, but this is an accusation of corruption against a public official,
so this really isn’t a right to be forgotten case.” There are also disputes over
what should be allowed—© cases around permissible use. Does that end up in ADR—is
that efficient/providing access to justice? But do we build up a body of law
behind closed doors that has a large impact on the internet? Users and
platforms might not know what’s allowed w/o published caselaw.

Chavannes: how much work will platforms put into these
cases? Search engines have litigated some RTBF cases, but sometimes they just
withdraw into the bushes. Do you invest in defending interpretations of
policies? Potentially unlimited number of institutes in member states
incentivized by cost structure to let users win—if that’s the case, what’s the
benefit of defending free expression, when users can just pick a provider that
will let them win?

Keller: can you opt out of targeted ads since you’re supposed
to be able to opt out of recommendations?

Chavannes: it would be very odd for recommender systems rules
to apply to ads; there was a legislative debate over banning targeted
advertising that was resolved against doing so, so it would be antidemocratic
to say otherwise. That being said, it’s not clear enough to absolutely prevent
a nation from saying it’s so. Ask in 10 years. Dealing w/uncertainty: take the
message certainly—a US lawyer is trained to read black letter law, but that’s
the worst way to think about DSA compliance. Work towards improving user
communication/transparency; that buys you the right to have discussions around the
edges around compliance. Clever lawyering is a bad way to deal with it; avoid
fines by trying to comply.

Riley: European process is designed to give power to
regulator to penalize behavior according to sense of direction they’re trying
to establish; this is very hard in the US common law system. Three phrases help
the point: coping with uncertainty; building for compliance; operational

Keller: legal and public policy teams should be talking to
one another. People in Brussels continue to matter as enforcers in a way that
they might not with other directives.

Fred von Lohmann: Implicit story about the competitive arena:
go with the spirit of the thing and don’t be a rules lawyer and try to find the
edge. That’s a fine thing if there are only a few big players. But if you’re in
a highly competitive environment, you can’t wait for an edgy competitor to be
fined out of existence—you’ll be out of business first. What I’ve heard in
these days is worry of trollification of DSA process—white supremacists crowdsourcing
50,000 complaints and 50,000 appeals, each of which requires human review. The
DSA is supposed to deter that with trusted flaggers, but the trolls won’t come
in that way; the other way is that you can temporarily suspend their accounts
after a period of notification. His experience is that they don’t care b/c they
generate 50,000 new accounts the next day. How do people feel about this trollification,
not just about ©? Is there enough in the DSA to protect against it?

Hogan: worries about that. Even under DMCA, we’ve sued abusers
and never got a penny. There’s no real downside to trolling. They just come
back. We’ve experienced at high volumes a pernicious organization on behalf of
rightsholders, flooding our system w/1000s of junk notices taking up ½ of our
queue, blocking legitimate claims. But if they have 10 claims that are good in
there, hard to ignore them. Worry about amplification of trolls, as well as the
80 year old blogger who is targeted for abuse—hard to create downsides for
that. Requires a big T&S team and investment of resources.

Perelman: we’ve been lucky so far and able to review

Chavannes: under the good guy theory, you should want to be in
that situation—don’t do the responses and then litigate to get a narrow
interpretation of the provisions from the CJEU.

Keller: Chavannes is a firm lawyer whose solution is to litigate
early and often.

Chavannes: cheaper than 50,000 responses!

Molle: you can use automated means to do this as long as
there’s human supervision—you could structure procedures in a way to take some
of the blows that way.

Keller: are spammers going to bother to sue?

Q: on cost benefit analysis—it’s one thing to have some
practices in place, but how should a US startup think about this? Should they
block the EU and wait to grow? Or should they try to comply early on?

Arcamona: Posting on blogs as way to influence policymakers:
we read them too! Cloud hosting in Chechnaya, shut down for fear they couldn’t
comply. That’s important.

Keller: comply a little, hope it looks ok, hope you don’t
get any attention?

Hogan: it depends on your userbase and economic value of EU;
if you know about the DSA, which you might not if you’re a 5 person startup. We’ve
seen publishers decide not to continue in EU under GDPR—it could happen.

Chavannes: is the US such a safe space for a fledgling
online platform these days? [I mean … still yes?]

Riley: Yeah, Texas and Florida are worrisome. But it depends
on how worried your lawyers are; are you really going to get noticed by the
regulators if you’re small?

Keller: you don’t just have to worry if you’re in Texas—any of
your users can bring a case.

Acosta: it’s common to pilot a feature in one jurisdiction
for a while to test it. It’s possible that they’ll stay out for a while but it’s
a big market so it will stay attractive.

Q: all of you are VLOPs. To what extent are you considering
core functionality and product changes until the dust settles? I would advise
going in general direction but abstain from significant changes you’re not evidently
required to do.

Hogan: not a VLOP!

Perelman: we are a very small VLOP; have to grapple with
that but with far fewer resources, including $ and tech, than others. That has
required creative lawyering—talk about what we have to do, what we should do.
Some product changes, but maybe there are some requirements that you do find
the bare minimum and see where the dust settles.

Samuelson: 6% of global turnover is big and other countries
will be attracted to it.

Arcamona: for Art. 17, we had to ramp up before it came into
effect. DSA adds some pressure to that. So you have to keep having dialogues
about tradeoffs. When the lawsuits come they will be fast and furious so
advance planning is the key.

Chavannes: the fine changes the tone of the conversation
w/regulators—amazed if it happens in first 5 years. The regulator can afford to
sit back and say “you have to do this” b/c you know that they have that option.

from Blogger http://tushnet.blogspot.com/2023/04/27th-annual-btlj-bclt-symposium-from_64.html

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s