My apologies, but I’m extremely jetlagged and will not attribute well or capture a lot of nuance.
Chair: João Pedro Quintais
Impulse Statement: Niva Elkin Koren: Déjà vu from 1990s:
radical technology change, but the world is different and tech moves in a
different direction. Polarization/globalization as a response to isolation of
Russia and China. Investment in R&D is not in distributive, generative
things that are open to the public but in seeking private domination. Conflicts
b/t types of regulation where lots of changes are happening at the same time. Copyright
as an example: requiring disclosure of datasets used for training by the
initiators of the model doesn’t solve any of the actual problems of how users
are using the model by adding new inputs to train it further. Learning from
other things regulated in digital ecosystem: Database Directive, GDPR. GDPR has
become a gold standard but how much do we know about whether it’s enforced or
whether it makes any difference in people’s actual level of privacy? It
definitely created a regulatory burden that affected competition, but what became
of the big promises? US pushes to provide alternative standards—crossborder privacy
regulation as an alternative.
Impulse Statement: Matthias Leistner: You didn’t know
generative AI existed and so your regulations don’t cover it. ECJ is getting
first action on application
of DSA to Zalando’s classification as VLSOP. I’ve never heard of Zalando
but it is an online fashion platform; systemic risks, even if they could be
identified, are very different for Amazon/retail than for Facebook. Litigation
indicates: it isn’t more efficient than standard competition or sector-specific
regulation; it just reflects that there wasn’t enough information about what
they were regulating.
Sector-specific approach raises fundamental interface issues—DSA
sits uncomfortably with GDPR and proposed AI Act. Aggravated if, beyond public
law regulation which allows smoothing of inner inconsistencies by nonenforcement,
this becomes basis for private law liability. Martin Husovec would say it’s
definitely not, but under © liability cases, the CJEU would ask whether a
diligent operator has followed all necessary precautions and duties—will be tempting
to say that failure to comply w/DSA=© liability. And outside the large
platforms we’d really have a problem.
Comment: political pressure to regulate leads to focus on
what’s feasible. In an ideal picture, what are the fundamental first principles
that are distinct from current platform issues? Internet is multilayer, with
infrastructure/nontraditional hosting actors. Can we agree on human involvement
in automation processes? Redress mechanisms? Piecemeal approach leads to
overlaps and national regime conflicts. Where to focus to fix?
Martin Senftleben: The more complex the system gets, the
lighter and less detailed the framework should be—open-ended notice and
takedown would be better than DSA. But the DSA offers some room b/c they’ve
overdone it so much. There’s so much complexity and inconsistency that we could
use that to say there’s no clear answer, so to harmonize the legislation, there
is space for us as academics to make sense of it and keep it up to date. DSA is
based on three categories of hosting; search engines entered at the last
moment, and the DSA underperforms as to entities that do hosting, content
generation, and search. This type of content provision is growing enormously,
as w/Microsoft’s use of AI. Already outdated.
RT: Jennifer Pahlka’s Recoding America (highly recommended!)
documents regulatory failure from a waterfall approach where detail keeps
getting added at each stage. Suggestions become requirements and you end up
with procedures that require outdated or counterproductive elements because
they’re in the regs. Federal/state/local overlaps also affect this. What if
anything is different in Europe?
Daphne Keller: There’s a real difference b/t a culture that
has real trust in regulators to do things with vague language and one that
doesn’t. Europeans don’t think the regulators will be unreasonable. [Tort-based
culture can’t be the full explanation because Pahlka documents these problems
in places like military contracting where there’s no tort potential.] Data access
is an example of openness where researchers are hoping that the process will
look very different from what appears to be described in the legislation. #1
ask of civil society: keep us involved in the process; no particular ask other
than role in interpretation. Chinese legal culture: The action isn’t in
legislation; the action is in administration afterwards. The DSA is more like
that. [Is China a culture with real trust in regulators?]
Quintais: DSA gives regulators more power than GDPR did.
Joris van Hoboken: Intermediary liability part of DSA is
well-known and there’s a lot of consistency with prior practice—DSA adds a few
elements. Separation between liability provisions and all the other stuff. Senftleben
could be right about effects on liability of duties, but from a regulatory
perspective there’s a separation.
Eric Goldman: what’s our definition of what would qualify as
success or failure of the DSA? Might be broken down by topic. Who’s going to
hold the powers that be accountable for whether or not this accomplishes the
goals that they claimed it would/we think it should?
Bernt Hugenholtz: complexity reflects European tradition of
civil law in the books, and other reasons, many already pointed out—desire to
deal w/urgent tech developments, etc. But also, this is a regulation—an act—a directly
binding instrument which is very different from what we grew up with
(directives, which are instructions to member states to do certain things in
harmonized fashion). Those could be vaguer/more concise b/c more was left to
member states to implement/fill in gaps/national law could continue in the gaps.
Regulation requires more specificity b/c you’re the regulator for the entire
union. [In the US, we’d talk about preemption here.] DSA might be too early for
AI, but on the other hand regulation is always too early in this field, since
we never know where the field is going.
Matthias Leistner: Don’t generalize too much—some parts of
DSA might be too early; revisions to Ecommerce directive might be too late. The
more open the standards are, the less you need to worry about being too early.
US/EU differences: There are always internal European and Union-Member
States issues. It is remarkably different in different areas at the European level.
GDPR leaves it to member states to specify; DMA/DSA are comprehensive but tend to
further centralize, which might have certain advantages (efficiency) and
disadvantages (flexibility/power concentrated in Brussels). The data act
follows a different approach: seems to provide umbrella regulation w/further
specification possible, e.g. open health regime. EU-Member state issues: need
to ask new questions—is a regulation v a directive conclusive? Major question
is private enforcement. Damages claims of individual users provision in DSA is
the first time parliament has considered this kind of enforcement, but creates
new questions about tort law and its enforcement. Not clear whether member
states could add criminal liability, for example.
Leaving “hot potato” issues to self-regulation as a popular way
to avoid them? But that doesn’t work for everything—it is naïve to think that
Zalando hasn’t been talking to the Commission for months, but the result is litigation.
DSA’s self-audit requirements: can this work? Just delegating it to a further
level.
Christophe Geiger: different EU/US traditions around
regulatory oversight/verification of compliance with key values v private
ordering. DSA is obviously overdoing it, but fundamental approach is very
interesting—compare IP: don’t leave rightsholders & platforms alone, someone
else has to step in. 27 different coordinators/regimes/traditions of
intervention is problematic but the principle of regulatory oversight is at
least interesting.
Eleanora Rosati: It is a success to have gotten to the point
of adopting direct regulation—DSM Directive has resulted in extremely
fragmented transposition and it’s not clear whether they can go as far as they
have, including providing new rights not provided for in DSM. The relation b/t
different provisions of DSM—link tax, data mining, “value gap,” etc—is unclear.
So we have at least skipped that frustration created by directives of this
type, including Ecommerce Directive. Vagueness of the safe harbors in that
directive is no indicator of success. Didn’t create a level playing field.
Senftleben: What would DSA success look like?: a great
question. We used to navigate cities ourselves, didn’t leave it to the machine.
We knew where the different parts of the city were. Now we don’t. We’re lazy.
We don’t do our own content filtering. The DSA puts burdens on citizens to be
active. Transparency information: you can see how things function; the burden
is on the citizen to do something (including creating an NGO or using the
redress mechanisms). Fear: huge failure b/c we are just too lazy to use that.
We’ll just behave like we do with Google Maps and follow what the automated
systems tell us. Success=people are empowered in a real way and track how
information flows/reaches them.
Pam Samuelson: How do I teach people to follow this? It is
too complicated/requires a kind of perspective about regulation as a good that
isn’t part of the current US regulatory culture. One thing US might see in a
Brussels effect: larger platforms adapt so US doesn’t have to do anything
legislatively, whether different or the same. But is that really a good thing? Do
you care about barriers to entry? If you do, then maybe this isn’t the optimal
strategy. [Goldman: that’s one question for the success/failure metrics.] I’d tell
a startup to come to the US and only think of entering the European market
after a certain amount of success.
Elkin-Koren: Common market creation is a measure of success,
and digital platforms are likely to comply. What are the other consequences?
Intended or not? Not intended to lower competition; tries to look at mice and
elephants differently, but may turn out the opposite.
Giancarlo Frosio: Fundamental rights as a missing concept!
That’s the great achievement of the DSA, meant to be interpreted and applied
w/reference to fundamental rights recognized by Charter, to achieve a fair balance
of conflicting fundamental rights.
Sebastian Schwemer: Goal is to regulate recommendation on
the internet generally, focusing on process and not content. Would advise
startups to start in Europe b/c as long as you’re in compliance everything is simple
[I think I misunderstood this]. We focus too much on VLOPs. DSA is overloaded, to be sure, but there’s
important stuff. VLOPs provisions are different—competences aren’t clear where
Commission has so much power not just over process but over content, setting
rules and enforcing them both. 2021: Denmark proposed a social media law doing
DSA+; it was shut down, but now they’re trying to introduce age verification on
all platforms. DSA allows more leeway, again by focusing on process. Problem is
two-tier system with regular platforms and VLOPs, which are understudied.
Justin Hughes: Some topics here are premature, others old
hat (trusted flaggers). Opposite of the precautionary principle: AI Act seems
like precautionary principle issue. Take on the known unknowns at least. 1201
looked like a failure, now it looks like a success. [????] Maybe the self-audits
will fail, and they’ll never be eliminated b/c people are afraid to eliminated
them. Maybe a few national authorities will dominate rather than 27. In the US:
Maybe [big platforms] will take their lobbying energy elsewhere and not oppose
new US regulations, but maybe they’ll continue to oppose them on principle.
Leistner: might compare amount of litigation under different
regulations, directives. DMA: goal is to have more traders on platforms/increase
diversity—could just check whether this happens five years from now. That would
be clear-cut. Much more difficult w/r/t DSA b/c we don’t know what the DSA
actually wants; there are a number of theories (nerd harder?). Could look at
share of platform resources devoted to content moderation over time, strength of
European democracy, whether there is European brain drain/smart Indian
innovators come to California or to Munich, or other things. What kind of data
would we need to have some plausible natural experiment?
Giancarlo Frosio: Again, protection of fundamental rights is
a key measure—tools to force platforms to set up algorithms so they don’t limit
fundamental rights. [This is why I don’t get why Wikipedia and the Internet
Archive are even covered, since they don’t have the algorithmic problems at
which the DSA is supposedly aimed.]
Keller: one key issue is that VLOPs have the ability to
shape the rules for those who come up after them—codes of conduct negotiated by
older companies that work for them but may not work for new entrants. This
comes up with questions of what risk mitigation looks like.
Geiger: fundamental rights is a main pillar of DSA. But here
I think we need to push for academic community’s permission to do homework/coordinate
efforts to ensure this is actually happening. Most regulatory authorities are
political appointments w/no specialization in IP or fundamental rights. Some
will be strongly captured by IP claimants.
Posts
No comments:
Post a Comment