Małobęcka-Szwast - legal aspects of new technologies

The Digital Markets Act or DMA (Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector), which entered into force on 1 November 2022, creates many new obligations for businesses operating in the digital sector, particularly so-called “gatekeepers.”

The DMA will impact the functioning of the entire digital ecosystem—not only gatekeepers, but also other participants in digital markets, including business users and end users of core platform services, competing providers of core platform services, and providers of other digital services.

This is because the obligations and prohibitions imposed on gatekeepers will either directly or indirectly vest other groups with rights they can pursue before national courts.

“Dark patterns” used by online platform providers have been controversial for some time, but recently there has been a growing buzz about them, in particular due to actions undertaken by EU and national data protection and consumer protection authorities. (For an overview of cases and decisions by EU and national authorities, see the European Commission’s “Behavioural study on unfair commercial practices in the digital environment: Dark patterns and manipulative personalisation, Final Report,” pp. 61–70.) Primarily, these measures are intended to combat deceptive practices in the digital environment, but also to educate consumers and draw their attention to the most common types of practices.

The harmfulness and prevalence of dark patterns has also been noticed by EU lawmakers, who expressly banned such practices by online platform providers in Art. 25(1) of the Digital Services Act (Regulation (EU) 2022/2065 on a Single Market for Digital Services—DSA). The DSA entered into force on 16 November 2022, but most of the obligations in the regulation will apply from 17 February 2024. Therefore, the application of dark patterns may violate not only data protection laws (especially the General Data Protection Regulation) and consumer protection laws, but also (from February 2024) the Digital Services Act.

Last year regulators in the EU devoted a lot of attention to cookie files and other tracking technologies used on websites. This interest was generated among other sources by numerous complaints filed by NOYB—European Center for Digital Rights in the last year with data protection authorities, and has resulted in guidance and several decisions issued by regulators in recent months (e.g. in Austria, Belgium and France). Because they may shape the future approach of regulators to the use of cookies, it is worth discussing some of the main conclusions flowing from these decisions.

The world pins high hopes on the development of artificial intelligence systems. AI is expected to generate huge economic and social benefits across various aspects of life and sectors of the economy, including the environment, agriculture, healthcare, finances, taxes, mobility, and public administration.

The progressing development of AI systems is forcing the creation of appropriate legal frameworks, which on one hand should facilitate further growth of AI technologies but on the other hand should ensure adequate protection of persons using such systems and raise societal confidence in the operation of AI systems.

On 30 November 2021, the Council of the European Union and the European Parliament reached a provisional agreement on the final wording of a draft Data Governance Act (DGA) (COM/2020/767 final).

The aim of the proposal is to promote the availability of data and to build a trustworthy environment facilitating the use of data (both person and non-personal) for research and creation of innovative new products and services. It is also intended to create a legal framework for easier sharing of data and mechanisms facilitating re-use of certain data held by the public sector, including data involving health, agriculture and the environment.