EU online-safety guide ‘major step forward’
Lawyers at William Fry say that recent guidelines from the European Commission represent “a major step forward” in the EU’s efforts to protect children online.
The firm’s lawyers add that the guidelines also offer “valuable insight” into how one of the most significant provisions of the Digital Services Act (DSA) will be applied in practice.
The commission document covers article 28 of the DSA, which deals with child safety and will apply to all online platforms accessible to minors.
Assistance for regulators
William Fry’s analysis notes that the DSA outlines four core obligations for online platform providers to consider regarding the online protection of minors:
- Appropriate and proportionate measures should be implemented where the platform is accessible to minors to protect their privacy, safety, and security,
- Profiling-based advertising should not be used if the provider is aware that the user is a minor,
- Online platform providers are not obliged to process additional personal data to determine a user’s age, and
- Under article 28(4), the commission may issue guidelines to assist online platforms in applying the above obligations.
Although not legally binding, the guidelines are intended to assist Digital Services Coordinators, such as Coimisiún na Meán in Ireland, in interpreting and applying article 28 of the DSA.
The commission describes them as a “significant and meaningful benchmark” for assessing compliance by online platforms accessible to minors.
“As such, providers would be ill-advised to disregard them,” William Fry notes.
Risk reviews
The firm’s lawyers also note that the guidelines also encourage providers to adopt these protective measures more broadly, for the benefit of all users.
“Therefore, even platforms not specifically targeting minors should consider the guidelines in light of this broader recommendation,” William Fry states.
Among the recommendations in the guidelines, the commission encourages providers to carry out a comprehensive risk review “at least annually” addressing key areas that include the likelihood of minors accessing the service, the actual or potential impact on their privacy, safety, and security, and the effectiveness of any existing safeguards.
The guidelines also urge providers to assess the necessity and proportionality of any methods aimed at verifying the age of a user.
The document also covers account settings, recommender systems, search features, and content moderation.
‘Regulatory expectations to grow’
William Fry says that the guidelines go beyond the DSA’s core obligations, “introducing detailed recommendations that will likely vary in implementation, depending on a platform’s use of AI, recommender systems, and commercial practices”.
The firm’s lawyers add that the commission is expected to review the guidelines within 12 months, adding that regulatory expectations will grow as the digital landscape evolves.
They note that Ireland’s Online Safety Code came into effect on 21 July, after a nine-month grace period.
“Video-sharing platforms are now required to implement robust age-verification systems, making the release of these guidelines particularly timely,” the lawyers state.
“Providers must begin engaging with them now to stay ahead of emerging compliance obligations,” William Fry concludes.