Online platforms remain tricky terrain. How should we treat this quasi-public space, where anyone who has the necessary reach can speak to and mobilise thousands in the blink of an eye? To achieve something comparable in the analogue era, you needed a broadcast licence, and these licences were subject to certain rules for a reason. Now, anyone can be a sender and a receiver, and this raises new challenges.
The complexities and implications are comparable to not having any road traffic regulations in the present day and concluding that such regulations ought to be introduced. At the very least since the 2022 suicide of Lisa-Maria Kellermayr, the physician who was hounded by online hate speech, it has become clear: In Austria, too, the public sphere on the net needs regulating. The tool for this is currently the Austrian Communications Platforms Act (KoPl-G).
The Communications Platforms Act and the Digital Services Act
The Communications Platforms Act (KoPl-G) mandates reporting functionalities that are easy to find for users. Flagged posts must be removed within 24 hours, in difficult cases within seven days. Evidence must be kept for up to ten weeks. The procedure is subject to supervision by KommAustria, a regulator and watchdog, and the part of RTR (the broadcasting and telecommunications authority) that reports to it.
But scope of the Austrian act differs from that of the European Digital Services Act (DSA). The KoPl-G applies to communications platforms with more than 100,000 users and/or a turnover in Austria above €500,000. Not included are providers of video sharing platforms, online marketplaces, non-profit online encyclopaedias, educational and learning platforms and media companies offering journalistic content.
The European version of platform regulation is the DSA, which affected companies will have to comply with from 1st January 2024. The European Union has recognised the need for regulation and with the DSA it has created a legal framework for the entire EU. This means: Like the GDPR, it is applicable in all Member States directly, without the need for national legislation.
By and large, the EU’s DSA and the Austrian KoPl-G differ only in details that should be irrelevant for many users. The same is not true for companies, because the provisions of the KoPl-G affect small companies much more strongly. This may appear user friendly, because it seems to provide more options. But this is a misconception, because as a consequence, many companies may not be established in the first place or – think Telegram – may simply base their operations in questionable countries and take very long to respond, even though the law would require these companies, too, to clamp down on hate speech. The threat of a ban as measure of last resort is of course still an option, but which European country wants to use the methods of autocracies? Ultimately therefore, a seemingly minor detail does have consequences for the user base. As do many other lesser differences, for instance deadlines or the authorities responsible for enforcement.
This illustration provides an overview of the most important differences between the KoPl-G and the DSA:
A word on enforcement
Provisions on competence are an important part of the KoPl-G. At present, the law stipulates that KommAustria and the part of the broadcasting and telecommunications authority RTR that reports to it are the competent authority. When it receives a valid complaint, the supervisory authority initiates supervisory proceedings and demands an end to the breach. Relatively stiff fines can be collected from foreign-domiciled service providers.
The DSA on the other hand lets the Member States themselves determine which authorities shall be competent in their country. These authorities require a considerable amount of expertise, because the DSA also includes data protection, telecommunications matters, monitoring of terms and conditions and consumer protection. The Austrian Telecom Control Commission (TKK) currently has considerable expertise in these areas. It is to be hoped that Austrian legislators do not break up existing know-how of telecommunications, data protection and consumer regulations by reassigning responsibilities. The DSA furthermore requires the designation of authorities as national Digital Service Officers. Similar to data protection authorities, their duty is cooperation on the national and European levels and achieving coherence.
What is next? Does the DSA make the KoPl-G obsolete?
There are instances where the KoPl-G and the DSA contradict each other but the DSA provides some leeway. This room for discretion could be used to amend the existing KoPl-G. The DSA is however much more specific in terms of reporting mandates and platform sizes, so the KoPl-G must also be modified in these parts, as well as with respect to competent authorities and the sanctions regime. The DSA is perhaps the better solution for hate speech and misinformation (the German-language umbrella term is Hass im Netz, i.e. “hate on the net”), because it better addresses the structures of large corporations. The KoPl-G is much narrower and specifies 18 criminal offences. The KoPl-G does not automatically become void when the DSA comes into force, but it must be modified in some places. So why not abolish it altogether and focus on implementing the EU legislation well?
Naturally, as with road traffic regulations, you cannot anticipate all future eventualities. But the DSA is an overdue step forward and sets a cornerstone with clear and robust regulations for a safer and hopefully much less toxic digital space in the EU. Especially where the regulation of large, influential platforms is concerned, the DSA does better than the KoPl-G. Now Austria must carefully design its implementation of the DSA, not least with respect to the competent institutions.
If you are suitably curious about this issue now, our legal expert Maria has written a very detailed paper available in English and German that provides a well-researched assessment of the KoPl-G and DSA.