The European Union has approved landmark legislation, known as the Digital Service Act (DSA), that seeks to transform social media into a safer space, tame disinformation and illegal content, increase transparency and create monitoring and enforceability mechanisms. It is not only an important milestone for the European Union; it will likely serve as a global benchmark on how to regulate social media content. The DSA is not alone, and lives alongside other EU legislation - some approved, some being discussed - on political ads, digital markets and Artificial Intelligence. The question remains, though: Is this enough to protect democracy from digital threats? The short answer is simple: no.
The target of the Digital Service Act is big social media companies. It makes them liable for the content they host insofar they know it is illegal and imposes requirements on how to control content. However, social media companies are not the only actors trying to manipulate public opinion online, and it could be argued that they are not even the most important ones.
A key next step in the legislative battle is a law that confronts the origins of the threats to democracy: political parties and PR companies, and to the enabler: money.
Political parties and other interest groups can mount successful online operations because they can pay for them without breaking any laws. Also, the public remains largely in the dark about those expenditures.
A possible solution could be to update political finance regulation to tackle the issue. For example, all political actors should have to disclose detailed expenditures for online activities. Yet, legislation to control the flow of money wouldn’t be sufficient. EU and Member States alike should seek to promote actions that deter engagement in disinformation activities. These can range from electoral codes of conduct, such as the Dutch rules that require a rejection of foreign money for election ads, to broad agreements that open their data.
As key actors in democracy, political parties should be open to impartial digital audits that allow oversight institutions to find instances of wrong-doing in their behaviour online. Opening up their servers to oversight agencies could also be established as a precondition to access public funding. To carry out these audits, we also need increased capacity of oversight agencies.
Political campaigns are increasingly complex, and every political party relies on private marketing and public affairs companies to run their campaigns. This isn’t the problem. The issue is that these companies are a black box.
While a political party might not be allowed to engage a troll farm, private PR companies are not subject to the same level of controls; they should be placed under strict scrutiny. All such companies should be included in a publicly accessible registry that shows all contracts with political parties and interest groups. The EU or member states can also create a pre-approval authorisation mechanism to work on political campaigns for private companies, under the condition they open their servers to digital audits and provide data to regulators.
The day after the DSA has arrived, democracy is far from being shielded from digital threats. What the DSA’s long negotiation process has shown is that online regulation is possible and effective, even if imperfect. That same spirit should be carried forward to protect democracy online.