European Commission finds X in breach of the DSA

In another reminder that the Commission is actively enforcing the Digital Services Act (“DSA”), X (formerly Twitter) has been sent the Commission’s preliminary findings that it has breached the DSA. On 12 July 2024 the European Commission announced that it has informed X of its preliminary view that X is in breach of the DSA in areas linked to dark patterns (i.e. a user interface that deceives or tricks users due to how it is designed), advertising transparency and providing data access for researchers. This initial finding follows the Commission’s investigation dating back to December 2023 (see our previous blog). That investigation is still ongoing in relation to whether X has also breached the DSA in areas related to the dissemination of illegal content and information manipulation. 

Breaches of the DSA

The Commission has highlighted three main areas of concern in its preliminary findings:

1. Blue checkmarks “deceive users”:
   The first area relates to how X designs and operates its interface for verified accounts with the blue checkmark, which, according to the Commission, “does not correspond to industry practice and deceives users”. Blue ticks are commonly used on social media platforms to confirm that the identify of a user has been verified by the platform, and they are generally reserved for public figures and for companies or brand accounts. One of the changes Elon Musk made to X after buying the company was to make these blue checks available only to those who paid for them. This led to widely reported confusion, as fake accounts appeared purporting to be the legitimate and seemingly verified accounts of well-known individuals and companies. The Commission is concerned that the current system for distributing blue ticks on X “negatively affects users' ability to make free and informed decisions about the authenticity of the accounts and the content they interact with” and has seen “evidence of motivated malicious actors abusing the “verified account” to deceive users.”
   This serves as an important reminder to platforms to consider their DSA obligations when making updates or introducing new features on their platforms. It is a lesson that TikTok has also learned recently, when the Commission announced it would suspend the platform’s new “TikTok Lite” rewards programme due to suspected breaches of the DSA. TikTok responded by first voluntarily suspending the programme in the EU, and has now committed to its permanent withdrawal. As a result, the Commission has closed its investigation into the programme. 
    
2. Breaches of advertising transparency:
   The Commission’s preliminary view is that X also does not comply with the transparency on advertising required by the DSA as it “does not provide a searchable and reliable advertisement repository, but instead put in place design features and access barriers that make the repository unfit for its transparency purpose towards users.” 
    
3. Data access obligations: 
   The third area in which the Commission has found that X falls short is in failing to provide access to its public data to researchers in the way required by the DSA. In particular, the Commission has concluded that “X prohibits eligible researchers from independently accessing its public data, such as by scraping, as stated in its terms of service. In addition, X's process to grant eligible researchers access to its application programming interface (API) appears to dissuade researchers from carrying out their research projects or leave them with no choice other than to pay disproportionally high fees.”

Musk accuses Commission of offering a “secret deal” 

This does not, however, appear to be the end of the matter. X now has the possibility to exercise its rights of defence and Musk has suggested, in a post on X, that he is willing to go to court to fight the preliminary findings. He has also accused the Commission of offering X and other platforms a “secret deal” to avoid a fine. Thierry Breton, European Commissioner for Internal Market, has refuted this in a response to Musk (also posted on X) pointing out that the DSA (Article 71) provides any Very Large Online Platforms (or “VLOPs”) with the possibility to offer to make commitments to ensure its compliance with the DSA in order to try to settle a case and avoid a fine. In fact, the commitment made by TikTok to withdraw the “TikTok Lite” programme from the EU, mentioned above, is the first example of a platform making such a commitment to the Commission.

Other ongoing investigations into suspected breaches of the DSA

To date the Commission has issued over 50 requests for information to in-scope VLOPs and VLOSEs and opened 8 investigations into suspected breaches of the DSA. Aside from AliExpress, the only online marketplace to have proceedings opened against it so far, the services subject to investigation are social media platforms, including TikTok, Facebook and Instagram. The scope of the investigations is wide ranging, with each VLOP being investigated for multiple suspected breaches of DSA obligations. The most common suspected breaches being investigated relate to the obligation to provide researchers with access to public data and the obligation to assess systemic risks stemming from the service. 

The Commission has not yet announced its preliminary findings from any of its other ongoing investigations. Once available, these will shed further light on the Commission’s priorities and the standards it expects from VLOPs. For now, the actions taken by the Commission to date should remind all in-scope service providers of the importance of complying with their DSA obligations, and of being prepared to demonstrate such compliance.

For more information on the DSA generally, see our previous blogs here and here.