European News

About 20 internet giants now have to comply with new EU internet censorship rules. Under the EU Digital Services Act (DSA) rule-breakers can face big fines of 6% of turnover and potentially suspension of the service.

The EU commission has named the very large online platforms that will form the first tranche of internet companies subjected to the new censorship regime. Those are sites with over 45 million EU users:

Alibaba, AliExpress, Amazon Store, the Apple App Store, Booking.com, Facebook, Google Play, Google Maps, Google Shopping, Instagram, LinkedIn, Pinterest, Snapchat, TikTok, X (formerly Twitter), Wikipedia, YouTube and Zalando. Search engines Google and Bing will also be subject to the rules.

These websites will now have to assess potential risks they may cause, report that assessment and put in place measures to deal with the problem. This includes risks related to:

• illegal content
• rights, such as freedom of expression, media freedom, discrimination, consumer protection and children's rights public security and
• threats to electoral processes
• gender-based violence, public health wrong think, age restrictions, and mental and physical 'wellbeing'.

Targeted advertising based on profiling children is no longer permitted.

They must also share with regulators details of how their algorithms work. This could include those which decide what adverts users see, or which posts appear in their feed. And they are required to have systems for sharing data with independent researchers.

All though the law is targeted at the EU, of the companies have already made changes that will also affect users in the UK.

• Starting July TikTok stopped users in Europe aged 13-17 from being shown personalised advertising based on their online activity.
• Since February Meta apps including Facebook and Instagram have stopped showing users aged 13-17 worldwide advertising based on their activity to the apps.
• In Europe Facebook and Instagram gave users the option to view Stories and Reels only from people they follow, ranked in chronological order.
• In the UK and Europe Snapchat is also restricting personalised ads for users aged 13-17. It is also creating a library of adverts shown in the EU.

Retailers Zalando and Amazon have mounted legal action to contest their designation as a very large online platform. Amazon argues they are not the largest retailer in any of the EU countries where they operate.

Smaller tech services will be brought under the new censorhip regime next year.

Hungarian authorities have fined a bookseller for selling a British graphic novel without closed wrapping - saying it breached an anti-gay law on LGBT literature for under-18s.

The retailer was fined 12m forints (£27,400), for selling Heartstopper without wrapping it in plastic foil, as required by law. Officials said the book depicts homosexuality and was sold to minors.

In 2021, the government of prime minister Viktor Orban introduced a law banning the display and promotion of homosexuality among under-18s. The censorship laws says that minors cannot be shown pornographic content, or anything that encourages gender change or homosexuality.

The Heartstopper series of books, written and illustrated by the British author Alice Oseman, follow the lives of two British teenagers attending a fictional school who meet and fall in love. It is billed as a book about life, love, and everything that happens in between. It has since been acquired and adapted by the streaming service Netflix, which plans to release a second series in August.

Mozilla, the foundation that produces the Firefox browser explains:

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN Bill would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments that will easily negate the existence of censorship circumvention tools.

While motivated by a legitimate concern, this move to block websites directly within the browser would be disastrous for the open internet and disproportionate to the goals of the legal proposal -- fighting fraud. It will also set a worrying precedent and create technical capabilities that other regimes will leverage for far more nefarious purposes. Leveraging existing malware and phishing protection offerings rather than replacing them with government provided, device level block-lists is a far better route to achieve the goals of the legislation.

The rest of the post will provide a brief overview of the current state of phishing protection systems in browsers, the distinction between industry practices and what the draft law proposes, and proposes alternatives to achieve the goals of the legislation in a less extreme manner.

It might seem that current malware and phishing protection industry practices are not so different from the French proposal. This is far from the truth, where the key differentiating factor is that they do not block websites but merely warn users about the risks and allow them to access the websites if they choose to accept it. No such language is present in the current proposal, which is focused on blocking. Neither are there any references to privacy preserving implementations or mechanisms to prevent this feature from being utilized for other purposes. In fact, a government being able to mandate that a certain website not open at all on a browser/system is uncharted territory and even the most repressive regimes in the world prefer to block websites further up the network (ISPs, etc.) so far.

Forcing browsers to create capabilities that enable website blocking at the browser level is a slippery slope. While it might be leveraged only for malware and phishing in France today, it will set a precedent and create the technical capability within browsers for whatever a government might want to restrict or criminalize in a given jurisdiction forever. A world in which browsers can be forced to incorporate a list of banned websites at the software-level that simply do not open, either in a region or globally, is a worrying prospect that raises serious concerns around freedom of expression. If it successfully passes into law, the precedent this would set would make it much harder for browsers to reject such requests from other governments.

We remain engaged in conversations with relevant stakeholders and hope that the final law leads to a more palatable outcome for the open internet.

The notable French adult company Dorcel is currently testing a double anonymity age verification solution designed by a French tech company. The Dorcel Group is testing an AV solution by GreenBadg. The report states that 10,000 visitors to Dorcel's site will be targeted as guinea pigs during the test period.

GreenBadg founder Jacky Lamraoui said that his company built its solution in consultation with French authorities, including media regulator ARCOM.

To access Dorcel sites, users must first register on GreenBadg by providing identification and a video selfie. Another company, IDNow will verify the ID, from which the date of birth is extracted, and confirm that the ID photo corresponds to the video selfie. The video selfie/ID photo facial comparison is performed by artificial intelligence, with a second validation done by a human.

Once verified, the user will receive a badge valid for three years, allowing them to scan a QR Code on the relevant site to certify they are over 18.