Joint Committee on Enterprise, Trade and Employment díospóireacht -
Wednesday, 19 Apr 2023

All those present in the committee room are asked to exercise personal responsibility to protect themselves and others from the risk of contracting Covid-19. Members are required, as they well know, that if they wish to participate remotely, they must do so from within the Leinster House complex only. No apologies have been received as of yet.

Today, we are scheduled to discuss the pre-legislative scrutiny of the digital services Bill and I note that certain members wish to comment on that. The EU regulation, known as the Digital Services Act (Regulation (EU) 2022/2065), came into force in EU law on 16 November 2022 and will fully apply in member states from 17 February 2024. Ireland is obliged to designate and empower a competent authority known as the digital services co-ordinator to supervise and implement the Digital Services Act, DSA.

Having spoken to several members of the committee, I would like to hear from the officials why the Bill has been referred to this committee. The Joint Committee on Tourism, Culture, Arts, Sport and Media has more experience and skills in this area and a better understanding of it. As such, it is probably better able to scrutinise the Bill. I invite any members who wish to comment to do so, after which the officials can explain why the Bill ended up with this committee and not with what I believe would be the more appropriate committee, namely, the Joint Committee on Tourism, Culture, Arts, Sport and Media.

I agree with the Cathaoirleach. I want to hear from the officials as to why the Bill is before this committee. My understanding is that a Cabinet decision was made to transfer it to this committee but we will hear from the officials on that. It strikes me that as the committee with the lengthy name referred to by the Chair has concluded a piece of work in this area, it would be best placed to discuss the Bill. It is not acceptable for the Cabinet to request that pre-legislative scrutiny of such a large Bill be waived. I also believe this committee would have a job of work to do to get skilled up in the way the other committee is because its members have discussed this matter. I am mystified as to how the Bill has ended up with our committee. I have my own view on that but I will not share it right now. I am interested in hearing from the officials.

The main reason that this Bill is with our Department and the Minister has, therefore, submitted scrutiny of it to this committee is that this Department negotiated the Digital Services Act. EU regulations are now called Acts, which is confusing. The Digital Services Act is an update of the e-commerce directive of 2000, which is under the remit of the Minister for Enterprise, Trade and Employment. The Act, when it was originally proposed by the European Commission in, I believe, 2020 was part of a package, a two-hander, with the Digital Markets Act. The Digital Markets Act is very akin to competition law and the two Acts must be read together because they affect very similar entities. The Digital Services Act also contains some consumer protection elements, which is another reason it is within our Minister's remit.

The scheme only implements the regulatory framework. It does not deal with the substance of obligations on the technology companies so it does not deal with the substance of online safety. It just assigns additional functions to the Media Commission, which already has a role in online safety. I will set out the reason these are assigned to the Media Commission and not a body under the aegis of the Minister for Enterprise, Trade and Employment.

We conducted a regulatory impact assessment in January of last year. We looked at the code that is being introduced under the online safety legislation, which the Minister for Tourism, Culture, Arts, Gaeltacht, Sport and Media brought through the Houses. There are similarities and there is obviously a great similarity in the companies that are being regulated by both codes. The two codes have very similar objectives, which is to improve online safety while respecting freedom of expression, so it made sense that one regulatory body would implement both. That said, some elements of the Digital Services Act, DSA, as the Deputy may have seen in the appendix to the scheme, are going to be assigned elsewhere. Since the scheme was agreed, it has been decided that a few of the responsibilities will go to the Competition and Consumer Protection Commission, namely, those related to the online marketplaces.

That is the history of the proposal. We negotiated it. It arises from the e-commerce directive and updates the e-commerce directive regime. What we are doing now is entirely confined to ensuring that the regulator can impose fines and will put in place procedures to implement the Digital Services Act. It is not concerned with the substance of online safety.

Yes. The Deputy might recall that the e-commerce directive introduced a kind of liability protection and stated that hosting services, the platforms and the search engines were not under an obligation to go and look for any illegal content online. However, those platforms were concerned that if they did look, just on the off chance, they would lose that liability protection because it might indicate that they had a suspicion. What the scheme does now is it provides for what is referred to as a good Samaritan clause, which is intended to indicate to the platforms that if they decide to do a trawl every so often and they find something, they still have the liability protection. That is how it updates the directive. It is designed to make it more likely that we find illegal content and take it down more quickly.

That is my problem. It broadens out the e-commerce directive into online harm, which then crosses over into the area of the media, etc. I have no knowledge of the Media Commission. The expectation here is that this committee will consider the transposition and subsequent legislation, which will result in additional functions for the Media Commission. We have work to do in finding out what the Media Commission is, what it does and what its capacity is to absorb this, although I understand it is a new body. The expansion of the e-commerce directive is an expansion out of the area of e-commerce into online harm, which to me is a substantial crossover. My position is that I am not happy to waive pre-legislative scrutiny of this scheme, nor am I happy that it would be considered at this committee. However, if the decision is taken that we are to consider it, to my mind it is a huge job of work. It is not something that will be done quickly because we will have to catch up to the same level of knowledge as the media committee.

I share the Deputy's concerns. I believe we do not have the knowledge or skill required. The committee to which I referred has looked at the Bill in detail. We are always told that we should not be doing work that other committees are doing, and that we are under pressure. This committee is busy, as all other committees are. I am not sure what the basis is for saying we do not have to consider the Bill. Do we have to consider it? Perhaps the clerk can answer that question. My gut feeling is that it will involve us doing a lot of research to catch up on what this is about and to make sure we make the right call when the Bill comes before us. I would be concerned about getting a Bill what is very technical with a lot in it and being asked to waive pre-legislative scrutiny. It is a double whammy for us and, as Chairperson, I have huge concerns about it. It is my gut feeling that the Bill should go back to the Joint Committee on Tourism, Culture, Arts, Sport and Media but I do not know the legal basis for that or what the rules of the Dáil are on it.

We will continue.

The general scheme of the digital services Bill 2023 provides for Coimisiún na Meán to be designated as the digital services co-ordinator. The general scheme also provides for matters relating to digital services, investigations and sanctions under miscellaneous matters. As I said, today we will have the opportunity to consider these matters further with representatives from the Department of Enterprise, Trade and Employment. I welcome, from the digital economy regulation unit in the Department, Ms Sabha Greene, principal officer, and Dr. Elizabeth Harvey, assistant principal officer.

Before we start, I wish to explain some limitations to parliamentary privilege and the practices of the Houses as regards references witnesses may make to another person in their evidence. The evidence of witnesses physically present or who give evidence from within the parliamentary precincts is protected pursuant to both the Constitution and statute by absolute privilege. Witnesses are again reminded of the long-standing parliamentary practice that they should not criticise or make charges against any person or entity by name or in such a way as to make him, her or it identifiable or otherwise engage in speech that may be regarded as damaging to the good name of that person or entity. Therefore, if witnesses' statements are potentially defamatory in relation to an identifiable person or entity, they will be directed to discontinue their remarks. It is imperative that they comply with any such direction.

The opening statements have been circulated to members. To commence consideration of the matter, I invite Ms Greene to make her opening remarks on behalf of the Department.

The scheme of the Bill will give effect to those elements of the EU regulation known as the Digital Services Act that require national implementing measures, so it needs to be read in tandem with that Act. Those requirements are mainly to fulfil obligations on member states to designate and empower at least one competent authority. The provisions of the EU regulation that impose obligations on the providers of online intermediary services will have direct effect here, so do not require any further national measures. The scheme does not adapt or add to these obligations. More information on those obligations has been provided by the Department in a briefing note. If there is anything more that members need, we will happily get it for them.

Accordingly, the majority of the scheme is concerned with the regulatory framework that will implement and enforce the Digital Services Act in Ireland. First, it provides for the designation of the main competent authority. The Digital Services Act obliges each member state to designate one competent authority as the main authority for implementation and enforcement of the DSA in that state. The DSA refers to this main authority as the digital services co-ordinator and requires that it be designated and empowered by 17 February 2024 at the latest. The Government has decided to designate Coimisiún na Meán, the Media Commission, as Ireland’s digital services co-ordinator, and the general scheme gives effect to that decision.

It also assigns the necessary powers to the digital services co-ordinator. The Digital Services Act provides that the digital services co-ordinator must be able to impose fines, either directly or through the courts, of up to 6% of annual worldwide turnover where there has been a breach of the EU regulation. There are also a range of investigative and other enforcement powers to which the scheme gives effect. Again, these are all requirements in the DSA. Given the cross-border nature of online intermediary services, the Act establishes a network of each of the 27 digital services co-ordinators around Europe and the European Commission, which will also have a role in the implementation of the new rules. To support the effectiveness of this network, the DSA provides for mutual assistance, joint investigation and other forms of co-operation between all the bodies. The scheme includes provisions, then, that are intended to enable Coimisiún na Meán to participate in those arrangements.

Third, it provides for the conduct of its functions. As digital services co-ordinator, DSC, an coimisiún will be responsible for some administrative tasks, such as awarding the status of trusted flagger, certifying out-of-court dispute settlement bodies and vetting researchers for access to data. The scheme again provides that the conduct of those tasks should follow procedures, and those procedures are inspired by the requirements in the Digital Services Act.

There are powers for the comisiún to co-operate with other regulators within Ireland. As things stand, there are a few regulators concerned with combating illegal content online. For example, market surveillance bodies such as the Irish Health Products Regulatory Authority and the Competition and Consumer Protection Commission, CCPC, can require the removal of illegal goods from sale online. As co-ordinator, an coimisiún will have an active role in engaging with those other Irish regulators, co-ordinating activities and circulating information on cases across the EU that have been taken here. The general scheme enables an coimisiún in this regard, for example, with provisions on exchange of information and co-operation.

There are provisions on take-down and other orders, orders to require additional information from providers. The DSA introduces new requirements for the content of orders, so there are some specific items that need to be specified in the orders. It also brings in obligations on any provider in receipt of such an order to respond with information as to how it has dealt with that order. The scheme, therefore, includes heads to ensure that those orders, whether issued by the courts or an authority such as the CCPC, follow these requirements and that the follow-up information from the providers is sent to Coimisiún na Meán in order that it can meet its own obligations to inform the other 26 DSCs and the European Commission.

We mentioned that this builds on the liability regime in the e-commerce directive. As well as the supervisory and enforcement framework, the general scheme revokes national laws that transposed the liability provisions that were introduced in 2000 by the e-commerce directive. This is because those provisions are now redundant. They have been amended and replaced by the Digital Services Act, which has direct effect, so they are outdated. The 2000 regime has been adapted in order that providers are free to survey content on their services, to identify illegal content, without running the risk of losing their protections from liability. This is intended to make it more likely, as I said previously, that illegal content will be found and taken down.

On the Minister's request for a waiver, this is due mainly to the urgency of the legislation, which must be enacted by early February 2024 at the latest, when Ireland is legally obliged to have designated a regulator to enforce the EU regulation. Many of the largest online providers of platforms and search engines have their EU headquarters in Ireland. Although the European Commission will have a leading role in enforcement and implementation of the Digital Services Act vis-à-vis those large providers, it will be the Irish DSC that will be responsible for much of the day-to-day supervision of those providers and will be called on to support the European Commission in its own casework. Ireland’s regulator will have a pre-eminent role in the network overseeing the delivery of these new landmark rules, and if we are not ready it will become very obvious almost immediately. The commission needs time to prepare for that role. Recruitment is under way in order that new staff can start in an coimisiún over this summer and into the autumn, well ahead of next February. As well as people, of course, an coimisiún will need clarity about its legislative powers, functions and obligations to ensure that staff are trained and ready. Therefore, enactment of the scheme at the earliest opportunity is important as it will allow an coimisiún to fully prepare in advance of February 2024.

We can have this discussion on a without prejudice basis, but my concerns still exist and I will link in with the Chair after this to make sure we are doing this in the most appropriate way. I am really conscious of how important it is not only that we get this done but also that we get it right, and I am just not convinced that this is in the right place.

The policy responsibility, as Ms Greene said, was negotiated through this. As for the competent authority, that being the media commission, to whom does it answer in terms of line responsibility?

Yes. This is not unheard of. The Commission for Regulation of Utilities reports to the Minister for the Environment, Climate and Communications but it does have a function with respect to water, and that comes from the Minister for Housing, Local Government and Heritage, so there is there a similar model to the one we are looking at here.

Ultimately, the person who has overall responsibility will not be the Minister involved. I have a concern about that.

I have more general concerns on the back of Ms Greene's submission. When the DSC is established, however that happens, under the legislation, that person or that office will become the lead EU authority with respect to the European Digital Services Act. Is that correct? Will it be similar to the Data Protection Commission? Is that the plan?

It is not quite the same as the Data Protection Commission. The way it will work is that the European Commission will be an enforcement body and will have responsibility for some of the obligations that fall on the very large online platforms and search engines. "Very large", as the Deputy will probably know, means 45 million or more users. Many such companies have their EU headquarters here, so it is Irish law that will apply because the regulation is based on the country of origin principle, and the Irish regulator, Coimisiún na Meán, will have responsibility. The way the Digital Services Act is structured is that it ramps up the number of obligations depending on what type of service the company is and then its size. Five or six obligations are confined to very large platforms, but they also have to comply with all the other ones that everybody else has to comply with. The Irish regulator will, therefore, lead on enforcing those unless any particular case raises some kind of systematic concern, in which case the European Commission has the right to take over that case. It is kind of complicated.

Ms Greene is satisfied that the Minister would be satisfied that would happen. The committee has no knowledge of the level of resources the Media Commission has, how it functions or how it can take on this work. It strikes me that this is incredibly important, and it would really suit people who want to be able to circumvent the rules.

I am not suggesting anyone would, but if someone were to do so, it would suit him or her if there were that level of ambiguity. It is a bit like compulsory but not mandatory. Technically, the responsibility for regulation of industry will lie with the Minister for Enterprise, Trade and Employment but in reality it will be done through another area. With more than 45 million users, it would be a very powerful bad actor and that entity would be in a very good position to exploit that ambiguity. For that reason, I do not think it is ideal. We need to be belt, braces and baler twine about this to get it right. There is already a grey area in relation to responsibility and I think there should be very clean lines.

I am sorry. I did not explain it properly because it is meant to be very clear. The difficulty is that the circumstances of any particular allegation or suspected breach will determine who goes in first. If it is a breach of the risk assessment obligations, the European Commission goes in first. If the platform does not have an internal complaints procedure, then the Irish regulator goes in first. If it finds there are systemic concerns, it will ramp it up to European Commission level. In the Digital Services Act, there is a very clear and mandatory breakdown of competences and who starts anything. It makes the point of how important it is that we designate our body because until we have legally designated one, all of that legal apparatus in the EU regulation does not come into play. If we are late, the European Commission will want to start cases and we may want to start cases but we will not be empowered yet. That is where-----

We would want to start from the best possible place. I understand the need for this to be done in a timely manner but I am more persuaded by the argument that we have to get this right, which I think is more important. Speed cannot be allowed to trump perfection in this instance. I went through it earlier and I have some notes.

On head 7 on notification orders to take down content, how timely will that process be? How fast is it anticipated that it will be done? Ms Greene spoke about the need for responsibility and that it has to be clear who initiates the investigation, etc. In the intervening time, while that is being decided - again this points to the need for very clean lines - the illegal, potentially illegal or harmful content such as images of child abuse and other images like that remains online while the investigation is pending. Did I read that wrong?

Heads 7 and 8 are slightly separate from the obligations on platforms and search engines. This is not to do with investigations, as we understand them, for the rest of the scheme. At the moment, it is already the case a take-down order can be issued. A person can go to court for defamation or, as was said earlier, illegal goods or anything like that. This does not delay or change that process. All it does is harmonise the information across Europe. There are 27 different legal systems and court orders in each of the 27 are slightly different. The platforms said, when this regulation was being framed, that they get an order from a court in Slovakia, for example, and it is missing a bit of information and it is very hard for them. The idea is to give the platforms no excuse that they cannot find what they have been asked to take down. It is to harmonise the information so that, regardless of whether the order is issued in Rome, Dublin or Paris, they get the same information and therefore can move a bit faster in finding the content and taking it down. It does not interfere with that. This is not to do with those kinds of things.

No, financial fraud will still be treated the same way. A person will go through the Garda and all of that. That it is online should not be material for that investigation, as I understand. The Digital Services Act - the regulation - is not actually concerned with individual pieces of content or practices online. It is trying to get the platforms to put in place systems such as an internal complaints system, create more transparency and provide more information on their recommender systems, etc., to give us, the users, more control, for a start but also to make it more likely that people will flag up to them that there is illegal content they need to take down or a fraudster is operating on their service and they need to tackle that. It does not go into the substance of any particular illegal or harmful content.

They will typically be non-governmental organisations, such as the Children's Rights Alliance and those sort of organisations. The idea of getting trusted flagger status is that you then get priority treatment. When somebody with that status makes a complaint to Meta or whichever platform, they get priority treatment for their complaints. The idea is that the person knows what they are talking about and they have good experience.

We have set out in the scheme the kind of things the procedures need to touch on. When Coimisiún na Meán puts its procedures in place, I presume there will be application forms or something like that and you write in and apply. If you meet the criteria, which are all lifted from the EU regulation, then you get your certificate.

The commission only came into being last month. At the moment, we are recruiting an additional commissioner to join the commission who will head the digital services part and other key staff will start to be recruited quickly. The idea is it will have the time between now and February to put in place those procedures. It will not have its powers until 17 February.

This comes back to my original point. I have no knowledge of Coimisiún na Meán. I do not know if it has the capacity or capabilities to do this work. I do not know if it is interested in doing it or anything about it at all because all of that discussion happened at another committee - in-depth, as I understand - over a period of months. We have come full circle. I see that the media commission is going to be given the responsibility, perhaps through a public consultation, or maybe not - we do not know - on how it is going to draw together and come up with a system. Maybe applicants will fill in an online form or maybe they will have to get a stamped addressed envelope. Who knows? We have no knowledge of the function of Coimisiún na Meán, which means my concerns remain.

I welcome the witnesses and thank them for the work they do in this area. I also have concerns about receiving something so technical, which is easily outside our competence as a committee, and not having had time to hear from other experts, as we normally do. For instance, we got a submission from Technology Ireland.

I am sure Ms Greene is familiar with it.

It refers to the overlap between the Online Safety and Media Regulation Act and the Digital Services Act. Complaints can come under both, and there is a question about which will have precedence. This kind of stuff is so technical. I ask Ms Greene to address that for the benefit of Technology Ireland, representatives of which are probably listening in this morning. What is her interpretation of its submission? She said she is familiar with it.

One of the main reasons the Government decided Coimisiún na Meán would be the regulator for the Digital Services Act is because it is the regulator for the online safety legislation. There are similarities between the two codes. There is an overlap of the platforms and the search engines that will be in the scope of both. Both take a similar approach in obliging companies to institute procedures that make them more transparent and faster in dealing with complaints and all that. They have very similar objectives. The way the online safety legislation is framed means Coimisiún na Meán has the flexibility to take into account one code when implementing the other if there are similar obligations under both. For example, there might be an obligation to do a risk assessment under both. Under one it is clearly an annual obligation but, under the other, it may not be so clear. The commission can take that into account and say that because a risk assessment is being done once a year, this now satisfies the obligations under the other code. That flexibility is there for it. Obviously, I cannot speak for the commission because it is independent in the exercise of its functions, but that is the way this has been designed to give it flexibility.

Under the online safety legislation, the commission also has an obligation to prepare codes of conduct. Again, those will have to be notified under the transparency rules of the EU to the European Commission and will be looked at for consistency with the Digital Services Act. As a result, they should not be at odds with each other. Where there is duplication, the commission should be able to take it into account and say that if a company has done it once, that is enough, unless there are specific circumstances, in which case it has the right to ask it to do an additional bit. We have not come to a conclusion on the position of Technology Ireland. We are still working through the specific points to make sure it can work. That is the intention.

Yes. This year, we have an allocation of €2.7 million just for the functions under the Digital Services Act. That is for an additional commissioner and more people. We are being a bit flexible with Coimisiún na Meán to say how many people it might need this year. This year the plan is to prepare and put in place procedures, consultations and all of that.

I notice that the UK is bringing forward similar legislation. The UK is our near neighbour. There is such an overlap between what it does and what we do, but it is not in the European Union anymore so this legislation will not affect it. A lot of the stuff it does comes across here. How will that relationship work under this legislation or going forward?

I do not know. My understanding of the UK legislation is that a great deal of what it is doing is mirrored in the Digital Services Act and the regulation. That is clearly settled law now for us. There will have to be some engagement, clearly, because we all have the same concerns, the same platforms and other services operating across our borders, but I do not know how it is going to work in practice.

This applies regardless of where the provider is established. They do not have to be established in the EU. We expect some will only have a legal representative in the EU. Once a company is providing a service to people in the EU, it is bound by the regulation. In that regard, there is some extraterritorial effect. There are a lot of negotiations that go on at international level. There is a trade and technology council between the US and the EU where these issues are dealt with. They try to come up with joint approaches, for example, on artificial intelligence but also on these areas. There is one with China as well and one is being set up with India.

I thank Ms Greene for her answers so far. Many of our constituents will be watching this morning with bated breath as to what is going on here. Could she give us one or two examples of how this legislation will impact in a positive way on constituents and citizens? Why is it important to get this done? We know the reason for the timescale but practically speaking, I ask Ms Greene give us a number of examples of how she sees this improving, impacting on and making people's lives safer.

First, the EU regulation is intended to make the services we use more transparent. People will have more information about the recommender systems and how ads are targeted at them. There are protections against profiling of minors, anybody under 18, to make sure content is not inappropriately targeted at them. There will be greater access to the data held by these companies, so we will learn more about their algorithms and how they operate. That will help design the future regulation and inform policy from now on. There are other things too. There are, as I said, internal complaints mechanisms. Companies will have to respond faster have to be clear about who people are dealing with. Names will have to be put up on websites. There are things with marketplaces. Any online marketplace, such as Amazon or DoneDeal, will have to do random checks to make sure the goods and services are legitimate and meet the standards. Those are the kinds of protections that are there. I can give more comprehensive list of what this does. It will give us more control, more information and better engagement so when someone does have a complaint they will get faster service.

I thank the witnesses for their presentation. It is pretty unusual to be considering enforcement divorced from the obligations that create the framework.

I can understand how that is posing difficulties to members but, on the other hand, I regard the regulation here as of enormous importance. These are algorithms which are being used to manipulate us, with the advertising techniques, the manipulation and transparency across the range.

My first question is that with some of these things, such as reporting a criminal offence, one would have thought that the Garda would be the competent authority there. On complaints handling, one would have thought that the Competition and Consumer Protection Commission, CCPC, would have been involved there. On audit compliance in financial areas, one would have thought that it would be the regulator of audits, and so on. Why was it deemed necessary to have one designated regulator from within the family of regulators of these platforms in the first place?

I can understand where Ms Greene says that the Media Commission, where it looks into the entrails of these platforms, is more suited than one might say the Competition and Consumer Protection Commission might be, but what will the relationship be with those other oversight bodies, if it needs to deploy outside itself, because of an inadequate complaints procedure, for example, where all of the expertise for that is, presumably, in the Competition and Consumer Protection Commission? Is there a way to ensure that this new single regulator which we are designating here has that capability and reach? I can understand that if we picked any one of these oversight bodies, we would be saying the very same thing. For example, we would be asking how would the Competition and Consumer Protection Commission deal with online safety or algorithms, which it might not have the competence to deal with. Perhaps Ms Greene might address some of these points, please.

That is the obligation in the regulation and the purpose behind it is because if one thinks about the name of the role, which is co-ordinator, the EU recognised that illegal content is being dealt with, as correctly pointed out by the Deputy, by several different agencies and the position is the same, obviously, in each member state. The EU wanted to have one co-ordinator in each member state to pull together all of that information so that it could get a picture.

Now, every time, for example, the Health Products Regulatory Authority issues a take-down order for illegal medicines or medical devices, then that information will go, in our case to Coimisiún na Meán and it will be put into a central IT system for all of the digital services co-ordinators around Europe. This is because of the cross-border nature of the services and is designed so that everyone will know that X platform has been told to take down illegal OxyContin, or something like that. That is why we need one body at the centre as a co-ordinator.

There is illegal content, where child sexual abuse material was mentioned earlier, which will still be the responsibility of the Garda to follow up. The Garda still will be dealing directly with the platforms but Coimisiún na Meán will need to know about that in order that it can inform other people that this has been taken down from the platforms.

The big focus is not only enforcing but is also in being that co-ordinator. One has to understand that there are two things going on here. There are individual pieces of content where any individual instance of illegal videos or medical devices will be pursued by the regulator which is responsible for that sector-----

If it is appropriate, in any one case, where there is also a breach of one of the obligations in the Digital Services Act, where, for example, there is an obligation under this Act to have an internal complaints procedure, with our legislation one can now have a joint investigation. One could have the CCPC working with Coimisiún na Meán where they go in together, they do one investigation and one dawn raid together. That is how it can work now with this legislation.

What we want to get to and what it is designed for is active co-operation, not just waiting to be asked but that people would actively engage with each other. It would be a big part for the Media Commission that it will have to do outreach to all of the other regulators.

I thank the Chair and I thank the departmental guests present here this morning. I echo some of the sentiments of colleagues here this morning regarding this Bill being technical and the scope of it seems very large. All of us here obviously want to see greater protection in respect of the communications and activities online.

I wish to raise, if I may, a couple of issues. In Ms Greene’s opening statement she said that the 2000 regime was being adopted in order that providers may survey without running the risk of losing protections from liability. We know of many people in Ireland, particularly in respect of social media, where they are trying to get social media content removed. For some people, that has been quite an arduous process. Will this regime allow this process to be speeded up? Is it the case that this will give platforms, which are obviously afraid of legal actions, a carte blanche to remove something pending a review, or some such thing? Is that envisaged in respect of where this legislation is going?

Ms Greene outlined that the providers will scope the intermediate and hosting services, the online platforms and the large online platforms. This covers, I believe, the whole gamut of people who are involved in social media management, networking and net management also. That seems to be a very large remit in respect of an agency which is being described as being allocated €2.7 million in regard to its set-up costs.

I also noted Ms Greene’s point that Ireland will have a pre-eminent role because of the large number of digital platforms which are headquartered here in Ireland. I presume we are very much relying on the European Commission, where ultimately we are going to slot into its framework, as opposed to being managing our own regime. It is very hard to see, from my perspective in any event, how Ireland might take on such a significant role if such action was to be taken against Google, Facebook or some such platform, which is located in Ireland.

What would be the jurisdiction of the courts also in such matters? Can Ms Greene deal with those couple of points, please?

On the first point about having a carte blanche to remove material, the Digital Services Act, that is, the regulation, is trying to strike a balance between ensuring that illegal content comes down but that people’s freedom of expression is not unjustly trampled upon. There are procedures that when a platform is about to take material down, that if a particular person has posted it, the platform has to contact the person who is the poster and let that person know that the platform is taking it down, as well as the reasons this is happening. The poster will have a right to reply. It is not, therefore, a carte blanche.

I believe it will speed things up on the basis that it will be clearer to users who to go to and what the process is. It will also make clearer to the platforms what exactly the content we are talking about is and how to find it. If one has an order, therefore, the order has now to be somewhat more explicit about the content. The platforms would sometimes say that it can be like looking for a needle in a haystack and the idea here is to try to make it faster to find the needle.

Yes. This is meant to make it much more straightforward, to put an obligation on the platforms to find things, and to take them down when they have been contacted.

The applicable law and the EU regulation is based upon the country-of-origin principle. It is Irish law, therefore, that applies if one is established here and it will therefore be going through Irish courts.

I thank Ms Greene. The other thing which is interesting and which Ms Greene touched upon there is this issue of algorithms and how they are used, exactly who is writing them and what, I suppose, they are seeking to do. This is a bugbear, particularly in social media with regard to its management. I am struggling to understand where, in all of this potential legislation, activity is going to focus on that, because that is a dynamic and changing environment every day where platforms are adjusting algorithms the whole time. It is the trend as to where they are going and what they are trying to circulate, particularly in respect of the dissemination of information and of a particular narrative, which we see.

There is an interesting case, of which Ms Greene probably knows this morning, of the settlement of Fox News and Dominion Voting Systems in the United States.

It raises the issue. The narrative has been running through social media for more than a year. Would this legislation have been able to interdict some of the activity in question if, let us say, it was pointed at the European model in terms of where management is going?

There is now an obligation in the EU regulation requiring a very large platform to conduct a risk assessment. When the platform has identified risks, it has to put in place mitigation measures and be audited. I would imagine that process, which I believe is annual, will catch those kinds of things. The European Commission will be the lead enforcement body regarding the obligations related to risk assessment, audit and mitigation.

The Deputy mentioned how the algorithms change. Not in our legislation but in an EU regulation, there is an obligation to give access to data. That is meant to help us build more information and knowledge, on the part of regulators and others, as to how the algorithms are working.

It was said that a new commissioner has to be appointed in this area and that staff requirements are then going to be fleshed out. I would imagine the legal element of the grouping will be the largest. Is it envisaged that the work will be done in-house or will there be contracts with legal firms in Dublin to try to oversee the body’s work?

We are working towards having in-house legal capacity as considerable as we identify is required based on working through this with Coimisiún na Meán and, indeed, the advice of the European Commission. The legal element will be a big part. We also anticipate economists. Obviously, IT, data analysis and communications will comprise a big part.

If enforcement is key, I would imagine that the majority of the work will ultimately be in the legal department. The one thing I would like to understand is whether we will see contracts worth €30 million, €40 million or €50 million given to private legal houses to do the work of the body. My questions therefore concern value for money and the control of the remit of the organisation, which is exceptionally wide on the basis of what the scoping documents point to.

There is a major controversy about ChatGPT, the artificial intelligence platform. The case is made that there is no oversight or transparency regarding the software underpinning it, the algorithms it uses and the principles it applies. I saw an article contrasting it with airline autopilot systems, which are regulated in immense detail and with every little bit exposed to public scrutiny. With regard to risk response and the mitigation of risk, how will this legislation apply to an operation like the one in question? We already hear allegations that it could be used in criminal activity by replicating people’s voices, speech and so on. This is the scale of the threat that people are beginning to identify on the horizon. Is the legislation fit for purpose in taking on the emerging threats, or will we be back in a year saying we need to think again because the platforms have got more powerful?

Embedded in the legislation that went to the media commission was the idea that there is a very strong obligation on an entity to make sure its codes and the principles it applies are soundly based. To fail to do that is in itself an offence. A commissioner can go in and say the entity does not have adequate procedures. I wish to understand this because it is a tricky area. We do not fully understand artificial intelligence as legislators, no more than the delegates do as regulators. Will we be back in a year saying we do not have the framework for ChatGPT or the next incarnation of artificial intelligence?

This measure is not really designed for artificial intelligence. The Deputy is correct in that regard. There is more regulation coming separately. It is called an artificial intelligence Act but it is an EU regulation that is about to go into trilogue negotiations in Brussels involving the Parliament and Council. It will probably emerge and be adopted later this year.

Ms Greene mentioned more than once the subject of illegal content. Could I have some examples of what it would be? Who defines what is illegal?

The heads refer to people being designated as trusted flaggers. Could Ms Greene expand on the role? Who would they be and how many of them would there be?

A head refers to out-of-court settlement bodies. Could Ms Greene tell us a little more about those? What are they and how do they come about? How would they operate?

Yes. Similarly, one would want a court order to indicate that copyright or intellectual property rights have been breached.

Other examples could relate to mislabelling. For example, our sunglasses have to have a CE mark but somebody could be selling sunglasses that do not meet the European standards.

It depends. Defamation entails a court action. Typically, intellectual property rights breaches involve the court. With regard to criminal material, such as that on how to make explosives, I do not think you have to go to court. The Garda may be able to take a view on that. I am not sure there has to be a court order for child sexual abuse material. We can check these for the Deputy.

On mislabelled goods, the Competition and Consumer Protection Commission is the market-surveillance body. The Health Products Regulatory Authority knows whether drugs or medical devices are mislabelled. I do not believe it has to go to court first; it can issue orders itself. Therefore, it really depends on the content and what law is breached.

We expect the trusted flaggers will be non-governmental organisations. ChildLine is an example.

They will apply to Coimisiún na Meán for the status and it is kept for so long. I cannot remember the difference. For out-of-court dispute settlements, it is five years and for trusted flaggers, it is just kept until somebody complains that it no longer meets the criteria. It is really a facility for them. It is not a job for these organisations. It is a facility that means as soon as they spot something in the course of their work and they make a complaint, that complaint has to be given priority treatment by the platform.

Yes. The criteria are set out in the scheme. A person gets his or her certification and goes on a list, and that list is then available to the platforms so they know who has the status. A person applies to his or her local digital services co-ordinator. There will, therefore, be trusted flaggers in all 27 member states. The out-of-court dispute settlement bodies then are like existing alternative dispute resolution bodies. We expect it will be the same people who apply for this status and the criteria are very similar. There are already regulations for certifying alternative disputes.

I will ask one further question if I may. In terms of harmful content, particularly where it is being put out on social media by somebody who is not showing his or her identity, will the telecommunication service companies, TSCs, be able to provide the Internet service providers, ISPs, a list of the people who are behind that? The content could be taken down but there may be defamation. It may result in somebody adopting another counterfeit identity and going back in and reposting other things. Really, we need to get at the person or body who is behind that. Will that information be made available through this legislation for people who want to potentially pursue a civil action, for instance?

Not directly. What the EU regulation does is impose obligations on the service providers, as I said, to have systems in place that make it easier to find who is posting and to have the stuff taken down. Our scheme is just giving the power to Coimisiún na Meán to make sure that the platforms have those systems in place. We are enforcing the obligations in the Digital Services Act. Our scheme is not concerned with enforcing on any individual piece of content. It is about the systems that are put in place by the platforms. The online safety legislation that was passed last year by the Oireachtas may have something in there, but I do not think so.

I suggest that when the new commissioner is appointed, that might be something that should be looked at. That is a scourge that is there in social media and that is doing much damage, particularly to the youth in our country. There are people who for their own reasons are constantly resurfacing and putting things out and they are not being tracked or got at in any way. There needs to be some regulation. If something like that could be done here, that would be quite beneficial. Maybe Ireland should think about taking a lead. The platforms have all of the information as to who those ISPs are and they can certainly track the people who are using that access to post what they are posting. That would do a lot to help to clean it up.

I thank Deputy Shanahan. As nobody else wishes to come in, that concludes our consideration of the matter today. I thank Ms Greene and Dr. Harvey for assisting the committee in its consideration of this important matter. We will consider this matter as soon as possible and see what actions we want to take. That concludes the committee's business in public session. I propose we go into private session to consider other business. Is that agreed? Agreed.