The EU can put trust back into online commerce

A new report says Covid vaccine scammers are targeting social media users, which is a frustrating but inevitable development. We’ve come to expect fraud to flourish online. Not so in the real world — when we walk into a shop, we can be fairly sure the goods on sale are safe and legitimate. If not, at least we or the police know where to go to complain, unlike online.

A new Digital Services Act (DSA), proposed by the European Commission, includes reforms to eCommerce regulations to correct the safety imbalance between the online and offline worlds.

Crafted correctly, the DSA will give consumers and retailers a safer, more competitive market. But an over-cautious reform could simply entrench the power wielded by big platforms, putting countless smaller retailers and service providers at a significant disadvantage.

Much of the Internet’s trust problem stems from early regulation developed to help nascent online businesses during 1990s and early 2000s. In Europe and elsewhere, a light-touch approach prevailed, in hopes that small online businesses would grow.

Spurred on by privileges denied to offline businesses, online businesses like eBay, Amazon, Facebook and Google grew to be wealthy and powerful giants. Exemptions and “safe harbours” from legal liability enable them to profit hugely from hosting other sellers and third-party content.

Toothless regulation compounds the problem. For example, Article 5 of the EU’s e-Commerce Directive says businesses must identify themselves on their websites – but carries no registration obligations or penalties for non-compliance. So, nothing happens when the requirement is ignored, or information is falsified.

The Commission grasps that online platforms and marketplaces no longer need the regulatory assistance that was probably necessary when taking their first, uncertain steps. This insight underpins its ongoing “Shaping Europe’s digital future” initiative to update regulation for greater competition and consumer welfare.

A key proposal from this discussion is called Know Your Business Customer (KYBC). It would require online intermediary service providers and marketplaces to verify and store identifying information about the businesses that use them. If a business or consumer is harmed by an online business, it can be traced and remedied – an important step for tackling online fraud, piracy and selling of counterfeit products.

This requirement would bring greater parity between online and offline businesses, while fostering safety and fairness online. After all, in the offline world, businesses have to know who their customers are. For example, commercial landlords need to know who is renting their space.

Last year, the European Parliament’s Committee on the Internal Market and Consumer Protection proposed a particularly effective version of KYBC. It would have obliged all online business providing commercial services – including those hosting websites – to verify and maintain their customers’ identities.

Unfortunately, when the European Commission proposed a KYBC obligation in December, it was disappointingly limited, applying only to online marketplaces such as eBay.

Such a narrow version of KYBC will make the internet neither safer nor more competitive. By focusing on online marketplaces, the Commission has extended a free pass to hosting services and domain name registrars, among others.

So, while trust in big marketplaces such as eBay, etsy and Amazon is strengthened, the proposal does nothing to make independent websites and other services safer and more accountable. Consumers would still struggle to identify fraudsters and make them pay.

More, the Commission’s proposal would hurt, not help competition. Legitimate, independent sellers, such as artists, jewelry designers, and clothing boutiques, will continue to find it hard to gain consumers’ trust on their own websites. They will be even more likely to be held captive to selling on larger marketplaces, sharing their profits and conforming to their business practices.

The European Parliament and the Council should seize the opportunity to improve things. Specifically, they should return the proposal to the Parliament’s original version, extending KYBC obligations to business customers on infrastructure services such as hosting providers and domain name registrars.

A broader KYBC obligation will increase safety online, generating greater trust to boost competition in the digital economy. It’s a sensible, win-win proposition.

KYBC also has the advantage of imposing few new obligations on legitimate businesses. It avoids privacy issues by applying only to business customers. Costs will be minimal as businesses can use publicly accessible databases already created to comply with EU money laundering regulations.

KYBC would only really burden service providers seeking illegitimate profit from those business customers who would rather hide their identities. The EU should ask the same of online businesses as offline ones: consumers and legitimate businesses will be the winners.

Mark Schultz is the Goodyear Endowed Chair in Intellectual Property Law at the University of Akron School of Law, United States.