Internet traffic today is highly asymmetric. The top 5 social media sites account for 99% market share of global social media traffic [1]. Crimes ranging from blackmail to phishing scams to bomb threats are largely occurring on the same few social messaging apps and social network sites. Most electronic commerce scams are occurring on same few platforms where the criminals have set up seller accounts to peddle counterfeit goods. The top 3 email providers make up 87% of the total market share [2]. Most criminals will not be spinning up their own email server or their own e-commerce platform to pull off criminal activity. Hence, it makes sense for the law to leverage these intermediaries in providing information to law enforcement or even taking enforcement actions on behalf of law enforcement.
Under the Digital Services Act, providers are required to report suspicions of criminal activity [3], take down flagged illegal content [4] and collect personal information of traders in case of disputes with consumers [5]. The DSA also covers all intermediaries which provide services to the EU regardless of the place of establishment [6]. This objective territoriality principle [7] espoused by the DSA is important in ensuring that the local population are still protected by national laws even if the 'crime scene' occurred in cyberspace. Law enforcement is able to stop illegal activities through the cooperation of these intermediaries. Victims in fraudulent transactions are able to obtain the information of rogue traders to pursue further legal action to seek redress.
Such an approach works well for crimes which are illegal in most jurisdictions. However, as Kohl observes, crimes pertaining to political values like hate speech, moral values like pornography, safety concerns over products and economic interests like gambling as a lot more contentious [8]. Fortunately, the DSA did not overstep in its scope and stray into these areas, which might put companies in an uncomfortable position of having to choose between two incompatible legal regimes.
It has more been two decades since Lindqvist set up a home page on her own personal computer [9], leaving the world with no way to take it down. Today's Lindqvist will likely make a social media post or share it on messaging apps. Even if she had a home page, law enforcement can still request it to be removed from search results as occurred in González [10]. In today's internet, if it isn't searchable, it does not exist.
[1] areppim AG, ‘Mobile social media Percent Market Share Worldwide (As of October 2017)’ (areppim AG) https://stats.areppim.com/stats/stats_socmedia_mobixsnapshot.htm accessed 24 February 2025
[2] demandsage, 'Gmail Statistics 2025: Number of Users & Market Share' https://www.demandsage.com/gmail-statistics/ accessed 24 February 2025
[3] Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act), art. 18
[4] ibid, art. 22
[5] ibid, art. 30
[6] ibid, art. 2
[7] Rowland, D., Kohl, U., & Charlesworth, A. Information technology law (Routledge, Fifth edition), pp. 29
[8] ibid, pp. 30 - 35
[9] Case C-101/01 Bodil Lindqvist [2013] ECR I–12971, para 12.
[10] Case C-131/12 Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González [2014]