When the EU enacted the democratic world’s most ambitious digital privacy legislation, the General Data Protection Rules, national governments were tasked with enforcement.
Most of the biggest targets are headquartered in small countries, notably Ireland (Google, Meta, and Byte Dance) or Luxembourg (Amazon). Fearful of losing investments, these governments had little incentive to crack down. Few cases were opened against the tech leaders, and few fines were levied.
For the Digital Markets Act, the EU empowered the Brussels-based European Commission to lead enforcement. The Commission now must build a staff that understands complicated technologies and fast-moving markets. It’s too early to judge whether the new enforcement mechanism will be a success.
Once designated as gatekeepers, the Commission named 22 services to be in scope. These designations proved challenging. After initially investigating Apple’s iMessage texting service and Microsoft’s Bing search engine and Edge browser and advertising service, the companies protested that the products’ market shares were too low to be considered gatekeepers. The Commission agreed and kept them out of scope. The Commission also ignored some potential gatekeeper services such as Amazon’s Prime and the DMA itself failed to include other markets that potentially could have been considered such as video streaming.
Some services remain to be checked. The Commission will only decide by September 2024 whether Apple’s iPadOS should be included. A number of large core platform services, including cloud computing (Amazon Web Services, Microsoft Azure, Google Cloud), email (Gmail, Outlook), and virtual assistants (Siri, Alexa, Google Assistant), failed to make the cut.
Each “gatekeeper” must propose compliance changes. Even though TikTok has launched a challenge in court to its designation, it too must put forward a compliance plan. So far, though, the Chinese social media site has not published details. Here’s an alphabetic rundown of the other five plans.
- Alphabet: Google will require consent to share data across its various products and offer a browser choice screen on Google Chrome and Android smartphones and tablets. Google users will be able to port their data to third parties.
The biggest potential change concerns Google Search. When searching on Google, consumers will be directed to price comparison sites more often than to individual hotels or restaurants. Many business users complain that the changes will force them to buy additional Google advertising to remain at the top of search results. They have complained to the Commission.
Google has not said publicly what it will do with its Android App store, perhaps waiting to see how Apple’s proposed changes play out.
- Amazon: Under a 2022 antitrust settlement, Amazon agreed to not use data from its marketplace sellers and to open up access to the site’s Buy Box and Prime program. These commitments mirror DMA obligations.
Amazon now is offering a set of transparency measures to advertisers and a choice to share data from Amazon Marketplace with other services such as Amazon Prime Video.
- Apple: Among gatekeepers, Apple has provided the most detailed information on its compliance solution. When users click on its default browser Safari, they will be offered a browser choice screen. The company also is changing its smartphone IOS operating system to allow non-Apple distribution channels.
The highest profile – and most contested – changes concern Apple’s App Store. iPhones and iPad users in Europe will be able to use alternative app stores to download and pay with non-Apple payment services. App developers will be able to communicate directly with consumers.
The key battleground will be over security and privacy. Under the DMA, Apple is allowed to safeguard its platforms with necessary and proportionate privacy and security features. Apple has announced measures to “notarize” all apps being uploaded and plans to educate users on options and best practices to protect themselves. While Apple has not released educational materials, they should avoid alarming messages that could frighten users from using non-Apple features.
For the first time, app developers will be able to choose non-Apple distribution channels or payment processing, benefiting from a reduced commission. Each time a developer selects a non-Apple payment provider, a warning screen could appear. Apple says this is for security. From a legal perspective, some of Apple’s conditions meet the DMA rules, allowing app developers to choose distribution channels or payment processing services based on price and quality.
However, the warning screens might be deemed discriminatory as they target non-Apple payment processing. Many App developers fear their overall payments to Apple will rise, not fall. Apple claims that 99% of developers will pay the same or less.
- Meta: Meta announced that Facebook and Instagram users can choose to share information with Meta services. At this stage, Meta has not announced how it will display the choice screen to users.
Meta is offering a “pay-or-consent” offer, where users can choose between an ad-free paid version or an ad-supported free version. The offer poses legal issues as the ad-supported free version does not offer the choice between consenting and non-consenting to data collection. Some stakeholders have already challenged the offer for alleged consumer protection and data protection law violations.
Another challenge is making Meta’s WhatsApp and Messaging services interoperable with competitor messaging services such as Telegram and Signal. This is technically difficult. As of this writing, Meta has not explained publicly how it plans to meet this obligation.
After the March 7th DMA D-Day, the Commission will release the public version of its compliance reports and consider whether gatekeepers are compliant. Expect a high-stake negotiation. There will be winners and losers and the Commission enforcers have no precedent or existing model to copy. The DMA’s text itself often is vague and leaves many unanswered questions. They are addressed in the next part of this special series.
Dr. Christophe Carugati is the founder of Digital Competition, a research and advisory firm based in Brussels After his PhD in law and economics on Big Data and Competition Law, he worked at the economic think-tank Bruegel and as a lecturer in competition law and economics at Lille University.
Tech is bracing for a regulatory reckoning. On March 7, the largest online platforms will roll out changes mandated by the Digital Markets Act, the most sweeping tech legislation since the European Union passed the GDPR privacy law in 2018. In this special series, Bandwidth looks at the DMA legislation, its motivation, its implications, and its challenges.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions expressed on Bandwidth are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.
Tech 2030
A Roadmap for Europe-US Tech Cooperation
