The Digital Markets Act (DMA) will have a significant impact on the operation of digital platforms. This requires large online platforms that act as “gatekeepers” in digital markets to comply with far-reaching obligations. Its goal is to make digital markets more open and more contestable.
The DMA sits alongside the Digital Services Act (DSA), which has a broader scope and provides obligations for digital services that act as intermediaries to connect consumers to goods, services and content. While the DMA aims to ensure fairer digital markets, the DSA focuses on online security and transparency.
The obligations and prohibitions imposed on gatekeepers by the DMA cover many aspects of their operations. They include restrictions on what they can do with user data, requirements to make services interoperable with those of third parties, and obligations to provide information to advertisers and publishers. DMA provisions also prohibit activities such as ranking the gatekeeper’s own products ahead of their competitors, pre-installing certain applications or software, and forcing use of other gatekeeper services.
Severe penalties are provided for in the event of non-compliance. If a gatekeeper breaks the rules, the European Commission (EC) can impose fines of up to 10% of their total worldwide turnover in the previous financial year, and 20% for violations repeated. In case of systematic infringements, the EC can prohibit them from acquiring other companies for a certain period of time.
Digital Markets Law Schedule
The official legal text of the DMA will be published in the Official Journal of the EU in the autumn of this year. It will enter into force 20 days after its publication and will become applicable six months later, most likely in March or April 2023.
Scope of the Digital Markets Act
The DMA applies to “custodians” of digital marketplaces that provide “basic platform services” (CPS). These include online intermediation services, online search engines, online social networking services, video sharing platform services, number-independent interpersonal communication services, operating systems, web browsers, virtual assistants, cloud computing services and online advertising services.
A gatekeeper in this context is identified by three qualitative criteria, which are presumed to be satisfied if certain quantitative thresholds are met:
- A company must have a ‘significant impact’ on the EU market
The company is presumed to meet this criterion if it has: a) achieved a turnover in the EU equal to or greater than €7.5 billion in each of the last three financial years; or (b) had an average market capitalization or equivalent fair market value of at least €75 billion in the last financial year; and it provides the same CPS in at least three Member States.
- Its CPS must be an “important bridge” between companies and end users
The company is presumed to meet this criterion if its CPS has had at least: (a) 45 million monthly active end-users established or located in the EU; and (b) 10,000 active user enterprises per year established in the EU during the last financial year.
- He must have or be likely to soon have “an entrenched and lasting position”
The company is presumed to meet this criterion if the quantitative thresholds under criterion 2 above have been reached during each of the last three financial years.
CPS providers will need to self-assess whether they meet the thresholds to be identified as a gatekeeper. If they do, they will need to notify the EC within two months from the date the DMA becomes applicable (or from the time they begin to meet the criteria, if later). He then has a maximum period of six months after being appointed as gatekeeper to comply with the new obligations.
Digital Markets Act Obligations for Core Platform Service Providers
The DMA provides two broad categories of do’s and don’ts for goalies.
The first category is designed so that controllers can comply without the EC needing to specify further details. It includes the following obligations:
- not to process, for online advertising purposes, the personal data of end users of third party services provided through the gatekeeper platform without the consent of the end user.
- not combine or cross-use End Users’ Personal Data within CPS or between CPS and other Services or connect End Users to other Services to combine Personal Data, without End User’s consent.
- not to impose “broad” parity clauses (preventing professional users from offering lower prices and better conditions on any other online sales channel) or “narrow” parity clauses (preventing professional users from offer lower prices and better conditions on their own sales channels)
- to enable business users, free of charge, to communicate and promote their products and services (including under different terms) to end users acquired through the gatekeeper’s CPS (or through other channels) and to enter into contracts with such end users.
- to enable end users to access and use through the gatekeeper CPS, content, subscriptions, features or other items using a business user’s software application, including those acquired outside of the Gatekeeper CPS.
- to refrain from preventing professional users or end users from raising the issue of the access controller’s failure to comply with European or national legislation with public authorities or competent national courts.
- not require end users or business users to subscribe or register with another Gatekeeper CPS as a condition of using any of the Gatekeeper CPS.
- not require end users to use, or business users to use, provide, or interact with, any identification service, web browser engine, or payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of this gatekeeper as part of the services provided by business users using the CPS of this gatekeeper.
- provide advertisers and publishers (or their authorized third parties) to whom a gatekeeper provides online advertising services, on request and free of charge, with daily information regarding the price and fees (including any deductions and mark-ups) paid by the advertiser and the publisher, as well as the amount of remuneration (including any deductions and surcharges) paid to the publisher, and the parameters on which each of the prices, fees and remuneration is calculated for the publication of an advertisement given and for each of the advertising services provided by the gatekeeper.
The second category of obligations are those “subject to further elaboration”, which means that the EC can clarify whether a monitor’s proposed method of implementing the obligations is sufficient (which the EC can investigate either on its own own initiative or at the doorman’s request). These include in particular the obligations:
- Not to use gatekeeper-acquired non-public data about business users using a gatekeeper’s CPS to then compete with those business users.
- to enable and technically enable end users to easily uninstall any software applications or change the default settings of the gatekeeper’s operating system, virtual assistant and web browser.
- to enable and technically enable the installation and actual use of third-party software applications or software application stores and enable them to be set as default (subject to certain security safeguards exclusions).
- not to treat more favorably, in ranking and associated indexing and crawling, the services and products offered by the gatekeeper itself compared to similar services or products of third parties and to apply transparent, fair and non-discriminatory to this classification (self-preference).
- technically or otherwise prevent end users from switching and subscribing to software applications and services accessible under a gatekeeper’s CPS.
- to enable hardware and service providers and business users, free of charge, with effective interoperability and access to the same hardware or software features that are accessed or controlled through the gatekeeper’s operating system or virtual assistant.
- to provide advertisers and publishers and their authorized third parties, upon request and free of charge, with access to gatekeeper’s performance measurement tools and data necessary for advertisers and publishers to perform their own independent verification of advertising inventory
- provide end users or their authorized third parties, upon request and free of charge, with effective data portability (including tools to facilitate the effective exercise of such data portability) provided by the end user or generated by his activity.
- subject to any Personal Data Restrictions, provide Business Users or their authorized third parties, upon request and free of charge, with efficient, high-quality, continuous, real-time access to and use of aggregated and non-aggregated data (including personal data), which is provided or generated in connection with the use of the relevant CPS (or the services provided with or in support of the relevant CPS) by business users and end users using the products or services provided by these professional users.
- provide any third-party online search engine provider, upon request, access on fair, reasonable and non-discriminatory (FRAND) terms to ranking, query, click and view data relating to the free and paid searches generated by users on gatekeeper’s online search engines, subject to anonymization of personal data.
- enforce FRAND terms and conditions for business user access to gatekeeper software application stores, online search engines and online social networking services (gatekeeper shall publish terms and conditions of access, including a alternative dispute resolution mechanism).
- not to impose disproportionate terms and conditions to terminate the provisions of the CPS and to ensure that such terms are exercised without undue difficulty.
In addition, guardians will be subject to the following obligations:
- gatekeepers providing messaging services will need to make basic functionality such as text messages, video calls, interoperable with other providers’ services.
- gatekeepers will be required to notify the EC of all transactions prior to closing: (i) where the parties provide CPS or any other service in the digital sector; or (ii) that enable data collection.
- Custodians will be required to report to the EC on the measures they have implemented to ensure compliance.
- gatekeepers should also set up a compliance function, which should be independent of the companies’ operational functions.
#law #digital #markets #impact #Supra