The Digital Markets Act (DMA) will have a significant impact on the operation of digital platforms. It requires large online platforms that act as “gatekeepers” in digital markets to comply with far-reaching obligations. Her goal is to ensure that digital markets become more open and contestable.
The DMA stands alongside the Digital Services Act (DSA), which has a broader scope and imposes obligations on digital services that act as intermediaries in connecting consumers to goods, services and content. While the DMA aims to ensure fairer digital markets, the DSA focuses on ensuring online security and transparency.
The duties and prohibitions imposed on gatekeepers by the DMA cover many aspects of their job. These include limitations on what they can do with user data, requirements to make services interoperable with those of third parties, and obligations to provide information to advertisers and publishers. The DMA’s provisions also prohibit activities such as ranking Gatekeeper’s own products ahead of its competitors, pre-installing certain apps or software, and forcing the use of other Gatekeeper services.
Failure to comply will result in severe penalties. If a gatekeeper does not comply with the rules, the European Commission (EC) can impose fines of up to 10% of its total worldwide turnover in the previous financial year, and up to 20% for repeated violations. In the event of systematic violations, the EC can prohibit them from acquiring other companies for a certain period of time.
Timing of the Digital Markets Act
The official legal text of the DMA will be published in the Official Journal of the EU in autumn of this year. It will come into force 20 days after publication and become applicable six months later, probably in March or April 2023.
Scope of the Digital Markets Act
The DMA applies to “gatekeepers” in digital markets that offer “Core Platform Services” (CPS). These include online intermediation services, online search engines, online social networking services, video platform services, number-independent interpersonal communication services, operating systems, web browsers, virtual assistants, cloud computing services and online advertising services.
In this context, a gatekeeper is identified on the basis of three qualitative criteria, the fulfillment of which is assumed if certain quantitative thresholds are met:
- A company must have “significant impact” on the EU market
The company is considered to meet this criterion if it: (a) has had an EU turnover of at least EUR 7.5 billion in each of the last three financial years; or (b) had an average market capitalization or an equivalent fair market value of at least EUR 75 billion in the most recent financial year; and it offers the same CPS in at least three Member States.
- Its CPS must be a “major gateway” between business and end users
The entity is deemed to meet this criterion if its CPS had at least: (a) 45 million monthly active end-users established or resident in the EU; and (b) 10,000 annual active business users located in the EU in the most recent financial year.
- It must have, or is likely to have soon, “a firm and permanent position.”
The entity is deemed to meet this criterion if the quantitative thresholds set out in criterion 2 above have been met in each of the last three financial years.
CPS providers must self-assess whether they meet the thresholds to be identified as gatekeepers. If this is the case, they must notify the EC within two months from the date the DMA becomes applicable (or from the date they start meeting the criteria, if later). They then have a maximum of six months after their appointment as gatekeepers to fulfill their new duties.
The Digital Markets Act obligations for core platform service providers
The DMA provides two broad categories of do’s and don’ts for gatekeepers.
The first category is designed to allow gatekeepers to meet the requirements without the EC having to specify any further details. It includes the following obligations:
- not to process the personal data of end users of third party services provided through the Gatekeeper Platform for online advertising purposes without the consent of the end user.
- not to combine or cross-use End Users’ Personal Data across CPS or between CPS and other Services, or to enroll End Users in other Services to combine Personal Data without End User’s consent.
- impose neither “broad” parity clauses (which prevent business users from offering lower prices and better conditions on other online distribution channels) nor “narrow” parity clauses (which prevent business users from offering lower prices and better conditions on their own distribution channels).
- to allow business users to communicate and promote their products and services (also under different conditions) free of charge to end-users purchased through the gatekeeper’s CPS (or other channels) and to enter into the contracts with these end-users.
- to enable end users to access and use content, subscriptions, features or other items through the gatekeeper’s CPS by using a business user’s software application, including those purchased outside of the gatekeeper’s CPS.
- not to prevent business users or end-users from raising the issue of non-compliance by gatekeepers with EU or national law with the competent authorities or national courts.
- not require end users or business users to login or register with another gatekeeper’s CPS as a condition of using any of the gatekeeper’s CPS.
- not to require end users to use any identification service, web browser engine or payment service or technical services supporting the provision of payment services such as in-app purchases of this gatekeeper related to services provided by the business users using the CPS of this Gatekeepers are provided.
- Advertisers and Publishers (or their authorized third parties) to whom a Gatekeeper provides online advertising services, upon request and free of charge, on a daily basis, of the prices and fees (including any deductions and surcharges) paid by the Advertiser and Publisher, and the amount of the compensation (including any deductions and surcharges) paid to the publisher and the metrics on the basis of which all prices, fees and remuneration for the publication of a particular advertisement and for each of the relevant Gatekeeper’s advertising services are calculated.
The second category of obligations are those that “can be further specified”, meaning that the EC can provide further clarity as to whether a gatekeeper’s proposed method of implementing the obligations is sufficient (which the EC can do either on its own initiative or can examine on request). of the porter). This includes commitments:
- not to use non-publicly available data obtained by the gatekeeper regarding business users using a gatekeeper’s CPS in order to then compete with those business users.
- to enable and technically enable end users to easily uninstall software applications or change default settings in the gatekeeper’s operating system, virtual assistant and web browser.
- to enable and technically enable the installation and effective use of third-party software applications or software application repositories and standardize them (subject to certain exceptions related to security measures).
- not to treat services and products offered by the gatekeeper itself more favorably in ranking and associated indexing and crawling than similar third-party services or products and to carry out such a ranking under transparent, fair and non-discriminatory conditions (self-preference).
- Not to technically or otherwise prevent end users from switching between and subscribing to software applications and services accessed under a gatekeeper’s CPS.
- to enable hardware and service providers and business users at no cost with effective interoperability and access to the same hardware or software functions accessed or controlled through the operating system or gatekeeper’s virtual assistant.
- to provide advertisers and publishers and their authorized third parties with access, upon request and free of charge, to the Gatekeeper’s performance measurement tools and data advertisers and publishers need to conduct their own independent review of advertising inventory
- to provide End Users or their authorized third parties, upon request and free of charge, with effective portability of data (including tools to facilitate the effective exercise of such data portability) provided by End User or generated through its activity.
- Subject to the Personal Data Limitations, provide Business Users or their authorized third parties, upon request and free of charge, with effective, high-quality, continuous, and real-time access and use of aggregated and non-aggregated data (including Personal Data) necessary for the use of the relevant CPS (or the services provided together with or in support of the relevant CPS) are provided or generated by the business users and the end users who engage in the products or services provided by these business users.
- Provide third-party online search engine providers, upon request, with fair, reasonable and non-discriminatory (FRAND) access to ranking, query, click and view data related to free and paid searches made by end-users in the online search engines of the gatekeeper, subject to the anonymization of personal data.
- Application of the general FRAND access conditions for business users to the gatekeeper’s stores for software applications, online search engines and online social networking services (the gatekeeper must publish general access conditions, including an alternative dispute resolution mechanism).
- not to impose disproportionate general terms of termination of the provisions of CPS and to ensure that such terms are exercised without unreasonable difficulty.
In addition, gatekeepers are subject to the following obligations:
- Gatekeepers who offer messenger services must make basic functionalities such as text messages, video calls interoperable with the services of other providers.
- Gatekeepers are obliged to inform the EC of all transactions before the conclusion: (i) if the parties offer CPS or other services in the digital sector; or (ii) enabling the collection of data.
- Gatekeepers must report to the EC on the actions they have taken to ensure compliance with the obligations.
- Gatekeepers must also establish a compliance function, which should be independent of the companies’ operational functions.