Professor Lorna Woods, University of Essex
The Digital Markets Act (DMA) proposal is stable-mate to the Digital Services Act (DSA) proposal (discussed here) developed as part of a suite of actions to tackle concerns about the operation of the digital environment. If enacted, it will form part of a complex tapestry of measures dealing with information society and electronic communications services of one form or another – found in to name but a few - the European Electronic Communications Code (which covers OTT voice services); the Audiovisual Media Services Directive (which covers video on demand potentially including some YouTube channels for example, as well as video sharing platforms); the P2B Regulation; and, of course, the e-Commerce Directive (which the DSA develops). It will also be developed against a backdrop of increasing competition law enforcement actions against a number of large players in the market. The EU is not the only actor taking steps and one important question will be how compatible these various initiatives are, as well as how effective.
Overview of the Proposal
Based on the recognition that platforms are a key structuring element of the current digital economy, the proposal provides for ex ante restrictions on an identified list of services, but only when those services are provided by operators which meet certain thresholds. The Commission has enforcement responsibilities and powers, with similarities to those found in the competition field.
The relevant services are those which the Commission has identified as “core platform services” (CPS) (defined Art. 2(2)):
a) online intermediation services;
b) online search engines;
c) online social networking services;
d) videosharing platform services;
e) number-independent interpersonal communication services;
f) operating systems;
g) cloud computing services; and
h) advertising services provided by an operator which provides any of the services in (a)-(g).
While some of these terms are defined in other instruments (eg ‘information society service’, ‘online search engine’ and ‘video sharing platform service’, included no doubt to try to ensure coherence across the digital regulatory space, some are novel (eg ‘online social networking service’ and ‘software application stores’). It remains to be seen how clear these definitions are.
The service operators who will be caught by the rules in this regulation are those designated as a “gatekeeper” according to Article 3. Article 3(1) contains a three stage test:
- the existence of a significant impact on the internal market;
- the operation of a CPS “which serves as an important gateway for business users to reach end users”; and
- an entrenched and durable position in its operations.
These are assessed by quantitative criteria (based on turnover or market value, and user reach), producing a rebuttable presumption about the status of the operator, and refined by reference to qualitative criteria. It is initially for the company itself to make this assessment and to notify the Commission.
Article 5 lists the obligations for gatekeepers and Article 6 contains a list of further actions that may be specified in respect of a gatekeeper. The obligations include positive obligations and prohibitions, essentially behaviours identified from previous competition investigations and against which competition rules seem insufficiently effective. These rules have been set down in some detail though the proposal envisages that the Commission may update the list of prohibited practices in the light of enforcement experience. This is important as otherwise closely specified rules could be overly rigid and not deal with developments in the market or practice. This, then, could introduce some element of future proofing. The Regulation also provides for the possibility of exceptions, including exemption for overriding reasons of public interest (public morality, public health and public security).
- refrain from combining personal data sourced from these core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-party services, and from signing in end users to other services of the gatekeeper in order to combine personal data (this would catch, for example, the situation where logging into Gmail leads to you being logged into YouTube – this has come up in investigations into Facebook also) (Art5(a));
- refrain from preventing or restricting business users from raising issues with any relevant public authority relating to any practice of gatekeepers (Art 5d);
- refrain from requiring business users to use, offer or interoperate with an identification service of the gatekeeper (Art 5e);
- refrain from requiring business users or end users to subscribe to or register with any other core platform services – this is a ban on tying (Art 5f);
- refrain from using any not publicly available data about the activities of business users or their end users to compete with those business users, an issue that arose in the Amazon investigation (Art 6(1)(a));
- Prevent end users from un-installing any pre-installed software applications (Art 6(1)(b));
- Rank the own products of the gatekeeper more favourably than similar third-party products – this came up in the Google Shopping decision (Art 6(1)(d));
- Technically restrict the ability of end users to switch between and subscribe to different software applications and services to be accessed using the gatekeeper’s operating system – ie, lock ins are not permitted (Art 6(1)(e)).
- allow business users to offer the same products or services to end users through third party online intermediation services at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper (MFN clauses) – currently platforms impose significant restraints on their business users in this regard as can be seen for example in the eBooks settlement (Art 5b));
- allow business users to promote offers to end users acquired via the core platform service, and to conclude contracts with these end users regardless of whether for that purpose they use the core platform services of the gatekeeper or not (so for example Apple’s requirement to use its in-app purchase system or even its app store) (Art 5c));
- allow end users to access and use software application of a business user where software was acquired without using the core platform services of the gatekeeper (Art 5c));
- provide advertisers and publishers to which it supplies advertising services price information in relation to advertising services (Art 5g);
- allow the installation and effective use of third party software applications or software application stores using, or interoperating with, operating systems of that gatekeeper and allow these software applications or software application stores to be accessed by means other than the core platform services of that gatekeeper (Art 6(1)(c));
- apply FRAND conditions to rankings (Article 6(1)(d)), which might also reflect concerns in the P2B Regulation;
- give business users and providers of ancillary services (eg payment processors, cloud hosts, digital identity providers, and ad-tech sellers) access to and interoperability with the same operating system, hardware or software features that are available or used by the gatekeeper itself (Art 6(1)(f));
- provide data to allow independent verification of ad inventory (Art 6(1)(g));
- ensure effective data portability – and real-time access (art 6(1)(h));
- provide business users free of charge with effective, high-quality, continuous and real-time access to and use of aggregated and non-aggregated data (subject to GDPR) – this essentially ensures businesses can have access to their own business data (Art 6(1)(i));
- provide third-party providers of search engines with access on fair, reasonable and non-discriminatory (FRAND) terms to ranking, query, click and view data generated by end users (Art 6(1)(j));
- FRAND conditions for access for business users to the gatekeeper’s app store (Art 6(1)(k)).
By contrast to the position under competition law, in acting against these behaviours the Commission would not have to prove their impact on competition on the market, though the Commission’s ability to intervene under its competition powers remain unaffected. The Commission seems therefore to have decided that concerns about pro-competitive effects of some behaviours (including self-preferencing) do not outweigh gains from clear rules for efficient enforcement. There have been some concerns that these closely defined prohibitions may not be appropriate for all gatekeepers, and it remains to be seen how the refinement levers of qualitative factors (as regards the designation as gatekeeper in the first place) and the obligations that are susceptible to specification (in Article 6) operate.
Note that these provisions apply to services that are offered across the gatekeeper’s core services; they do not require the interoperability of core services necessarily, nor benefit third party service providers who do not operate on the core services.
The regulation also introduces provisions empowering the Commission to carry out market investigations for any of three purposes: identifying gatekeepers that are not captured by the quantitative thresholds of the DMA; identifying other services that should be added to the list of core platform services or new practices that may be unfair; identifying proportionate behavioural or structural remedies in the case of systematic infringement of the rules by a gatekeeper. Article 10 gives the Commission the power to adopt delegated acts to update the lists in Articles 5 and 6 when it discovers unfair practices in a market investigation. This new tool is arguably less far reaching than the new competition tool originally envisaged because of competence issues and the limits of Article 114 TFEU.
The DMA obliges gatekeepers to inform the Commission of any proposed merger or acquisition involving another provider of core platform services or of any other services provided in the digital sector. For these purposes, it is irrelevant whether such an acquisition triggers a notification requirement under the EU (or national) merger control rules. This is not a specialist merger regime, but is to allow the Commission to review gatekeeper designations and obligations.
The DMA provides for up to 10 percent of a gatekeeper’s global annual revenue in fines for violating its rules, similar to those penalties available in competition cases. Structural remedies remain a possibility in the case of ongoing problems or recalitrant actors (Article 16) but only where there are no equally effective behavioural remedies.
The Commission’s proposal is based on the assumption that there are problems and that reliance on competition tools is insufficient to deal with the problems, partly because of the length of time an investigation may take – for example, the Google Search case took in excess of 6 years. The European Court of Auditors has recently published a report to similar effect. Specifically as regards the DMA, the Regulation flags at Recital 10 the need to ensure contestability of markets – and in this it seems to reflect ordoliberal concerns found in many decisions where it has sought to protect the market, with knock on benefits perhaps to small and medium sized enterprises. The proposal therefore adds additional measures as a complement to competition rules. It seeks to introduce ex ante regulation to the generally ex post competition provisions and so avoid questions about the definition of markets, assessment of dominance and identification of the theory of harm (for example impact on nascent competition or on innovation). Instead the key question is whether an operator is a “gatekeeper”.
Admittedly the cases that have come up under the competition rules in relation to the digital environment have been based on complex facts and raised difficult questions about application of the usual principles, but the resort to ex ante additional regulation is not new. This double pronged approach has been used before, notably in the not-so-very-distant field of telecommunications – though it should be noted that this approach is not unique to electronic communications sectors. The EU approach to telecommunications can be seen as a model for the DMA as regards another aspect too: the decision not to embark on structural separation of big players, or at least not as a first port of call, but instead to rely on requiring them to open their platforms to providers of other services, whether direct substitutes or related services. This approach can be seen in the liberalisation of the telecommunications sector from the late 80’s on, for example in the Access Directive. As in the debate for data protection, there is the question as to whether financial penalties will ever be enough for companies as rich as the big tech companies. Some (probably American commentators) see the unwillingness to break companies up as a significant weakness.
Another notable point is the role of the Commission. By contrast to the telecommunications regime, where the national regulatory authorities have had a distinct and important role, enforcement powers lie with the Commission exclusively – perhaps reflecting the early position with regard to competition enforcement, where implementation of EU competition law was consolidated at EU level. National authorities will however participate in a Digital Markets Advisory Committee that will assist the Commission. This location of power at the EU level can be seen in other aspects of the proposal. The form of instrument proposed is a regulation, meaning it would be directly applicable in Member States’ legal systems without implementation. Moreover, the regulation seems to be envisaged as total harmonisation in this field. Article 1(5) specifies that:
“Member States shall not impose on gatekeepers further obligations by way of laws, regulations or administrative action for the purpose of ensuring contestable and fair markets”,
though the field to which this prohibition applies is restricted. Nonetheless, this point is likely to be contentious.
As noted, a central question is the identification of gatekeepers and there are likely to be questions about the operators to which the DMA applies (and no specific platform has been named).Arguably, there will be difficulties in identifying criteria that work across the range of activities that platforms provide. The assessment (which falls on the companies themselves) is a mix of assessing whether CPS are in issue and then looking at the Gatekeeper criteria. Two points should be noted; the existing definitions are themselves complex and the developing market challenges them; secondly, it is unclear how the qualitative criteria will operate to rebut the presumptions based on the numbers. There have been some comments that this definition will need to be improved as the proposal makes it way through the legislative process.
One final question relates to the relationship between this instrument (and its motivations) and that of the GDPR (and possibly the ePrivacy Directive) with their emphasis on the user and the user’s privacy. While some of the ex ante prohibitions seem to flow in the same direction as data protection rules (notably the obligation to refrain from combining personal data as well as the tying of identity services), there might be some tension with data portability by businesses and access to user data, which will likely be – at least to some extent – subject to GDPR controls. It remains to be seen how the two will operate together, and whether competition concerns operate to undercut data protection.
Photo credit: via Wikimedia commons