Internet liability

The Digital Market Act is in place and wants to change the Internet

The Digital Markets Act (DMA) is now in place with onerous new obligations for the big tech companies that are meant to change the Internet as we know it.

The new EU Regulation named Digital Markets Act was published on the Official Gazette in October 2022 and came into force on November 1, 2022.

The Regulation represents, in chronological order only, the latest act in a broader European strategy that aims, along with the other relevant regulatory components, to make the digital sector fairer and more competitive.

The goals of the Digital Markets Act (DMA)

Following the recent Platform-to-Business (P2B) Regulation, the DMA imposes transparency and fairness obligations on large digital platforms, which serve as access points for services offered online.

Indeed, common rules across the single market make it possible to promote business innovation, growth, and competitiveness and facilitate the expansion of smaller platforms, SMEs, and start-ups, which will thus have a single, transparent regulatory framework at the European level.

Increasingly, big tech companies act as gateways (or access points) or gatekeepers (i.e., access controllers), holding the keys to access the network for commercial operators wishing to provide their services online.  To maintain this position of dominance, however, large technology corporations require commercial operators entering the digital marketplace to use their platforms to, in turn, offer their services, thus constituting barriers that are difficult to overcome.  Without such platforms, the end user cannot access and use certain services of other commercial users while preventing commercial users from operating freely in the network.

Such platforms, therefore, assume the increasingly important role of intermediaries for most transactions between commercial users and end users, entrenching themselves as essential elements of today’s digital economy.  Gateways and gatekeepers largely impact the digital markets in which they are entrenched and effectively control access, creating a strong dependence between them and commercial users that sometimes results in unfair behavior.

The digital services “mediated” by these gateways and gatekeepers encompass a wide range of activities that are now part of our everyday digital life and include, among others, virtual marketplaces, social network services, online search engines, operating systems, or software application stores.  Although these services expand end-user choice, improving the efficiency and competitiveness of the digital sector, few large platforms hold monopoly positions in the industry.

It is precisely for this reason that the main objective of the new DMA is to prevent the abuse by large gatekeepers of their dominant position to the detriment of (economically dependent) businesses that wish to access consumers online.  The DMA, in fact, aims to reduce economic imbalances between traders and big tech, as well as to eliminate unfair business practices by such gatekeepers and the resulting negative effects on traders.

To whom do the obligations of the Digital Markets Act apply?

Although some of the phenomena that the DMA aims to eliminate may also be found in other sectors and markets, the scope of the new Regulation is limited to the digital sector, albeit with effects overseas as well.  In fact, as was already the case with the General Data Protection Regulation (GDPR), the DMA applies to so-called “core platform services” (excluding services related to electronic communications networks) provided or offered by gatekeepers to business users and end users established or located in the European Union, regardless of the place of establishment or residence of the gatekeepers and the Regulation otherwise applicable to the provision of the service.

Who are the gatekeepers?

Gatekeepers are defined as “providers of core platform services” who, to be subject to the DMA, must operate in at least three member states of the European Union.

Specifically, core platform services include those in common and everyday use, such as:

  • online intermediary services, such as for example, marketplaces, stores
  • services in sectors such as mobility, transportation, or energy;
  • online search engines;
  • social networks;
  • platforms for sharing digital content;
  • interpersonal electronic communication services;
  • operating systems;
  • cloud computing services;
  • advertising services, including advertising networks, advertising exchanges and any other advertising intermediary services, when they are linked to one or more of the other basic platform services mentioned above.

In the virtual world, therefore, gatekeepers are traditionally recognized as the “intermediaries” between those who access the Internet (end users) and those who offer content and services on the network (commercial operators).  In general, gatekeepers are the individuals who exercise control over the information that, in the network, passes through a gateway (or gate).

This control can be exercised in a variety of ways: in making or not making a piece of news available (e.g., on an online news outlet), in the deletion of a piece of information (through the removal of a post deemed inappropriate), in the activities exercised by entities that provide physical access to the network (ISPs), but most importantly, given the current complexity of cyberspace, in enabling the user to track down a piece of information or service that would otherwise be unreachable.  It is precisely because of this position of control that gatekeepers-as well as the big techs that operate them, are gaining increasing market power.

However, the fact that a digital service qualifies as a basic platform service does not necessarily imply that its provider is a gatekeeper.  Specifically, only basic platform providers are classified as gatekeepers who:

  • have a significant impact on the internal market if they have achieved an annual turnover in the European Union of at least 7.5 billion euros or their market capitalization is at least 75 billion euros;
  • have control of one or more major user access points, in case they count monthly at least 45 million end users and 10,000 business users established in the European Union; and
  • have an established and lasting position, that is, they have had a significant impact on the internal market and control of user access points for three consecutive years.  However, in order to prevent start-ups or newcos from escaping the DMA’s controls, there is also a category of “emerging gatekeepers,” which allows the European Commission to impose certain obligations on companies with an established but not yet consolidated competitive position.

Finally, to ensure that the rules in the Regulation are proportionate, SMEs are exempted from gatekeeper qualification, except in exceptional cases.

Who qualifies the supplier as a gatekeeper?

It is the European Commission itself that designates the provider as a gatekeeper subject, therefore, to the obligations under the Digital Markets Act whenever the provider of a basic platform reaches the thresholds mentioned above.  Qualification by the European Commission can occur either upon voluntary notification by the provider or independently by the Commission itself.  Failure of a basic platform service provider to notify does not, in fact, prevent the European Commission from designating such providers as gatekeepers at any time based on information of which the European Commission itself has become aware.

Indeed, gatekeeper status may be awarded by the European Commission on the basis of appropriate quantitative indicators that serve as irrefutable presumptions or in light of a qualitative assessment made on a case-by-case basis and supported by an appropriate market survey.  Specifically, in assessing the gatekeeper nature of a basic platform service provider, the European Commission takes into account – among other factors – the size, including turnover and market capitalization, activities and location of the provider, as well as the number of business users dependent on the basic platform service and the number of end users reached by the platform.

Specifically, the DMA obliges gatekeepers to notify their position, along with the thresholds they have exceeded, to the European Commission within two months of the start of its applicability.  The European Commission, on the other hand, will have 45 working days to make a decision on whether to designate a basic platform provider as a gatekeeper.

However, if a supplier designated by the European Commission succeeds in demonstrating that it does not possess the characteristics to qualify as a gatekeeper (and, therefore, not to be subject to the DMA), the latter may challenge that designation through a specific procedure directly addressed to the European Commission, which will evaluate-in the 5-month period of the request-the supplier’s arguments by adopting a final decision on the matter.

The DOs and DON’Ts of the new Regulation

The Digital Markets Act establishes a set of obligations that gatekeepers will have to meet to ensure fair and open digital markets, thus enabling commercial operators to compete for digital markets on a level playing field.

Specifically, gatekeepers will have to:

  1. allow commercial users to promote their products and services even outside the basic platform they use;
    allow end users to uninstall pre-installed applications or change preset settings on operating systems, virtual assistants, or device browsers in order not to induce end users to use only the gatekeeper’s products and services;
  2. ensure that users can withdraw from subscription to basic platform services easily;
  3. ensure interoperability of the basic platform with third-party systems and services and allow end users to install such third-party systems and applications on their own devices; and
  4. allow commercial users who advertise and offer their products and services through the platform to access data on the use of the platform and services by end users in order to verify the performance of advertising performed on the platform.

Conversely, gatekeepers will no longer be able to:

  1. rank their own products or services on the platform more favorably than those of other marketers, self-aggrandizing;
  2. combine data on the use of a service by end users in order to reuse it to provide a different service;
  3. establishing unfair conditions for commercial users operating on the basic platform, preventing such users from offering the same products on the basic platform elsewhere and at prices and conditions different from those of the gatekeeper;
  4. pre-installing certain software applications on the end user’s device or otherwise imposing such software applications by default along with the device’s operating system;
  5. require application developers to use certain services (e.g., a specific payment system or identity manager) in order to offer their products in app stores;
  6. monitor end-users’ browsing once they have left the underlying platform in order to serve targeted advertisements based on end-users’ preferences, without having collected the actual consent of the end-users.

From what can be gleaned from the obligations in the Digital Markets Act, the new Regulation serves as a corollary for the previous provisions on the processing and protection of personal data.  In fact, the DMA imposes new transparency obligations to be able to profile users online, inserting additional limits on data matching activities.  The European legislator makes it clear that it is up to gatekeepers to ensure that compliance with the obligations under the DMA is done in full compliance with other European Union regulations, including those protecting personal data and consumer protection.

What are the sanctions for violations of the DMA?

In case of violation of the obligations of the Digital Markets Act, gatekeepers risk a penalty of up to 10 percent of their total annual worldwide turnover.  However, in case of a repeat offense, the penalty can be increased up to 20 percent of the annual global turnover.  In addition, where the violation occurs at least three times within an eight-year period, the European Commission may decide to launch a market investigation and, if necessary, impose behavioral or structural remedies on gatekeepers.

The sole enforcement authority is the European Commission, but national competition authorities are entrusted with the power to launch investigations into possible infringements and transmit their findings to the European Commission in order to impose a sanction on the investigated gatekeeper.

In any case, the European legislature has also thought about possible remedies for users who suffer from the harmful behavior of gatekeepers.  Any violations of the regulations by gatekeepers, in fact, can still be enforced by users in national courts if direct harm to the users themselves (who can, therefore, also claim compensation for the harm suffered) resulted from such unlawful conduct.

In any case, the European legislator has also thought about possible remedies for users who suffer from the harmful conduct of gatekeepers.  Any violations of the regulations by gatekeepers, in fact, can still be enforced by users in national courts if direct harm to the users themselves (who can, therefore, also claim compensation for the harm suffered) resulted from such unlawful conduct.

Although the DMA is now in effect, its implementation requires prior activities to identify so-called gatekeepers and is expected to give rise to a number of disputes over qualification and related obligations.•

On a similar topic, the following article can be interesting “New EU Platform to Business Regulation set stringent obligations for online suppliers and intermediaries“.

Photo by Dima Pechurin on Unsplash

Don't miss our weekly insights

Show More
Back to top button