Experts believe that while the new European regulations associated with the Digital Markets Act could have a significant impact on the businesses affected, enforcement will be the main determinant in ensuring the laws are effective.
The European Council and European Parliament on March 24 approved the Digital Markets Act, or DMA, a framework of new initiatives aimed at curbing the dominance of Big Tech companies and related entities in Europe’s digital landscape.
The DMA’s measures aim to reduce the power of digital ‘gatekeepers’, which are companies seen as being too market-focused, thereby preventing competitors from entering a market. DMA does this by determining which companies can interact on or alongside their platforms and how they can operate.
The DMA sets parameters for platforms to qualify as gatekeepers that can stifle competition. The threshold for targeted companies includes a market capitalization of at least €75 billion, or approximately $83 billion, or companies that have earned at least €7.5 billion, or about $8.3 billion, in annual revenue over the past three years. A company must also have a minimum of 45 million monthly end users or 10,000 business users within the EU to be considered a gatekeeper. This puts tech giants such as Apple Inc. and Meta Platforms Inc. well into DMA’s crosshairs.
An access control platform must also control one or more of its core services in at least three EU Member States, including marketplaces and app stores, search engines, social media, cloud services, advertising services, voice assistants and web browsers.
“If you can’t access those sites, you don’t have a viable product,” said Paige Bartley, senior research analyst in data management at 451 Research. “If I’m an indie developer and can’t access the Apple App Store or the Google Play Store, I’m officially off the market. I don’t exist.”
Other elements of the bill’s wording regarding guards are less clear. The DMA exempts small and medium-sized businesses. But the law also allows for certain conditions to be imposed on an “emerging custodian,” who may not qualify based on current criteria.
According to the European Council, more than 10,000 SMEs operate in the EU digital economy.
According to Johnny Ryan, senior fellow at the Irish Council for Civil Liberties and senior fellow at the US pro-competition group Open Markets Institute.
For example, Google’s parent company Alphabet Inc. may use location data to determine if a person is ill when visiting a certain doctor or to determine a user’s religion when visiting a place of worship.
The effects of this cascade result in heavy data-driven advertising frameworks for dominant platforms, excluding smaller players, Ryan said. DMA would prevent this.
The law also allows the European Commission to directly monitor whether a gatekeeper violates the rules regarding cross-processing of data. These rules exist under the General Data Protection Regulation, or GDPR, but Ryan said they have not been enforced due to ongoing proceedings against tech companies with smaller GDPR watchdogs such as the Irish Data Protection Commission.
Flexion of regulating muscles
The DMA, alongside the associated Digital Services Act, was introduced by the European Commission in December 2020. EU member states unanimously approved the regulation in November 2021. Pending final revisions , it is expected to enter into force in January 2023.
The legislation could be a paradigm shift for regulators seeking to ease the authority of financial sanctions and for Big Tech companies seeking to avoid steep fines for transgressions.
Unlike reductions of up to 4% of annual global earnings that can be applied under the GDPR, the DMA would impose penalties of 10% of global earnings and 20% for repeat offenders.
“It’s an exorbitant fine,” said Dan Caprio, co-founder and president of The Providence Group, a Washington, DC-based data risk consultancy.
Caprio also noted the possibility of “significant” unintended consequences for any monetary penalties.
“In Europe, if you’re below those financial penalty thresholds, you’re likely to change your business practices to stabilize your thresholds, even if that means losing growth, new markets and new opportunities,” Caprio said.
Bartley agreed, saying the DMA could create a perverse incentive for a promising tech company not to achieve gatekeeper status to avoid triggering fines or other penalties.
“When you create this binary distinction of more restrictive rules that are supposed to support a competitive market but also try to foster an environment in which market inference platforms can thrive, you can have a growing technology company that earns more of users, which will reach a point where they cross the threshold,” Bartley said.
The DMA’s strength lies in its ability to force companies that break its rules to change their behavior, said Ryan of the Irish Council for Civil Liberties. But Ryan said a lack of assurance from the EU in enforcing DMA rules could see history repeat itself as with its predecessor GDPR, which ultimately only scares or fines people. companies that violate its laws.
“Fines, of course, are inconvenient. But if you can dominate the market and just pay a fine, why wouldn’t you?” said Ryan.
Ryan also expressed concern that the DMA could turn out to have some of the same vulnerabilities as the GDPR and that any law on paper only makes sense if it is enforced.
“Europe has invested a lot of its credibility in GDPR,” Ryan said. “But now the commission has forgotten that. … It all depends on the application. There is no appetite, judging by GDPR. There is no appetite in the European Commission to see this [the regulations] are applied.”
While some of the language of the DMA is mirrored by pending US legislation designed to rein in Big Tech, the regulatory methods and structure employed in the US and Europe will continue to be distinct in several respects.
According to Bartley, tech companies in the United States tend to face more class action lawsuits in which gray areas are resolved via court precedent. Industries with a strong history and culture of regulation such as healthcare and finance have been more receptive to strict guidelines, Bartley said.
Providence Group’s Caprio said EU officials were surprised by the pushback from US officials, who worried about the disproportionate impact on US-based businesses. Although there are some parallels between the United States and its largest trading partner, Caprio does not foresee regulatory convergence between the two.
Bartley and Ryan pointed out that DMA-wide regulations will take years to be enforced and eventually measure effectiveness, though they may serve as an example for future U.S. antitrust and privacy lawsuits. Datas.
But if no enforcement exists, the DMA will also not be a model for US law, Ryan said.
Tech giants brace for scrutiny
Apple and Google broadly endorsed the DMA in statements sent March 25 to S&P Global Market Intelligence, but the two tech giants also shared similar concerns about the scope of the regulations.
“While we support many of the DMA’s ambitions around consumer choice and interoperability, we remain concerned that some of the rules could reduce innovation and choice for Europeans,” a spokesperson wrote. from Google in an emailed statement.
Apple is concerned that DMA creates unnecessary privacy and security vulnerabilities for its users, a company spokesperson said in an email. “Other provisions will prohibit us from charging for intellectual property, in which we invest heavily.”
A spokesperson for Amazon.com Inc. said the company has no public position on DMA and said Amazon is reviewing the legislation and “is committed to providing services that meet the requirements of our customers in Europe’s evolving regulatory landscape”.
Meta did not respond to multiple requests for comment.
Casper Klynge, vice president of European government affairs at Microsoft Corp., said Microsoft supported EU efforts “from the start.”
“Open platforms are important for innovating for the future,” Klynge said in an emailed statement. “New European access control rules will ensure that major online intermediaries, including Microsoft, do more to adapt and make #TechFit4Europe.”
Providence Group’s Caprio said Microsoft appears to have calculated that the potential risk DMA poses is much greater for its competitors. Microsoft has grown and matured since experiencing its own period of antitrust scrutiny in the 1990s, and its more cooperative stance with U.S. regulators could be a model for other Big Tech competitors, Caprio said.
The US government has long been one of Microsoft’s biggest customers, having used its suite of Office products and its Azure cloud service. Microsoft Azure and Amazon Web Services share a contract with the US Department of Defense, the Pentagon announced in July 2021.
The provisional agreement for DMA is subject to the approval of the European Council and the European Parliament. The President of the European Council, Charles Michel, must submit the agreement to the Committee of Permanent Representatives for approval. The text will enter into force 20 days after its publication in the Official Journal of the EU and the rules will apply six months after that date of publication.
EU officials also expect to reach agreement on the broader Digital Services Act, which encompasses online intermediaries and platforms, according to a press release.
451 Research is part of S&P Global Market Intelligence.