The Digital Markets Act (DMA) will have a significant impact on the operation of digital platforms. It takes large online platforms that act as “gatekeepers” in digital markets to comply with wide-ranging commitments. Its goal is to ensure that digital markets are more open and competitive.
DMA sits alongside the Digital Services Act (DSA), which has a broader scope and provides obligations for digital services that act as intermediaries in connecting consumers to goods, services, and content. While DMA aims to ensure fairer digital markets, DSA focuses on ensuring online security and transparency.
The obligations and prohibitions imposed on gatekeepers by the DMA cover many aspects of their operations. They include restrictions on what they can do with user data, requirements to make the Services interoperable with those of third parties, and obligations to provide information to advertisers and publishers. The DMA provisions also prohibit activities such as ranking gatekeeper products ahead of their competitors, pre-installing certain applications or software, and forcing the use of other gatekeeper services.
There are harsh penalties for non-compliance. If the gatekeeper does not comply with the rules, the European Commission (EC) can impose fines of up to 10% of its total global sales in the previous financial year, and 20% for repeated violations. In the event of systematic violations, the European Commission may prevent them from acquiring other companies for a certain period.
The timing of the digital market law
The official legal text of the DMA will be published in the Official Journal of the European Union this fall. It will take effect 20 days after its publication and will become effective six months later, most likely in March or April 2023.
Scope of the Digital Markets Law
DMA applies to “gatekeepers” in digital markets who provide “core platform services” (CPS). They include online mediation services, online search engines, online social networking services, video sharing platform services, number-independent personal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services.
The gatekeeper in this context is determined by three qualitative criteria, which are supposed to be satisfied if certain quantitative thresholds are met:
- The company must have a “significant impact” on the EU market
A company is presumed to meet this criterion if it: (a) has generated sales in the European Union equal to or greater than €7.5 billion in each of the last three financial years; or (b) the average market capitalization or equivalent fair market value of at least €75 billion in the past financial year; It provides the same CPS in at least three member countries.
- CPS should be an “important gateway” between companies and end users
A company is supposed to meet this criterion if its CPS has at least: (a) 45 million monthly active end users created or located in the EU; and (b) 10,000 annual active business users established in the European Union in the last financial year.
- It must have a “established and permanent position” or is likely to have it soon
A company is assumed to meet this criterion if the quantitative limits under Standard 2 above have been met in each of the past three financial years.
Collaborative planning providers will have to assess themselves whether they meet the thresholds to be identified as gatekeepers. If they do, they will have to notify the European Commission within two months of the DMA application date (or from the point at which they begin meeting the criteria, if later). They then have a maximum of six months after their appointment as a gatekeeper to comply with the new obligations.
Digital Markets Act obligations for primary platform service providers
DMA provides two broad categories of do’s and don’ts for gatekeepers.
The first category is framed so that gatekeepers can comply without having to specify any additional details from the European Commission. It includes the following obligations:
- Not to process, for online advertising purposes, the personal data of end users of third party services provided through the Gatekeeper platform without the consent of the end user.
- Not to merge or use the Personal Data of End Users via CPS or between CPS and other Services or log End Users into other Services in order to merge Personal Data, without End User’s consent.
- Not imposing “broad” parity terms (restricting business users from offering lower prices and better terms on any other online sales channels) or “narrow” terms of paring (restricting business users from offering lower prices and better terms on their sales channels)
- To allow Business Users, free of charge, to communicate and promote their products and services (including under various circumstances) to End Users obtained through Gatekeeper CPS (or through other channels) and to enter into contracts with such End Users.
- To allow End Users to access and use through Gatekeeper CPS, content, subscriptions, features or other items using the Business User Software Application, including those obtained outside of Gatekeeper CPS.
- Refrain from preventing commercial users or end users from raising the issue of Gatekeeper’s non-compliance with EU or national laws with relevant public authorities or national courts.
- Not require End Users or Business Users to subscribe to or register with any Gatekeeper CPS as a condition of using one of the Gatekeeper CPS.
- Not require End Users to use, view, or engage with, an identification service, web browser engine, payment service, or technical services that support the provision of Payment Services, such as payment systems for in-app purchases of this Gatekeeper in the context of the Services provided by Business Users using CPS For the gatekeeper.
- To provide advertisers and publishers (or authorized third parties) to whom the Gatekeeper provides online advertising services, upon request free of charge, with information on a daily basis regarding the price and fees (including any discounts and additional fees) paid by the advertiser and publisher, as well as the bonus amount ( Including any discounts and additional fees) paid to the publisher, and the metrics on the basis of which each of the prices, fees and rewards are calculated for the posting of a particular advertisement and for each of the advertisements related to the advertising services provided by the porter.
The second category of commitments are those “subject to further determination”, which means that the European Commission can give more clarity on whether the method proposed by the gatekeeper to implement the commitments is sufficient (which the European Commission can investigate either on its own initiative or on the basis of doorman request). These obligations include:
- Not to use non-public data obtained by the Gatekeeper in relation to Business Users who use the Gatekeeper’s CPS to subsequently compete with those Business Users.
- To allow and technically enable end users to easily uninstall any software applications or change default settings in the gatekeeper operating system, virtual assistant and web browser.
- To allow the effective installation and use of third-party software applications or software application stores and to allow them to be set as default (subject to certain safety curves).
- Not doing better in ranking, indexing, crawling and related services and products offered by the Gatekeeper itself compared to similar services or products of third parties and applying transparent, fair and non-discriminatory terms to this ranking (self-preference).
- Not to technically or otherwise limit End Users from switching and subscribing to Software Applications and Services accessed under the Gatekeeper CPS.
- To allow hardware and service providers and business users, free of charge with effective interoperability and access to the same hardware or software features that are accessed or controlled via the operating system or the portal’s virtual assistant.
- To provide advertisers, publishers and authorized third parties, upon request free of charge, access to gatekeeper performance measurement tools and the data necessary for advertisers and publishers to perform their own independent verification of ad inventory
- To provide End Users or authorized third parties, upon request and without charge, effective data portability (including tools to facilitate the effective exercise of such data portability) provided by End User or generated through their activity.
- Subject to Personal Data Restrictions, to provide Business Users, or authorized third parties, upon request free of charge, effective, high-quality, continuous and real-time access and use of aggregated and non-aggregated data (including Personal Data), which is provided or generated in the course of using CPS with connection (or services provided with or in support of related CPS) by business users and end users who transact with products or services offered by such business users.
- To provide any third-party providers of Internet search engines, upon request, with fair, reasonable, and non-discriminatory (FRAND) access to rating, query, click and display data in respect of organic and paid searches generated by end-users on the Gatekeeper Internet Search Engines, Subject to anonymity of personal data.
- To enforce the FRAND General Terms of Access for Commercial Users to Gatekeeper Software Application Stores, Internet Search Engines and Online Social Networking Services (Gatekeeper shall post the General Terms of Access, including the Alternative Dispute Resolution Mechanism).
- Not to impose disproportionate general terms for the termination of the CPS Terms and to ensure that these Terms are exercised without undue difficulty.
In addition, gatekeepers are subject to the following obligations:
- Gatekeepers providing messaging services will have to perform basic functions such as text messaging and video calling and are interoperable with other service providers’ services.
- Gatekeepers are obligated to inform the European Commission of all transactions prior to closing: (i) where the parties provide CPS or any other services in the digital sector; or (ii) that enables data collection.
- Gatekeepers will have to report to the European Commission on the measures they have implemented to ensure compliance with the commitments.
- Gatekeepers must also create a compliance function, which must be independent of the companies’ operational functions.