In December 2020, the European Commission launched a much-heralded and far-reaching reform of the rules governing online commerce and activity. Specifically, the Commission has proposed a new EU Regulation on contestable and fair markets in the digital sector (Digital Markets Act) while also recommending the adoption of a new EU Regulation on a Single Market For Digital Services (Digital Services Act) amending the e-Commerce Directive. (The former is referred to as the "DMA" and the latter as the "DSA".) These initiatives result from an extensive public and stakeholder engagement led by the Commission including the April 2019 independent expert report, Competition Policy for the Digital Era.
The growth of online services has created major benefits for consumers while opening new markets for businesses. That said, these changes have not always been positive. Illegal goods are sold on various websites, disinformation is spread and certain platform providers act as bottlenecks between traders and consumers. Accordingly, the DSA and the DMA aim to create a safer digital space in which the fundamental rights of all EU-based users are protected while establishing a level-playing field to promote innovation, growth and competitiveness.
Purpose of the Reform
The DMA seeks to curb the power of gatekeepers i.e. platforms that serve as a key gateway for businesses to reach their customer base. Given their 'footprint', gatekeepers often act as private rule-makers. The application of the DSA is broader; it contains a series of obligations that apply to all providers of online services (with some exceptions for smaller companies). This proposal aims to regulate how digital intermediaries engage with their customers and what content they provide, while also modernising the e-Commerce Directive originally adopted in 2000. Under the DSA, providers of online services must stipulate in their terms and conditions any restrictions they impose on content while acting responsibly in the enforcement of such limitations. Digital companies must also publish regular reports regarding such policies. Hosting services and online platforms are subject to further obligations as are entities categorised as "very large online platforms" (i.e. those not designated as gatekeepers under the DMA).
Scope of the DMA
The DMA does not aim to apply to the entire online world. Instead, it targets the provision of so-called Core Platform Services (CPS) by gatekeepers. Such services range from search engines (e.g. Google Search) to video sharing platform services (such as YouTube) and from social networking services (e.g. Facebook) to intermediation services (such as Apple's App Store). The DMA seeks to prevent gatekeepers from imposing unfair conditions on both businesses and consumers while ensuring the transparency of key services.
Gatekeepers are large companies which provide, at least, one CPS while having a durable cohort of users across various EU Member States. Specifically, if an entity satisfies three cumulative quantitative criteria, it is likely to be designated as a gatekeeper:
- The first criterion relates to size that impacts the EU's internal market. Such an effect is presumed if the relevant entity provides a CPS in three or more EU Member States while the undertaking to which it belongs either generates an annual turnover in the European Economic Area or EEA (i.e. the 27 EU Member States plus Norway, Iceland and Liechtenstein) of EUR 6.5bn in its three most recent financial years, or, has an average market capitalisation (for listed companies) or equivalent fair market value (for private companies) of, at least, EUR 65bn in its most recent financial year.
- The second criterion focuses on control of an important link between traders and consumers. This is presumed to be met where, in its most recent financial year, the entity operates a CPS with a minimum of 45 million active end-users per month in the EU with more than 10,000 active EU business customers per annum.
- The third criterion addresses whether the relevant entity has an entrenched and durable position. This is satisfied where the relevant entity meets the thresholds detailed in the second criterion in each of its three most recent financial years.
If these three quantitative criteria are satisfied, the relevant company is presumed to fall into the gatekeeper category. That said, a potential gatekeeper may seek to rebut this presumption by providing evidence to the Commission regarding the size of the actual CPS provider and/or the absence of barriers to entry in the provision of its service(s). By contrast, if the three quantitative criteria are not met, the Commission may categorise a particular entity as a gatekeeper based on a qualitative assessment of various factors including its financial size, and economies of scale/scope.
Consequences of Gatekeeper Status
The DMA provides that gatekeepers carry a special responsibility to ensure that businesses and consumers are treated fairly while ensuring an open digital environment and contestable markets. (This duty is not dissimilar to the special obligation on dominant entities under EU/Irish abuse of dominance rules not to undermine competition.) Moreover, the Commission may impose certain obligations on entities likely to have an entrenched and durable position in the future.
"Dos and Don'ts" for Gatekeepers
Based on the Commission's market experience, the DMA stipulates two sets of "dos and don'ts" that gatekeepers must follow in their business activities. The first contains obligations that are not subject to further specification whereas the second may be clarified by the Commission in order to ensure compliance with the DMA. Under the first set of "dos and don'ts", gatekeepers must:
- Refrain from combining personal data sourced from the provision of a CPS with the personal data gleaned from the offering of other services (unless the end-user has consented);
- Allow their business customers to sell products or services at different prices on other platforms. Put another way, 'most-favoured nation' clauses are banned;
- Desist from requiring business users or consumers using one CPS to use, at least. one other CPS;
- Permit businesses to market to customers, acquired using the relevant CPS, and to conclude contracts 'off-platform'. In such situations, the relevant business should be allowed to provide products through their own software using the relevant platform;
- Allow business users to complain to any relevant regulatory authority;
- Refrain from requiring business users to avail of its identification service; and
- Provide, on request, details of spending and commission regarding a given advertisement to both advertisers and advertising agencies.
Gatekeepers are also required to "inform" the Commission regarding proposed acquisitions of other digital companies regardless of whether the relevant transaction is mandatorily notifiable under the EU Merger Regulation or under national merger control rules in any individual EU Member State. In doing so, gatekeepers must provide relevant information on the target including its most recent annual global and EEA annual turnover, details of its user numbers and the rationale for the acquisition. However, interestingly, unlike transactions notified to the Commission or to any national competition authority, gatekeepers do not require clearance before completing relevant digital transactions.
Under the second set of "dos and don'ts", a gatekeeper is subject to a long list of obligations including:
- Refraining from using confidential data sourced from the provision of a CPS to its business customers in competing with such entities;
- Allowing customers to delete any pre-installed software applications - commonly referred to as apps;
- Desisting from ranking its own products and services more favourably to those offered by competitors;
- Providing full interoperability information regarding the relevant operating systems to third parties; and
- Giving advertisers/advertising agencies access to the relevant performance measuring tools.
The DMA allows a gatekeeper to request the Commission to grant an exemption, on public interest grounds, from any of the "dos and don'ts". Moreover, the Commission may also suspend the operation of a particular provision where, due to the exceptional and extenuating circumstances, the economic viability of a gatekeeper is threatened.
How and When?
Under the DMA, a potential gatekeeper must consider whether it meets the three quantitative criteria described above. If so, it should duly inform the Commission who, on the basis the three criteria are satisfied, will designate the relevant entity as a gatekeeper. Within six months of being designated as a gatekeeper, the relevant entity must also follow both sets of "dos and don'ts".
The Commission has the exclusive right to enforce the provisions of the DMA. (That said, third parties, allegedly harmed by an infringement of the DMA, may sue a gatekeeper for damages in a national court.) The Commission's proposed enforcement powers under the DMA are broadly similar to its current functions regarding EU competition rules. The DMA gives the Commission the power to issue formal information requests, to take witness statements, to launch 'dawn raids', to accept commitments and/or to adopt interim measures. After giving the relevant gatekeeper the opportunity to contest any preliminary adverse findings, the Commission may impose fines of up to 10% of a gatekeeper's most recent annual global turnover for any substantive breach. In addition, fines of a maximum of 1% of the relevant turnover may be levied for any procedural infringement.
The journey before either the DMA or the DSA becomes law is likely to be challenging. These proposals will go before the European Parliament and the Council of Ministers - both institutions must agree before either Regulation is adopted. The DMA and the DSA will be of significant interest to any entity providing digital services in the EU, not least to the major technology companies. Expect an army of lobbyists (both formal and informal) to be deployed by the latter. That said, there is significant momentum behind both the DMA and the DSA due to recent developments in the political (think the two most recent US Presidential Elections) and economic spheres (e.g. the surge in online commerce as a result of the Covid-19 pandemic). Accordingly, while the battle ahead will be hard-fought, both the DMA and the DSA are, ultimately, likely to be adopted relatively unscathed.
The proposed adoption of the DMA is an acknowledgement on the part of the Commission of the enforcement challenge it faces arising from the fact that the unilateral conduct of strong but not dominant digital players falls outside the reach of EU competition law. Another key difficulty is that competition rules are applied on an ex post basis - in other words, the Commission may only intervene when an infringement has occurred. Given the time involved in pursuing any investigation, the relevant sector may have irrevocably changed or 'tipped' as a result of the allegedly illegal conduct. Accordingly, any remedy imposed by the Commission may be either insufficient and/or tardy. The DMA will apply on an ex ante basis. In other words, major digital players will, as gatekeepers, be required to act and be prohibited from acting in particular ways. From the Commission's perspective, this will hopefully prevent the big technology companies from creating lasting damage to the structures of competition. That said, it is likely to take, at least, eighteen months and possibly longer, before the DMA and the DSA come into effect. Until then, competition/antitrust law will remain the key arrow, as is obvious from the ongoing actions against Google and Facebook on both sides of the Atlantic, in the Commission's and other competition authorities' quiver.
This article first appeared in the Law Society Gazette.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.