EU Institutions Reach Agreement on Landmark Regulations Targeting Big Tech
Privacy In Focus®
The European Commission has reached a provisional political agreement on two legislative proposals that will upend current rules governing digital services, the Digital Markets Act (DMA) and the Digital Services Act (DSA). The Commission reached a political agreement on the DMA on March 25, 2022 and an agreement on the DSA on April 23, 2022. There still are several steps needed before the new laws will take effect. Currently, the laws are expected to take effect in early 2024.
The DMA and DSA together will fundamentally change how digital platforms operate and engage with consumers and third-party operators in the EU. A high-level overview of key provisions of each Act is provided below.
Digital Markets Act
The DMA places limits on the market power of the largest digital platforms in an effort to level the playing field for smaller players. Under the new regulation, the largest digital platforms that act as a “gateway” to digital services will be subject to a host of regulatory obligations.
Scope
The Act applies to a company that meets the following criteria:
- Acts as a “gatekeeper” for a core service platform (CSP) – such as an online search engine, social networking service, app store, web browser, or operating system, among other things.
- Has a size that has “a significant impact on the internal market.” A company that has an annual turnover of 7.5 billion euros in each of the last three financial years or an average market capitalization or equivalent fair market value of 75 billion euros in the previous financial year and provides a core platform service in at least three EEA countries is presumed to meet this standard;
- Controls an important gateway for a business to reach consumers. A company that operates a CSP with more than 45 million monthly end users in the EU or more than 10,000 active business users in the EU annually is presumed to meet this standard;
- Holds an entrenched and durable position. It is presumed that a company that met the two criteria listed above in two of the last three financial years meets this standard.
Regulatory Obligations
The DMA requires that covered entities take steps to ensure the digital market is open and fair to smaller businesses and consumers. Among other requirements:
Gatekeepers must allow consumers to:
- Easily uninstall pre-installed apps, change default settings that point the consumer to the gatekeeper’s products and services, and provide choice screens for certain services;
- Allow the installation of third-party apps or app stores;
- Make the unsubscribe process as easy as the subscription process.
Gatekeepers must allow other businesses to:
- Access the price-setting conditions and algorithms used by the gatekeeper;
- Promote offers and complete contracts with consumers outside of the gatekeeper platform;
- Access data generated by the third-party business’s activity on the gatekeeper platform.
Additionally, gatekeepers are prohibited from:
- Requiring a third-party business to use the gatekeeper’s services, such as payment system;
- Ranking the gatekeeper’s products or services more favorably than a third-party product or service;
- Using the data of a third-party business when they compete with the gatekeeper on the same platform.
Penalties for noncompliance are stiff, with the maximum penalty being set at 20% of a gatekeeper’s total worldwide turnover in the preceding financial year. Other enforcement options include market investigations that result in behavioral or structural remedies.
The Digital Services Act
The DSA’s regulatory framework imposes rules governing how platforms moderate content, advertise, and use algorithmic processes. This Act aims to increase the transparency and accountability of online platforms by encouraging innovation and competition opportunities for smaller platforms and a strong protection framework for consumers who interact with online content.
Scope
The DSA applies to a variety of online intermediaries and platforms, including internet providers, social media platforms, app stores, and content-sharing platforms. The obligations of the DSA depend on the size of the business and factor in the number of users and nature of the services provided. The most stringent obligations apply to “very large” platforms (VLP). Smaller entities, while largely exempt from the more complex compliance requirements, are encouraged to follow them as a best practice.
Regulatory Obligations
The DSA requires transparency and accountability to create a digital space that is safe for all users. The Act requires, among other obligations, that covered entities:
- Implement measures to stop the sale of illegal goods or services or content. Platforms should provide a method for users to flag this content;
- Be transparent as to the algorithms used to identify recommended products or services;
- Prohibit targeted advertising to children, or users based on special characteristics, such as ethnicity, political views, and sexual orientation;
- Prohibit the use of dark patterns, or “practices that materially distort or impair, either purposefully or in effect, the ability of recipients of the service to make autonomous and informed choices or decisions;” and
- Create the ability for users to challenge a platform’s content moderation decisions.
The Commission will share responsibility for enforcing the DMA with Member State regulators. The Commission will enforce the obligations against VLP. Other entities will be subject to the supervision of Member State regulators, with the support of a new independent advisory group, the European Board for Digital Services. The Commission will charge platforms annual supervisory fees to be established based on the costs incurred by the Commission to exercise its supervisory tasks, capped at 0.05% of annual worldwide net income.
Ania Trichet, a Wiley 2022 Summer Associate, contributed to this article.
© 2022 Wiley Rein LLP