Author

Debbie Heywood

Senior professional support lawyer

Read More
Author

Debbie Heywood

Senior professional support lawyer

Read More

18 January 2021

Radar - January 2021 – 3 of 3 Insights

EC draft Digital Markets Act

  • In-depth analysis

What's the issue?

In June 2020, the EC launched a consultation on a new competition tool to provide additional regulation of digital markets and, in particular, of very large online platforms.

What's the development?

The European Commission has published a proposal for a Regulation to ensure contestable and fair markets in the digital sector (the Digital Markets Act or DMA). The DMA will provide ex ante regulation of businesses with gatekeeper status and give the Commission new powers to conduct market investigations.

What does this mean for you?

The DMA sets out rules for core services provided or offered by gatekeepers to businesses established in the EU or end users established or located in the EU, irrespective of the place of establishment or residence of the gatekeeper and of any otherwise applicable law.

While the majority of the obligations are on those service providers which meet the high threshold of gatekeeper status, the impact will be felt across the all digital players in or directed at the EU.

More detail

Who is a gatekeeper?

A gatekeeper is a provider of core platform services which:

  • has a significant impact on the internal market – this will be presumed where the undertaking to which it belongs has an annual EEA turnover of at least EUR 6.5bn in the last three financial years, or where the average market capitalisation of the equivalent fair market value of the undertaking to which it belongs amounted to at least EUR 65bn in the last financial year, and it provides a core platform service in at least three Member States
  • operates a core platform service which serves as an important gateway for business users to reach end users – this will be presumed where the core platform service has more than 45m monthly active end users established or located in the Union and more than 10,000 yearly active business users established in the Union in the last financial year, and
  • enjoys an entrenched and durable position in its operations or it is foreseeable that it will do so in the near future – this will be presumed where the threshold for the second condition above is met in each of the last three financial years.

Gatekeepers are required to notify the Commission of their status but the Commission has the power, following a market investigation, to identify any provider of core platform services that meets the requirements but not the criteria for presuming they are met, as a gatekeeper.

What is a core platform service?

A core platform service is defined as meaning any of the following as further defined in Article 2:

  • online intermediation services
  • online search engines
  • online social networking services
  • video-sharing platform services
  • number-independent interpersonal communication services
  • operating systems
  • cloud computing services
  • advertising services including any advertising networks, advertising exchanges, and any other advertising intermediation services, provided by a provider of any of the above core platform services.

Article 5 obligations on gatekeepers

In respect of each of its core platform services, gatekeepers shall:

  • not combine personal data sourced from its core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-party services, and from signing in end users to other services of the gatekeeper in order to combine personal data, unless the end user has been presented with the specific choice and provided GDPR consent
  • allow business users to offer the same products or services to end users through third party online intermediation services at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper
  • allow business users to promote offers to end users acquired via the core platform service, and to conclude contracts with these end users regardless of whether for that purpose they use the core platform services of the gatekeeper or not, and allow end users to access and use, through the core platform services of the gatekeeper, content, subscriptions, features or other items by using the software application of a business user, where these items have been acquired by the end users from the relevant business user without using the core platform services of the gatekeeper
  • not prevent or restrict business users from raising issues with any relevant public authority relating to any practice of gatekeepers
  • not require business users to use, offer or interoperate with an identification service of the gatekeeper in the context of services offered by the business users using the core platform services of that gatekeeper
  • not require business users or end users to subscribe to or register with any other core platform services identified pursuant to Article 3 or which meets the thresholds in Article 3(2)(b) as a condition to access, sign up or register to any of their core platform services identified pursuant to that Article
  • provide advertisers and publishers to which it supplies advertising services, upon their request, with information concerning the price paid by the advertiser and publisher, as well as the amount or remuneration paid to the publisher, for the publishing of a given ad and for each of the relevant advertising services provided by the gatekeeper.

Article 6 obligations on gatekeepers

In respect of each of its core platform services, gatekeepers shall:

  • not use in competition with its business users, any data which is not publicly available, and which is generated or provided by its business users and/or their end users
  • allow end users to uninstall pre-installed software except where it is necessary for the essential functioning of the operating system or device and cannot technically be offered on a standalone basis by a third party
  • allow the installation and effective use of third party apps and app stores and allow them to be accessed by means other than the core platform services
  • not prioritise its own products and services (or those of a third party belonging to the same undertaking) over similar third party products and services and apply fair and non-discriminatory ranking processes
  • not restrict end users from switching between apps and services (including ISPs) using their operating system
  • allow business users and providers of ancillary services access to and interoperability with any operating system, software or hardware used by the gatekeeper to provide ancillary services
  • give advertisers and publishers free access on request to performance measuring tools of the gatekeeper and sufficient information to allow them to carry out an independent audit of ad inventory
  • provide effective data portability in line with the GDPR, including by provision of continuous and real time access
  • provide business users, or third parties authorised by a business user, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data, that is provided for or generated in the context of the use of the relevant core platform services by those business users and the end users engaging with the products or services provided by those business users; for personal data, provide access and use only where directly connected with the use effectuated by the end user in respect of the products or services offered by the relevant business user through the relevant core platform service, and when the end user opts in to such sharing by providing GDPR consent
  • provide any third party providers of online search engines, upon their request, with access on fair, reasonable and non-discriminatory terms to ranking, query, click and view data in relation to free and paid search generated by end users on online search engines of the gatekeeper, subject to anonymisation for the query, of click and view data that constitutes personal data
  • apply fair and non-discriminatory access for business users to its app store.

Under Article 7, the Commission has the power to further specify what the gatekeeper needs to do to comply with Article 6 obligations, where it deems existing measures to be insufficient.

Interaction with other laws

Gatekeepers must implement any measures required to comply with their obligations in accordance with the GDPR, the ePrivacy Directive, cybersecurity legislation, consumer protection requirements and product safety laws.

Obligations may be suspended on a case by case basis in exceptional circumstances as set out in Articles 8 and 9.

Additional obligations

The DMA makes provision for obligations to be updated. There are also various notification requirements. The gatekeeper must not make obtaining consents by a business user more onerous than for its own services nor degrade the services it offers to business or end users exercising any rights or choices to which they are entitled. Gatekeepers must also submit any profiling techniques used on its consumers to an independent audit.

Market investigations

The DMA provides the Commission with powers to conduct a market investigation:

  • for designating gatekeepers
  • in case of suspected systematic non-compliance by a gatekeeper
  • to investigate new services and practices.

Investigative and enforcement powers

Additional powers given to the Commission include:

  • to make requests for information, carry out interviews and take statements
  • conduct monitoring
  • carry out on-site investigations
  • adopt non-compliance decisions
  • accept commitments to address non-compliance
  • consider whether to carry out a market investigation on request by three or more Member States
  • issue fines for negligent or intentional non-compliance of up to 10% of a gatekeeper's total turnover in the preceding financial year
  • issue fines of up to 1% of turnover for failure to provide information or for providing false or misleading information
  • impose fines of up to 5% of average daily turnover for breach of certain obligations.

Find out more

For more information, listen to our webinar which also covers the Digital Services Act and the creation of the Digital Markets Unit in the UK. We will also be publishing more about digital policy in the UK and EU on Download. If you would like to receive updates on these and other issues affecting digital services, sign up here.

In this series

Technology, media & communications

UK government sets out final approach to regulating online harms

In-depth analysis

by Debbie Heywood, Alex Walton

Technology, media & communications

EC draft Digital Services Act

In-depth analysis

by Debbie Heywood

Technology, media & communications

EC draft Digital Markets Act

In-depth analysis

by Debbie Heywood

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Server room corridor
Data protection & cyber

Global Data Hub – EC publishes draft UK adequacy decisions

19 February 2021
Quick read

by Vinod Bange and Debbie Heywood

Click here to find out more
Hallway in server room
Data protection & cyber

Global Data Hub – UK and EU data policy

5 February 2021
Quick read

by multiple authors

Click here to find out more
Cloud Computing Servers
Technology, media & communications

The EC draft Data Governance Act – an altruistic approach to data

29 January 2021
Briefing

by Debbie Heywood

Click here to find out more