The last ten years have seen the massive emergence of online platforms. The transfer of many socio-economic activities on the net and the rethinking of many consumption habits of individuals – made necessary in the last two years by the pandemic – has shown how indispensable platforms are also for exercising the fundamental rights such as work, health and education. The growing importance of platforms and the need to put in place corrective measures and instruments to prevent abuses and offences has led to a rethinking of the current regulatory framework. To regulate the new critical issues connected to the affirmation of online intermediaries and platforms, on 15 December 2020, the European Commission submitted the Digital Markets Act (DMA) and the Digital Services Act (DSA) which represent one of the most important milestones of the EU digital strategy launched in February 2020.
From the DMA proposal to Council and European Parliament requests for change
To regulate the new critical issues connected to the affirmation of large online intermediaries and platforms, the DMA is focused on 8 “core platform services”: online B2C intermediation services; online search engines; social networks; video sharing platforms; number-independent interpersonal communication services; operating systems; cloud computing services; and advertising services, including any advertising networks, advertising exchanges and any other advertising brokerage services, provided by a provider of any of the above services.
For the purposes of defining the prerequisites for qualifying a provider as a gatekeeper, the proposed regulation requires a significant impact on the internal market (presumed whenever the undertaking has had an annual turnover in the European Economic Area of at least €6.5 billion during the last three financial years and offers the service in at least three MSs), where the provider acts as an important gateway to reach end-users (occurring when there are more than 45 million monthly active end-users established or located in the Union and more than 10,000 active business users per year established in the Union in the last financial year), and the possession (or foreseeable possession in the near future) of an entrenched and durable position in its operations (this requirement is met when the thresholds have been reached in each of the last three financial years).
The possession of these requirements determines the provider’s obligation to notify the Commission. Although the Commission also has the power, independently, to identify as a gatekeeper the provider who fails to comply with this notification obligation. In addition, the Commission would have the power to review the gatekeeper status of a particular ISP in the event of a material change on the basis for the gatekeeper’s decision, or if the gatekeeper’s decision was based on incomplete, incorrect or untrue information. In general, the proposed regulation requires the Commission to verify, at least every two years, whether gatekeepers are meeting the requirements of the regulation, and whether additional providers are meeting those requirements.
Specifically, art. 5 sets several obligations and prohibitions on gatekeepers. They will have to: a) allow third parties to inter-operate with the gatekeeper’s own services in certain specific situations; b) allow their business users to access the data that they generate in their use of the gatekeeper’s platform; c) provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper; d) allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform; e) ensure the effective portability of data generated through end-user or business activity.
Instead, these platforms will be prohibited to: a) treat the services and products offered by the gatekeeper itself more favorably than similar services or products offered by third parties on the gatekeeper’s platform;
- b) forbid consumers from connecting with businesses hosted outside of gatekeeper platforms; c) prevent users from uninstalling any pre-installed software or applications if they so desire; d) use business users’ data for the purpose of competing with them.
The proposal defines in detail the powers of the Commission, granting it the power to request information, conduct inspections, order interim measures, make binding commitments proposed by the gatekeeper, carry out monitoring activities regarding compliance with the obligations under the proposed regulation, adopt decisions certifying infringements by gatekeepers and impose penalties. The latter, in particular, are quantified up to 10% of the total annual worldwide turnover of the company. Moreover, systematic violation of the regulations may lead to the application of extraordinary structural remedies such as the obligation to sell part of the company’s assets or property (splitting).
In carrying out the activities regulated by the DMA, the Commission is assisted by the Digital Markets Advisory Committee. Commission decisions and sanctions imposed by the Commission are subject to the jurisdiction of the European Court of Justice, which may cancel, reduce or increase them.
Following the launch of the proposal, a wide-ranging and heated debate was immediately initiated among stakeholders and between the Member States and the Commission on the choices of the general framework, as well as on the governance structure to be put in place to ensure that, once the legislative procedure for approval of the proposal has been completed, the EU and the Member States will be truly able to guarantee effective application of the new set of rules. Above all, even if the need to ensure certainty, predictability and uniformity is widely agreed on, the ability of a regulatory system based on an ex-ante logic to face future challenges in a sector with a very high speed of innovation is under discussion, as well as the choice of dictating uniform rules for subjects with profoundly different business models and organisations. The stakeholders have also underlined the opportunity to guarantee that the particularly pervasive powers granted to the Commission are mitigated and corrected by the establishment of a regulatory dialogue – with precise deadlines that do not delay the Commission’s intervention – able to ensure an adequate weighting of the individual situation under analysis, as well as the need to ensure effective cooperation between the Commission and Member States also through a greater enhancement of the role of national regulatory authorities. Here, it is worth reconstructing the essential contents of the positions expressed at Member State, institutional and market level.
On 25 November 2021, the Council agreed on its position (“general approach”) for the DMA proposal while, on 14 December 2021, the European Parliament approved the IMCO report amending the Commission’s proposal in its Plenary. Although with some partial differences, both the Council and EP have proposed a number of changes which focus on the scope of application (also including web browsers, virtual assistants and connected TV), the gatekeeper designation procedure (raising of thresholds, reduction of the term to notify the EC of the achievement of thresholds, extension of the two-year term proposed by the EC for the review of gatekeeper designation), enhanced reporting requirements for the gatekeeper (transmission to the EC of a detailed report of the measures adopted – annually updated -, of a non-confidential summary report and publication of the synthetic report by the EC, and obligation to make the audited description available to the public ) and the EC (publication and presentation by EC to EP and Council of an annual report setting out the findings of its monitoring activities including the impact on business-users, especially small and medium-sized enterprises and end-users), and the possibility for the EC to invite interested third parties to comment on the measures to be implemented by the gatekeeper. The proposed changes to the gatekeepers obligations are very significant. In fact, the EP has proposed additional requirements on the use of data for targeted or micro-targeted advertising and the interoperability of services, the possibility for gatekeepers to take indispensable measures to ensure that interoperability does not compromise the integrity of the operating system, hardware or software features, data protection or cybersecurity, the adoption of guidelines to facilitate compliance and the institution of the Compliance function by the gatekeepers. On systematic non-compliance, the EP has proposed the elimination of the possibility for the EC to impose structural remedies and an increase in penalties (fines not less than 4% and not exceeding 20% of total worldwide turnover in the preceding financial year). Finally, on governance, the EP has proposed the institution of the Hight Level Group of Digital Regulators and a specific description of the various activities in which national authorities may be involved by the EC.
Although negotiations are in the early stages, the changes proposed by the Council and Parliament appear to be feasible. The requests for changes are actually aimed at broadening the operation of the rules, reinforcing the reporting obligations in a logic of greater general awareness, promoting the knowledge of the Parliament and Council on EC actions in this matter, preventing that the imposed interoperability may lead to violations of privacy or security, mitigating the powers of the Commission also through the involvement of interested third parties, strengthening the deterrent effectiveness of the sanctioning system provided and defining a governance model focused on the EC but also open to the national authority involvement.