New rules to govern the activities of online ‘gatekeepers’ and regulate how businesses access gatekeeper platforms, have been adopted by EU law makers.
The Digital Markets Act (DMA) was formally approved on Monday by the Council of Ministers, the body that brings together representatives from the governments of EU member states. The EU’s other law-making body, the European Parliament, voted to approve the DMA earlier this month. The legislation was originally proposed by the European Commission in late 2020.
The DMA will now come into force 20 days after its publication in the Official Journal of the EU (OJEU), though many of its provisions will only begin to apply six months later.
Competition law and merger control expert Laura Stammwitz of Pinsent Masons said: “The DMA not only supplements the existing competition law rules with ‘dos and don’ts’ for the digital sector – it will also have impact on the current merger control practice. This is because, in specific cases, gatekeepers have to inform the Commission about their intended acquisitions. Combined with a recent landmark judgment from the Court of Justice of the EU, that is more than an information obligation as it finally could enable the Commission to review so-called ‘killer acquisition’ transactions even if they do not qualify for merger control review.”
The DMA is wide-ranging legislation that is expected to impact large online service providers.
Businesses face a duty, under the new legislation, to check whether they are within scope of the regulation and notify the Commission if so. This duty sits alongside Commission powers to designate businesses as subject to the new DMA regime.
Business face designation if they have a significant impact on the EU’s internal market; provide a core platform service which is an important gateway for business users to reach end users; and enjoy an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.
Providers of online intermediation services, search engines, social networks, video-sharing platforms and cloud computing services are among the ‘core platform service’ providers that could be brought within the scope of regulation.
Providers that have recorded at least €7.5 billion in turnover in the EU market within each of the last three years, or where its average market capitalisation or its equivalent fair market value amounted to at least €75 billion in the last financial year, and provide the same core platform service in at least three EU countries, will be presumed to meet the ‘significant impact’ threshold.
Providers that have recorded at least 45 million monthly active end users established or located in the EU and at least 10,000 yearly active business users established in the EU, will be presumed to meet the ‘important gateway’ criteria. The way those user metrics are to be measured is set out in the DMA.
If the 45m monthly users and 10,000 yearly business user metrics are met in each of the last three financial years, the respective provider will also be presumed to have met the ‘entrenched and durable position’ criteria.
Businesses that are subject to the DMA will be prohibited from undertaking certain practices prescribed in the legislation. The prohibitions include on using users’ personal data for the purpose of targeted advertising, or on aggregating the users’ data from across the different services they provide, without users’ consent. Gatekeepers will also be unable to dictate the price or conditions business users apply to the same products or services they offer via their platform, and the providers will not be able to restrict end users’ use of business users’ software made available via their platform either.
Other provisions are designed to encourage gatekeepers to open up access to the data generated from use of their platforms by, among other things, putting restrictions on their use of business users’ data where it is not publicly available, and requiring aggregated data to be shared, without charge, on a real-time basis, at the request of business users.
Further rules promote interoperability on gatekeeper platforms and enable platform users to decide which software they wish to use on those platforms. Gatekeepers will still have the ability to restrict access to third-party software on their platforms where the software “endanger[s] the integrity of the hardware or operating system provided by the gatekeeper”.
Gatekeepers face sanctions for violating the DMA, including potential fines of up to 10% of their global annual turnover. For repeat offences, the penalty could increase to 20% of global annual turnover. If a gatekeeper violates the new rules three times or even more, the Commission could impose a temporary ban on mergers for the business or impose divestment requirements.
London-based competition law expert Angelique Bret of Pinsent Masons previously told Out-Law: “Large technology firms categorised as ‘gatekeepers’ under the DMA will invariably also be active in the UK. Therefore they will also be subject to any requirements of the Digital Markets Unit (DMU) – established last year – and the new UK legal framework within which the DMU will operate. There will therefore be a significant additional compliance burden on these businesses.”