The Digital Market Act

KEYWORDS

The Digital Market Act (DMA) was born out of a combination of three elements: the desire to regulate certain very large online platforms that have acquired substantial control over access to digital markets; the perceived inadequacies and slowness of competition law in this regard; and the existence of a political will at European level to create such regulation. Adopted in record time, the DMA is certainly ambitious. Laying the foundations for an ex ante regulation, which it applies to a new category of online services - the gatekeepers - it introduces new concepts into European law, while presenting itself as a complement to competition law. Whether it is a question of the way in which the Commission will exercise the considerable powers conferred on it by the DMA or the way it will be combined with competition law or other texts such as the GDPR, the questions that its implementation will raise are numerous and delicate.

TABLE OF Contents

Introduction


Francis Donnat
Partner, Baker McKenzie, Paris

1. The Digital Markets Act (DMA) was born of a threefold conjunction:
– the recognition of the need to regulate online platforms and companies which, by virtue of their size and role, have become key structuring elements of the digital economy, and acquired the power to intermediate the majority of transactions between end users and business users;
– the perceived inadequacies and slowness of competition law in this respect;
– the existence of a political will at European level to create such a regulation.

2. Adopted in record time (considering the usual slow pace of drafting of European texts), the text of the DMA is certainly ambitious. Laying the foundations for an ex ante regulation, which it applies to a new category of online services that it creates ex nihilo—the gatekeepers—it introduces new concepts in EU law, while presenting itself as a complement to competition law. However, the questions raised by its provisions and the issues surrounding its proper implementation are numerous, as the six articles in this special issue highlight.

3. Daniel Zimmer provides an ex ante assessment of a regulation whose ex ante nature is its main feature and simplicity, at least in comparison with some aspects of competition law, one of the qualities. Indeed, with the DMA, there is no need to define a relevant market or to consider the effects of the behavior in question on consumer welfare. For Daniel Zimmer, the specificity of these markets justifies the fact that “sharp swords are needed.” Ultimately, the new objectives of the DMA are less consumer-centered and more about contestability and fairness. In a way, this concern to protect small businesses constitutes a return to the roots of antitrust. 

4. In his analysis of the advantages and weaknesses of the text, Martin d’Halluin points out, with regard to the former, its speed of adoption, its clarity, the fact that the obligations it lays down in Article 5, which will ensure a level playing field, are self-executing, and its centralization: unlike the General Data Protection Regulation (GDPR), only the Commission is competent to ensure compliance. As for the weaknesses, Martin d’Halluin points out, on the one hand, that many provisions of the text will have to be interpreted in order to be applicable, such as the notion of interoperability. On the other hand, there is a real risk of conflict of laws with competition law: many of the behaviors regulated by Articles 5 and 6 of the DMA overlap in part with, but are broader than, those that competition law can cover. For the same behavior, on what basis will the Commission decide to use either competition law or the DMA? The application of the non bis in idem principle may give rise to numerous and lengthy disputes. 

5. Pat Treacy and Sean-Paul Brankin note that the DMA is extraordinary both in its ambition and complexity. Firstly, the obligations set out in the text are broad and uncertain, leaving much to interpretation. In practice, the Commission will be obliged to engage in extensive dialogue with gatekeepers, and will be faced with the technical difficulty of embracing such different services. Secondly, the objectives of the DMA are multiple and not necessarily aligned. In the event of a conflict between objectives, gatekeepers will be forced to make trade-offs, with the responsibility for balancing different objectives resting with the Commission and, ultimately, the European courts. Finally, the DMA is complex because of the diversity of the activities regulated. The DMA covers a wide range of activities, with a potentially large number of gatekeepers. The resulting workload for the Commission will far exceed what a normal national regulator is able to do. As any ex ante regulation is expensive and staff intensive, will the Commission be adequately staffed? While the reporting obligations of gatekeepers seem weak in relation to what is at stake, the Commission will have to develop dialogue mechanisms with gatekeepers outside the DMA framework in order to avoid a gridlock. 

6. For Jean Cattan, the real question now is how the DMA will be implemented. Faced with the DMA’s centralizing tendencies, will the Commission have enough means for its mission? The obligations set out in the text are so numerous and subtle that it is legitimate to ask how the Commission will enforce them. The answer does not only depend on the size of the administration’s workforce: the Commission must initiate a constructive dialogue with the platforms. The risk is that if the Commission is not responsive enough, disputes will be brought before national courts, with a risk of fragmentation of the DMA. It is therefore in the Commission’s interest to behave as a conductor, capitalizing on external resources, rather than as a besieged fortress. It is up to the Commission to position itself as a facilitator with all the stakeholders: obviously with the high-level group set up at EU level between the competition authorities and those responsible for audiovisual, personal data and consumer affairs, but also with businesses, researchers, civil society and Member States.

7. Alexandre de Streel and Pierre Larouche are looking for a compass to implement the DMA. Calibrating this compass will not be easy because the DMA does not contain a general definition of the services covered or a general provision that links the twenty-two obligations. The first tool to calibrate the compass must come from the objectives of the DMA, contestability and fairness being the two objectives that seem to come up most in the recitals. As a second tool, the authors suggest grouping the obligations likely to be imposed by the DMA into four categories which are linked to the objectives. The third tool is to be found in the general principles of all regulation, in particular proportionality, which implies effectiveness and necessity. At the end of the day, if the DMA is to complement competition law, it could come close to a “managed competition” model like the one we know in electronic communications law. The authors see two scenarios to be avoided: (i) the fossilization scenario, in which the DMA’s rules are quickly obsolete and are circumvented; (ii) the interlocking scenario, in which the DMA becomes a public utility regulation. The fate of the DMA to avoid these scenarios lies in a cooperation between the Commission, gatekeepers and users, in a form of co-ownership of the regulatory process. A “managed competition” can become “co-managed” by the authorities and by the companies. 

8. Damien Geradin, Konstantina Bania and Theano Karanikioti finally question the relationship between the DMA and the GDPR. If one is supposed to apply “without prejudice” to the other, many questions of articulation between the two texts will arise, such as the right to portability, which is not defined in the same way in the two texts. The DMA is a sector-specific legislation, while the GDPR is completely cross-sectorial. Furthermore, the GDPR only applies to personal data, not the DMA. Also, if “consent” under the DMA is defined by reference to the GDPR, the question is how gatekeepers will meet the high standards of the GDPR in this respect.

9. As can be seen from these six contributions, for which Concurrences warmly thanks the authors, common points emerge. The ambition of the DMA is clearly at the level of the complexity of the tasks awaiting the Commission when it will have to implement it and make it co-exist not only with competition law but also with the GDPR. As with the Sherman Act, which was, before Theodore Roosevelt, only a dead letter, everything will depend on how the Commission implements the considerable powers entrusted to it by the DMA. One thing is for sure: only the dialogue between the Commission and all the stakeholders in this new regulation will ensure its success.

The DMA: An ex ante evaluation [1]


Daniel Zimmer
Professor of Law, Faculty of Law and Economics, University of Bonn

I. Introduction: Background of the legislation

1. For a number of years, there has been a debate about how to control the power of large digital platforms. [2] The discussion is partly conducted under the acronym GAFA, representing the companies Google, Apple, Facebook and Amazon. Many people are concerned that these companies have very strong market positions, at least in some of their markets. For example, Google has had a share of more than 80% of all search queries in most European countries for many years. [3] Monopolies and monopoly-like positions invite abuse, as we know from other markets—e.g., exploitation of customers or obstruction of competitors in order to secure one’s own market position. That is why many people are suspicious of the big digital companies.

2. The distrust is furthered by the fact that what these companies do is not always easy to discern: How does a search engine arrive at its results? What criteria does Amazon use to decide which products on its Marketplace are highlighted in a Buy Box? On the other hand, consumers often appreciate the fact that they are provided with services for free on the Internet: Unlike in a sports club, they do not have to pay any fees to use a social network, they travel around the world with navigation systems provided free of charge, they can watch movies on video-sharing platforms and listen to music in high quality without paying for it. [4] Seen in this light, we live in paradisiacal conditions: Anyone who would have predicted a quarter of a century ago that high-quality services would one day be available to a large extent free of charge might have been declared insane.

3. “There ain’t no such thing as a free lunch.” Science fiction writer Robert A. Heinlein’s famous line from his novel The Moon Is a Harsh Mistress (1966) expresses that someone is paying for services. In two-sided markets (or, in other words, platform markets), it is usually the other side of the market that has to pay [5]—usually the business users of a platform, i.e., those who advertise or trade on the platform. In return, the platform can serve for free the side of the market that reacts more elastically to price changes—i.e., that runs away when prices are charged or rise. This is how it happens that so many nice services are provided free of charge. [6]

4. But there are more special features of the platform economy; there are positive network effects, and these promote concentration—even to the point of monopoly. Many networks that bring people together have one thing in common: The more users the network has, the more attractive it becomes for more and more users. [7]

5. So, there are definitely reasons that explain the growing concentration in platform markets. And it may seem questionable whether the world would be better served by several smaller search engines than by one big one: By automatically evaluating all search queries and the subsequent click reactions of users, the large machine learns quicker and better than many small ones what the most relevant information on a particular term is for the people out there at their devices. [8]

6. All in all, breaking up large market shares into several small ones does not necessarily promote the prosperity of society. [9] On the other hand, it seems important to subject the incumbents to a certain regulation so that (i) they do not further secure their strong position by hindering other companies; (ii) some residual competition for the market remains possible; and (iii) the large platforms do not treat their contractual partners unfairly. [10]

7. This has led to a number of legislative projects, [11] of which the present paper addresses only one: the Digital Markets Act (DMA), as it was provisionally agreed upon by the European Parliament on 24 March 2022. The Act is subject to official approval by the European Council and the Parliament.

II. Contents and regulatory technique of the DMA

8. The DMA addresses so-called gatekeeper online platforms that function as bottlenecks between businesses and consumers for important digital services. The DMA aims to keep digital markets fair and contestable where such gatekeepers are present. The Act is complementary to European competition law. [12] Instead of reverting to the well-established notions of competition and dominant position known from antitrust law, the EU introduces completely new concepts in the DMA. The Union is entering new regulatory territory with the link to the previously unknown legal concept of gatekeeper and with the introduction of ex ante regulation in this field. As a consequence, the traditional dogmatics of antitrust law cannot be directly applied to the new provisions of the DMA. [13]

1. Gatekeepers as addressees

9. The gatekeeper criterion, which is based on a predominantly technical-quantitative definition, replaces the theoretical concept of dominant market position in traditional competition law. Article 2(1) contains a definition of the criterion: “‘Gatekeeper’ means an undertaking providing core platform services, designated pursuant to Article 3.” Article 2(2) specifies: “‘Core platform service’ means any of the following: (a) online intermediation services; (b) online search engines; (c) online social networking services; (d) video-sharing platform services; (e) number-independent interpersonal communications services; (f) operating systems; (g) web browsers; (h) virtual assistants; (i) cloud computing services; (j) online advertising services, including any advertising networks, advertising exchanges and any other advertising intermediation services, provided by an undertaking that provides any of the core platform services listed in points (a) to (i).

10. Article 3(1) regulates how a gatekeeper is designated: “An undertaking shall be designated as a gatekeeper if (a) it has a significant impact on the internal market; (b) it provides a core platform service which is an important gateway for business users to reach end users; and (c) it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.

11. The designation is done by decision of the Commission. To facilitate the decision, Article 3(2) provides certain presumptions: An undertaking shall be presumed to satisfy the requirement of a significant impact on the internal market, where it achieved an annual Union turnover equal to or above EUR 7.5 billion in each of the last three financial years, or where its fair market value amounted to at least EUR 75 billion in the last financial year, and it provides the core platform service in at least three Member States. Moreover, the provider shall be presumed to satisfy the requirement of operating an important gateway for business users to reach end users where it provides a core platform service that in the last financial year has, on average, at least 45 million monthly active end users established or located in the Union and at least 10,000 yearly active business users established in the Union. [14]

2. Rules of conduct in Articles 5 and 6

12. In its Articles 5 and 6, the DMA lays down specific rules of conduct for designated gatekeepers. The DMA contains per se rules (Article 5) as well as rules that may require further specification by the Commission (Article 6). A complete discussion of all these provisions would go beyond the scope of this article. Instead, a few examples are provided.

13. According to Article 5(2)(b), a gatekeeper shall not “combine personal data from the relevant core platform service with personal data from other core platform services or from any other services provided by the gatekeeper or with personal data from third-party services,” and Article 5 (2)(d) precludes a gatekeeper from “sign in end users to other services of the gatekeeper in order to combine personal data.” A gatekeeper has to refrain from the practices listed in Article 5(2) unless “the end user has been presented with the specific choice and has given consent in the sense of Article 4, point (11), and Article 7 of [the General Data Protection Regulation] Regulation (EU) 2016/679.”

14. This rule resembles a decision taken by the German Competition Authority (Bundeskartellamt) against Facebook in 2019. The Bundeskartellamt declared Facebook’s practice of requiring users to consent to the extensive collection and combination of personal data from various sources to be contrary to antitrust law. [15] The decision, which was based on the German Act against Restraints of Competition, has been confirmed—at least in a preliminary decision—by the Federal Court of Justice. [16]

15. According to Article 5(3), the gatekeepers “shall not apply obligations that prevent business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.” This provision is directed against the use of so-called most-favored-nation (MFN) clauses by designated gatekeepers. Such clauses requiring business users not to grant more favorable terms when using other than the designated gatekeepers’ online intermediation services were subject to a number of decisions taken by competition authorities and courts. [17]

16. Article 6 DMA contains a differentiated catalogue of regulations, which, even without specification by the Commission, provides quite precise conduct requirements for gatekeepers. To give but one example, Article 6(1) DMA states that gatekeepers “shall not use, in competition with business users, any data that is not publicly available that is generated or provided by those business users in the context of their use of the relevant core platform services or of the services provided together with, or in support of, the relevant core platform services, including data generated or provided by the end users of those business users.” The provision has its origin in a proceeding the Commission initiated in November 2020 against Amazon: [18] The Commission examined a possible breach of competition law by exploiting the firm’s dual role as (i) the provider of a trading platform (Amazon Marketplace) which (ii) at the same time competes with business users of the platform when trading goods of the same kind.

17. After all, the Commission has often taken the clauses and practices covered by the DMA from its own application practice of Article 102 of the Treaty on the Functioning of the European Union (TFEU). But the preconditions for intervention are different: the finding of a dominant position is not required; the finding of gatekeeper status, including the size criteria, is sufficient. And the mode of action is also different: The behavioral requirements of the DMA are self-executing; they basically apply ex lege and often do not require an intermediary regulatory decision. This is why the DMA concept is sometimes referred to as ex ante regulation, in contrast to Article 102 as an ex post application of antitrust law, i.e., an application of the law that begins after the incriminated conduct.

III. Evaluation of the mechanics of the DMA

1. Simplicity

18. The mechanics of the DMA are basically very simple. The determination of the “norm addressees”—i.e., the designation as gatekeepers—is carried out according to simple, objective and easily ascertainable criteria. On the legal consequences side, the mechanics are also quite simple: Article 5 lists a number of behaviors that norm addressees are readily prohibited from engaging in. Article 6 adds further conduct to the list, which the Commission may have to “elaborate.”

19. Under the DMA, law enforcers do not need to define the relevant market, which is notoriously difficult in the case of platforms. They do not need to examine the market position of the companies, and they do not need to examine the effects of the conduct on consumer welfare. The latter was the constraint that the Commission had imposed on itself in the last twenty years in antitrust law and especially in abuse control: the necessity of a demonstration—possibly still related to the very specific case—that consumers could suffer a disadvantage as a result of the incriminated conduct. [19]

20. This whole path of recent Commission practice—the one-sided fixation on consumer welfare—has proven to be no longer sensible since the emergence of the large dominant platforms: Amazon has bought itself entire sales markets with low consumer prices and at the same time made life difficult for competing traders with questionable clauses and practices. In the case of other services as well—especially free services such as search engines and social networks—relying on short-term consumer disadvantages has been fruitless. Often, prima facie consumers benefit from the incumbents’ practices. The disadvantages come through the back door: the other side of the market, e.g., manufacturers or retailers often pay excessive contract and advertising fees, which are then—mostly not verifiable in individual cases—ultimately unloaded on consumers through higher product prices.

2. Added value of the DMA compared to Article 102 TFEU

21. At first glance, the added value seems to lie in a quick, simple and thus effective application of the law. The DMA offers great advantages in this respect. However, it is precisely the simplicity and uniform applicability that some will see as a disadvantage of the DMA. It can seem as if twenty years of legal development are being turned back; suddenly, per se rules are to apply again, after economists—in the first decade of this century—often said that a case-by-case effects-based approach was usually the measure of all things. [20] However, one could also replicate that we are not in antitrust law, that we do not have to judge the situation of a simple dominant position, but platforms, multisided markets, in which particularly sharp swords are needed because of special market dynamics. So the approach of the DMA may appear appropriate precisely because platform markets are different from other markets.

22. Moreover, the catalogue of Articles 5 and 6 DMA answers some doubtful questions on which subsumption under Article 102 TFEU the courts have not yet finally decided. Here too—in this clarification—an added value could be seen. On the other hand, one can, of course, also see in the catalogues of incriminated practices in Articles 5 and 6 a skillful attempt by the Commission to drive in stakes in order to avoid possible defeats in court proceedings on Article 102. Some of the practices—e.g., self-favoring (Google Shopping case [21]) as well as pre-installation and tying of certain software products (Google Android case [22])—are awaiting assessment in Article 102 proceedings before the courts, and if a secondary legal basis is created here that supports the official prohibition or carries a new one, the risk that the European Commission may lose pending proceedings before the General Court and the European Court of Justice is noticeably mitigated.

IV. New policy objectives?

23. In recent times, antitrust law has been confronted with demands to take into account objectives that have played only a minor role in the discussion on competition law during the past decades. It has been argued that antitrust law and its application should also promote or at least take into account sustainability, environmental and climate protection goals. This article, which is devoted to the DMA, cannot go into this topic in depth. At this point, it must suffice to provide further references on the discussion of competition law and sustainability. [23]

24. In contrast, a second aspect of the discussion on an expansion of the protective purposes of competition law is of central interest here—in the context of major digital platforms. Recently, a discussion has flared up around the question of whether competition law and policy should move away from the central objective of promoting consumer welfare in favor of more broadly combating the creation and exercise of economic power. In this context, there are suggestions that competition law should once again focus more strongly on ensuring the prerequisites for an undistorted competitive process. [24] Now the question arises whether the DMA can appear as an expression of this thinking. [25] It is striking that the DMA focuses on the term “consumers” to a lesser extent than in numerous acts of competition policy prepared by the European Commission over the past decades. Instead, there are four terms that are given central importance in the DMA: “contestability,” “fairness,” “business users” and “end users.”

V. Key terms in the DMA: Contestability, fairness, business users and end users

25. In its very first Article, the DMA states: “The purpose of this Regulation is to contribute to the proper functioning of the internal market by laying down harmonised rules ensuring for all businesses, contestable and fair markets in the digital sector across the Union where gatekeepers are present, to the benefit of business users and end users.”

1. Contestability

26. According to recital 32 of the DMA, “contestability should relate to the ability of undertakings to effectively overcome barriers to entry and expansion and challenge the gatekeeper on the merits of their products and services.” This consideration appears to be consistent with conventional competition policy: [26] The provisions on an abuse of dominance are also directed, among other things, against dominant firms making it difficult for competitors to enter the markets they dominate, for example, by means of abusive contractual clauses, and thus securing their own position of power. After all, even if this has not been grounded in every single case on the term “contestability,” securing free access to markets appears to be part of established competition policy.

27. However, instead of using the established concepts of competition and dominant position in antitrust law, the DMA introduces the completely new concept of gatekeeper. The traditional dogmatics of cartel law can therefore not be directly applied to the new regulations.

2. Fairness

28. Recital 33 states that the DMA’s concept of unfairness relates to “an imbalance between the rights and obligations of business users where the gatekeeper obtains a disproportionate advantage.” Gatekeepers should be prevented from engaging in behavior “that does not allow others to capture fully the benefits of their own contributions,” and from unilaterally imposing “unbalanced conditions for the use of their core platform services.”

29. Is the DMA’s promise to ensure fair markets in line with traditional competition policy? The term “fair” also appears in antitrust law: The exemption in Article 101(3) TFEU requires that consumers be allowed a “fair share” of the benefit resulting from a cartel, and Article 102 TFEU is directed, inter alia, against “unfair purchase or selling prices” imposed by undertakings that enjoy a dominant market position. Thus, conventional competition policy seems to be concerned with issues of distributive fairness. However, the DMA seems—when using the term “fairness”—to deal with something else; it is about more than mere distributive justice. It is, as can be seen from many examples of incriminated behavior in the lists of Articles 5 and 6, about fair behavior in competition: Gatekeepers shall not prefer themselves when publishing rankings, they shall refrain from bundling practices when marketing attractive products, they are required not to use, in competition with business users, data which is generated through activities by those business users. All in all, the DMA seems to pursue more than an antitrust goal here; it conveys a certain image of fair behavior that large providers of core platform services must display.

3. Business users and end users

30. In its enforcement practice of the last twenty years, the Commission has often postulated that competition law serves consumer welfare. [27] Most of the DMA’s behavioral requirements do not confine themselves to protecting end users, but often benefit business users, i.e., compared to end users, the “other side” of a two-sided market. The term “business user” emerges more than a hundred times in the provisions and recitals of the DMA, thus expressing the central importance the Act attributes to this group of users of core platform services.

VI. Conclusion

31. The DMA does not appear to be an organic development of competition law. It seems to be something different and new. The difference between the DMA and traditional competition law is most clearly expressed in recital 11 of the DMA: “This Regulation pursues an objective that is complementary to, but different from that of protecting undistorted competition on any given market, as defined in competition-law terms, which is to ensure that markets where gatekeepers are present are and remain contestable and fair, independently from the actual, likely or presumed effects of the conduct of a given gatekeeper covered by this Regulation on competition on a given market. This Regulation therefore aims to protect a different legal interest from that protected by those rules and it should apply without prejudice to their application.”

32. The view that the DMA is something new is reinforced by the differences between the DMA and traditional competition law:


– The DMA is without reference to market power; instead, it refers to a gatekeeper position.

– The DMA does not pursue a case-by-case effects-based approach; by contrast, it contains an ex ante regulation intervening without official action.

– The DMA has no focus on consumer disadvantages and thus on the criterion that for a long time was at the center of the Commission’s official antitrust policy. Instead, it provides for the protection of end users and of business users who—being the other market side in a two-sided market—may appear as worthy of protection as the end users are vis-à-vis the power of platform giants.

33. On the whole, the DMA may seem like a return to the roots of antitrust law. As is well known, the US Sherman Act, passed in 1890, served, inter alia, to protect “small business” against the large trusts and conglomerates in the railway and oil business that often abused their position of power to the detriment of small competitors or trading partners. There are some indications that a similar reasoning has been a motivation of the European Commission and the European Parliament when designing the DMA. In future, the narrative could be: We are not only protecting consumers from an abuse of market power. By safeguarding the competitive process, we also protect small businesses such as online retailers and app developers from unfair treatment by the large digital corporations. This can be seen as a consequence of the two-sided nature of platform markets: Vis-à-vis a gatekeeper platform, both market sides appear in similar ways in need of protection against unfair treatment—as both are dependent on the use of the platform service. 

The DMA: An Ambitious Act with Countless Challenges


Martin d’Halluin [28]
Senior Vice President, Global Competition Law & Policy Counsel, News Corp, New York

1. The European Parliament and European Council provisionally agreed on the final text of the Digital Markets Act (DMA) on 24 March 2022. A draft of the DMA, which shows the Commission, Council and Parliament’s positions plus the final agreement, was leaked in May 2022. All documents are still subject to final adjustments. This article is based on the Commission proposal [29] and, when specific references are made, on the leaked draft. [30]

2. Similar to other proposals in the digital ecosystem, such as the News media bargaining code in Australia [31] (designation made by the Treasury for digital platforms subject to the Final Arbitration Code), the draft UK’s new pro-competition regime for digital markets [32] (designation made by the Digital Markets Unit for firms with strategic market status), the US American Innovation and Online Choice draft bill [33] (so-called non-discrimination or Klobuchar bill; designation made by the US Federal Trade Commission and Department of Justice for covered platforms), or the Section 19a designation in Germany, the DMA involves a two-step process. First, certain digital companies are designated as gatekeepers. Second, the designated gatekeepers must comply with certain obligations and prohibitions. The obligations and prohibitions do not apply to all services provided by the gatekeepers but only to the core platform services (CPS). The DMA provides an exhaustive list of ten CPS: (i) online intermediation services (e.g., online marketplaces, app stores); (ii) online search engines; (iii) online social networking services; (iv) video-sharing platform services; (v) number-independent interpersonal electronic communication services; (vi) operating systems; (vii) web browsers; (viii) virtual assistants; (ix) cloud computing services; and (x) online advertising services.

3. This article will not cover the entire scope of the DMA. Certain elements are not covered in the interest of time, such as the designation mechanism, the detailed presentation of the Articles 5/6 obligations and prohibitions, and the sanctions. Instead, this article will share views and thoughts on the anticipated strengths and weaknesses of the DMA: first, this article will present the opportunities created by the DMA and its potential effects; second, the article will explore the potential shortcomings of the DMA, including risks related to its interpretation.

I. Opportunities: Efficiency and potential effects

1. Speed, centralization, and ability to involve third parties

4. Speed. In March 2018, [34] Margrethe Vestager, now executive vice president of the European Commission, set up a panel of three experts to study the future challenges of digitization for competition policy: Jacques Crémer, Yves-Alexandre de Montjoye and Heike Schweitzer. On 20 May 2019, the panel issued a report called Competition Policy for the digital era. [35] This report, which followed a December 2018 consultation and a 17 January 2019 conference on “Shaping competition policy in the era ofdigitisation,” [36] emphasized the key characteristics of the digital economy: extreme returns to scale, network externalities, and the role of data. Large incumbent digital players are very difficult to dislodge and the report found that a “[new] regulatory regime may be needed in the longer run” (p. 126). Specifically, “[w]ith digitisation, new needs for coordination between [competition law and other legal regimes] emerge, and adjustments and/or re-interpretation of contract law, consumer protection law, or unfair trading law will be part of the shaping of the legal order in reaction to a different economic reality” (ibid.).

5. In December 2020, following a broad consultation that ended in September 2020, the Commission adopted a first proposal draft DMA. [37] On 24 March 2022, the Parliament and the Council provisionally agreed on the final text of the DMA under the leadership of the French presidency for the Council [38] and Andreas Schwab for the Parliament. According to Margrethe Vestager, executive vice president of the European Commission, the DMA might enter into force as soon as October 2022 and the EU will begin enforcing it by spring 2023. Gatekeepers would need to comply with their obligations under the DMA within six months after designation, which likely means the first half of 2024.

6. Although certain Member States, such as Germany and its Section 19a [39] regulation, have already adopted new rules for gatekeepers, the European Union, which is composed of twenty-seven Member States, deserves praise for its speed and efficiency. If the current timing is confirmed, it will have taken less than six years from the start of the study to compliance with the new rules. Specifically, the DMA was agreed upon in record time by the Council and Parliament—only fifteen months after the Commission issued its first draft, reflecting the overwhelming political consensus in the EU. In addition, based on the May 2022 leak, the legislative deliberations did not appear to have watered down the draft of the Commission, and sometimes even reinforced the initial version, which was unexpected given the unprecedented lobbying [40] by the potential gatekeepers.

7. In comparison, while the UK government set up a Digital Competition Expert panel in September 2018 and received a comprehensive report [41] on 13 March 2019, it has not yet issued a draft law nor a fixed timeline for a vote. On the other side of the Atlantic, the antitrust subcommittee of the US House of Representatives issued a lengthy report [42] on antitrust issues in the digital economy on 6 October 2020. One bill, the S. 2992: American Innovation and Choice Online Act, [43] which has a House companion, is currently under consideration by the US Congress. S. 2992 only addresses a handful of the eighteen obligations contained in Articles 5 and 6 of the DMA.

8. Clarity. The obligations and prohibitions of Article 5 of the DMA are “self-executing.” The Commission will need to further specify the obligations of Article 6, depending on the specific characteristics of the gatekeeper platform under consideration, although the Commission did not make any commitments to publish guidelines.

9. Interim measures. The Commission will have the ability to order interim measures against a gatekeeper on the basis of a prima facie finding of infringement (Article 22). Interim measures currently exist in EU Competition Law but are limited to narrow cases, such as cases of urgency in Regulation (EC) No. 1/2003 due to the risk of serious and irreparable harm to competition or to avoid a situation that is intolerable for the public interest. A prima facie finding of an infringement of Articles 5 or 6 is obviously a lower burden.

10. Centralization. Contrary to the General Data Protection Regulation (EU) 2016/679 (GDPR), the Commission is in control of the implementation and enforcement of the DMA. Under Article 31(b)(7), while the national competition authorities are allowed to initiate an investigation regarding the possible breach of the DMA, and can collect relevant factual evidence, the Commission will have the sole power to impose relevant remedial measures and/or adopt an infringement decision. The decentralization of the GDPR has been an issue when it comes to enforcement because large players often have their EU headquarters in jurisdictions that may not have the resources or incentives to enforce GDPR and impose dissuasive fines.

11. Third-party involvement. Article 24(a)1 of the DMA provides that any third party may inform the Commission about illegal practices. While this right does not amount to a complaint under EU competition laws, it allows users to raise concerns without risking publicity or retaliation.

2. Expected effects: Certain obligations will level the playing field between content creators and platforms

12. In its 30 September 2018 submission [44] prior to the EU “Shaping competition policy in the era of digitisation” conference, News Corp had identified multiple measures needed in order for news publishers to compete, succeed and innovate in the digital space:

– Internet traffic should be allocated neutrally and transparently by digital platforms so that Internet users seeking news content are, consistent with their reasonable expectations, directed to the most relevant and reliable news content.

– Digital platforms should not be allowed to use their market power as traffic allocators to free-ride on news publishers’ content as it harms news publishers’ ability to monetize their content through subscription fees.

– News publishers should not be impeded by digital platforms in their ability to monetize their content through advertising.

– The ad tech’ industry needs to be competitive.

13. Multiple obligations and prohibitions of the DMA address these concerns; for example:

– Prohibition of anti-steering practices. Under Article 5(c), a gatekeeper shall “allow business users to promote offers to end users acquired via the core platform service (. . .) regardless of whether for that purpose they use the core platform services of the gatekeeper or not.” This is the so-called prohibition of anti-steering practices that prevents business users, such as developers and publishers, from directing their consumers to alternative offers. This should allow for Internet traffic to be allocated neutrally and for users to be served the cheaper and most efficient subscription offers.

– Prohibition of Most-Favored-Nation (MFN) clauses. Under Article 5(b), a gatekeeper shall “allow business users to offer the same products or services to end users through third[-]party online intermediation services at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.” This is essentially a prohibition of platform MFNs whereby the dominant platform prevents competition by making sure its users have access to the best prices/inventory. Businesses will be able to offer their products and services on other sales channels (including their own) at better conditions than those offered through a gatekeeper.

– Advertising transparency. Under Article 5(g), a gatekeeper shall “provide advertisers and publishers to which it supplies advertising services, upon their request, with information concerning the price paid by the advertiser and publisher, as well as the amount or remuneration paid to the publisher.” This transparency should foster competition between ad tech providers, which in turn would allow advertisers and publishers to collect a larger share of the economic surplus created by programmatic advertising. Moreover, the DMA requires gatekeepers to provide advertisers and publishers with access to the performance measuring tools and data, allowing them to run their own verifications to assess the performance of gatekeepers’ advertising services (Article 6(1)(g)).

II. Risks: Interpretation and overlapping jurisdictions

1. Interpretation

14. The one-size-fits-all temptation. The DMA is set to address the fact that lengthy and complex investigations against gatekeepers do not necessarily result in material change. Unfortunately, the DMA essentially relies on the interpretation of each provision. The same language will need to address business models as different as e-commerce, social networks, search, and hardware. Can the same language address various issues that affect users and business users very differently?

15. Take Article 5(b) on prohibition of MFNs as an example: “allow business users to offer the same products or services to end users through third[-]party online intermediation services at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.” This prohibition makes sense when applied by the dominant player to foreclose competition. But could it “backfire” and also prevent rivals from entering an adjacent market because they cannot differentiate their products? Could it further entrench the position of the dominant players?

16. Another example is Article 6(1)(a): “[R]efrain from using, in competition with business users, any data not publicly available, which is generated through activities by those business users.” “Using data” can take multiple forms. Restraining the use of data by a marketplace or an app store makes sense because the gatekeeper usually competes in verticals. However, the use of data in browsers or operating systems is necessary to improve the experience. Additionally, would the use of data create security issues?

17. These are two examples, but it is conceivable that broad obligations and prohibitions will not be sufficient to address sector-specific issues. Article 7(5) attempts to bring a “balance of harm” element into the DMA: “[T]he Commission shall ensure that the measures are effective in achieving the objectives of the relevant obligation and proportionate in the specific circumstances of the gatekeeper and the relevant service.” This approach could backfire: all gatekeepers will argue that any DMA intervention is not effective or proportionate. It might be years before lawyers and advocates know how to apply these tests.

18. GDPR precedent. Another risk resides in the interpretation of relatively broad provisions. The GDPR provides a good example of a well-intended regulation that did not achieve the intended benefits because of a couple of interpretations that, so far, went awry. Article 5 of the GDPR, [45] which went into effect on 25 May 2018, mandates that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes” (purpose limitation). Personal data collection must also be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed” (data minimization). These principles, however, can be circumvented if one obtains a legal basis, chief amongst them the noticing consent. Consent can only be collected by controllers, not processors. Article 4 [46] of the GDPR defines data controllers and data processors: “controller” means the person which, alone or jointly with others, determines the purposes and means of the processing of personal data; “processor” means a person that processes personal data on behalf of the controller. The whole dynamic therefore focuses on who is a controller and who is a processor. Prior to the enforcement of the GDPR, a major ad tech provider announced that publishers should obtain user broad consent on its pages under threat of losing access to its products. Specifically, this consent must cover all “data that it receives from publishers or collects on publisher pages in connection with advertising services provided to publishers.” [47] This essentially turned a processor into a (co-)controller with a wide ability to use data for other purposes.

19. This example is not directly applicable to the DMA but raises the following question: which DMA terms are subject to an opportunistic interpretation? In particular, how will the Commission, and eventually the courts, interpret the terms/expressions such as “interoperate”? (Article 5(e)), “prices or conditions that are different” (Article 5(b)), “information concerning the price (. . .) amount or remuneration” (Article 5(g)), “treating more favourably” (Article 6(d))?

20. Affirmative defenses. The draft DMA states that gatekeepers must ensure that they also comply with other EU laws, such as protection of personal data and privacy and consumer protection (Article 7(1)) Obligations and prohibitions in Articles 5(a), 6(h), and 6(i) all refer to the GDPR. These limitations of the DMA will be used by gatekeepers to justify harmful conducts. Will the GDPR be used by gatekeepers to prevent the portability of data, the sharing of data because of privacy concerns? What if gatekeepers continue to share data with their own services but not with third parties, claiming privacy justifications?

21. Caveat. The Commission has thought of the need to ensure a sound interpretation of key terms even though it has not committed to publish guidelines. Under Article 31(d), the Commission will establish a High-Level Group for the DMA that will provide advice and expertise with a view to ensuring a consistent regulatory approach. The High-Level Group includes the following bodies: (i) BEREC (the body of European telecoms regulators), (ii) European Data Protection Supervisor and European Data Protection Board, (iii) European Competition Network, (iv) Consumer Protection Cooperation Network, and (v) European Regulatory Group of Audiovisual Media Regulators.

2. Conflicts of laws and fora

22. Conflicts of laws. The draft DMA complements existing EU and national competition rules. It addresses unfair practices by gatekeepers that either fall outside the existing EU competition rules or that cannot be as effectively addressed by these rules. The proposal is aligned with other EU instruments, including the EU Charter of Fundamental Rights, the GDPR, and the EU’s consumer law precedents and rules.

23. The Commission has argued that the DMA is complementary to competition law: under recital 9 of the Commission’s proposal, the DMA “aims at complementing the enforcement of competition law,” hence it is “without prejudice to Articles 101 and 102 TFEU, to the corresponding national competition rules and to other national competition rules regarding unilateral behaviour that are based on an individualised assessment of market positions and behaviour, including its likely effects and the precise scope of the prohibited behaviour, and which provide for the possibility of undertakings to make efficiency and objective justification arguments for the behaviour in question.”

24. The conducts described under Articles 5 and 6 of the DMA appear broader than EU competition law restrictions but many could easily overlap—self-preferencing, refusal to deal, or tying to name a few. For a given conduct, when will the Commission decide to use the DMA vs. EU competition laws? Who will rule on the conflict of laws? This issue will likely be more acute when it comes to national Member States’ laws related to competition and consumer protection (or special rules such as Section 19a in Germany).

25. Non bis in idem (Article 50 of the Charter). [The European Court’s recent rulings in bpost and Nordzucker defined “idem” as “identity of offender and facts.” [48] How will the Commission ensure that the same behavior is not sanctioned twice or even more?

26. First, the Commission will need to examine whether the multiple proceedings satisfy the “idem” condition. In practice, this will not be easy, as the EU Court has consistently taken a rather narrow view of the identity of facts stressing that facts should be identical, not merely similar. In Nordzucker, the Court reiterated that the question of whether two antitrust proceedings concern the same facts needs to be examined by reference to the product market, the territory, and the time period during which the anticompetitive conduct is alleged to have taken place. Under the DMA, however, the Commission is not required to define a relevant market.

27. Assuming the “idem” condition is satisfied, the Commission will need to consider whether the duplication of proceedings could be justified on the basis of Article 52(1) of the Charter: “Subject to the principle of proportionality, limitations may be made only if they are necessary and genuinely meet objectives of general interest recognised by the Union.” This approach leaves the door open for duplication of proceedings under the DMA, EU/national competition and consumer protection laws against the same undertaking and for the same facts, provided that such a duplication serves complementary aims and respects the principle of proportionality. The only way to assess the principle of proportionality is ex post, which means that ample litigation should be expected. 


The DMA: Challenges for the regulator as well as the regulated


Sean-Paul Brankin [49]
Of Counsel, Bristows, Brussels


Pat Treacy
Senior Counsel, Bristows, London and Brussels

I. Introduction

1. On 25 March 2022, the European Commission (EC) and European Parliament reached provisional agreement on the text of the Digital Markets Act (DMA). [50] According to the agreed text, the DMA is a “targeted set of legal obligations (. . .) to ensure contestable and fair digital markets featuring the presence of gatekeepers.” [51] Large digital platforms providing certain categories of services may be designated as “gatekeepers” by the EC. Once designated, gatekeepers are subject to ex ante rules designed to “limit [their] market power.” [52] This structure has been described as “conceptually straightforward.” [53]

2. Any straightforwardness is, however, largely illusory. It may fairly be said that the DMA is extraordinary in its ambition and complexity. It has no close precedents in terms of scope or structure. As a result, accurate predictions—positive or negative—as to its precise operation and/or impact are difficult.

3. Some observations can nonetheless be made with a high degree of certainty. First, for reasons discussed further below, the EC will face very substantial challenges when enforcing the DMA. Many of these are inherent in the design of the legislation. Second, for similar reasons, gatekeepers will require timely and meaningful regulatory guidance from the EC in order to comply with the new rules. It is likely that they will struggle to obtain such guidance.

4. To explain why this is the case, it is useful first to outline both the structure of the DMA and the reasons for its adoption.

II. Why we have the DMA

5. The main reason is the perceived failure of existing law—and in particular competition law—to control the power of digital platforms. According to the European Parliament’s rapporteur on the DMA, Andreas Schwab, “it is clear that competition rules alone cannot address all the problems we are facing with tech giants and their ability to set the rules by engaging in unfair business practices. The Digital Markets Act will rule out these practices.” [54]

6. The Impact Assessment Support Study [55] (ISS) issued by the EC goes into further detail. It discusses ten case studies, involving seven key “issues” relating to gatekeeper platforms, and the status of competition law enforcement in relation to those case studies. [56] That information may be summarised as follows:

Table 1.

7. What immediately springs out is that none of the case studies has been finally legally assessed. Some of the issues have not even been subject to formal investigation at EU level. This is not because they cannot be dealt with under existing competition law rules: the ISS recognises that many could be and, in fact, are already subject to investigation under Article 102 of the Treaty on the Functioning of the European Union (TFEU). [57]

8. More pertinent is that pursuing cases under Article 102—in particular in respect of novel products and services characterised by high levels of investment and innovation—means addressing complex economic issues. Most if not all of the relevant behaviours are, at least potentially, pro-competitive. For example, at the outset of the Case Study section in Annex 4, the ISS summarises the prevailing economic consensus on tying and bundling as follows: “Overall, the economic literature suggests that the systematic regulation of tying is not always justified on efficiency and welfare grounds. Tying can often be justified on efficiency grounds and expands the range of products to users and the profit of the platform.” [58]

9. However, those potential justifications have not been fully examined in context of most of the Annex 4 case studies.

10. Despite this, EU legislators have exhausted their patience. The ISS identifies “several disadvantages” with continuing to pursue cases under Article 102. In summary, these are:

– proving dominance and abuse is hard;

– cases take years if not decades to proceed through to final appeal; and

– remedies are perceived to have been ineffective—at least in relation to Google. [59]

11. Long-term observers of developments in EU competition law will note the irony that this new approach is diametrically opposed to the shift towards effects-based enforcement that has driven the reform of Article 102 enforcement since the late 1990s/early 2000s. [60] That said, few would enthusiastically defend the pace of EU competition law enforcement in this area, [61] and the political and social context surrounding the activities of certain digital platforms perhaps explains why a quicker and potentially more effective route to controlling gatekeeper behaviour has been sought. [62]

III. How the DMA works

12. In outline, the structure of the DMA may be divided into three sections: the process by which gatekeepers are designated (1.); the obligations imposed on gatekeepers (2.); and enforcement powers (3.).

1. Designation

13. For the EC to designate a provider of digital services as a gatekeeper, that undertaking must provide one of the ten categories of “core platform services” (CPS) listed in Article 2(2) DMA. [63] That list includes:

– online intermediation services;

– search engines;

– social networks;

– messaging services (“number-independent interpersonal communication services”);

– operating systems; and

– cloud computing. [64]

14. The list is diverse. Moreover, some of the individual definitions are broad—covering a range of business models. For example, “online intermediation services” covers both online marketplaces for physical goods or services (Amazon or Booking.com) and app stores (Apple). [65]

15. An undertaking that provides any of the ten CPS may be designated a “gatekeeper” if it either satisfies certain size thresholds set out in Article 3(2) DMA or, following a market investigation, is otherwise deemed to act as an important gateway between business and end users with an entrenched, durable position and a significant impact on the internal market. [66] To meet the Article 3(2) criteria, an undertaking must have:

– an EU turnover of at least EUR 7.5 billion or a market capitalisation of at least EUR 75 billion; and

– at least 45 million active monthly end users and 10,000 active annual business users.

2. Obligations

16. The DMA imposes two categories of obligation on designated gatekeepers: (i) nine obligations set out in Article 5 that are considered not to require further specification; and (ii) a further thirteen “specifiable” obligations set out in Article 6. [67]

17. The nine obligations under Article 5 include:

– “ring-fencing” of platform data (no cross-use of personal data from the platform and no use of external sources of such data on the platform);

– allowing business users freedom in relation to promotions, marketing and the use of third-party sales channels; and

– allowing end users to use third-party services to access the gatekeeper’s platform. [68]

18. The thirteen specifiable obligations under Article 6 include:

– no “self-preferencing” in relation to the use of business user data;

– use of transparent, fair, and non-discriminatory ranking criteria; and

– enabling the uninstalling of non-essential software applications. [69]

19. The EC may “specify”—either at its own initiative or at the request of a gatekeeper—the measures to be taken by a gatekeeper to implement obligations under Article 6. [70] However, both Article 5 and Article 6 obligations are immediately binding on gatekeepers following designation. [71]

20. Moreover, the initial obligation to interpret and understand both Articles 5 and 6 obligations falls on gatekeepers rather than the EC. Article 8(1) provides that gatekeepers shall “ensure and be able to demonstrate compliance” with all Articles 5 and 6 obligations. Further, Article 11(1) requires gatekeepers to submit a report setting out the measures it has implemented to ensure compliance within six months of their designation. [72] Such measures must be “effective in achieving the objectives of [the DMA].” [73]

21. The requirement to implement compliance measures is, again, not conditional on the EC having specified the Article 6 obligations. Indeed, in order to obtain guidance on its Article 6 obligations through specification the gatekeeper must “provide a reasoned submission to explain the measures that it intends to implement or has implemented.” [74] In contrast, there is:

– no obligation on the EC to specify the measures to be taken in relation to Article 6; and

– no mechanism of any kind for the EC to offer guidance as to the compliance measures to be taken in relation to Article 5. [75]

3. Enforcement powers

22. The EC’s powers to investigate potential infringements of the DMA are modelled on its existing investigatory powers in relation to EU competition law. [76] Accordingly, the EC may issue requests for information (RFIs), carry out on-site inspections (so-called dawn raids), and conduct market investigations. [77]

23. In addition, gatekeepers have certain reporting obligations, including providing the EC with:

– a report setting out the measures they have implemented to ensure compliance with their obligations under the DMA within six months of their designation;

– an independently audited description of any consumer profiling techniques applied in relation to their CPS within six months of their designation; and

– advance notice of any acquisitions (or other concentrations) they intend to enter into in relation to services in the digital sector. [78]

24. The DMA’s remedies provisions are similarly modelled on EU competition law. The EC’s key powers are to order gatekeepers to cease and desist from any infringement, and to impose fines of up to 10% of worldwide turnover (or 20% in case of recidivism). [79] In cases of systematic non-compliance, the EC may, in addition, impose structural remedies, or prohibit a gatekeeper from engaging in concentrations in the digital sector during a limited time period. [80]

IV. Challenges

25. As is clear from the above, the DMA has been adopted to resolve what are, to a large extent, competition policy concerns that are believed (but not generally finally determined) to exist. [81] It has mixed policy objectives that cover fair competition, protection of consumers from unfair practices, and the creation of contestable markets. [82] Inevitably, this complex matrix will create challenges for enforcement and compliance. Some of these are explored below.

1. Broad and uncertain obligations

26. The non-specifiable obligations included in Article 5 are supposed to be defined “sufficiently clearly that [they can] be applied without further interpretation.” [83] The first such obligation, in Article 5(2), provides that gatekeepers “shall not: (a) process, for the purpose of providing online advertising services, personal data of end users using services of third-parties that make use of core platform services of the gatekeeper; (. . . ) (c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice-versa; and (d) sign in end users to other services of the gatekeeper in order to combine personal data (. . . ).” [84]

27. This is not the full provision. However, even at a glance, the complexity of this section is enough to suggest that significant further interpretation will be required. Obvious questions include: (i) may data that has initially been processed for other purposes subsequently be used for the provision of advertising services; and (ii) does cross-use of personal data cover all forms of use—direct or indirect—in non-CPS services.

28. For Article 6 obligations, the potential need for further interpretation—or at least specification—is express and the issues raised are perhaps even more complex. For example, Article 6(5) requires that gatekeepers “shall not treat more favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services or products of a third party [and] shall apply transparent, fair and non-discriminatory conditions to such ranking and related indexing and crawling.

29. It must be questionable whether it is even possible to comply meaningfully with such obligations. For example, if ranking criteria are the result of machine learning, no one may understand—or therefore be able to explain—the precise mechanisms being applied. Providing transparency may therefore be effectively impossible.

30. As set out above, the initial obligation to understand and implement these obligations falls on gatekeepers themselves. The EC may—but not must—specify the measures to take in relation to Article 6 obligations, while gatekeepers must submit reasoned proposals for compliance measures in order to obtain guidance. [85] In relation to Article 5 obligations, there is no formal mechanism by which gatekeepers may even seek guidance. Nor is “compliance by design” (enthusiastically promoted by some within the EC) a solution here. [86] Compliance cannot be designed in without clarity as to the obligations to be respected.

31. In practice, it seems inevitable that the EC will need to engage in an iterative process of ongoing dialogue with gatekeepers. That will be challenging for both parties, not least the EC, which will inevitably start from a low base in terms of technical understanding (given the number of CPS and the variety of gatekeepers likely to fall within its remit) in circumstances where it is likely to have to store and process vast quantities of data, which will doubtless continue to grow while a practice is being considered. [87]

32. The technical debate will be complicated by a legal one. As demonstrated by the language of Article 6(5) quoted above—with its partial adoption of the FRAND (fair, reasonable and non-discriminatory) concept—the DMA obligations are likely to be difficult to divorce from cases and concepts under Article 102. It seems inevitable that gatekeepers, their advisors, the EC, and ultimately the EU courts, will rely on that case law in seeking to interpret the scope and content of those obligations. The history of Article 102 enforcement suggests that this is unlikely to offer simple solutions and will, in fact, complicate the position.

2. Multiple objectives

33. Gatekeepers are obliged to ensure that the compliance measures they implement are “effective in achieving the objectives of [the DMA]”. [88] It is clear from both the recitals to the DMA and the ISS that these objectives are not limited to the standard economic policy objective of increasing efficiency and consumer welfare through effective competition. [89] Repeated reference is made to public policy concerns such as fairness, avoidance of unfair or deceptive commercial practices, privacy, and data protection, as well as the more traditional competition policy objective of contestability. [90]

34. Unfortunately for gatekeepers—and everyone else seeking to interpret the DMA—these objectives are not necessarily fully aligned. They may indeed conflict.

35. Take for example Google’s Privacy Sandbox initiative, which is currently being investigated by the EC, [91] and is subject to commitments to the CMA. [92] Google describes it as an “effort to develop new technology that will improve people’s privacy across the Web and apps on Android. The proposed solutions will limit tracking of individuals and provide safer alternatives to existing technology on these platforms while keeping them open and accessible to everyone.” [93]

While this may enhance privacy and data protection by restricting third parties’ access to data about user identity and behaviour, it may also increase entry barriers, reducing market contestability, and/or cause advertising spending to become even more concentrated on Google’s ecosystem at the expense of competitors. [94]

36. Under the DMA framework, gatekeepers are required to take the initiative in relation to the complex judgments involved in when balancing such conflicting objectives. There are, however, no simple or obvious answers. The responsibility for resolving matters will ultimately fall on the EC and the EU courts. It will not be possible or practical to do so exclusively through litigation (although that will be necessary in some cases). Gatekeepers and the EC will inevitably need to find mechanisms for resolving these issues through dialogue, outside the formal framework of the DMA.

3. Diversity of regulated activities

37. As is clear from the CPS definition discussed above, the DMA is intended to cover a very wide range of digital services—from search, through app stores and operating systems, to cloud computing. As a consequence, the EC will be expected to regulate an extraordinarily broad range of businesses under the DMA. The EC’s Impact Assessment (IA) assumes that fifteen to twenty gatekeepers will be designated. [95] Apple, Booking.com, Amazon, Uber, Google, Facebook, Airbnb, eBay and Microsoft, among others, have been mentioned as potential candidates. [96] The Parliament has added WhatsApp, Facebook Messenger, and iMessage to the list, through the inclusion of number-independent interpersonal communication services within the DMA’s scope. [97]

38. Whatever the precise number, the EC’s regulatory responsibilities in terms of the number of entities supervised will far exceed those of the standard economic regulator. The responsibilities of most sectoral regulators are focussed on one, or perhaps a small number of, former government-owned monopolists in one or more related industries.

39. For regulators such as Ofgem or Ofcom in the UK—respectively responsible for various entities in the (i) energy and (ii) telecommunications and broadcast media sectors—there is a reasonably close link between the activities of the regulated entities in the sector for which they are responsible. In contrast, under the DMA, the EC must regulate industries with technologies and business models as diverse as Google’s advertiser-funded search services, Apple’s commission-funded App Store, Microsoft’s licence fee-funded operating system, and Amazon with Its combination of funding from online sales, services provided to third-party sellers, cloud services, advertising services, subscriptions, and physical stores. [98] This diversity is expressly recognised in the ISS. [99] The combination of the large number and diverse nature of regulated entities and activities renders the regulatory task facing the EC unprecedented in scope and scale. Among others, it will be extremely difficult for the EC to develop the level of technical, industry-specific knowledge and understanding on which most economic regulators rely to carry out their tasks effectively.

4. Limited resources

40. Experience suggests that effective ex ante regulation is an expensive and staff-intensive activity. The UK, by way of example, has various sector-focussed regulators and a relatively long history of economic regulation of (actual or quasi) monopolists moving towards more contestable markets. The budget and staffing figures for Ofgem, Ofcom and Ofwat are set out in the table below. Each of these is a regulator charged with the supervision of only one or two closely related sectors, and in a single jurisdiction.

Table 2.

41. According to the ISS, the EC’s projected costs and staffing for the DMA are EUR 8.2 million and less than 50 full-time equivalents (FTEs). [100] Other sources suggest costs of between EUR 10 and 17 million and up to 80 FTEs. [101] In other words, the EC is likely to find itself regulating the Union-wide activities of up to twenty global digital platforms with at most a third of the staff and half of the budget of one of the smallest UK industry regulators (Ofwat), and less than a tenth of the staff and around a tenth of the budget of the larger UK regulators (Ofgem and Ofcom).

5. Enforcement powers

42. In a traditional ex ante regulatory context, regulated entities—particularly those considered to have market power—are subject to extensive reporting obligations. Until 2021, BT, the former UK telecommunications incumbent regulated by Ofcom, was subject to nine detailed regulatory financial reporting requirements in relation to wholesale fixed telecoms markets. [102]

43. Compared to this, the reporting obligations imposed on gatekeepers under the DMA are minimal. They must submit two one-off reports within six months of designation, but thereafter need only submit information relating to planned mergers and acquisitions. If the EC is compelled to obtain the information it requires to monitor compliance with the DMA through RFIs and dawn raids, the process will be slow, and painful for all concerned.

V. Conclusions

44. Once the DMA enters into force, both the regulator and the regulated will face substantial challenges. In its regulatory role, the EC will have to grapple with responsibilities of extraordinary scope, legal provisions of doubtful clarity, and this in the context of uncertain goals and constrained resources. Gatekeepers will, for their part, face many of the same difficulties. Indeed, the task assigned to gatekeepers is arguably more challenging, since the DMA places on them the initial burden of interpreting and implementing its requirements.

45. Without timely and meaningful regulatory guidance from the EC, gatekeepers will struggle to comply with the new rules. If gridlock is to be avoided, the EC and gatekeepers will need to develop mechanisms outside the formal framework of the DMA for meeting these challenges through dialogue. The EC has a good record of developing alternative approaches where black letter procedures prove ineffective, although these approaches are not always fast-moving. [103] We can, therefore, expect solutions to emerge, but the process may not be rapid.


The Commission in the implementation of the DMA: Besieged citadel or conductor?


Jean Cattan
General Secretary, French National Digital Council (CNNum), Paris

Joëlle Toledano
Emeritus Professor of Economy, member of the French National Digital Council (CNNum) eco pay pop nourrit sec

La présente contribution n’engage que ses auteurs et non les institutions auxquelles ils appartiennent.

1. The regulation of platforms is now part of a new landscape. On the one hand, the Digital Markets Act (DMA) intends to remedy both the economic incontestability of services at the heart of the platform economy and the inequity of value sharing. On the other hand, the Digital Services Act (DSA) aims to regulate the moderation they operate of illegal content. Now that the political agreement is tied to these two texts, the question that arises for the years to come is that of their implementation.

2. A centralizing tendency is pushing the Commission to place itself at the heart of the control of the obligations carried by the text, without even giving itself the internal means to ensure it. How can the implementation of the DMA go beyond that? The Commission itself, the internal market and above all the general interest have everything to gain from collective mobilization around the text. How then to proceed, especially given the laudable progress of the text in this direction?

I. The DMA has set a new approach to tackle well-known issues

3. The DMA targets platforms that have acquired a hegemonic position of “gatekeeper” first thanks to the very fine innovations they have offered us, then thanks to the confinement of their users in ecosystems, the massive collection of data, and the prevalence accorded to their products and services among other forms of discrimination. For a time, the Commission tried to correct this situation by resorting exclusively to competition law.

4. Then, the von der Leyen Commission admitted that it was necessary to develop a new approach to remedy the lack of contestability of services such as online research, intermediation services, video sharing, operating systems, and many others. The DMA’s legislative proposal published in December 2020 set out, without much flexibility, obligations, and prohibitions that gatekeepers should respect. This list, designed firstly to resolve as soon as possible practices known for more than a decade, grew throughout the discussion in a timely manner.

5. Therefore, as soon as the DMA comes into force, we can hope to see positive behavior appear among the platforms. We will note in this regard the prohibition of parity clauses, the limitation of data cross-referencing between services, the opening of operating systems, the possibility of uninstalling pre-installed applications or even installing applications that do not come from the store the operating system is affiliated to. Equally noteworthy, the recommendation mechanisms will be subject to the principles of non-discrimination, transparency, and fairness. The list of contributions of the text is long.

II. The Commission should now act as a team leader, beyond its own walls

6. But, precisely, the obligations are so numerous and so subtle to put in place that one can wonder, given the number and the striking power of the gatekeepers, how the Commission will manage to ensure their proper application.

7. The initial proposal of the DMA made the Commission the sole interlocutor for the platforms. This was one of the major problems we encountered in the initial text. [104] It was partly corrected but probably not as much as we would have liked. Additional financial resources or even the 150 full-time people expected on these subjects will probably be necessary. But this might not be enough for the Commission to deal with and assess all the behavior that will be denounced by companies or users and ensure the best implementation of the text. The answer to a good implementation will not lie solely in the size of the workforce.

8. The proper implementation of the text also requires (i) identifying, grouping, prioritizing the problems encountered by the actors in the field; (ii) initiating a constructive dialogue with the platforms; (iii) having the most relevant data and above all the ability to understand them, to put hands in the grease, to draw intelligible conclusions and therefore to know how to look for the necessary information. It is also a question of being creative in identifying the remedies to be applied, reasonable also in knowing what is acceptable and legal and identifying the breaking points.

9. However, to reduce the risk of error, enrich the capacity for analysis and find the right remedies, there is usually nothing better than acting collectively, comparing points of view, freeing up speech, making stakeholders feel that they have the possibility of contributing to the resolution of problems to then orchestrate this speech and formulate it in a clear, proportionate, and effective manner. It is also a way for non-elected institutions to assert their legitimacy: through their expertise, of course, but also through their openness.

III. A necessary collective mobilization

10. The stakes are high. If the Commission is not reactive enough, companies and users will defer to national courts, which will also have jurisdiction over the implementation of the DMA. This shift to national courts would lead to a risk of fragmentation of the internal market, as we are beginning to observe for the General Data Protection Regulation (GDPR). Apart from the Commission’s ability to submit observations in the context of proceedings before national courts and preliminary ruling procedures, coordination between courts will be almost impossible. What is more, will these jurisdictions be provided with sufficient staff, and will they be provided with the necessary means of analysis and skills? Hence the risk of discrepancies between jurisdictions.

11. The Commission therefore has every interest in building cooperation levers and positioning itself as a conductor capitalizing on external resources rather than as a besieged citadel contested by all types of actors. To ensure greater cooperation at European level and capitalize on the sum of the expertise present, the DMA has moved in the right direction during the negotiations. But the text does not oblige the Commission to proceed in this way on key aspects of the implementation of the text.

12. It is therefore up to the Commission to act beyond the text and to position itself as the facilitator of a network of authorities going well beyond the competition authorities alone. To do this, the Commission will be able to build on the opportunities and spaces left open by the DMA. It could also be inspired by the spirit that emerges more or less from the evolution of the DSA, where it is now a question, through the methods of cooperation between the Member States and the Commission, of building a “common supervisory Union capacity.” This is the goal to seek. To do this, the Commission must place itself as the facilitator of a vast open network. This is how it will be able to establish a balance of power favorable to the general interest and achieve optimal implementation of the text.

IV. “You never get a second chance to make a good first impression

13. To ensure proper implementation of the regulation, the Commission will have the greatest interest in starting its investigation and inspection work as soon as possible. To respond to the behavior of platforms, you must be able to “open their hood,” conduct numerous interviews, question inside and outside companies. All this to ensure that the most relevant measures are implemented.

14. In the six months following the designation of gatekeepers, they must list the measures put in place to comply with the obligations contained in the regulation. A non-confidential report of these measures should be published online. It could be a first basis for collective evaluation of the measures put in place. Thus, the published report will have every interest in being as detailed as possible to allow a collective assessment of the subject. And the Commission will have to be demanding on this point.

15. This is probably when the balance of power with the platforms will be forged. At this time, the Commission has every interest in being enriched with the ideas and expertise of all the interested parties when the gatekeepers will be held accountable for their actions. It is often said that a relationship is forged at first sight. The platforms and the Commission are no longer at this stage and already know each other very well, but a new relationship is being played out here and opening it with a Commission on its heels would be a bad thing.

16. Reacting will not be enough. This would leave too great an advantage to particularly powerful and richly endowed economic actors. According to the final version of the DMA, the Commission now has the obligation to monitor by all necessary means compliance with the obligations contained in the regulation. Let’s build on this evolution to bring together all the tools and knowledge useful for achieving the objectives of the text. In this sense, having relays outside the Commission to generate a collective understanding of the issues could be one of the most appropriate means for the Commission to meet this obligation and put into practice the political vision that emerged from the negotiations.

V. How to create a collective dynamic and a common vision?

17. The text requires competition authorities and the European Commission to be open to information transmitted by third parties, users, etc. One could imagine that they are not only open to the feedback of information but strive to have the most relevant information.

18. To establish a balance of power favorable to the greatest number, we could imagine that a single point of contact for reporting and sharing knowledge would be set up at European level in the manner of the many existing reporting mechanisms in the Member States. To feed this system, which must be simple and accessible to all, the competent authorities of the Member States [105] could be mobilized to relay, in the European entrepreneurial fabric and in the world of research, the existence of such a point of contact. The Commission will thus have the most exhaustive material possible to ensure that all the issues will be properly dealt with by the platforms, but also to solicit the most relevant information from them.

19. Moreover, the initial DMA proposal contained the following provision: “[A] gatekeeper shall (. . .) refrain from preventing or restricting business users from raising issues with any relevant public authority relating to any practice of gatekeepers. [106] The mere fact that writing it down was necessary lets us imagine the degree of pressure that can be exerted by companies as powerful as the gatekeepers. In this regard, a possibly anonymous reporting mechanism for whistleblowers is more than a convenience.

20. Besides, traditional consultations on the Commission’s website will not suffice for this. It is important to mobilize both businesses and researchers on an ongoing basis. Especially since not all companies dealing with large platforms are even aware of the DMA. To obtain the most relevant feedback, it will be necessary to rely on a daily dialogue with the interested parties, led and relayed by the competent authorities of the Member States, which must feel responsible for this.

21. The DMA also offers the Commission the possibility of investigating, requesting information on the functioning of the algorithms, and conducting interviews with companies or associations of companies. These powers will be decisive. Nothing prevents the Commission from carrying out this work with the world of research or with the civil society. On the contrary, this would be a good way to build a common spirit in the implementation of the text at the European Union level, or even to give birth through practice to a European research union.

22. The text specifies that it may, for this purpose, have recourse to personalities from outside or from the competent authorities of the Member States, all covered by professional secrecy. It will be decisive for the Commission to surround itself and ensure the proper treatment of the information received within the framework of its work.

23. Ultimately, it is a colossal work of data analysis and data collection that needs to be undertaken, and it is probably on this mission that the staff of the Commission must above all focus: collecting facts and analyses from abroad, qualifying them, validating them and opposing them to the platforms with regard to the obligations listed in the DMA and implementation reports delivered by the gatekeepers.

24. To carry out this mission, the Commission will have every interest in relying on the high-level group set up at European level by the DMA. Even though the Commission is under no obligation to consider the analyzes of the high-level group, its role has been considerably developed over the course of the negotiations. And we can only hope that it capitalizes on its expertise to separate the wheat from the chaff on both sides.

25. A particularly noteworthy development of the DMA consists in fact in the enrichment of the high-level group responsible for supporting the Commission in the implementation of the text. This is made up of all the European bodies in terms of consumer affairs, audiovisual, telecoms, personal data, and competition. The Commission will provide the secretariat. It will be required to convene the group when most of its members request that a particular issue be discussed. In particular, it may propose changes to the rules themselves to meet the objectives of contestability and fairness of the text.

26. Being able to benefit from all the networks of European regulators is an asset that should be exploited, more than once a year and on an ongoing basis, by giving it access to the notifications and analyses brought to the attention of European institutions through the single point of contact proposed here above. Acting as a network will make it possible to enrich the analyses, to multiply the means and to reduce the errors of appreciation.

VI. Collective intelligence, a long-term asset

27. What is at stake in the long run, but which must indeed begin now, is even more important. Depending on the degree of satisfaction with the measures put in place under Article 6 (i.e., the article containing the largest number of obligations and probably the most difficult to implement), the Commission will have the possibility of adopting implementing acts in order to specify the obligations it contains, which will come soon enough.

28. If the Commission decides to open such a procedure, within three months of its opening, it must adopt, share, and publish its preliminary conclusions. After six months, it must have adopted its decision. In cases of circumvention, these implementing measures may cover all the obligations imposed by the DMA and not only those of Article 6, but also those of Articles 5 and 7. The Commission has therefore the possibility of examining and reviewing them all.

29. We regret that the scope of this procedure is limited. But it is responsive enough and should help address the most important issues. The whole thing is to ensure that in three months, the Commission will be able to draft the most relevant implementing acts. Hence the importance of being ready well in advance and of playing as a team. This reasoning extends to the numerous and varied market investigation procedures contained in the DMA. Whether they serve to designate gatekeepers or target systematic breaches or new services, market investigation procedures give the Commission the possibility of seeking the assistance of the competent national authorities. This must be a means of mobilizing the expertise that resides in all the Member States to get to the bottom of the problems, on the basis, it is hoped, of a well-established relationship with all the authorities.

30. The Commission will have even more interest in considering the States as allies since it will be required to examine the requests for market surveys formulated, depending on the case, by one or at least three Member States. The Commission will be free to act on it, provided it justifies its choices. But it has no interest in finding itself in a situation where it has to say no to the States. The best way to avoid this situation is to nurture a transparent and instituted dialogue between Member States, the high-level group, and the Commission itself. Even if the latter remains the sole decision-maker, it will have every interest in creating the conditions for a useful alliance and in establishing a relationship of trust and a logic of cooperation.

31. Ultimately, these shared experience and common capacity will be essential to consider, with the Parliament and the Council, as the DMA so requires, the evolution of its obligations and governance.

A compass on the journey to successful Digital Markets Act implementation


Pierre Larouche
Professor of Law and Innovation, University of Montréal

Alexandre de Streel
Professor of EU Law, Namur University

ABSTRACT

Authorities and stakeholders will soon be embarking on the long journey to DMA implementation and application. We provide a compass for this journey, based on DMA objectives, obligations and fundamental principles. DMA objectives point to contestability as the leading objective, whereby competition is to be enhanced through user choice and innovation. Similarly, when clustered, the list of obligations and prohibitions found in the DMA boil down to four categories, all of which relate to contestability. Finally, the proportionality principle allows economic arguments to be channelled around contestability. In order to avoid that the DMA becomes fossilized or leads to gatekeeper entrenchment, our compass requires firms to take an active part in DMA implementation and application, giving rise to a co-managed competition framework.

I. Introduction

1. In July 2022, EU lawmakers adopted the Digital Markets Act (DMA) which, will introduce a new regulatory regime for the biggest online platforms active in Europe, with a view to achieving “contestable and fair markets in the digital sector,” as its long title indicates. [107] This important new EU regulation should be published in the Official Journal in October 2022. It will gradually become applicable in three phases of around six months each. In the first phase, the European Commission will adopt a procedural regulation. [108] In the summer of 2023, undertakings potentially falling under the definition of gatekeeper will notify the Commission, and then the Commission will designate ten to fifteen digital gatekeepers that will be subject to the list of prohibitions and obligations contained in the DMA. [109] Finally, at the beginning of 2024, the designated gatekeepers will have to comply with this list and submit compliance reports to the Commission. [110]

2. As the new EU large platforms regulatory authority, the European Commission will have a full agenda. In the short term, the Commission will designate the gatekeepers, specify some of the Article 6 obligations and review the gatekeepers’ compliance reports. [111] In the process, no doubt the Commission will also want to use its power to issue guidelines. [112] As time goes by, the Commission is likely to be concerned with non-compliance with obligations with the possibility of fines [113]—perhaps involving interim measures [114]—or going over to systematic non-compliance with the possibility of commitments. [115] All of those decisions could be appealed to the European courts. [116] Outside the immediate purview of the Commission, business users could rely on the directly applicable DMA in order to request injunctions or damages against gatekeepers before national courts for non-compliance with their obligations under the DMA. [117] Moreover, the DMA also provides for representative actions. [118] These actions could mean that national courts may frequently apply the DMA as well.

3. In the course of all these proceedings, numerous interpretation, implementation and application issues will be raised, to be decided in the first instance by the Commission or national courts, and ultimately by the Court of Justice of the EU. More fundamentally, the DMA is establishing a new field within EU economic regulation, and the first interpretation and enforcement actions by the Commission will determine the direction for the future of EU digital economy regulation. However, those issues will be particularly difficult to decide because the DMA regulates technologies and business models that are diverse, fast-evolving, complex and not always fully understood. Moreover, in view of the immense stakes for the platform economy and of the almost boundless legal and related professional resources at the disposal of private stakeholders, [119] the DMA will likely spawn a very lively cottage industry of engagement with public authorities, compliance and, of course, legal challenges. [120] This short paper aims to contribute to the emerging discussion on how to ensure a successful journey for the DMA as it enters the interpretation and implementation stage. This journey should not lead the DMA to hit a dead end, or to lose its way in a cacophonic bazaar. In order to avoid these outcomes, an interpretation and implementation “compass” is needed.

II. A compass to enforce the DMA

4. Calibrating that compass will not be straightforward, given the structure of the DMA. From the higher-level statement of objectives, on the one hand, down to the three key elements of “core platform services” (CPS), “gatekeepers” and the list of obligations, on the other, the conceptual chain seems not as strong as it could be. The DMA misses a general definition of core platform services [121] and a general clause tying together the list of twenty-two obligations [122] that would link these elements with the objectives. Nevertheless, the compass can be calibrated through deduction from its objectives, some clustering of the obligations and with the help of general principles of EU law that are picked up in the DMA.

5. The first tool to calibrate the DMA compass comes from its objectives. The final version of the DMA contains new recitals detailing the meaning of the two overarching aims of “contestability” and “fairness.” [123] Both objectives should be understood with reference to competition. [124] That is immediately apparent from the definition of “contestability” as “the ability of undertakings to effectively overcome barriers to entry and expansion and challenge the gatekeeper on the merits of their products and services. [125] Contestability extends to inter-platform competition and, if necessary, to intra-platform competition. [126]

6. As for fairness, it is defined as “an imbalance between the rights and obligations of business users where the gatekeeper obtains a disproportionate advantage” and the users cannot “adequately capture the benefits resulting from their innovative or other efforts.” [127] At first read fairness would be a matter of balance in the user-gatekeeper relationship. Yet there must be some limiting feature, since otherwise the DMA would potentially cover countless redistribution issues between business users and gatekeepers, even absent any real impact on competition or more broadly on welfare. [128] Rather, as the above excerpt indicates, fairness becomes an issue where the imbalance between gatekeeper and business user deprives the latter of adequate reward for its efforts. In technical terms, the gatekeeper uses its market power to confiscate producer surplus that would otherwise flow to the business users as a return on their efforts. Under these circumstances, as the DMA signals, the incentives of business users are adversely affected, especially as regards innovation, with a ripple effect on competition and innovation in the digital economy. [129]

7. Both objectives are linked [130] and ultimately aim to promote user choice as well as the degree and the diversity of innovation in the digital economy. [131] We have shown elsewhere how the DMA obligations promote, on the one hand, sustaining innovation by users offering complementing services on the regulated platforms and, on the other hand, disruptive innovation by entrants offering alternative services to the regulated platforms. [132]

8. The second tool to calibrate the DMA compass relates to the obligations. The DMA contains a list of twenty-two prohibitions and obligations included in three separate provisions. Article 5 enumerates nine items, mostly prohibitions, which are supposed to be self-explanatory and self-executing. Article 6 lists twelve items, mostly obligations, which may require additional specification by the Commission. Finally, Article 7 adds a horizontal interoperability obligation among communications apps, which requires a phased implementation given its complexity. Even if the DMA itself does not cluster these prohibitions and obligations, [133] we suggest regrouping them around four categories which are linked to the objectives.

– Preventing anti-competitive leverage from one service to another. This category includes the prohibition on tying one regulated core platform service with another regulated CPS or with identity or payment services, [134] as well as the prohibition of specific discriminatory or self-preferencing practices. [135]

– Facilitating business and end users switching and multi-homing, thereby reducing entry barriers arising from demand. This category includes the prohibition of most-favoured-nation (MFN) clauses, anti-steering and anti-disintermediating clauses or disproportionate conditions to terminate service. [136] It also includes the obligation to ensure that it is easy to install apps or change defaults as well as to port data outside core platform services. [137]

– Opening platforms and data, thereby reducing supply-side entry barriers and facilitating the entry of complementors, competitors and disruptors. This category includes horizontal and vertical interoperability obligations, [138] fair, reasonable and non-discriminatory (FRAND) access to app stores, search engine and social networks, [139] data access for business users and data sharing among search engines on FRAND terms. [140] – Increasing transparency in the opaque and concentrated online advertisement value chain. This more specific category includes transparency obligations on price and performance indicators to the benefit of advertisers and publishers. [141]

9. The first category includes mostly prohibitions that are inspired by competition cases [142] and are hence drafted in a relatively detailed manner. The second and—especially—the third categories include mostly obligations couched in more general terms and sometimes going beyond what could be imposed by way of competition law remedies. Each of these categories points to different aspects of contestability and fairness, as defined above. When the obligations are read together with the corresponding recitals, it becomes apparent that almost all of them relate to contestability, and many of them to fairness as well. The justifications set out in the recitals often blend contestability and fairness, underlining that they are indeed linked and that contestability seems to be the leading objective.

10. The third tool to calibrate the DMA compass emanates from the regulatory principles, in particular proportionality. [143] The principle of proportionality includes both effectiveness and necessity. [144] In our opinion, proportionality is likely to play a central role in the debates and discussions concerning the interpretation and implementation of the DMA, since it provides a template to analyse and eventually challenge a measure taken under the DMA. In order to understand how that role could unfold, a comparison can be made with the efficiency defence that is now available across all of competition law.

11. Some commentators deplored the absence of any efficiency defence under the DMA. [145] It might be more accurate to say that, in accordance with the avowedly regulatory nature of the DMA, the efficiency defence as it is raised in individual competition law proceedings [146] has been replaced with a discussion of proportionality in relation to the measures taken under the DMA. [147] Whereas the efficiency defence allows the defending firm to challenge the very core of the competition law analysis (is there any reduction of consumer welfare?), a proportionality analysis is more focused. Indeed, under proportionality it is usually assumed that the intervention at issue pursues a legitimate goal, and the only issues are whether that intervention can actually achieve that goal (effectiveness) and whether there is no less restrictive measure to achieve that goal (necessity).

12. In the context of the DMA, the proportionality principle would imply that contestability and fairness are accepted as valid core goals, and that the only issues are whether the Commission measure effectively leads to contestability and fairness and whether it is necessary, in the sense that the same result might be achieved through market forces alone or through a less intrusive measure. In other words, any type of “efficiency defence” argument is beside the point, unless it goes to show that the conduct or the defendant firm already achieves—in whole or in part—the contestability and fairness objectives as defined in the DMA. The proportionality principle therefore allows linking the DMA objectives directly to its interpretation and implementation. Seen from that perspective, the proportionality principle channels the economic analysis that underpins an efficiency defence into a narrower framework. It also compels the defendant firm to work within the specific set of core goals of the DMA. In that sense, perhaps the proportionality principle can contribute to addressing the main concern that led the EU to enact the DMA—namely, that competition law enforcement was too time- and resource-intensive because of the extended use of economic analysis at every stage.

13. To sum it up, the DMA interpretation and implementation compass can be calibrated with a combination of (i) the objectives of contestability (understood as lowering entry barriers) and fairness (understood as a balanced relationship where the innovation incentives of users are not defeated through confiscation of their reward); (ii) clustered obligations around the prevention of anti-competitive leverage, the facilitation of users switching and the opening of platforms (hence lowering entry barriers on the demand and supply side); and (iii) the proportionality test as a template to ensure that debates take place in the light of DMA objectives. That compass can be used to indicate success, e.g. in the level and the diversity of innovation as well as user choice in the European digital markets.

III. The direction of EU Big Tech regulation

14. In turn, this DMA compass should set the direction for the future of EU digital markets regulation. By including competition in the analysis at all stages (objectives, obligations and proportionality test), the DMA would complement competition law in order to make digital markets work better and stimulate inter and intra-platform competition. The DMA then comes closer to the “managed competition” model that underpins other bodies of EU economic regulation, such as electronic communications law. [148] Managed competition implies that competition plays a central role at all times, but that the regulatory framework helps to channel or structure it.

15. While “managing competition” seems to us the best future for the DMA, two other future scenarios are possible but seem less desirable: fossilization and gatekeeper entrenchment. In the fossilization scenario, the detailed rules of the DMA will be at best quickly outdated and at worst immediately circumvented. Ultimately, the DMA would remain a piece of paper in the Official Journal, with much ado about nothing. The risk of fossilization has been taken seriously by the EU lawmakers as the DMA provides for a broad anti-circumvention clause and for the possibility that the Commission updates the obligations with a delegated act (which is akin to a simplified and expedited legislative procedure). [149] Those will have to be used effectively now by the Commission to avert fossilization. Then in the future, when the DMA is revised and experience has been gained, a move towards more flexible and standards-based provisions may be conceivable in order to increase the resilience of the DMA in an environment that is moving rapidly. [150]

16. In the gatekeeper entrenchment scenario, the DMA becomes a kind of all-encompassing “public utility” regulation on the US model while the role of competition recedes and fades away. [151] It is true that, under this scenario, users of the platforms are likely to be well-protected and gatekeeper-user relationships will probably be fair. At the same time, extensive regulation will probably not support entry that could threaten gatekeeper power; rather, it is bound to entrench the gatekeeper position. In other words, the DMA may well protect complementors but would fail to stimulate market forces and encourage the entry of new platforms either as frontal competitors or as diagonal disruptors. This is a scenario that we have seen in some utilities and financial sector regulation, where an increase of regulation did not lead to a proportional increase in competition. Given the fact that innovation and competition may potentially be strong in the digital markets [152] and that, when platforms and data are open, the benefit of network and ecosystem effects may be combined with competition, we think that a natural monopoly/public utility type of regulation would not necessarily be a good future for EU digital regulation. [153]

17. If there is a common feature between these two undesirable scenarios, it is probably a confrontational relationship between the regulatory authority and the regulated firms. In the fossilization scenario, the firms end up outsmarting the authority. In the gatekeeper entrenchment scenario, protracted conflict leads the regulatory authority to intervene excessively, with overbearing regulation as a result (and the risk of regulatory capture if the firms do outwit the authority and entrench their position on favourable terms). [154] In the end, the fate of DMA interpretation and enforcement could therefore hinge on whether the European Commission, regulated gatekeepers and users succeed in developing a cooperative relationship that breaks from the more adversarial approach that characterizes competition law enforcement. [155] The institutional framework of the DMA, which has been made more participatory during the legislative negotiations, and our compass can be a guide on that journey. Firms also need to move away from an attitude whereby they expect authorities to spell out every detail of the obligations they must comply with, [156] towards a form of co-ownership of the regulatory process. In that sense, managed competition under the DMA could turn out to be “co-managed” by the authorities and the firms. [157]

The interplay between the DMA and the General Data Protection Regulation


Damien Geradin
Founding Partner, Geradin Partners, Brussels


Theano Karanikioti
Senior Associate, Geradin Partners, Brussels


Konstantina Bania
Counsel, Geradin Partners, Brussels

I. Introduction

1. The Digital Markets Act (DMA), a Regulation laying down rules aimed at ensuring the fairness and contestability of digital markets where gatekeeper platforms are present, will soon become part of European Union (EU) law. The DMA will impose a series of “dos and don’ts” on designated gatekeepers, setting out rules of conduct vis-à-vis other businesses and end users.

2. Clearly, the DMA will not apply in a vacuum; instead, it will interact with national and EU rules that establish obligations for gatekeeper platforms. The text of the DMA states that the Regulation will apply “without prejudice” to a series of instruments, including the General Data Protection Regulation (GDPR), consumer protection rules (e.g. the Unfair Commercial Practices Directive) and (national and EU) competition rules. [158] A reading of the “without prejudice” provisions of the DMA suggests that all legislative instruments that govern the conduct of gatekeeper platforms in the EU and domestically will harmoniously co-exist and complement each other. Yet, it is doubted that the application of such a varied set of rules will not give rise to tension; in certain cases, the DMA may be lex specialis, thereby prevailing over a general rule established in one of the above instruments. In other cases, the normative goals pursued by the DMA may conflict with those of another tool, thereby leading to opposing outcomes.

3. In this paper, we focus on the interaction between the DMA and the GDPR. This is a highly topical matter. Many DMA provisions concern the gatekeepers’ data-related practices, which largely have to do with the use of personal data. As a result, complex questions will soon arise as to how several obligations established in the DMA (e.g. data combination subject to user consent, data sharing subject to user consent) are compatible with the GDPR and whether gatekeepers can seamlessly comply with both instruments.

4. Our main goal is to inquire into whether the DMA can indeed apply without prejudice to the GDPR. We will do so by referring to the main provisions of the DMA that are related to the principles of and rights enshrined in the GDPR—namely, the data portability obligation (Article 6(9) of the DMA) (II.) and the requirement to obtain end user consent to comply with certain DMA obligations (Articles 5(2) and 6(10) of the DMA) (III.)

II. The data portability obligation imposed on designated gatekeepers

5. Article 20(1) of the GDPR enshrines the right to data portability, which comprises the data subject’s right to receive the personal data concerning her and the right to transmit this data to another controller. Article 6(9) of the DMA establishes the gatekeepers’ obligation to provide end users with effective data portability. Based on recital 59 of the DMA, it appears that the obligation in question is composed of the same core elements as the GDPR right—namely (i) the right to receive the data in scope and (ii) the right to have the data ported to a third party.

6. In an attempt to clarify the relationship between the above provisions, the DMA notes that “[f]or the avoidance of doubt, the obligation on the gatekeeper to ensure effective portability of data (. . .) complements the right to data portability under the [GDPR].” [159] This may imply that the right enshrined in the GDPR and the obligation established in the DMA are “two sides of the same coin.” Indeed, this might have been the original intention; in its Communication on the application of the GDPR, the Commission acknowledged that, although individuals are increasingly aware of their rights under the GDPR, the right to data portability, which may “put individuals at the centre of the data economy by enabling them to switch between different service providers (. . .) and to choose the most data protection-friendly services,” has not reached its full potential. [160] The Commission noted that unlocking that potential was one of its main priorities because, with the increasing use of the Internet, “more and more data are generated by consumers, who risk being faced with unfair practices and ‘lock in’ effects.” [161] The Commission further mentioned that it would explore how to boost data portability in preparation of the DMA. [162]

7. Nevertheless, there are two reasons why we doubt that the DMA obligation is meant to merely enhance the GDPR right. First, there are significant differences in every single aspect of the respective provisions, ranging from the normative goals they pursue, the scope of data covered, the legal basis on which the users’ right to data portability rests and the (transactional and technical) conditions under which data portability should take place. Second, the DMA is sector-specific legislation. As a result, the end users’ right to have data transmitted to a third party under the DMA may qualify as lex specialis that would prevail over the GDPR (the lex generalis in the case at hand). The Guidelines on the right to data portability adopted by the Article 29 Data Protection Working Party (Article 29 WP Guidelines) note that if the data subject intends to exercise rights under sectorial legislation only (rather than rights under the GDPR), “the GDPR’s data portability provisions will not apply to this [data subject’s] request.” [163] Against this background, it is far from certain whether the DMA is indeed meant to strengthen the right to data portability under the GDPR [164] and that the former will apply “without prejudice” to the latter. [165] We examine those issues in more detail below.

1. Are the DMA obligation to provide data portability and the GDPR right to data portability “two sides of the same coin”?

1.1 The normative goals the GDPR and the DMA pursue

8. The GDPR explicitly states that the objective of the right to data portability is to “strengthen the [data subject’s] control over [her personal] data.” [166] The normative goals the DMA pursues are fairness and contestability in digital markets. Putting those goals in the data portability context, the DMA clarifies that the data portability obligation it establishes seeks to facilitate switching and multi-homing. [167] Surely, these are not unrelated to the GDPR because the right to data portability it enshrines has the potential to generate the positive externality of using multiple providers or switching to different services. [168] However, it is widely accepted that the GDPR regulates personal data only and that the aim of the right to data portability should not be conflated with other normative goals. [169] For example, to illustrate how control over personal data and competition differ, the Article 29 WP Guidelines note that the GDPR right to data portability may allow banks to provide new services using personal data initially gathered as part of an energy supply service. [170] This example makes the point that, in the case at hand, exercising the right to data portability would have nothing to do with promoting competition in energy supply markets.

1.2 The scope of data covered by the GDPR and the DMA

9. Starting from stating the obvious, the GDPR protects and applies to “personal data,” that is, “any information relating to an identified or identifiable natural person.” [171] Put differently, only personal data is in scope of a data portability request under the GDPR and any data that is anonymous or does not concern the data subject is not covered by Article 20. [172] However, no such restriction applies to data portability in the context of the DMA. Article 6(9) broadly refers to the term “data,” which is in stark contrast with other DMA obligations that specifically refer to (and attach conditions to the use of) data that is “personal” within the meaning of the GDPR. Had the legislator intended for Article 6(9) to merely enhance the GDPR, an explicit reference to “personal data” would arguably have been made.

10. That Article 6(9) of the DMA covers the portability of non-personal data is not the only difference with the GDPR. Article 20(1) of the GDPR covers data that end users have “provided” to a controller. It has been clarified that the term “provided” covers data knowingly and (pro-)actively provided by end users (e.g. mailing address, user name, age), as well as data resulting from the observation of their activities (e.g. raw data processed by connected objects, history of website usage). [173] However, the GDPR right to data portability does not cover inferred and derived data, that is, data created by the data controller itself (e.g. a user profile created through the analysis of raw data). [174]

11. Nothing in the DMA implies that the data falling under the scope of the portability obligation should be restricted to the above. Article 6(9) of the DMA establishes the gatekeepers’ obligation to “provide (. . .) effective portability of data provided by the end user or generated through the activity of the end user in the context of the relevant core platform service.” This wording suggests that the DMA obligation may also cover inferred and derived data. The question arises whether requiring gatekeepers to ensure the portability of such data (i.e. data that has been produced following investments in time and technology) complies with the principle of proportionality. One might argue that such a requirement could reduce the gatekeepers’ incentive to innovate because it facilitates free riding. Yet, that the DMA may cover inferred and derived data finds support in recital 59, which lays down that the data portability obligation it establishes is “[t]o ensure that gatekeepers do not undermine (. . .) the innovation potential of the dynamic digital sector.” In other words, it could also be argued that the legislator has weighed the different interests at stake and that the balance has tilted in favour of the gatekeepers’ end (and business) users.

12. A marked difference between the DMA and the GDPR that has an impact on the scope of data covered is the legal basis for the lawful processing of data on which the right to data portability rests. Article 20(1) of the GDPR lays down that the right to data portability only covers data that has been processed on the basis of a contract (as per Article 6(1)(b) of the GDPR) or consent (in accordance with Article 6(1)(a) of the GDPR). In practice, this means that there is no obligation for the data controller to accommodate a data portability request concerning personal data that has been processed in line with the other legal bases provided for in the GDPR (e.g. a legitimate interest pursued by a data controller). [175] The gatekeepers’ obligation to respond to a data portability request under the DMA is not subject to the above restriction. In practice, this means that the end users’ request to have their data ported to a third party under the DMA would encompass a (far) larger dataset than a request to transmit data to another data controller under the GDPR. This includes personal data processed pursuant to a legal basis other than consent and contract, as well as non-personal data (the only legal basis for the portability of the latter being Article 6(9) of the DMA).

13. Overall, the scope of data covered by the DMA data portability obligation is more far-reaching than the scope of data covered by the GDPR data portability right.

1.3 Transactional and technical conditions attached to data portability

14. The DMA and the GDPR say different things about the conditions that must be met for data portability to be compliant with the respective instrument. Article 6(9) of the DMA specifically provides that the portability of data should be “free of charge.” Unequivocally, gatekeepers cannot ask users to pay for their data to be transmitted to a third party. However, the GDPR leaves that door open; pursuant to Article 12, the data controller may charge “a reasonable fee” where data portability requests are excessive, “in particular because of their repetitive character.” [176] Yet, one cannot envisage how multi-homing could be achieved if data portability requests are not repetitive.

15. Finally, there are considerable differences with respect to the technical conditions attached to (effective) data portability. By means of example, under the GDPR, the data subject has the right to have the data “transmitted directly from one controller to another, where technically feasible.” [177] Moreover, recital 68 of the GDPR encourages data controllers to develop interoperable formats that enable data portability, but there is no obligation for controllers to adopt or maintain processing systems that are technically compatible. [178] The Article 29 WP Guidelines specify that “[a]s a good practice, data controllers should start developing the means that will contribute to answer data portability requests, such as download tools and Application Programming Interfaces. [179] The DMA goes beyond the GDPR. Recital 59 lays down that gatekeepers are required to implement “high quality technical measures, such as application programming interfaces.” What is more, contrary to the GDPR, gatekeepers should ensure that the data is ported continuously and in real time. [180]

16. All in all, the differences in the objectives pursued, the scope of data covered and the (transactional and technical) conditions that apply suggest that Article 6(9) of the DMA cannot be regarded as an obligation that merely intends to boost the exercise of Article 20 of the GDPR. [181]

2. Can the DMA obligation to provide data portability really be “without prejudice” to the GDPR right to data portability?

17. The Article 29 WP Guidelines on the right to data portability explicitly state that “if it is clear from the request made by the data subject that his or her intention is not to exercise rights under the GDPR, but rather, to exercise rights under sectorial legislation only, then the GDPR’s data portability provisions will not apply to this request. [182] There is little doubt that the DMA qualifies as “sectorial legislation,” for it only applies to clearly defined services [183] in the digital sector. [184] It is also clear that the DMA establishes a right for the end user; the gatekeeper’s obligation is triggered only after a user makes a data portability request. It is also noteworthy that, as the text of the legislative proposal evolved, its wording was amended to specify that the DMA seeks to benefit business users and end users alike. [185] Finally, the approach suggested by the Article 29 WP Guidelines is not alien to the law, including EU law. Aside from the general principle lex specialis derogat legi generali, the case law of the Court of Justice of the EU has also clarified that a provision in EU law prevails over another not only in cases of conflict, but also in cases where the former “[regulates] the conduct at stake in a more detailed manner and/or by being applicable to a specific sector.” [186]

18. Even if the DMA could in theory prevail over the GDPR, in practice it would still need to be established that the intention of the data subject is not to exercise the right to data portability enshrined in the latter. How this will be determined is far from clear. (Should the user be presented with two options, a DMA route and a GDPR route? How could the user make an informed choice about which right to choose?) What is, however, clear is that the DMA may not necessarily apply “without prejudice” to the GDPR.

III. End user consent as an enabler of certain gatekeeper practices

19. End user consent plays a central role in some of the DMA’s obligations, enabling gatekeepers to engage in practices that would be prohibited in its absence. First, pursuant to Article 5(2) of the DMA, the end user should be “presented with the specific choice and [give] consent in the sense of [the GDPR]” in order for the gatekeeper to engage in certain data processing, data combination, data cross-use and sign-in practices. [187] Second, Article 6(10) of the DMA requires gatekeepers to provide business users (and third parties authorised by a business user) access to aggregated and non-aggregated data. [188] To the extent that personal data are involved, data access can only be granted when “the end user opts in to such sharing by giving (. . .) consent.” [189]

20. Consent under the DMA is defined by reference to the GDPR. [190] This is not surprising given that consent is a well-established concept under EU data protection law. Therefore, all the requirements and standards the GDPR establishes in relation to requesting user consent remain applicable in the context of consent being required under the DMA.

21. The GDPR places—at least in theory—a heavy burden on companies seeking to rely on user consent for their data processing activities. This high standard for consent will also be applicable in the context of end users using core platform services provided by designated gatekeepers. We first discuss the GDPR standards for consent and how these can be met or, possibly, misused in the context of gatekeepers requesting end user consent (1.). We then briefly turn to the question of whether the choice of user consent as an enabler of certain gatekeeper practices is appropriate (2.).

1. Complying with the high standards of consent under the GDPR in the context of core platform services provided by designated gatekeepers

22. Consent under the GDPR must be “freely given, specific, informed and unambiguous.” [191] The following discussion will focus particularly on the requirements that consent be “freely given” and “specific”; these requirements vividly illustrate the concerns arising from granting consent to a gatekeeper’s data processing activities.

1.1 The requirement that consent be “freely given”

23. For consent to be “freely given,” the end user/data subject must have real choice and control. [192] Thus, consent is not valid if the data subjects “[have] no real choice, [feel] compelled to consent or (. . .) endure negative consequences if they do not consent.” [193] If consent is bundled up as a non-negotiable part of terms and conditions, there is a presumption that it has not been freely given. [194]

24. The rationale behind this is to safeguard and promote the control that end users (the data subjects) have over their data—the key objective of the GDPR. As the European Data Protection Board (EDPB) states, “if obtained in full compliance with the GDPR”—that is, if the data subject is “offered control and is offered a genuine choice with regard to accepting or declining the terms offered or declining them without detriment”—consent is a tool that gives data subjects control over whether or not personal data concerning them will be processed. [195]

25. A concern that has, however, been expressed—both in general and regarding the DMA in particular—is that the power imbalance between large digital platforms and end users may make the granting of GDPR-compliant consent an unrealistic scenario. This is because certain gatekeeper platforms may make the use of their services conditional upon a user agreeing to extensive data processing. In such instances, users are faced with a “take-it-or-leave-it” situation: they either have to “consent” to the platform’s terms regarding data processing or forfeit the service. For services that users consider indispensable, they have no choice but to consent.

26. Arguably, such practices would lead to a presumption that consent has not been freely given and thus is not valid under the GDPR: the GDPR seeks to ensure that consent to the processing of personal data that is not necessary for the provision of a service is not tied to the acceptance of the terms and conditions for the use of the service concerned. [196] The findings of the investigation of the German competition authority into Facebook’s data-related practices—an investigation whose remedy arguably inspired Article 5(2) of the DMA—are relevant in this regard. With its decision, the Bundeskartellamt prohibited Facebook’s practice of making the use of the social network conditional upon the user’s consent to Facebook combining data collected from various Facebook companies (e.g. WhatsApp and Instagram), as well as from third-party websites or apps. The German competition authority found that Facebook’s personal data policy constituted an abuse of its dominant position, noting that there is no effective consent if such consent is a prerequisite for using the Facebook social network in the first place. [197]

27. But, even if consent is not tied to agreeing with the general terms and conditions of a service, user choice and the data subject’s control over her personal data (which is what the GDPR seeks to achieve) may be impaired by gatekeepers’ practices. [198] This is because (gatekeeper) platforms may nudge users, via the choice architecture employed, into giving consent to the processing of their data, including data combination and cross-use. [199] In that regard, it is positive that the EU legislators have sought to include (explicit) safeguards in the DMA to give power to users whose consent is sought. Such safeguards reflect the GDPR and the related interpretative documents, but also go further in that they explicitly set out requirements that the designated gatekeepers must meet to ensure that consent is valid. We illustrate this through the two examples that follow.

28. First, the DMA explicitly requires designated gatekeepers to offer a “less personalised but equivalent alternative” of their service to users and to not make “the use of the core platform service or certain functionalities thereof conditional upon the end user’s consent.” [200] This aims to ensure that users have a free choice: they could either use a service that would rely on data combination and cross-use or they could opt for a less personalised alternative that would not be different or of degraded quality compared to that offered to users who provide consent. [201] According to the EDPB, provided that there is “a possibility to have the contract performed or the contracted service delivered by [the same] controller without consenting to the other or additional data use in question, this means there is no longer a conditional service”—but both services need to be genuinely equivalent. [202]

29. Second, recognising that the choice architecture can nudge users into granting their consent, the DMA requires gatekeepers, when requesting consent, to “proactively present a user-friendly solution to the end user to provide, modify or withdraw consent in an explicit, clear and straightforward manner.” [203] Overall, in the spirit of the GDPR, the DMA explicitly prohibits gatekeepers from designing, organising or operating their online interfaces in a way that “deceives, manipulates or otherwise materially distorts or impairs the ability of end users to freely give consent.” [204] In this regard, the DMA further sets out that gatekeepers will not be allowed to repeat their request for consent for the same purpose more than once within a period of a year if an end user has refused or withdrawn her consent to the data combination, cross-use and sign-in practices of a gatekeeper. [205]

30. Such safeguards are fully aligned with the GDPR. But it is the actual implementation of the DMA that will determine whether the spirit and principles of the GDPR are adhered to. For instance, the DMA does not establish in concrete terms what is required from gatekeepers seeking to obtain end users’ consent—e.g. how the choice architecture should be designed or what information should be presented to users and how. [206] But it does set a high standard that any solution employed should be user-friendly. Thus, unless the Commission further specifies what Article 5(2) concretely entails, certain gatekeepers may game this gap to their advantage. In such cases, monitoring and enforcement are instrumental in ensuring that the DMA is indeed without prejudice to (the requirements set by) the GDPR.

1.2 The requirement that consent be “specific”

31. Valid consent under the GDPR should be “specific,” meaning that the data subject should give consent for each specific processing purpose. Thus, data subjects should be informed, prior to giving their consent, about the intended purposes of data processing and use, and should have the opportunity to consent or refuse to consent to each specified purpose. [207]

32. In the context of data sharing under the DMA, questions arise about how end user consent to data sharing can meet the GDPR’s robust standards. The data sharing obligation (Article 6(10) of the DMA) may cover different datasets and processing activities by a large number of third parties seeking to use such datasets for a variety of commercial purposes. [208] In order for end users to grant informed and specific consent to such data sharing, they should in theory be informed about, inter alia, the data that will be shared with third parties, the identity of such parties and the purposes for which their personal data will be processed and used by these third parties before giving their consent. It is questionable whether (and if so, how) this standard can be met in practice. [209]

2. Is the choice of consent as an enabler of certain gatekeeper practices otherwise prohibited under the DMA appropriate?

33. Consent plays a key role in certain DMA obligations, given that it is the basis upon which gatekeepers may engage in data-related practices that would otherwise be banned under the DMA. However, such a role for user consent is not without potential problems.

34. As explained above, gatekeeper digital platforms can, if they choose to do so, bundle consent with agreeing to the general terms and conditions or nudge users in granting their consent. [210] In addition, placing on end users the responsibility of deciding whether to consent to the gatekeepers’ data-related practices may increase the chances of “consent fatigue,” a concern that has often been raised in the context of the GDPR. [211]

35. Importantly, a question that has been expressed is what happens in cases where the user refuses to grant consent or withdraws consent. Arguably, without user consent gatekeepers could not (or no longer) engage in the data processing, combination or cross-use practices included in Article 5(2) of the DMA. Similarly, gatekeepers would not be able to share end users’ personal data with business users pursuant to Article 6(10) of the DMA. [212] In the context of Article 5(2), the withdrawal of consent would not pose significant challenges (although it should be monitored whether gatekeepers stop engaging in the covered activities). However, when it comes to data sharing, it may be technically challenging to monitor and implement in practice the termination of the data practices that were once enabled by consent, as all recipients that have received the data should be informed about the withdrawal of consent (and should comply with that). [213] It is also questionable whether relying on user consent, which can at any time be refused or withdrawn by end users, defeats (or hinders the attainment of) the purpose of Article 6(10), which is to “ensure that business users have access to the relevant data (. . .) generated,” [214] a measure that would address the data-driven advantages gatekeepers enjoy and allow business users to effectively compete and innovate.

36. Overall, when it comes to the data-related provisions of the DMA that (primarily) require end user consent for (certain types of) processing of personal data, there are specific references to the GDPR. The DMA either reflects the GDPR and the related interpretative documents or goes beyond the GDPR on this issue, but without contradicting it. However, questions arise about the ability of users to give valid consent and whether relying on consent would not defeat the goal of the DMA to ensure fair and contestable digital markets.

IV. Conclusion

37. While the DMA states that it applies “without prejudice” to the GDPR, questions arise about the interplay between these two instruments. The DMA’s data-related provisions requiring end user consent for certain gatekeeper practices, as well as the data portability obligation of the DMA, illustrate this point clearly. With respect to consent-related issues, though the DMA does not contradict the GDPR (even when it goes beyond it), issues are bound to arise as to how GDPR-compliant consent is obtained by those gatekeeper platforms that have a track record of nudging users into extensive data processing that fails to meet the GDPR standards. As regards data portability, it is far from clear whether data portability within the meaning of the DMA (which is more far-reaching than data portability under the GDPR) is lex specialis that prevails over the GDPR, thereby rendering the “without prejudice” clause of the DMA devoid of purpose.

Footnotes

[1The following comments refer to the final version of the Digital Markets Act on which the European Parliament held the final vote on 05 July 2022. The version used can be found at https://www.europarl.europa.eu/doceo/document/TA-9-2022-0270_EN.html. Funding by Deutsche Forschungsgemeinschaft (DFG, German Research Foundation) under Germany’s Excellence Strategy – EXC 2126/1 – 390838866 is gratefully acknowledged. The author would like to thank Jan-Frederick Göhsl, LL.M. (UCL), for his valuable support in revising the manuscript

[2Cf. for a meta-analysis of several expert reports F. Lancieri and P. M. Sakowski, Competition in Digital Markets: A Review of Expert Reports, Stan. J.L. Bus. & Fin., Vol. 26, Issue 1 (2021), pp. 65–170.

[3GCEU, 10 November 2021, Google Shopping, case T-612/17, ECLI:EU:T:2021:763, para. 54.

[4However, the provision of personal data often serves as a substitute for the payment of money.

[5M. A. Cusumano, A. Gawer and D. B. Yoffie, The Business of Platforms: Strategy in the Age of Digital Competition, Innovation, and Power, Harper Collins, New York, 2019, pp. 112–114.

[6Cf. on the economics of two-sided markets D. S. Evans, The Antitrust Economics of Multi-Sided Platform Markets, JREG, Vol. 20, No. 2, 2003, pp. 325–381, as well as R. Mansell and W. E. Steinmueller, Advanced Introduction to Platform Economics, Edward Elgar Publishing, Cheltenham, 2020

[7Furthermore, the following holds true: the more users there are on the established platform in absolute terms, the less likely they are to switch to a new platform. Cf. G. Biglaiser, J. Crémer and A. Veiga, Should I stay or should I go? Migrating away from an incumbent platform, RAND Journal of Economics (forthcoming 2022).

[8D. Zimmer, Digital Markets: New Rules for Competition Law, JECLAP, Vol. 6, No. 9, 2015, pp. 627–628.

[9That is the main reason why a simple break-up of GAFA-undertakings does not seem promising. For a different view on that topic, cf. J. E. Kwoka, Jr. and T. Valletti, Scrambled Eggs and Paralyzed Policy: Breaking Up Consummated Mergers and Dominant Firms, 2020, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3736613.

[10On the need for regulation in the digital economy, see already German Monopolies Commission, Special Report 68: Competition policy: The challenge of digital markets, 2015.

[11Cf. on a Union-level Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1, Regulation (EU) 2019/1150 of the European Parliament and of the Council of 20 June 2019 on promoting fairness and transparency for business users of online intermediation services, OJ L 186, 11.7.2019, p. 57, Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services, OJ L 151, 7.6.2019, p. 70, as well as the forthcoming Digital Services Act. The numerous national regulations to address the identified issues—as Section 19a of the German Act against Restraints of Competition—serve as the basis for the enactment of the DMA, as it is intended to prevent further fragmentation of the digital single market under Article 114 TFEU.

[12Cf. recital 11.

[13P. Larouche and A. de Streel, The European Digital Markets Act: A Revolution Grounded on Tradition, JECLAP, Vol. 12, No. 7, 2021, pp. 542–560, at 544–548.

[14Active business users are identified and calculated in accordance with the methodology and indicators set out in the Annex of the DMA. Where these thresholds were met in the previous three financial years, an undertaking shall be presumed to satisfy also the additional requirement of holding an entrenched and durable position in operations (Article 3(2)(c)).

[16In June 2020, the Federal Court of Justice ruled that the Federal Cartel Office may enforce its prohibition decision. Cf. BGH, 23 June 2020, Facebook, case KVR 69/19, preliminary decision.

[17Eur. Comm., dec. C(2013) 4750 of 25 July 2013, Apple E-books, case AT.39847; Eur. Comm., dec. C(2017) 2876 final of 4 May 2017, Amazon E-book MFNs, case AT.40153. Cf. on a national level the joined cases regarding the behavior of booking.com from the French, Italian and Swedish Competition Authorities in 2015, https://en.agcm.it/en/media/press-releases/2015/4/alias-2207. The commitments included the replacement of a narrow MFN with a wide MFN. In Germany, Narrow MFNs are considered problematic. Cf. on narrow MFNs in Germany BGH, 18 May 2021, Booking, case KVR 54/20. Cf. on wide MFNs Bundeskartellamt, 26 November 2013, Amazon Marketplace, case B6-46/12; OLG Düsseldorf, 9 January 2015, HRS, VI-Kart 1/14 (V); OLG Düsseldorf, 4 December 2017, Expedia, VI-U (Kart) 5/17.

[18Amazon Buy Box, case AT. 40703 (Eur. Comm., press release IP/20/2077 of 10 November 2020, Antitrust: Commission sends Statement of Objections to Amazon for the use of non-public independent seller data and opens second investigation into its e-commerce business practices, https://ec.europa.eu/commission/presscorner/detail/en/IP_20_2077).

[19For a more thorough analysis of the enforcement practice, S. Albœk, Consumer Welfare in EU Competition Policy, in Aims and Values in Competition Law, C. Heide-Jørgensen, C. Bergqvist, U. B. Neergaard and S. T. Poulsen (eds.), DJØF Publishing, Copenhagen, 2013, https://ec.europa.eu/dgs/competition/economist/consumer_welfare_2013_en.pdf.

[20F. Chirico, Digital Markets Act: A Regulatory Perspective, JECLAP, Vol. 12, Issue 7, 2021, pp. 493–499, at 495. Critically, C. Caffarra and F. Scott Morton, The European Commission Digital Markets Act: A translation, VoxEU, 5 January 2021, https://voxeu.org/article/european-commission-digital-markets-act-translation.

[21GCEU, 10 November 2021, Google Shopping, case T-612/17, ECLI:EU:T:2021:763.

[22Eur. Comm., dec. C(2018) 4761 final of 18 July 2018, Google Android, case AT.40099.

[23Cf. S. Holmes, D. Middelschulte and M. Snoep, Competition Law, Climate Change & Environmental Sustainability, Concurrences, New York, 2021; OECD, Sustainability and Competition, OECD Competition Committee Discussion Paper, 2020, https://www.oecd.org/daf/competition/sustainability-and-competition-2020.pdf.

[24H. Schweitzer, The art to make gatekeeper positions contestable and the challenge to know what is fair: A discussion of the Digital Markets Act Proposal, ZEuP, No. 3, 2021, pp. 503–544, at 517.

[25Approving ibid. and N. Petit, The Proposed Digital Markets Act (DMA): A Legal and Policy Review, JECLAP, Vol. 12, Issue 7, 2021, pp. 529–541. Disapproving P. Ibáñez Colomo, New Times for Competition Policy in Europe: the Challenge of Digital Markets, JECLAP, Vol. 12, Issue 7, 2021, pp. 491–492.

[26Larouche and de Streel, supra note 12, at 544–545.

[27Cf. former Competition Commissioner J. Almunia’s speech, Competition and consumers: the future of EU competition policy, European Competition Day, Madrid, 12 May 2010: “All of us here today know very well what our ultimate objective is: competition policy is a tool at the service of consumers. Consumer welfare is at the heart of our policy and its achievement drives our priorities and guides our decisions.

[28The views expressed in this article are my own and not necessarily those of News Corp.

[29Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act), COM(2020) 842 final, 15 December 2020, https://ec.europa.eu/info/sites/default/files/proposal-regulation-single-market-digital-services-digital-services-act_en.pdf.

[32CMA, press release, 8 December 2020, CMA advises government on new regulatory regime for tech giants, https://www.gov.uk/government/news/cma-advises-government-on-new-regulatory-regime-for-tech-giants.

[34T. Rutland, Europe’s competition chief appoints Imperial academic as top adviser, Imperial’s News, 26 March 2018, https://www.imperial.ac.uk/news/185526/europes-competition-chief-appoints-imperial-academic.

[41J. Furman et al., Unlocking digital competition, Report of the Digital Competition Expert Panel, March 2019, https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel.

[42US House Judiciary Committee’s Subcommittee on Antitrust, Commercial, and Administrative Law, Investigation of Competition in Digital Markets: Majority Staff Report and Recommendations, 2020, https://judiciary.house.gov/uploadedfiles/competition_in_digital_markets.pdf.

[43Cited supra note 5.

[48D. Katsifis, Ne bis in idem and the DMA: the CJEU’s judgments in bpost and Nordzucker – Part II, The Platform Law Blog, 29 March 2022, https://theplatformlaw.blog/2022/03/29/ne-bis-in-idem-and-the-dma-the-cjeus-judgments-in-bpost-and-nordzucker-part-ii.

[49Bristows has clients whose activities may potentially be affected by the DMA once adopted. However, the views expressed in this article are entirely the authors’ own. It was not written at the behest of or in the interest of any client or clients of Bristows and no clients were consulted in relation to its contents.

[50References to the DMA in this article are to the 11 May 2022 version of the draft text of the Regulation available at https://www.consilium.europa.eu/media/56086/st08722-xx22.pdf.

[51DMA, supra, recital 8.

[52European Parliament, press release, 24 March 2022, Deal on Digital Markets Act: EU rules to ensure fair competition and more choice for users, https://www.europarl.europa.eu/news/en/press-room/20220315IPR25504/deal-on-digital-markets-act-ensuring-fair-competition-and-more-choice-for-users.

[53C. Wall and E. Lostri, The European Union’s Digital Markets Act: A Primer, CSIS, 8 February 2022, https://www.csis.org/analysis/european-unions-digital-markets-act-primer.

[54Similarly, Cédric O, the Minister representing the French Presidency of the European Council, said: “The European Union has had to impose record fines over the past 10 years for certain harmful business practices by very large digital players. The DMA will directly ban these practices and create a fairer and more competitive economic space for new players and European businesses.” See European Parliament, press release, 23 November 2021, Digital Markets Act: ending unfair practices of big online platforms, https://www.europarl.europa.eu/news/nl/press-room/20211118IPR17636/digital-markets-act-ending-unfair-practices-of-big-online-platforms and European Council, press release, 25 March 2022, Digital Markets Act (DMA): agreement between the Council and the European Parliament https://www.consilium.europa.eu/en/press/press-releases/2022/03/25/council-and-european-parliament-reach-agreement-on-the-digital-markets-act.

[55Digital Markets Act: Impact Assessment support study, Annexes, VIGIE number: 2020/630, December 2020, https://www.cullen-international.com/dam/jcr:b2f68dd5-1633-458a-b7aa-33e100f404bc/KK0620191ENN.pdf.

[56ISS, Table 7, at pp. 28–29, and Annex 4, at pp. 209–382, setting out, respectively, “identified issues in relation to gatekeeper platforms” and “Case Studies.

[57Ibid., p. 42.

[58Ibid., p. 210.

[59Ibid., p. 42.

[60See, e.g., DG Competition discussion paper on the application of Article 82 of the Treaty to exclusionary abuses, December 2005, https://ec.europa.eu/competition/antitrust/art82/discpaper2005.pdf

[61For example, the ongoing Amazon Marketplace investigation apparently began in 2015 (ISS, p. 296), while the proceedings leading to the 2017 Google Search (shopping) decision were formally opened in 2010 (see https://ec.europa.eu/competition/elojade/isef/case_details.cfm?proc_code=1_39740).

[62See, e.g. European Parliament, press release, 10 October 2019, EU to take action against fake news and foreign electoral interference, https://www.europarl.europa.eu/news/en/press-room/20191007IPR63550/eu-to-take-action-against-fake-news-and-foreign-electoral-interference.

[63Article 19 DMA creates a mechanism by which the EC may add new CPS to the list following a market investigation.

[64The full list is (i) online intermediation—e.g. digital marketplaces and app stores—(ii) search engines, (iii) social networks, (iv) video-sharing platforms, (v) number-independent interpersonal communication services—i.e. messaging services such as WhatsApp—(vi) operating systems, (vii) web browsers, (viii) virtual assistants, (ix) cloud computing, and (x) advertising services.

[65See, e.g. Explanatory Memorandum to the DMA, COM(2020) 842 final, 15 December 2020, at p. 2 (“online intermediation services (incl. for example marketplaces, app stores and online intermediation services in other sectors like mobility, transport or energy)”), https://ec.europa.eu/info/sites/default/files/proposal-regulation-single-market-digital-services-digital-services-act_en.pdf.

[66DMA, Articles 3(4), 3(8) and 17

[67Further specific obligations related to interoperability to be imposed only on designated gatekeepers providing number-independent interpersonal communication services are set out under Article 7.

[68DMA, Articles 5(2), 5(4) and 5(5).

[69DMA, Articles 6(2), 6(5) and 6(3)

[70DMA, Articles 8(2), 8(3) and 20.

[71Both Articles 5 and 6 provide—in identical terms—that “Gatekeepers shall comply with this Article in respect of each of its core platform services (. . .)” See also Article 8(1) DMA. This may not have been the original intention: ISS, p. 52 proposes a distinction between “(i) prohibitions and/or obligations which can be specified to a high degree, thereby enabling them to be self-executing; and (ii) prohibitions and/or obligations which would require further elaboration by a regulatory body,” implying that Article 5 obligations were intended to be “self-executing,” while Article 6(1) obligations were not. However, the Explanatory Memorandum to the DMA, at p. 9, refers to “directly applicable obligations, including certain obligations where a regulatory dialogue may facilitate their effective implementation.

[72Gatekeepers are also obliged to establish a compliance function, independent of operational activities, with a compliance head reporting to the management board, Article 28 DMA.

[73DMA, Article 8(1

[74DMA, Article 8(3).

[75Article 8(3) DMA provides expressly that the EC “shall have discretion in deciding whether to engage” in the process of giving guidance and refers only to guidance in relation to Article 6 (and 7) obligations (not those under Article 5)

[76See, in particular, Regulation (EC) No. 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty, OJ L 1, 4.1.2003, p. 1, Articles 18 to 20.

[77DMA, Articles 21, 23 and 17 to 19. See also Article 24 (interim measures), Article 25 (commitments) and Article 26 (appointment of monitors).

[78Ibid., Articles 11(1), 15(1) and 14(1).

[79Ibid., Article 30.

[80Ibid., Articles 18(1) and 18(2)

[81For most (but not all) of the specified practices, competition investigations have been opened, but are not yet finally concluded—some have not yet reached even the preliminary stage of a statement of objections

[82See, e.g., DMA, Recitals 4 to 7, 35 and 72.

[83ISS, p. 59. “However, there are other problematic practices, for which it is not possible to define a prohibition or obligation in the legislation sufficiently clearly that it could be applied without further interpretation. Self-preferencing (in a broad sense) is one such case, while access to data or interoperability, also require a further interpretation and/or operational step in order to render them effective. Thus, the use of a pure blacklist approach based on self-executing prohibitions would either result in a limited list of prohibitions (and thus fail to tackle some of the serious problems raised by gatekeeper platforms) or if broadened, could result in measures which are difficult to interpret and create legal uncertainty, creating considerable pressure on the enforcement and appeals process to define the scope of the obligations. This would entirely negate the time benefits that should arise from a self-executing measure.”

[84DMA, Article 5(2).

[85Ibid., Article 7(2a).

[86Algorithms and competition, Speech by Commissioner Margrethe Vestager at Bundeskartellamt 18th Conference on Competition, Berlin, 16 March 2017, https://ec.europa.eu/newsroom/comp/items/55994/en.

[87In the context of the Google Search (shopping) investigation, the EC has stated that it analysed 5.2 terabytes of data from Google in relation to search results, see Eur. Comm., press release IP/17/1784 of 27 June 2017, Antitrust: Commission fines Google €2.42 billion for abusing dominance as search engine by giving illegal advantage to own comparison shopping service, https://ec.europa.eu/commission/presscorner/detail/en/IP_17_1784.

[88DMA, Article 8(1).

[89Indeed, it is notable that the only reference to efficiencies in the recitals to the DMA is in recital 23, which specifies that any “justification on economic grounds seeking to demonstrate efficiencies deriving from a specific type of behaviour” is not relevant in the context of the designation of a provider of CPS as a gatekeeper.

[90See, e.g. DMA, Recitals 4 to 7, 35 and 72.

[91Eur. Comm., press release IP/21/3143 of 22 June 2021, Antitrust: Commission opens investigation into possible anticompetitive conduct by Google in the online advertising technology sector, https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3143.

[94CMA, press release, 8 January 2021, CMA to investigate Google’s ‘Privacy Sandbox’ browser changes, https://www.gov.uk/government/news/cma-to-investigate-google-s-privacy-sandbox-browser-changes.

[95Impact Assessment, Part 1/2, SWD(2020) 363 final, 15 December 2020, para. 353 (“it is assumed that Option 2 would cover up to a maximum of between 15 gatekeepers (sub-option 1-A) and 20 gatekeepers (sub-option 1-B)”), available at https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=72185. The decision to raise the Article 3(2) size thresholds from the EUR 6.5/EUR 65 billion proposed in the ISS to EUR 7.5/EUR 75 billion in the agreed text may limit the number of designated gatekeepers, but the EC’s power to designate gatekeepers below these thresholds inevitably renders that uncertain.

[96ISS, pp. 9–10. A longer list of nineteen companies is considered at ISS, pp. 124–125.

[97European Parliament press release, 24 March 2022, supra, footnote 3.

[98M. Yuen, Amazon annual revenue breakdown by segment in 2022, Insider Intelligence, 11 February 2022, https://www.insiderintelligence.com/insights/amazon-revenue.

[99See, e.g. ISS, p. 174: “Apple and Amazon are companies whose core business substantially differs from each other. While Amazon has a large e-commerce platform and provides logistics services around the globe, Apple provides mobile consumer electronics with its own integrated operating system and connected services”; and similarly ISS, pp. 122–123: “[A]t its heart Apple is a mobile devices company that worked its way towards other layers of the value chain. (. . .) Google’s core business is deeply rooted in online search and in contrast to Apple the largest share of Google’s revenues stem from advertisements.”

[100ISS, pp. 61 and 67 (“The total estimated cost of option 2 is around €11.6m, of which an estimated €8.2m would be associated with the activities of the European Commission (including co-ordination of the network)” and “[b]ased on (. . .) an assumption based on the regulation of 10 platforms, we estimate that (. . .) just under 50 FTE might be required within the Commission to handle option 2”).

[101IA, supra footnote 49, para. 353 (“The administrative costs for the EU Commission are estimated at EUR 16.7 million per year”). The Explanatory Memorandum to the DMA, at pp. 11–12, refers to the redeployment of 80 FTEs and total financial resources for the period 2021–2027 of EUR 81 million.

[102Ofcom, Promoting competition and investment in fibre networks: Wholesale Fixed Telecoms Market Review 2021-26, Volume 6: BT Regulatory Financial Reporting, 18 March 2021, https://www.ofcom.org.uk/__data/assets/pdf_file/0018/216090/wftmr-statement-volume-6-bt-rfr.pdf.

[103See the EC’s development of pre-notification discussions in the context of EU merger control and its flexible approach to the implementation of the cartel settlements procedure (in relation to the latter, cf. Sean-Paul Brankin, All settled: Where are the European Commission’s settlement proposals post consultation? Competition Law Journal, 7, 170–181 (2008)).

[104J. Toledano and J. Cattan, Will the Digital Markets Act allow Europe to regain power over the Big Tech? Probably not right away, Revue européenne du droit, No. 3, December 2021, https://geopolitique.eu/en/articles/will-the-digital-markets-act-allow-europe-to-regain-power-over-the-big-tech-probably-not-right-away.

[105These are mainly the authorities that come under the European bodies brought together in the high-level group, i.e., authorities in charge of competition, personal data protection, consumer affairs, telecoms and audiovisual.

[106Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act), COM(2020) 842 final, 15 December 2020, Article 5(d), https://ec.europa.eu/info/sites/default/files/proposal-regulation-single-market-digital-services-digital-services-act_en.pdf

[107Regulation 2022/… of the European Parliament and of the Council on contestable and fair markets in the digital sector and amending Directives 2019/1937 and 2020/1828 (Digital Markets Act). For an overview of the agreed DMA and the changes introduced by the EU lawmakers, see P. Alexiadis and A. de Streel, The EU’s Digital Markets Act: Opportunities and Challenges Ahead, Business Law International, Vol. 23, Issue 2, 2022, pp. 163–201.

[108Pursuant to Article 46 DMA.

[109Pursuant to Article 3(3) DMA, which will apply six months after the DMA will have entered into force (Article 54 DMA), prospective gatekeepers will have two months to notify the Commission. Article 3(4) DMA gives the Commission forty-five days from the date of notification to formally designate a notifying party as a gatekeeper, unless that party provided sufficiently substantiated arguments to question the application of the presumptive gatekeeper thresholds at Article 3(2) DMA, in which case the longer procedure of Article 17 DMA will be followed to adjudicate on these arguments.

[110Pursuant to Article 3(10) and Article 11(1) DMA, gatekeepers have six months (from their designation) to ensure that they comply with the DMA obligations and begin reporting on their compliance.

[111DMA, Articles 3, 8 and 11 respectively.

[112Ibid., Article 47.

[113Ibid., Articles 29 and 30.

[114Ibid., Article 24.

[115Ibid., Articles 18 and 25.

[116TFEU, Article 263. Alexiadis and de Streel, supra note 1, at 169.

[117On the private enforcement of the DMA, see A. P. Komninos, The Digital Markets Act and Private Enforcement: Proposals for an Optimal System of Enforcement, in Eleanor M. Fox Liber Amicorum: Antitrust Ambassador to the World, Nicolas Charbit and Sébastien Gachot (eds.), Concurrences, New York, 2021, pp. 425–444, and R. Podszun, Private Enforcement and Gatekeeper Regulation: Strengthening the Rights of Private Parties in the Digital Markets Act, JECLAP, 2021.

[118DMA, Article 42.

[119For firms, the stakes of DMA implementation and enforcement, in terms of market volume and value, are at least one and often two or more orders of magnitude higher than the costs of professional services involved therein.

[120See, for instance, the remarks of Tim Cook, Apple CEO, at the IAPP conference on 12 April 2022, where he stated that “we are deeply concerned about regulations that would undermine privacy and security in service of some other aim. Here in Washington and elsewhere, policymakers are taking steps, in the name of competition, that would force Apple to let apps onto iPhone that circumvent the App Store through a process called sideloading. (. . .) But if we are forced to let unvetted apps onto iPhone, the unintended consequences will be profound”: https://9to5mac.com/2022/04/12/tim-cook-privacy-speech-iapp.

[121Outside of the operative clauses, recitals 13 and 14 provide some characteristics of core platform services.

[122Article 12(5) DMA provides some guidance on the type of practices that would lead to the imposition of supplementary obligations.

[123DMA, recitals 32 and 33. See also Article 12(5).

[124H. Schweitzer, The art to make gatekeeper positions contestable and the challenge to know what is fair: A discussion of the Digital Markets Act Proposal, ZEuP, No. 3, 2021, pp. 503–544, at 509–518.

[125DMA, recital 32. Also, Article 12(5b).

[126Ibid., recital 32 states that “the position of the gatekeeper may be entrenched to such an extent that inter-platform competition is not effective in the short term, meaning that intra-platform competition needs to be created or increased.”

[127Ibid., recital 33. Also, Article 12(5a).

[128Indeed there are situations where firms at different levels of the value chain will argue over the distribution of the total profit to be realized on a given product, without the outcome of that argument having any significant impact on the final user in terms of price or otherwise. In such situations, the final distribution will reflect the relative power of firms, and it is difficult to assess that distribution based on objective criteria. An argument has been made that many FRAND disputes between standard essential patent (SEP) holders and implementors fit that description, and hence that it was not justified to invest competition enforcement time and resources in these disputes. Schweitzer, supra note 18, also suggests to interpret the fairness objective with reference to competition and cautions against a pure distributional interpretation of this objective.

[129In the same vein, J. Crémer et al., Fairness and Contestability in the Digital Markets Act, Yale Tobin Center for Economic Policy, Policy Discussion Paper No. 3, 2021, at 6 define fairness as “the organization of economic activity to the benefit of users in such ways that they reap the just rewards for their contributions to economic and social welfare and that business users are not restricted in their ability to compete.”

[130DMA, recital 34.

[131Ibid., recital 32 notes that “weak contestability reduces the incentives to innovate and improve products and services for the gatekeeper, its business users, its challengers and customers and thus negatively affects the innovation potential of the wider online platform economy.” Also Article 12(5b).

[132P. Larouche and A de Streel, The European Digital Markets Act: A Revolution Grounded on Traditions, JECLAP, Vol. 12, Issue 7, 2021, pp. 542–560, at 548–552. On the link between contestability, fairness and innovation, see also Crémer et al., supra note 23.

[133For a critique of lack of clustering see N. Petit, The Proposed Digital Markets Act (DMA): A Legal and Policy Review, JECLAP, Vol. 12, Issue 7, 2021, pp. 529–541.

[134DMA, Article 5(7) and 5(8).

[135Ibid., Article 6(2) regarding the prohibition of data in dual role setting and Article 6(5) regarding the prohibition of self-preferencing in rankings.

[136Ibid., Article 5(3) regarding MFN, Article 5(4) and 5(5) regarding intermediation, and Article 6(13) regarding service termination.

[137Ibid., Article 6(3) and 6(6) regarding app uninstallation and default setting changes and Article 6(9) regarding data portability.

[138Resp. DMA, Article 7 for horizontal interoperability and Article 6(4) and 6(7) for vertical interoperability including side loading.

[139Ibid., Article 6(12).

[140Ibid., Article 6(10) and 6(11).

[141Ibid., Article 5(9) and 5(10) regarding price transparency and Article 6(8) regarding performance transparency.

[143In addition to the general principle of proportionality at Article 5(4) TEU and in CJEU case law, the DMA itself states that Commission measures must be proportionate at Articles 8(3), 8(7), 18(1), 18(2), 18(4) and recitals 27–29, 65–67, 75, 86. Conversely, proportionality also applies to the technical measures that gatekeepers can adopt by way of exception to certain obligations: Articles 6(4), 6(7) and 7(9) and recitals 50 and 62.

[144Article 5(4) TEU. The DMA refers to effectiveness and necessity throughout.

[145Among others, P. Ibáñez Colomo, The Draft Digital Markets Act: A Legal and Institutional Analysis, JECLAP, Vol. 12, Issue 7, 2021, pp. 561–575, at 568 and, for some obligations, L. Cabral, J. Haucap, G. Parker, G. Petropoulos, T. Valletti, and M. Van Alstyne, The EU Digital Markets Act: A Report from a Panel of Economic Experts, Office of the European Union, Luxembourg, 2021.

[146Communication from the Commission, Guidance on the Commission’s enforcement priorities in applying Article [102 TFEU] to abusive exclusionary conduct by dominant undertakings, OJ C 45, 24.2.2009, p. 7, paras. 28–31. Even though the track record of the efficiency defence in formal litigation is meagre, efficiency arguments are probably more successful at the investigation stage.

[147Some of which are more in the nature of a generally applicable legislative measure than an individual decision.

[148L. Hancher and P. Larouche, The Coming of Age of EU Regulation of Network Industries and Services of General Economic Interest, in The Evolution of EU Law, P. Craig and G. de Búrca (eds.), 2nd ed., Oxford University Press, 2011, pp. 743–781.

[149DMA, Articles 12 and 13.

[150A similar evolution has taken place in EU electronic communications law. While the first Directive 97/33/EC imposing access and interconnection was very much based on detailed rules, since 2002 the successive Directives (2002/21/EC and now the Electronic Communications Code 2018/1972) are based on broad standards: Hancher and Larouche, supra note 42.

[151For requests for a public utilities regulation for digital platforms see, among others, F. A. Pasquale, Internet Nondiscrimination Principles Revisited, Brooklyn Law School Legal Studies Papers No. 655, 2020.

[152N. Petit, Big Tech and the Digital Economy: The Moligopoly Scenario, Oxford University Press, 2020.

[153Similarly, Schweitzer, supra note 18, at 542 recommends that the DMA should not be read as, or evolve into, a regime of public utility regulation. In the US, W. P. Rogerson and H. Shelanski, Antitrust Enforcement, Regulation, and Digital Platforms, U. Pa. L. Rev., Vol. 168, 2020, pp. 1911–1940 warn against public utility type regulation for the digital platforms and recommend a “light-handed pro-competitive regulation,” which is similar to our concept of managed competition.

[154Another possible scenario would be that the authority succeeds to keep its focus on managing competition, but is mired in endless debates with the firms. This would bring us back to the current situation with competition law enforcement.

[155On the need for participatory regulation, A. de Streel and M. Ledger, New Ways of Oversight for the Digital Economy, CERRE Issue Paper, February 2021; World Economic Forum, Agile Regulation for the Fourth Industrial Revolution: A Toolkit for Regulators, December 2020.

[156This attitude, common in US enforcement, is already difficult to reconcile with EU competition law, where the dominant firm holds a special responsibility to pay attention to competition in the markets in which it is dominant.

[157The reference to standardization at Article 48 DMA indicates that stakeholders could play a co-regulatory role in designing the technical means by which “managed competition” is implemented.

[158Position of the European Parliament adopted at first reading on 5 July 2022 with a view to the adoption of Regulation (EU) 2022/… of the European Parliament and of the Council on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) (DMA), P9_TC1-COD(2020)0374, recitals 10–12 and Article 1(6). See also recital 37: “This Regulation is without prejudice to Regulation (EU) 2016/679, including its enforcement framework, which remains fully applicable with respect to any claims by data subjects relating to an infringement of their rights under that Regulation.”

[159Ibid., recital 59.

[160Communication from the Commission, Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation, COM(2020) 264 final, 24 June 2020, pp. 8–9.

[161Ibid., p. 8.

[162Ibid., p. 9.

[163Article 29 Data Protection Working Party, Guidelines on the right to data portability (Article 29 WP Guidelines), adopted on 13 December 2016, as last revised and adopted on 5 April 2017, WP 242 rev.01, p. 8.

[164DMA, recital 59.

[165Ibid., recital 12.

[166Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (GDPR), OJ L 119, 4.5.2016, p. 1, recital 68.

[167DMA, recital 59.

[168Article 29 WP Guidelines, p. 4.

[169Ibid.

[170Ibid., fn. 2.

[171GDPR, Article 4(1).

[172Article 29 WP Guidelines, p. 9.

[173Ibid., pp. 9–10.

[174Ibid., p. 10.

[175Ibid., p. 8.

[176GDPR, Article 12(5).

[177Ibid., Article 20(1).

[178Article 29 WP Guidelines, p. 5.

[179Ibid., p. 3.

[180DMA, recital 59. See also recital 96: “The implementation of some of the gatekeepers’ obligations, such as those related to data access, data portability or interoperability could be facilitated by the use of technical standards. In this respect, it should be possible for the Commission, where appropriate and necessary, to request European standardisation bodies to develop them.”

[181The DMA goes much further than the GDPR, which may be attributed to the fact that it is asymmetric regulation.

[182Article 29 WP Guidelines, pp. 7–8.

[183DMA, Article 2(2).

[184Ibid., Article 2(4). Defined as “the sector of products and services provided by means of, or through, information society services.”

[185Ibid., Article 1(1).

[186Commission Notice, Guidance on the interpretation and application of Directive 2005/29/EC of the European Parliament and of the Council concerning unfair business-to-consumer commercial practices in the internal market, OJ C 526, 29.12.2021, p. 1, at p. 8 and fn. 20, referring to joined cases C-54/17 and C-55/17, paras. 60–61.

[187The DMA states that this is without prejudice to the possibility for gatekeepers to rely, “where applicable,” on other legal bases for lawful processing enshrined in the GDPR, in particular “compliance with a legal obligation,” “protection of the vital interests of the data subject or another natural person” or “performance of a task in the public interest.” However, the DMA excludes the possibility for gatekeepers to use, for practices outlined in Article 5(2), the “legitimate interests” and “performance of a contract” legal bases. This is in contrast with the GDPR, for which all legal bases of Article 6 are on an equal footing, with controllers being able to choose which is the appropriate legal basis on each occasion. Thus, this is also an area where the DMA places stricter rules than what may be required under the GDPR. See DMA, Article 5(2) and recital 36.

[188Such access shall be granted at the request of the business user, free of charge, and covers data that are provided for or generated in the context of their use of the gatekeeper’s core platform service or services provided together with, or in support of, the relevant core platform service by the business user, as well as the end users of the business user.

[189A further requirement is that such personal data must be “directly connected with the use effectuated by the end user in respect of the products or services offered by the relevant business user through the relevant core platform service.”

[190DMA, Article 2(32). When it comes to the obligations, while in Article 5(2) of the DMA explicit reference is made to consent under the GDPR, the current version of Article 6(10) does not include such a specific reference. However, by definition, references to consent in the DMA are references to consent under the GDPR.

[191GDPR, Article 4(11).

[192European Data Protection Board, Guidelines 05/2020 on consent under Regulation 2016/679, Version 1.1., adopted on 4 May 2020 (“EDPB Guidelines on consent”), para. 13.

[193Ibid.

[194In other words, any element of inappropriate pressure or influence upon the user/data subject which prevents her from exercising her free will entails that consent will not be valid. In addition, for consent to be freely given, data subjects should be allowed to give separate consent for each purpose of processing if a service involves multiple processing operations for more than one purpose. See ibid. See also paras. 42–44.

[195Ibid., para. 3.

[196See GDPR, Article 7(4) and recital 43. See also EDPB Guidelines on consent, para. 26.

[197Bundeskartellamt, press releases, 7 February 2019, Bundeskartellamt prohibits Facebook from combining user data from different sources, https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2019/07_02_2019_Facebook.html.

[198This is a matter that may be clarified by the European Court of Justice, given that a relevant question has been referred to it for a preliminary ruling from the Oberlandesgericht Düsseldorf in the context of its Facebook v. Bundeskartellamt case. The German Court has asked whether effective consent, in particular free consent, can be given to a dominant company. See Request for a preliminary ruling from the Oberlandesgericht Düsseldorf (Germany) lodged on 22 April 2021 — Facebook Inc. and Others v. Bundeskartellamt, case C-252/21, question 6.

[199See, e.g. W. Kerber and L. Specht-Riemenschneider, Synergies Between Data Protection Law and Competition Law, 30 September 2021, available at https://www.vzbv.de/sites/default/files/2021-11/21-11-10_Kerber_Specht-Riemenschneider_Study_Synergies_Betwen_Data%20protection_and_Competition_Law.pdf, pp. 31–32.

[200DMA, recital 36.

[201Ibid., recital 37. However, this would not prohibit gatekeepers from offering a less personalised alternative of a different quality if “a degradation of quality is a direct consequence of the gatekeeper not being able to process (. . .) personal data or signing in end users to a service.” However, where applicable, users should be “informed that not giving consent can lead to a less personalised offer, but that otherwise the core platform service will remain unchanged and that no functionalities will be suppressed.”

[202EDPB Guidelines on consent, para. 37. See also para. 39: “In order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information already stored, in the terminal equipment of a user (so[-]called cookie walls).”

[203DMA, recital 37.

[204Ibid.

[205Ibid., Article 5(2).

[206See R. Podszun, Should gatekeepers be allowed to combine data? Ideas for Art. 5(a) of the draft Digital Markets Act, 4 June 2021, p. 5, available on SSRN: https://papers.ssrn.com/abstract_id=3860030.

[207See EDPB Guidelines on consent, paras. 55–61.

[208CIPL, Bridging the DMA and the GDPR - Comments by the Centre for Information Policy Leadership on the Data Protection Implications of the Draft Digital Markets Act (CIPL Comments on the DMA), p. 7, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl_comments_on_the_data_protection_implications_of_the_draft_digital_markets_act__6_dec_2021_.pdf.

[209See also ibid., fn. 37. What may need to be done is to give additional information to individuals at the time of sharing—and business users, as data recipients, would have to provide separate notices to end users about their own data processing practices. See ibid., p. 14. It should also be noted that the DMA requires gatekeepers to “take the necessary steps (. . .) to enable business users to directly obtain the required consent to their processing, where that consent is required under [the GDPR and the ePrivacy Directive] (. . .). The gatekeeper shall not make the obtaining of that consent by the business user more burdensome than for its own services.” DMA, Article 13(5). See also recital 60.

[210In fact, recognising that the possibility of obtaining end user consent may be abused by certain gatekeepers, stakeholders have called, during the legislative process, for a total ban of the data combination and cross-use practices included in Article 5(2) of the DMA. See, for example, Kerber and Specht-Riemenschneider, supra note 42. See also Draft Opinion of the Committee on Legal Affairs for the Committee on the Internal Market and Consumer Protection, dated 3 June 2021, 2020/0374(COD), Amendment 40, which removed the possibility of end user consent to data combination practices of gatekeepers with the justification that “[a]s proven by the GDPR, simple consent regimes are often insufficient to address the loss of control over personal data by users. In order to limit the potential negative consequences for end users, business users and competing services, it is necessary to prevent them from combining personal data.” Inge Graef similarly argued that the DMA’s reliance on end user consent as an enabler of data combination practices by gatekeepers is not the right approach. Instead, a “stronger and more reliable condition for combining personal data, rather than consent, could be Article 6(1)(b) GDPR, which states that the processing of personal data is lawful when it is “necessary for the performance of a contract” to which the end-user is a party.” I. Graef, Why End-User Consent Cannot Keep Markets Contestable, in To Break Up or Regulate Big Tech? Avenues to Constrain Private Power in the DSA/DMA Package, H. Richter, M. Straub and E. Tuchtfeld (eds.), Max Planck Institute for Innovation and Competition Research Paper No. 21-25, 2021, pp. 81-82, available on SSRN: https://papers.ssrn.com/abstract_id=3932809.

[211See EDPB Guidelines on consent, paras. 87–88. The same concern can be expressed in the context of the data sharing obligation of the DMA (Article 6(10)). See CIPL Comments on the DMA, p. 12.

[212This is also what the EDPB envisages, stating that “if a controller chooses to rely on consent for any part of the processing, they must be prepared to respect that choice and stop that part of the processing if an individual withdraws consent. Sending out the message that data will be processed on the basis of consent, while actually some other lawful basis is relied on, would be fundamentally unfair to individuals. In other words, the controller cannot swap from consent to other lawful bases. (. . .).” See EDPB Guidelines on consent, paras. 122–123.

[213See CIPL Comments on the DMA, p. 12.

[214DMA, recital 60.

This document is protected by copyright laws and international copyright treaties. Non-authorised use of this document constitutes a violation of the publisher's rights and may be punished by up to 3 years imprisonment and up to a € 300 000 fine (Art. L 335-2 Code de la Propriété Intellectuelle). Personal use of this document is authorised within the limits of Art. L 122-5 CPI and DRM protection.