What is the DMA?
Before diving into the details of the DMA it is worth noting both what it is and what it is not. Its aim is to introduce certain proportionate up front obligations and prohibitions on harmful behaviors by so-called “gatekeeping” digital players in the EU’s internal market with the aim of making European digital markets “contestable and fair” to the benefit of business users and end users (consumers). Thus, while the DMA is inspired to a significant degree by antitrust law principles and cases, it is not antitrust law as such. It is asymmetric sectoral EU internal market regulation similar to, for example, antitrust principles-inspired telecoms, postal, or financial services regulation. It also incorporates consumer, data protection, and electronic communication law elements as can be seen from the different types of obligations described below.
EU antitrust law will continue to apply to digital markets outside the scope of the DMA provisions. This is important as the DMA covers only specified types of conduct by a specific class of companies (“gatekeepers”) in relation to a defined set of services (“core platform services”). Article 101 of the Treaty on the Functioning of the European Union (TFEU) which prohibits anti-competitive agreements and Article 102 TFEU which prohibits the abuse of a dominant position will continue to apply to the same companies that will be designated as gatekeepers under the DMA. The same is true of EU merger control and indeed the equivalents for all of these at the EU Member State level.
The DMA is also not “anti-American” as some have sought to portray it. Its obligations will apply to large digital players who by meeting a set of objective criteria will qualify as gatekeepers. While it is highly likely that many of these large digital players will originate from the United States, it is not their origin that matters, but their characteristics. Moreover, the intended beneficiaries of the more contestable and fair markets that the DMA seeks to create will in the first instance be the gatekeepers’ business users such as app developers, other competing online service providers, etc. Many, if not most, of these will also originate from the U.S. The DMA will provide them with a basis to develop, grow and flourish to the direct benefit of consumers in the EU and potentially elsewhere.
To whom do the DMA obligations and prohibitions apply?
The DMA applies to companies designated as gatekeepers for specified core platform services. Both of these concepts are defined in the DMA. Designation decisions (and all dicisions under the DMA) are the exclusive competence of the EC.
Core platform services
The core platform services are online intermediation services; online search engines; online social networking services; video-sharing platform services; number-independent interpersonal communications services (instant messaging services); operating systems; web browsers; virtual assistants; cloud computing services; and online advertising services provided by an undertaking that provides any of the other core platform services.
The EC’s initial proposal did not include virtual assistants or web browsers; these were added during the legislative process in light of the significance of these services in terms of access to digital markets.
Many of these core platform services are defined with reference to other relevant legislation and will be relatively obvious to identify. Some may require further analysis, for example, how to treat related services such as general and vertical search or operating systems for different devices, e.g., smart phones, tablets, virtual assistants, and wearables but owned, developed, and branded by the same company. The online intermediation services category may well be particularly broad.
The list of core platform services in the DMA is an exhaustive list. It can only be expanded following a market investigation by the EC and a legislative proposal to amend the DMA to add or remove a particular service from the list.
Gatekeepers
A company can be designated as a gatekeeper where it fulfils three qualitative criteria: (1) “it has a significant impact on the internal market”; (2) “it provides a core platform service that is an important gateway for business users to reach end users”; and (3) “it enjoys an entrenched and durable position, in its operations, or it is foreseeable that it will enjoy such a position in the near future.”
These three qualitative criteria will be presumed to be satisfied where the relevant company meets the following quantitative thresholds: (1) it had annual EU turnover of at least EUR 7.5 billion in each of the last three financial years, or where its average market capitalization or its equivalent fair market value was at least EUR 75 billion in the last financial year, and it provides the same core platform service in at least three Member States; (2) it provides a core platform service that in the last financial year has at least 45 million monthly active end users and at least 10,000 yearly active business users in the EU; and (3) the thresholds in (2) were met in each of the last three financial years.
The methodology for calculating user numbers is set out in the Annex to the DMA. It is expected that this will raise issues of interpretation as some core platform services, such as cloud and online advertising services, do not have direct end users in the same way as other core platform services.
Companies that meet these thresholds must notify the EC of this within two months after those thresholds are met and the EC must then decide on designation within 45 working days. The EC can decide not to designate companies as gatekeepers even though they meet the quantitative thresholds where such companies can provide substantiated arguments that they nevertheless do not meet the three qualitative criteria. Equally, the EC can decide, following a market investigation, that a company that does not meet the quantitative criteria should nevertheless be considered to meet the qualitative criteria and thus be designated as a gatekeeper. The designation decision will state for which core platform services designation applies. Gatekeepers then have six months to comply with all relevant obligations under the DMA. Designation (and other) decisions can be appealed to the European Courts and will be reviewed regularly or on request by the EC.
Gatekeepers’ obligations and prohibitions
The DMA’s 22 obligations and prohibitions are set out in three articles. The first group are set out in Article 5. These are designed to be immediately applicable in line with the deadlines without further specification. The second group are set out in Article 6. These are “susceptible of being further specified” in a dialogue process with the EC. Further specification would allow the obligations to be tailored to the specific business models of the different gatekeepers. Finally, Article 7 relates to interoperability obligations for instant messaging gatekeepers.
In terms of the content of the obligations and prohibitions, these can be loosely grouped into obligations related to: data use and access, interoperability and FRAND access, advertising markets, and those designed to avoid lock-in and lead to genuine consumer choice in various ways. The following briefly summarizes the content of each of these obligations. For readers interested in additional details, and the many fascinating questions of interpretation that are bound to arise (and which could easily form the subject of further articles), it is recommended to study the precise wording of the relevant articles and the corresponding interpretative recitals.
Data
Four of the DMA’s obligations (Articles 5(2), 6(2), 6(10), and 6(11)) deal specifically with data, though data clearly plays a role in other obligations. Two of the data-specific obligations concern data use and two relate to data access. These obligations also illustrate the multiple goals of the DMA. In this case data privacy and consumer protection, as well as antitrust principles.
Article 5(2) prohibits gatekeepers from: (1) processing, for the purpose of providing online advertising services, personal data of end users using services of third parties that use gatekeepers’ core platform services; (2) combining personal data from a core platform service with personal data from any other services provided by the gatekeeper or by third parties; (3) cross-using personal data between a core platform service and other gatekeeper services; and (4) signing in end users to other services of the gatekeeper in order to combine personal data, unless in each case, the end user has been presented with a specific choice and has given their genuine consent in line with the GDPR. This means explicit opt-in consent and—if consent is given—an opportunity for that consent to be as easily withdrawn as it was given. If end users do not consent, gatekeepers must provide them with an alternative service that is less personalized but of equivalent quality. While this provision has potential antitrust implications in restricting data accumulation by gatekeepers raising barriers to entry for rivals, the emphasis is on consumers’ control of their personal data.
Article 6(2) prohibits a gatekeeper from using, in competition with business users, any data that is not publicly available and is generated or provided by those business users while using the gatekeeper’s core platform services or other linked services, including data from customers of those business users. This provision was clearly inspired by the EC’s case against Amazon in relation to its use of seller data for anticompetitive purposes in its dual role as marketplace and seller but is also designed to apply to gatekeepers in online advertising and cloud services.
Article 6(10) and (11) require gatekeepers to give access to different types of data. Article 6(10) obliges gatekeepers to give business users, on request and free of charge, continuous, and real-time access to all types of data that arise in the context of the use of a core platform service or linked services by the business user and the end users of the products or services provided by the business user. Like Articles 5(2) and 6(2), this provision is designed to enable fair competition between the gatekeeper and its business users and to hinder the gatekeeper from leveraging its core platform service market power into adjacent/vertical markets, enabling these markets to be contestable. This is in fact the philosophy behind the majority of the DMA obligations. Article 6(11) is by contrast one of a limited number of obligations designed to make core platforms themselves more contestable by reducing barriers to entry and expansion, in this case Internet search. Under Article 6(11), the gatekeeper must provide any other online search engine, at its request, with access on FRAND terms to ranking, query, click, and view data for searches generated by end users on its online search engine.
Consumer choice
While all the DMA obligations and prohibitions should ultimately lead to more consumer choice, this group of provisions do so most directly.
Article 5(3) bans gatekeepers from using parity clauses, i.e., gatekeepers cannot restrict business users from offering the same products or services to end users through other online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the gatekeeper’s online intermediation services.
Articles 5(4) and (5) require gatekeepers to allow business users to access (communicate and contract with) end users and to allow end users to use content, subscriptions, features or other items both on and outside of a core platform service. These provisions were inspired in particular by antitrust concerns with certain app store practices.
Articles 5(7) and (8) prohibit respectively gatekeepers from tying the use of a core platform service to identification services, a web browser engine or a payment service; and from tying one core platform service to another. Similar to antitrust cases such as Microsoft Windows Media Player or Google Android, the intention is to promote genuine consumer choice and contestability of markets.
The same rationale lies behind Articles 6(3) and 6(4) that require gatekeepers to enable end users to easily un-install software applications on the operating system of the gatekeeper and to install and use third party apps or app stores. Article 6(6) further prohibits gatekeepers from restricting technically or otherwise the ability of end users to switch between different apps and services accessed using the gatekeeper’s core platform services, including the end user’s choice of Internet access services.
Importantly, these provisions explicitly make reference to consumer behavioral insights to enhance their effectiveness, notably in terms of the power of defaults. Defaults work because of consumers’ “status quo bias”; that means that “most users just use what comes on the device. People rarely change defaults,” as has also been recognized in EU antitrust law enforcement. Gatekeepers must enable end users to easily change default settings on the gatekeeper’s operating system, virtual assistant, and web browser where it steers end users to products or services provided by the gatekeeper. At the moment of the end user’s first use of a gatekeeper’s online search engine, virtual assistant or web browser, gatekeepers must provide the end user with a choice screen listing the main available service providers so that the end user can choose which one they want to set as their default service provider for these services. Furthermore, when an end user downloads a competing product, gatekeepers cannot prevent the provider from prompting the end user to decide whether they want to set that downloaded app or app store as their default. Gatekeepers must also technically enable end users to easily change their default settings.
Similarly, Article 6(5) reflects typical consumer behavior. How information is presented to consumers or is ranked will influence where they focus their attention and thus their choices, as was established, for example, in the EU Google Shopping case. Under this article, a gatekeeper in a dual role of online intermediary for third parties and itself may not rank its own services and products more favorably than similar services or products of a third party and must apply transparent, fair, and non-discriminatory conditions to such ranking.
To stimulate consumer choice, contestability and innovation, Article 6(9) requires gatekeepers to provide end users free of charge with effective portability of data provided by them or generated through their activity in the context of their use of a core platform service. The tools to facilitate data portability, including by the provision of continuous and real time access to such data must also be provided. This article is designed to go beyond the data portability rights under the GDPR and to complement them.
Finally, under Article 6(13), gatekeepers may not have disproportionate conditions of termination for core platform services or make termination unduly difficult. Nor can they, under Article 5(6), prevent or restrict business or end users from raising any issue of gatekeeper non-compliance with relevant EU or national law with any relevant public authority, including national courts.
Interoperability and FRAND access
The DMA provides for both vertical interoperability (Article 6(7)), as has been used previously in antitrust cases and, due to the intervention of the co-legislators, horizontal interoperability for instant messaging services (Article 7). Article 6(7) requires gatekeepers to allow providers of services and hardware, free of charge, effective interoperability with the same hardware and software features accessed or controlled via the gatekeeper’s operating system or virtual assistant as are available to services or hardware provided by the gatekeeper. The same is true for the operating system itself. The aim of this obligation is to allow third parties to compete in products and services that must interconnect with the gatekeepers’ operating system or virtual assistant, thereby driving innovation and consumer choice.
Article 7 obliges gatekeepers to, on request and free of charge, make the basic functionalities of their number-independent interpersonal communications (instant messaging) services interoperable with the instant messaging services of other providers of such services in the EU, by providing the necessary technical interfaces or similar solutions that facilitate interoperability. The initial list of functionalities to be made interoperable is small (text messages and images, voice messages, video and other file sharing) and relates only to communications between two individual end users. This list gradually broadens out over four years to group communications and voice and video calls. This interoperability is designed to overcome the extreme network effects of instant messaging services and to enable consumers to switch messaging services without losing all their existing contacts and networks. Consumers will be completely free to choose whether they want to make use of interoperability offered by their messaging service.
Under Article 6(12), gatekeepers for app stores, online search engines and online social networking services must apply FRAND conditions of access to business users. The related Recital 62 makes it clear that what constitutes FRAND should, in the case of disagreement, be decided not by the EC, but through an alternative dispute settlement mechanism that is easily accessible, impartial, independent, and free of charge for business users, without prejudice to their right to go to court.
Advertising
The DMA contains a collection of obligations designed to deal with dysfunctionality and lack of transparency in online advertising markets that play a decisive role in the funding of digital products and services. Articles 5(9) and 5(10) aim to increase transparency to advertisers and publishers respectively through the provision of information on a daily basis and free of charge, on pricing, fees, remuneration and metrics for these, to enable advertisers and publishers to understand the price paid for each online advertising service.
Article 6(8) requires gatekeepers to give advertisers and publishers on request and free of charge, access to the performance measuring tools of the gatekeeper and the data necessary for advertisers and publishers to carry out their own independent verification of online advertising services.
Gatekeeper obligations to provide information on mergers and profiling audits
In addition to the obligations in relation to the operation of their core platform services, gatekeepers must inform the EC in advance about all proposed mergers involving core platform services or any other services in the digital sector or that enable the collection of data. The information provided will be shared with the Member States who can use it for the purposes of national merger control or to refer the merger up to the EC for review where the merger does not meet the EU merger thresholds under Article 22 of the European Merger Regulation (EUMR), as recently upheld by the European General Court. This will be a potentially important tool to review gatekeepers’ proposed nascent competitor acquisitions (or so-called “killer acquisitions”) in the tech sector.
Gatekeepers must also submit to the EC an independently audited description of any techniques for profiling of consumers that they apply to or across their core platform services. This audit will be shared with data protection bodies and a summary must be made publicly available. The rationale for this transparency measure is to “put external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale” and to allow more privacy friendly alternatives to the gatekeepers’ core platform services to differentiate themselves and thus to provide consumers with more choices.
Anti-circumvention provisions
While an anti-circumvention provision was included in the EC’s original proposal, this provision was significantly strengthened during the legislative process to address as many potential loopholes as possible. From the consumer perspective, a key innovation was to recognize so-called “dark patterns” or user interface design as a means of circumventing the DMA obligations. This is the first time that the harmful effects of such techniques—which are now being recognized across many jurisdictions, including in the U.S.—have been explicitly included in EU legislation, though other legislation is also starting to address this concern.
User interface design can be employed to lead consumers to make choices that the gatekeeper wants rather than what the consumer would have wanted. In addition to distorting consumers’ freedom of choice, these techniques can undermine the DMA’s objective of creating contestable markets through obligations such as enabling the installing/uninstalling of apps, users’ freedom to switch services, giving genuine consent to data combination, data portability and easy termination of core platform service contracts.
The DMA therefore provides that gatekeepers may not engage in “any behaviour that undermines effective compliance with the obligations of Articles 5, 6, and 7 regardless of whether that behaviour is of a contractual, commercial or technical nature, or of any other nature, or consists in the use of behavioural techniques or interface design.” It further requires that gatekeepers may not make the exercise of business and end users’ rights and choices under Articles 5, 6, and 7 “unduly difficult, including by offering choices to the end user in a non-neutral manner, or by subverting end users’ or business users’ autonomy, decision-making, or free choice via the structure, design, function or manner of operation of a user interface or a part thereof.”
This is an important element of the DMA. Its implementation and enforcement will however require expertise in behavioral techniques. Whether this expertise will materialize sufficiently within the regulator is considered below. Consumers will also be able to enforce breaches of this provision in national courts through class actions as is also described below.
Implementation of the DMA
Gatekeepers bear the burden of proof to show that they are complying with their DMA obligations. Within six months of designation, they must provide the EC with a report describing in a detailed and transparent manner the measures they have undertaken to ensure compliance with the obligations laid down in Articles 5, 6, and 7. Gatekeepers do, however, have the option to request that the EC engage in a process (under Article 8 DMA) to determine whether the measures that they intend to implement or have implemented to ensure compliance with Articles 6 and 7 are effective in achieving the objective of the relevant obligation in the specific circumstances of the gatekeeper. The EC may also adopt implementing acts on its own initiative to specify the measures that gatekeepers must implement in order to effectively comply with their obligations under Articles 6 and 7. The Article 8 process is without prejudice to the use of the EC’s enforcement powers and sanctions for non-compliance with the DMA.
The DMA foresees no similar process for the implementation of obligations under Article 5. In practice it seems likely, however, that the EC will be prepared to at least informally discuss their implementation with gatekeepers.
The Article 8 process foreseen for compliance with the DMA obligations is about how to comply and not whether a particular gatekeeper needs to comply with these obligations in relation to its core platform services. Unlike under EU antitrust law, no efficiency defense arguments can be brought to contend that a particular obligation should not apply in the particular circumstances of the gatekeeper. Once a company has been designated a gatekeeper in relation to a core platform service, the requirement to comply is non-negotiable. However, not all obligations will be relevant in practice to all gatekeepers.
Before taking an implementation decision under Article 8, the EC must share its preliminary findings with the gatekeeper and enable the gatekeeper to comment. The EC’s initial proposal did not include the right of third parties to be heard in relation to DMA implementation decisions on Articles 6 and 7 but this was corrected by the co-legislators. The ability of third parties to make meaningful comments on implementing decisions remains to be seen, however. This will certainly depend in part on what level of detail on the proposed implementation third parties can be provided with (respecting gatekeeper confidentiality). This information consists of: (1) a non-confidential summary of the case and the measures that the gatekeeper is considering taking or that the EC considers the gatekeeper should take; and, (2) where the gatekeeper initiates the process, a non-confidential reasoned submission to explain the measures that it intends to implement or has implemented. It is to be hoped that the information required to be provided to third parties under Article 8 will in practice be applied in such a way as to make detailed third party comments viable. Antitrust remedies that were adopted without adequately detailed consultation of third parties have not always been a resounding success in the EU.
Third parties include not only business users of core platform services such as app developers or other service providers but also end users. Certainly, where the implementation concerns the end user, such as the design of the end user interface, it will be essential to get consumer organizations’ views to make sure that the proposed design is effective to enable end users to easily exercise their rights and choices under the DMA, a key element in making markets contestable.
The DMA also foresees the adoption of implementing acts and guidelines that will set out the EC’s approach both in terms of procedure (including on enforcement cooperation between the EC and the EU Member State agencies, which cover more than simply antitrust agencies) and substance for the implementation and enforcement of the DMA. The adoption of implementing acts is currently scheduled for early 2023. The EC will consult interested third parties on the draft procedural implementing acts. Procedures are also foreseen for the adoption of standards where appropriate.
Enforcement of the DMA
The DMA foresees both public and private enforcement of its provisions.
Public enforcement
The DMA’s public enforcer is the EC. While it is the sole authority empowered to enforce this Regulation, it must cooperate with national competent authorities, including antitrust agencies in the Member States, to ensure coherent, effective and complementary enforcement. It must also liaise with representatives of EU data privacy, consumer protection, electronic communications and audio-visual regulators.
To carry out its enforcement role, the EC has very similar investigative tools to those under EU antitrust law and gatekeepers have similar rights to be heard. The EC’s tools include Requests for Information (similar to U.S. civil investigative demands and subpoenas) to obtain all necessary information, data and algorithms of gatekeepers—all with written explanations. The EC also has the power to conduct recorded interviews and take statements with the consent of the person to be interviewed, and the power to carry out “dawn raids,” which are unannounced inspections of gatekeepers’ premises. Furthermore, the EC has an obligation to monitor the effective implementation of and compliance with the obligations laid down in Articles 5, 6, and 7 and in the course of this, it can impose document preservation orders on gatekeepers and appoint independent external experts and auditors. If gatekeepers fail to comply with these procedural obligations they can be sanctioned with fines of up to 1 percent of their total worldwide turnover in the preceding financial year and periodic penalty payments.
Any third party, including business users, competitors or end users of gatekeepers’ core platform services can inform the EC or national competent authorities of potential infringements of the DMA. There is also specific protection for “whistleblowers.” In contrast to EU antitrust law, third parties cannot file a formal complaint about unlawful conduct leading to a decision to pursue or reject the complaint. Under the DMA, the EC and the national competent authorities have full discretion as to what they do with information received from third parties on potential DMA infringements. They are under no obligation to follow-up on the information received.
Gatekeepers must introduce a compliance function that is independent of the operational functions of the gatekeeper. This role includes cooperating with the EC for the purpose of the DMA.
The EC has several types of enforcement proceedings at its disposal. Chronologically these are interim measures—where there is a risk of serious and irreparable damage for business users or end users and a prima facie finding of an infringement of Article 5, 6, or 7, non-compliance proceedings and systematic non-compliance proceedings.
Gatekeepers have the right to respond to the EC’s preliminary findings in all enforcement proceedings and to have access to the EC’s file.
As in the case of implementing decisions under Article 8, the EC has an obligation to consult third parties in systematic non-compliance proceedings and to provide third parties with a non-confidential summary of the case and the remedies that it is considering imposing or of any commitments proposed by a gatekeeper. The EC has a discretion to consult third parties in the case of non-compliance proceedings. What level of information third parties will receive in such consultation is unclear.
Where the EC finds non-compliance, it can issue cease and desist orders and require gatekeepers to provide explanations on how they plan to comply. It can also impose fines on gatekeepers of up to 10 percent of their total worldwide turnover in the preceding financial year. Where the EC finds that a gatekeeper has committed the same or a similar infringement of an obligation in Article 5, 6, or 7 in relation to the same core platform service as it was found to have committed in a non-compliance decision in the preceding eight years, the fine can be up to 20 percent of the gatekeeper’s total worldwide turnover in the preceding financial year. Failure to comply can also be sanctioned with periodic penalty payments. As for antitrust law, all fines are appealable to the European Courts. The EC can also close non-compliance proceedings by accepting binding commitments from gatekeepers to ensure effective compliance.
Systematic non-compliance will arise where a gatekeeper has been found to have infringed one or more of the obligations laid down in Article 5, 6, or 7 and has maintained, strengthened or extended its gatekeeper position. A gatekeeper will be deemed to have engaged in systematic non-compliance where the EC has issued at least three non-compliance decisions against a gatekeeper in relation to any of its core platform services within a period of eight years. To find that a gatekeeper has engaged in systematic non-compliance, the EC must conduct a market investigation. One or more Member States can request the EC to investigate. Where this confirms systematic non-compliance, the EC may impose on the gatekeeper any behavioral or structural remedies that are proportionate and necessary to ensure effective compliance. Such remedies can include a more novel remedy in the EU—a prohibition, for a specified period, on the gatekeeper to pursue mergers and acquisitions in relation to core platform services or other services provided in the digital sector or enabling the collection of data that are affected by the systematic non-compliance. As in the case of non-compliance proceedings, the EC can also impose fines and periodic penalty payments on gatekeepers and can accept binding commitments offered by gatekeepers to close a systematic non-compliance proceeding.
Private enforcement
As under EU antitrust law, companies (business users) can bring private actions before national courts to enforce their rights under the DMA and thereby gatekeepers’ compliance with their obligations. The DMA contains mechanisms to ensure that decisions by national courts are consistent with the EC’s enforcement decisions.
A significant novelty introduced by the DMA from the consumer perspective in comparison with EU antitrust law is that this EU law (unlike the Damages Directive) will enable consumers (end users) to bring class actions (“representative actions”) as a result of the DMA being added to the Representative Actions Directive. Class actions for antitrust law breaches (including EU law) can currently only be brought where such actions are foreseen under national law. The Representative Actions Directive that is due to take effect in June 2023 requires EU Member States to introduce procedures for representative actions and to give legal standing to bring these actions to non-for-profit entities (in particular consumer associations), complying with certain criteria. Once designated, these entities will be able to represent consumers in court to bring domestic and cross-border actions for injunctions to enforce consumers’ rights under the DMA or for financial redress for gatekeeper violations.
Implementation and enforcement are bound to throw up some teething troubles for the DMA in light of the ground that it covers. While in the ideal world it would be perfect from the start, in the real world, such perfection is rarely possible for new legislation. Furthermore, digital markets will not stand still so it cannot be entirely future proof. The DMA therefore also foresees various procedures to revise and update it. EU telecoms legislation was revised several times after the first ground-breaking single market regulation in the 1990s. This new law therefore likely marks the start, but not the end of regulation to make digital markets work better.
Conclusions and predictions
The DMA is, on the one hand, a continuation of the EU’s approach to sectoral regulation in the EU internal market. On the other, it also comprises innovative “out of silo” thinking in the digital sector in the way that it is built not only on antitrust principles but also on data protection and consumer behavioral insights principles—an approach that was overdue in digital markets. As such, the DMA in setting up ex ante behavioral rules for gatekeepers, has the potential to be a new dawn for the effective functioning of digital markets in the EU and potentially elsewhere in the world if it inspires similar legislation. Nevertheless, this is not a foregone conclusion. It could still prove to be a false dawn. One important element in its realization will be cooperation between different types of regulators using the mechanisms established in the DMA. An even more critical ingredient for the DMA’s success will be that the EC has enough resources of the right type to enforce it properly. This means the right (IT) tools and the right number of staff which must include, in addition to lawyers, experts in data and computer science, algorithms, AI, and behavioral insights expertise due to the consumer-facing nature of digital markets. The importance of technical experts has been recognized by other enforcers, in particular in the U.S. There is some doubt that the EC will get all the necessary resources.
The importance of having sufficient implementation and enforcement resources is all the more obvious when one considers the challenges that gatekeepers will inevitably bring to try to undermine the effectiveness of the DMA or at least to try to delay its effect. Based on big tech’s track record of compliance with EU antitrust, data protection, and consumer law, this is to be expected—starting with challenges to designation decisions and the precise boundaries of core platform services, moving on to the interpretation of obligations and circumvention. Given the huge information asymmetries between the EC (and other regulators) on the one side and gatekeepers on the other in relation to exactly how the latter operate and maintain their gatekeeping capacity in digital markets, it will be vital to involve third parties in implementation and enforcement of the DMA to supplement the regulators’ knowledge and expertise. Third parties that include business users, especially U.S. companies, and end users will also have an important role to play in identifying non-compliance and drawing this to the attention of regulators, as they have done under EU antitrust law.
