It took a little over a year – quite a short time in Brussels time – for the various European institutions to agree on the text of the Digital Market Act (DMA). This regulation, which will come into force in 2023, aims to be the economic response to the growing hegemony of digital giants. Five years after the entry into force of the General Data Protection Regulation (GDPR), which aimed to enact a high standard of protection in the collection and use of personal data, the editors of the DMA have drawn several lessons.
Access control controller
Where the GDPR is aimed at all digital players, from Google to the website of an SME, the DMA is only about “gatekeepers”, that is, platforms large enough for everything an ecosystem depends on their services. Those that exceed a turnover of 7.5 billion euros or have more than 45 million users on the continent, or 10% of the population, are kept as such. A handful of companies are therefore interested: Gafam (Google, Amazon, Facebook, Apple, Microsoft) of course, but for example also the Chinese TikTok or the European Booking.
Thanks to this targeting, the European text avoids the pitfall of favoring large platforms to the detriment of SMEs, the former being able to take on the investment more easily to get up to speed. More fundamentally, whether it is Facebook that determines the media audience with its algorithmic choices, Amazon sucking in competition from vendors passing through its platform or even Apple leveraging its application store to impose significant commissions, the criticisms leveled at platforms affect a handful of companies. Their services have in fact become obligatory passages, even essential infrastructures of our economies. The tone is also soured: offending companies are subject to higher penalties of up to 10% of global turnover, or even 20% in the event of a repeat offense. Perhaps a very consistent level.
“The draft regulations do not aim to reshuffle the cards of the competitive game, but to enforce the rules”, Frédéric Marty
The range of measures imposed by the European Union is wide, but it can be summarized as follows: it is a question of preventing digital giants from using their dominant position to push their services to the detriment of others. As economist Frédéric Marty pointed out at the end of 2020: “The draft regulations do not aim to reshuffle the cards of the competitive game, but to enforce the rules. “
For example, these actors should not impose certain default software during the installation of the operating system (OS). We obviously think of Android, Google’s smartphone OS, which offers its own applications by default, from Chrome to YouTube or Gmail. The text also requires “allow sellers to access their data on marketing or advertising performance on the platform” : third-party sellers operating on Amazon will thus be able to access information relating to their products that the platform currently jealously guards for itself.
DMA also aims to enforce interoperability, particularly on digital messaging. This means that two services must be interoperable with each other, as are emails: it is in fact possible to send a message from a Free or Hotmail address to a Gmail address, and vice versa. This does not apply to digital messaging: you cannot communicate from WhatsApp to a Signal, Telegram or Messenger user. The aim of this measure is in particular to break the network effects that push all users to focus on a single service. One comes to register on WhatsApp because all his family and friends are already there.
Similarly, the European text aims to allow application developers to access “auxiliary functions of smartphones” such as NFC antennas. Apparently a technical entity, this technology is what allows smartphones to communicate with other terminals and thus to act as a payment card. Apple is particularly targeted as it reserves the NFC antenna of its iPhones for its Apple Pay payment solution.
A small workforce
If on paper these measures seem ambitious, can we hope for their full and rapid implementation? “I fear that we will find ourselves in a situation comparable to that of the GDPR, but with a bottleneck that is in Brussels instead of Dublin”, the disbanded economist Joëlle Toledano. The GDPR requires complaints to be returned to the regulator that hosts the company’s European headquarters. Tax haven obliges, Ireland is home to Google, Apple, Facebook, TikTok, Microsoft, etc. So much so that the national regulator has accumulated several hundred complaints, on which, due to lack of will or lack of resources, it is slow to pronounce, preventing the effectiveness of European legislation.
The application of the DMA will be the responsibility of the European Commission. But will it have more resources than the Irish regulator? The text currently foresees a workforce of 40 in 2023 and 80 as of 2025, which the Commission plans to increase somewhat. “It is not reasonable when you are attacking giants like Amazon, Google or Apple to rely on just a hundred peopleexplains Joëlle Toledano. The challenge is to reduce the information asymmetry between public bodies and businesses, so that the former can evaluate the validity of the answers given by the latter. “
The game of liar poker has also begun: the leader of WhatsApp explains that the interoperability of messaging systems risks reducing security and therefore the protection of privacy. Real technical problem or pretext to avoid regulation?
Furthermore, “DMA is closer to regulation than regulationanalyzes Joëlle Toledano. When you want to regulate a sector, you have to put all the actors around a table to benefit from the mutual contradictions and exploit the mutual arguments to converge towards the general interest. However, there, the Commission services will be face to face with the company, a format that does not participate in reducing the information asymmetry. “
European regulation has fundamental principles on its side, all that remains is the method and the means to establish itself.