by Jeffrey Wimmer
The digital transformation is associated with major frictions (please see Carpentier/Wimmer, 2023, pp. 67ff) to which European legislation must respond. The Digital Services Act (DSA) and the Digital Markets Act (DMA) are two new sets of rules for the regulation of online platforms. They pursue two goals: The creation of a secure digital space for the protection of the fundamental rights of users of digital services and the creation of a level playing field that promotes innovation, growth and competitiveness.
Credits: Adrien Olichon
With the DSA, the EU Commission (EC) is establishing rules for online platforms to prevent illegal election propaganda, hate speech or counterfeit branded goods. Since 17th of February 2024 the requirements of the DSA must be implemented by many information services across Europe. While large providers such as Google, Apple and X have had to comply with the new rules since August 2023, smaller services are now following suit. Unlike the rules of the European General Data Protection Regulation, which are enforced by the supervisory authorities in the member states, the provisions of the DSA for very large platforms and search engines are enforced directly by the EU Commission. Violations are punishable by fines of up to 6 per cent of annual global turnover.
This affects very large online platforms and search engines that have more than 45 million active monthly users in the European Union. In April 2023, EC named the first 17 very large online platforms (VLOP), including Alibaba, AliExpress, Amazon Store, Apple AppStore, Booking.com, Facebook, Google Play, Google Maps, Google Shopping, Instagram, LinkedIn, Pinterest, Snapchat, TikTok, Wikipedia, X, YouTube, and Zalando, and two very large online search engines (VLOSE) Bing and Google Search. They had four months to fulfil the new requirements. TikTok announced that it would introduce a less personalized algorithm for EU users only and create more transparency regarding advertisements. According to Meta, it has set up a team of 1,000 employees to fulfil the requirements of the DSA. Google wants to increase its transparency in terms of guidelines. The company wants to provide more detailed information about advertisers in its Ads Transparency Centre.
The DSA was used against X for the first time. On 12 October, EC contacted the platform operators with a request relating to ‘possible infringements by X in connection with illegal content, disinformation, hate speech and other aspects’, placing them under an obligation to provide information about the suspected malpractice. Two months later, the Commission opened formal proceedings against X to investigate whether the social media platform was in breach of the DSA regulation “in areas linked to risk management, content moderation, dark patterns, advertising transparency and data access for researchers” (https://ec.europa.eu/commission/presscorner/detail/en/IP_23_6709). The next step would be for the Commission to issue an order requiring X to rectify the situation. If X did not comply with this request, sanctions would be imposed – from fines to a ban. A rather far-reaching power, at least in theory.
But the DSA has yet to be implemented in practice. Although the EC is basically the supervisory authority for all VLOP, it works together with so-called digital services coordinators at national level. And it is precisely here that there has been too long a dispute over competences – and thus the entire European enforcement system. However, this law is a first attempt to ensure that the internet remains a democratic place in the broadest sense. However, there is also a certain responsibility on the part of users to exercise these rights and report abuses. Another important tool against disinformation is media literacy.
Interestingly, Telegram is not included, but the EC wants to pay very close attention to user numbers. ChatGPT is also not involved, although it is already connected to several services. The Commission is closely examining whether ChatGPT can be considered a platform. It is also considering how to deal with AI-generated synthetic content on social media platforms.
As the second pillar of digital regulation, the DMA is intended to ensure the fairness of markets in the digital sector, provide more innovation and guarantee better protection for consumers. It is aimed at large online platforms that are identified as so-called “gatekeepers” and to which certain rules of conduct apply. The term gatekeeper refers to the major players in the digital market, such as online platforms and search engines, which have a significant influence on the market and act as intermediaries between companies and consumers. This refers to digital platforms with an annual turnover of more than 7.5 billion euros or a market value of 75 billion euros, more than 45 million end users per month in the European Union and more than 10.000 commercial providers on the platforms. In addition, the central platform services (e.g., app store, messenger services, online marketplaces, search engines, operating systems, etc.) must be provided in at least three EU states. These are therefore companies that have considerable influence and a consolidated, permanent market position with their central platform services.
The six gatekeepers designated by the EC under the DMA are: Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft. Most of them have announced their legal resistance. In its press release, the European Commission names 22 key platform services that are monitored by these gatekeepers: Social networks (Facebook, Instagram, LinkedIn, and TikTok), major communication services (Facebook Messenger and WhatsApp), intermediary platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, and Meta Marketplace), search engine (Google), web browser (Chrome and Safari), online advertising services (Amazon, Google and Meta), popular operating systems (Google Android, iOS, Windows PC OS), and a video sharing platform (YouTube).
Specific regulations are intended to protect the interests of commercial and private users. For many citizens, gatekeepers are the gateway to the internet or online shopping. However, they should not use this market power and their wealth of data to gain unfair advantages at the expense of smaller competitors or commercial users of their services. A good example of this is that Google has systematically improved the ranking of its price comparison portal Shopping in its own search engine, thereby putting the competition at a disadvantage and taking over the market for price comparison portals. The DMA therefore stipulates, among other things, that gatekeepers may not merge personal data, they may not favor themselves in the ranking and they may not use user data themselves for advertising purposes. They are also prohibited from linking with other platform services in terms of use/access. Under the DMA Act, gatekeepers now have until 6th of March 2024 to comply with the full list of requirements and prohibitions to ensure fair competition and protect user privacy. This includes the avoidance of unfair practices, transparent access to services and the transfer of data to commercial users.
Despite strong headwinds lobbies and tech companies, the EC has prevailed with the DMA. Although the generous definition of gatekeepers means that only a few companies fall into this category. It remains to be seen whether the regulation will have enough impact to change existing structures on the digital market.