Gatekeeper

New obligations and sanctions for digital ‘gatekeepers’: European Commission proposes Digital Market Act

The debate about competition issues and unfair practices specific to online platforms and the appropriate tools to tackle them was taken a step further by the European Commission (‘Commission’), which presented two legislative proposals on 15 December 2020: The Digital Services Act (‘DSA’) and the Digital Markets Act (‘DMA’). While the former is intended to regulate online content and increase transparency and accountability, the latter is intended to ensure contestable and fair markets in the digital sector by imposing limits (and potentially sanctions) on so-called ‘gatekeepers’. This post focuses on the latter. The DMA is the confirmation that, from the Commission’s point of view, the competition law toolbox does not perfectly address the new challenges encountered in the digital sector. Designed more specifically at tackling unfair practices and closing (what is perceived by the Commission as) an enforcement gap, the DMA complements the competition law toolbox with new obligations for market players and new control and enforcement tools for the Commission.

Identifying the gatekeepers

The first potentially contentious issue concerns the determination of the subject-matter of the DMA.

Digital platforms will have to assess whether the DMA applies to them. During the press presentation, the two commissioners in charge, Margrethe Vestager, Executive Vice-President for a Europe fit for the Digital Age (and continued head of DG Competition), and Thierry Breton, Commissioner for Internal Market, refrained from naming any specific platform.

The DMA establishes a concept of ‘gatekeeper’, which refers to providers of ‘core platform services’. These services include online intermediation, search engines, social networks, video-sharing platforms, online-communication, operating systems, cloud computing, as well as related advertising.

More specifically, the proposal sets out three cumulative criteria for defining ‘gatekeepers’: the provider must (i) have a significant impact, (ii) act as an ‘important gateway for business users to reach end users’ and (iii) enjoy an ‘entrenched and durable position’ or will foreseeably do so in the near future.

The Commission will presume that these criteria are fulfilled above the following quantitative thresholds:

a) for criterion (i) above, where the provider has an annual turnover in the EEA of at least EUR 6.5 billion in the last three financial years or market capitalization or market value of at least EUR 65 billion in the last financial year and it provides a core platform service in at least three Member States; or

b) for criterion (ii) above, where, in the last financial year, the core platform service had more than 45 million monthly active EU end users and 10,000 yearly active EU business users; or

c) for criterion (iii) above, where the provider meets the two thresholds mentioned in b) for each of the last three financial years.

The gatekeeper status will result from a Commission assessment and subsequent decision, but providers will have an obligation to self-assess and report themselves to the Commission when they meet the thresholds for the presumption to apply.

The presumption is rebuttable: a provider meeting the thresholds can argue that it does not fulfil the gatekeeper criteria. The Commission can also identify a gatekeeper even when not all the thresholds are met. A list of gatekeepers will be published and maintained to take into account market developments.

Specific duties and prohibitions

Regarding behavior, the DMA contains a list of Do’s and Don’ts for gatekeepers.

A first set listed in Article 5 of the DMA applies per se and needs no further details for the gatekeepers to fully comply with and be held responsible if they do not. For the second set listed in Article 6 of the DMA, the Commission may impose specific, more precise measures on a gatekeeper.

Do’s

Don’ts

Obligations for gatekeepers
(art. 5 DMA)

  • Allow business users to offer the same products or services to end users at different prices or conditions via other platforms;
  • Allow business users to do business with end users acquired on a platform also outside that platform, and allow end users to access content via the platform even if it was acquired outside the platform;
  • Upon request by a client of advertising services, provide it with pricing and remuneration information in relation to a specific ad and for each relevant advertising service.
  • Refrain from combining personal data sourced from these core platform services with other personal data;
  • Refrain from preventing or restricting business users from raising issues with any relevant public authority relating to any practice of gatekeepers;
  • Refrain from imposing its own identification service on end users that want to access business users’ services on the gatekeeper’s platform;
  • Refrain from tying core platform services.

Obligations for gatekeepers susceptible of being further specified
(art. 6 DMA)

  • Allow end users to uninstall any preinstalled software applications (unless it is essential for the functioning of the operating system or of the device and cannot technically be offered on a standalone basis by third parties);
  • Allow use of or interaction with third party software applications or software application stores on the gatekeeper’s operating systems, and allow access to these outside the gatekeeper’s core platform services (but the gatekeeper can take proportionate measures to ensure that the integrity of its hardware or operating system is not endangered);
  • Allow business users providing ancillary services access to and interoperability with the same operating system, hardware or software features used for the gatekeeper’s ancillary services;
  • Provide advertisers and publishers, upon their request and free of charge, with access to the performance measuring tools of the gatekeeper and the information necessary for advertisers and publishers to carry out their own independent verification of the ad inventory;
  • Provide effective portability of data generated through the activity of a business user or end user;
  • Provide business users (or third parties authorised by them), with free, effective, high-quality, continuous and real-time access and use of data provided for or generated in the context of end users engaging with the products or services provided by those business users; however, for personal data, the end user must have opted in for such access, and the access must be limited to the data directly connected with the use of the relevant platform in respect of the products or services offered by the relevant business user;
  • If the gatekeeper offers an online search engine, provide any third-party providers of online search engines (upon their request) with access on FRAND terms to ranking, query, click and view data generated by end users, subject to anonymisation of personal data;
  • Apply fair and nondiscriminatory general conditions of access for business users to the gatekeeper’s software application store.
  • When the gatekeeper competes with business users, refrain from using relevant data not publicly available and generated or provided in relation to the use of the core platform services by these business users or their end users;
  • Refrain from ranking more favourably its own products and services compared to those of third parties (fair and nondiscriminatory conditions should apply);
  • Refrain from technically restricting the ability of end users to switch between and subscribe to different software applications and services to be accessed using the operating system of the gatekeeper, including as regards the choice of Internet access provider for end users.

 

Regarding acquisitions, the DMA introduces an obligation for gatekeepers to inform the Commission of any intended concentrations in the digital sector, even for transactions falling outside the scope of EU or national merger control regimes.

Enforcement powers for the Commission (EU level intervention)

The Commission will have several tools to monitor gatekeepers and sanction lack of compliance: market investigations, investigative proceedings (including requests for information, interviews, on-site inspections), interim measures in case of emergency, noncompliance decisions, and ultimately fines up to 10% of the gatekeeper’s worldwide annual turnover and periodic penalty payments up to 5% of the average daily turnover. A provider will be able to make commitments to avoid a noncompliance decision and sanctions.

Limited intervention at national level

For the sake of a uniform and coherent response to unfair practices implemented by gatekeepers within the EU, the proposed legislation takes the form of a Regulation, directly enforceable within the EU, meaning that it will apply without the need for Member States to adopt national rules. The DMA lays down harmonized rules and Member States must not impose further obligations specific to gatekeepers, be it by way of national legislation, administrative action or else. The only way for Member States to intervene is when at least three of them jointly request the Commission to open an investigation. Regarding public enforcement, no specific role is foreseen for national competition authorities.

However, private damages are still handled at national level. The DMA leaves room for business users and end-users of core platform services provided by gatekeepers to claim damages for the unfair behaviour of gatekeepers before national courts.

Not yet a reality – the legislative process ahead

The current version of the DMA is still likely to change as it will undergo the normal EU legislative process involving the European Parliament and national governments via the European Council. According to the Commission, the search for a broad political consensus was already part of the preparatory phase, so that the final legislative act is anticipated to be adopted rather rapidly, in about one and a half years. Add the proposed six-month delay between entry into force and application, and the DMA could apply beginning of 2023. Yet, the real pressure against the proposal will probably come from providers likely to be identified as gatekeepers and that had already made their objections known during the public consultation launched by the European Commission prior to the drafting of the DMA.