Digital Market Act and Digital Service Act: When Regulation Catches up with Digital Markets

“The first ever traffic light that brought order in the streets […] was invented as a response to a major technological disruption: the invention of the cars. Now we have such an increase in the online traffic that we need to make rules that put order into chaos”. This is how Margrethe Vestager referred to the new Digital Service Act (DSA) and Digital Market Act (DMA) proposals from the European Commission during a press conference on the 15th December 2020. 

Digital markets grew tremendously in the past decade, and continuously evolved following technological breakthroughs. However, this fast expansion and the novelty of these markets has made regulation complicated to enforce. Several problems appeared, such as the fact that regulations were often based on a territoriality doctrine, which is mostly obsolete when it comes to the internet. It was then easier for firms operating online (usually platforms connecting end users with business users) to gain an excessive amount of market power, creating a failure in these markets. These new proposals of the European Commission aim to correct this failure. 

Traditional Regulations Unsuited to Digital Markets 

Before drafting these proposals, the European Commission tried to apply the available rules to digital firms, mostly through competition law. As early as the 2000’s, Microsoft was condemned on the grounds of abuse of dominant position because it was using its market power on the PCs operating system market to gain more market shares in other markets. For instance, Microsoft was tying Windows Media Player on its operating system for PCs, thus distorting competition on the media players market. Competition law is known for its cases against big tech giants, like Google, Amazon, Facebook, etc. But as time went by, these platforms continued to gain more and more market power, leading to greater concentration in the digital market. 

This increase of market power led to another problem: companies process huge amounts of data that contain personal information about their consumers. This led regulators to raise privacy concerns. 

Such concerns led to the adoption of a notable regulation for data processing online: the General Data Protection Regulation (GDPR) in 2018. This was a response to the drastic growth of digital firms with a business model based on data processing (gathering data, exploiting them, selling them, etc.).  

This regulation has some interesting aspects. Firstly, it switches from a territoriality doctrine to an effects-based doctrine. It enables the regulation of firms which are not based in the European Union on the grounds that they are targeting individuals located within the EU. Secondly, it increases the importance of user’s consent online, by requiring explicit consent for the privacy policy of the website. Finally, it introduces a notion of joint responsibility between the data controller (which decides the use and the method for processing personal data, usually a website) and the data processor (which processes data for the controller). Sometimes, they are the same entity, but often data processing is outsourced to third-parties. Under this regulation, the controller has to make sure that the third-party also complies with the GDPR. 

However, this regulation is not a great success, principally for two reasons. The main one is that national authorities have divergent incentives to enforce this regulation properly. They may prefer being indulgent to preserve their attractiveness towards big tech giants. Secondly, digital markets became more concentrated. Indeed, following the GDPR, firms reduced their outsourcing data processing in order to avoid legal uncertainty caused by joint responsibility. The firms which were already powerful had more resources to process data. It made them more attractive because they were more likely to comply with the GDPR. It led to a reinforcement of their market power, especially Google, the leading firm. 

This regulation highlights the facts that with digital markets several issues are interlinked, and that it is important to think broadly when it comes to regulating these markets. The DMA and DSA proposals are designed to take into account all these different aspects in one body of text, and in this sense, it is really promising. 

The Promises of the DMA and DSA

The objective of the Commission is to acknowledge the benefits that digital firms give to consumers, while also providing protection to these consumers. This protection includes preserving the variety of their choices (having a wide range of products available) and preserving their fundamental rights (this mostly refers to privacy). The DSA also proposes measures to fight against illegality online (by demanding more transparency) while giving users means to challenge platforms’ decisions when they moderate content.  

These proposals are interesting because they introduce asymmetric rules through the notion of gatekeepers. Gatekeepers are defined by the DMA as core platform services which significantly impact the internal market by gathering a lot of users (business users and end users). This impact must be happening for a while and be likely to continue in the near future. For instance, we can think of Amazon as a gatekeeper: it is a platform which gathers a lot of sellers and is used by a lot of buyers, thus affecting the European market. This has been the case for a while, and nothing seems to suggest that this change in the next few years. Because of their scale, gatekeepers bear more responsibilities than other firms. The Commission went even further by not limiting itself to the existing gatekeepers. The DMA is also introducing the possibility of an ex-ante regulation: even if a firm does not correspond to the criterion of a gatekeeper, it could be targeted by the same asymmetric rules if the Commission considers it is likely to become a gatekeeper in the future. 

Another strength of this proposal is that it considers the Commission as the regulatory body to enforce these rules. This way, the control will not be split across the member states, thus ensuring a greater homogeneity. It will remove the problem of difference in incentives of member states, and guarantee a more powerful enforcement. 

Overall, these proposals try to identify all the current problems in digital markets regulation and propose innovative ways to solve them. For instance, they propose that platforms should have an obligation to offer an alternative service when a user disagrees with its privacy policy. Indeed, nowadays, when disagreeing with such a policy, it is simply not possible to access the platform’s services (rendering user choice almost paradoxical). With these proposals it would be possible to refuse a privacy policy and still access a platform’s alternative service, providing the consumer with a real choice. 

These proposals still need to be discussed by the Parliament and the Council, and it is likely that their effective enforcement happens within a few years. However, it shows a strong will of the European Commission to be a precursor on these issues. As we saw the GDPR inspire some other regulations across the globe, it is likely that this “Brussels effect” will also spread with these proposals.

By Louise Damade


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s