Articles
Privacy 101
EU Digital Markets Act (DMA): everything you need to know
Privacy 101
new

EU Digital Markets Act (DMA): everything you need to know

Published  

9/22/2023

by 

Ali Talip Pınarbaşı

9
min read

Published  

September 22, 2023

by 

Ali Talip Pınarbaşı

10 min read
Summary

When it comes to regulating and scrutinizing big tech companies’ business practices and digital platforms, the European Union (EU) has a reputation for imposing the toughest and most impactful rules, such as the EU GDPR and the EU Competition Law rules.

 

More importantly, it is known for enforcing such rules against big tech companies and other two-sided digital platforms. 

 

On 1.11.2022, the EU passed a new law called the Digital Markets Act (DMA), which regulates core digital platform services such as online search engines, web browsers, advertising services, social network services, and video sharing platforms.

 

The primary purpose of the Digital Markets Act is to ensure and maintain contestability in core digital platforms and fairness in the relationship between digital platform providers, business users, and end-users. To achieve these goals, the DMA imposes various obligations on digital platform services, such as obtaining user consent to use personal data for advertising purposes. Failure to comply with the DMA may result in fines totaling 10% of the annual turnover of a company.

 

In this article, we will help you understand what the DMA is, its obligations on digital platforms such as search engines and communications tools, and how it relates to privacy and the GDPR.

 

What is the Digital Markets Act (DMA)?

 

History and context behind the Digital Markets Act (DMA)

While digital platforms such as Google Search, Apple's App Store, and Facebook allow businesses to connect with consumers across the EU, there is a risk that these digital platforms abuse their dominant power and involve unfair practices.

 

For instance, the European Commission launched a competition law investigation against Apple because the company did not allow mobile app developers to use alternative in-app payment systems other than its own, Apple Pay.

 

"Mobile payments play a rapidly growing role in our digital economy. It is important for the integration of European payments markets that consumers benefit from a competitive and innovative payment landscape. We have indications that Apple restricted third-party access to key technology necessary to develop rival mobile wallet solutions on Apple's devices. In our Statement of Objections, we preliminarily found that Apple may have restricted competition, to the benefit of its own solution Apple Pay. If confirmed, such a conduct would be illegal under our competition rules."

- Margrethe Vestager, Executive Vice President of the European Commission (source: European Commission)

 

While the existing EU competition law rules have been applied to such platforms in the past, the EU Competition Law regime was not fully effective at preventing digital platforms from abusing power and unfair practices. Therefore, the EU decided to implement the Digital Markets Act (DMA) in order to regulate the activities of digital platforms and maintain their contestability and fairness.

 

The DMA is not a stand-alone regulation. It is part of the EU’s broader regulatory program called “Europe fit for Digital Age” to regulate and impose rules and restrictions for the digital space. Within this program, there are more than 15 legislative proposals, which include the Artificial Intelligence Act and the Data Governance Act.

 

Objectives of the Digital Markets Act (DMA)

The Digital Markets Act’s primary purpose is to ensure that digital platforms such as search engines, social networks, advertising services, and mobile app stores are fair and contestable for both end users and businesses.

 

What platform services are subject to the Digital Markets Acts?

When the DMA was passed, a variety of platform services were liable to be subject, such as:

 

  • Online intermediation services (e.g., Amazon)
  • Search engines (e.g., Google)
  • Social networking services (e.g., Facebook, Instagram)
  • Web browsers (e.g., Google Chrome, Bing)
  • Virtual assistants (e.g., Siri, Alexa)
  • Video-sharing platform services (e.g., Youtube)
  • Number-independent interpersonal communications services (e.g., Whatsapp)
  • Operating systems (e.g., Windows, iOS)
  • Cloud computing services (e.g., Amazon Web Services)
  • Online advertising services provided by an undertaking that provides any of the abovementioned services.

Since then, the final 6 gatekeepers have been announced. To access the full list and the definition of what a gatekeeper is, continue reading below.

 

Key dates and deadlines

The DMA entered into force on November 1st, 2022. While some of its provisions have become immediately applicable, the rules concerning the designation of gatekeepers came into force in May 2023. 

 

Under the DMA, organizations must self-assess if they meet the quantitative criteria set out above. If they meet the three quantitative criteria listed in the next section, they are required to inform the European Commission within two months so it Commission can designate them as gatekeepers.

 

The European Commission has 45 days to review the application, and the obligations imposed on gatekeepers will become applicable 6 months after the Commission designates the organization as a gatekeeper.  

 

Considering this timeline, the obligations on gatekeepers will become enforceable in March 2024.

 

What are gatekeepers according to the Digital Markets Act (DMA)?

 

EU Digital Markets act2

 

The DMA does not apply to all digital platform services. It only applies to “Gatekeepers,” which are deemed to exercise “considerable economic power” and to “feature an ability to connect many business users with many end users through their services” (Source: European Commission)

Under the DMA, an organization (referred to as “undertaking”) will be treated as a gatekeeper if the following three criteria are met:

 

1) The Organisation has the ability to have a significant impact on the EU internal markets

This criterion will be presumed to be satisfied if the Organisation has an annual EU-wide group turnover of at least EUR 7.5 billion in each of the last three financial years or where the business’ average market capitalization or equivalent fair market value amounted to at least EUR 75 billion in the last financial year. It should also provide the same Core Platform Service in at least three EU Member States.

 

2) Core Platforms Service is an important gateway for business users to reach end users

The criteria are presumed to be fulfilled if the core platform service has more than 45 million monthly active end users established or located in the Union and more than 10,000 yearly active business users established in the Union in the last financial year

 

3) The Organisation’s Core platform service has an (established or expected) entrenched and durable position
This criterion is presumed to be met when the user number thresholds have been met in each of the last three financial years.

 

Current gatekeepers under the Digital Markets Act (DMA)

 

Didomi - Digital Markets Act (DMA) Gatekeepers

 

On September 6th, 2023, the European Commission designated six gatekeepers and 22 core platform services they provide:

 

  • Alphabet: Google Maps, Google Play, Google Shopping, Youtube, Google Search, Chrome, Google Android, Google
  • Amazon: Amazon Marketplace, Amazon, 
  • Apple: App Store, iOs, Safari
  • ByteDance: TikTok
  • Meta: Meta, Facebook, Instagram, WhatsApp, Messenger, Meta Marketplace
  • Microsoft: LinkedIn, Windows PC OS
  •  

From the date of the announcement, these six gatekeepers have been given six months to ensure full compliance with the DMA obligations for each of their designated core platform services.

 

Obligations for companies under the Digital Markets Act (DMA)

 

Articles 5, 6, and 7 of the DMA contain the obligations and prohibitions that gatekeepers must comply with. For instance, under Article 5(3) of the DMA, the text states that:

 

“The gatekeeper shall not prevent business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.”

 

Prohibitions on the use of personal data

The DMA takes into account the critical role of personal data in the core platform services’ business models and contains prohibitions of their use under Article 5(2):

 

“The Gatekeeper shall not process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;

The Gatekeeper shall not combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services. The Gatekeeper shall not sign-in end users to other services of the gatekeeper in order to combine personal data.”

 

Other obligations 

Under the DMA, gatekeepers shall not:

 

  • Prevent users from making complaints to public authorities (Art. 5 (6))
  • Require users to use certain platform services (e.g., payment systems, identification services, web browser engines, or technical services) (Art. 5 (7));
  • Require users to register/subscribe to other core platform services as a condition to use any of the core platform services (Art. 5 (8))

 

Consequences of not complying with the Digital Markets Act (DMA)

 

The European Commission has the exclusive authority to enforce the DMA. If it finds that a gatekeeper has not complied with the provisions of the DMA, it can issue a fine of up to 10% of the concerned gatekeeper’s annual turnover.

 

If the gatekeeper repeats the non-compliance within the eight-year timeframe, the fine to be imposed by the European Commission can go up to 20% of the concerned gatekeeper’s turnover.

 

Additionally, the European Commission can also impose structural remedies, such as forcing an organization to divest certain parts of its business if certain criteria are met.

 

How Didomi can help with compliance with the Digital Markets Act (DMA)

 

The new Digital Markets Act shows that businesses operating in the EU cannot overlook how they collect and handle personal data when it comes to complying with applicable EU laws.

For instance, gatekeepers subject to the Digital Markets Act shall obtain consent from the users before using their personal data for advertising purposes. 

 

Talk to our team and find out how the Didomi Consent Management Platform (CMP) and Preference Management Platform (PMP) can help you safely operate in the EU:

 

{{talk-to-an-expert}}

 

Frequently Asked Questions (FAQ)

 

What is the Digital Markets Act (DMA)?

The Digital Markets Act is an EU Law that sets out rules and obligations for digital platform services such as search engines, social networking sites, and cloud services to ensure fairness and contestability.

 

What are the objectives behind the Digital Markets Act?

Digital Markets Act’s primary objectives are to ensure the contestability and fairness of digital platform services.

 

When does the Digital Markets Act come into law?

Digital Markets Act came into force on 1 November 2022. However, some obligations, such as informing the European Commission of satisfying the “gatekeeper criteria,” have only become applicable in May 2023.

 

Gatekeepers designated by the European Commission have until March 2024 to comply with the DMA.

 

What are gatekeepers according to the Digital Markets Act (DMA)?

The DMA applies specifically to "gatekeepers," digital platforms that exercise considerable economic power and connect many business users with end users. To be designated as a gatekeeper, an organization must meet specific quantitative criteria related to its size and reach.

 

The 6 gatekeepers designated by the European Commission are Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft.

 

What are the consequences of non-compliance with the Digital Markets Act (DMA)?

Failure to comply with the DMA can lead to fines of up to 10% of the annual turnover of a company. If the gatekeeper repeats non-compliance within eight years, the fine can increase to 20% of the annual turnover. The European Commission, which enforces the DMA, can also impose structural remedies, such as divestiture of certain business parts.