Philipp Rosenauer
Head Data Privacy | ICT | Implementationᐩ, PwC Switzerland
In our last blog post, we answered the most important questions about the EU Digital Markets Act. Today, we want to be more concrete and assess what the specific obligations could mean for the Gatekeepers affected. In essence, the Digital Markets Act is not only a question of legal compliance, but also reshapes the strategy for “Big Tech” firms to provide their services in the future.
1. Obligation to refrain from combining personal data
Gatekeepers must refrain from combining personal data sourced from their core platform services with personal data from any other services they offer or with personal data from third-party services They must also refrain from signing in end users to other services offered in order to combine personal data, unless the end user has been presented with the specific option of so doing and consented thereto.
What does this mean in practice?
Gatekeepers cannot use their own data about consumers to compete with their business users. Also, when combining consumer data from different services, explicit consumer consent is required. This would, for example, prevent Facebook from harvesting personal data from Instagram and exporting that same data to Facebook so that it could target new advertising to the user in question using the same data.
2. Use of third-party online intermediation services
Gatekeepers must allow business users to offer the same products or services to end users through third-party online intermediation services at prices or conditions that are different from those offered through the online intermediation services offered by the gatekeeper.
What does this mean in practice?
This could prevent an online travel agency from using most-favoured-nations clauses to ensure that it could offer the lowest price.
3. Offerings to end users
Gatekeepers must allow business users to promote offers to end users acquired through the gatekeepers’ core platform service, and to conclude contracts with those end users to this end, regardless of whether or not those business users make use of the gatekeeper’s core platform services. Gatekeepers must also allow end users to access and use, through the gatekeepers’ core platform services, content, subscriptions, features or other items by using the software application of a business user, provided these items have been acquired by those end users from the relevant business user without using the core platform services provided by the gatekeeper.
What does this mean in practice?
Business users must be free to contact consumers directly and transact with them without using the gatekeeper’s platform, and also be free to list their products on other platforms at different prices. For example, Apple app developers could e-mail their customers directly, and/or Amazon merchants could list their products at cheaper prices on a different website without penalty.
4. Raising of compliance issues
Gatekeepers must refrain from preventing or restricting business users from raising issues relating to gatekeeper practices with any relevant public authority.
What does this mean in practice?
This would, for example, prohibit Google from barring an individual business in retaliation for that business having raising a complaint relating to Google’s compliance with this rule.
5. Use of identification services
Gatekeepers must refrain from requiring business users to use, offer or interoperate with an identification service offered by the gatekeeper for of services offered by the business users using the core platform services of that gatekeeper.
What does this mean in practice?
Gatekeepers cannot require business users wanting to use the gatekeeper’s core platform to also use the gatekeeper’s identification services. This relates to businesses such as advertisers or publishers who might be required to use the platform’s own ID solution when offering their services. It is about data collection by the gatekeeper and refusal to use an alternative IS service.
6. Cost transparency
Gatekeepers must, on request, provide advertisers and publishers to which it supplies advertising services with information about the price paid by the advertiser and publisher, as well as the amount or remuneration paid to the publisher for the publishing of a given ad; this must be provided for each of the relevant advertising services provided by the gatekeeper.
What does this mean in practice?
This could relate to various ties Google has in the ad tech world, e.g. between AdX and Google Ads or YouTube and Google Ads.
7. Use of non-public data
Gatekeepers must refrain from using, in competition with business users, any data not publicly available and which is generated through activities pursued by those business users, including by the end users of these business users, of gatekeeper core platform services or provided by those business users of gatekeeper core platform services or by the end users of these business users.
What does this mean in practice?
Amazon might be forced to disclose all sellers’ data.
8. Pre-installation of apps
Gatekeepers must allow end users to un-install any pre-installed software applications on gatekeeper core platform service, without prejudice to the possibility for a gatekeeper to restrict such un-installation for software applications that are essential for the functioning of the operating system or of the device and which cannot technically be offered on a standalone basis by third parties.
What does this mean in practice?
Preinstallation of apps may be curtailed.
9. Use of third-party app stores
Gatekeepers must allow the installation and effective use of third-party software applications or software application stores using, or interoperating with, that gatekeeper’s operating systems and must allow these software applications or software application stores to be accessed by means other than the core platform services of that gatekeeper. Gatekeeper will not be prevented from taking proportionate measures to ensure that third-party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper concerned.
What does this mean in practice?
Consumers may use third-party apps or app stores, for example mobile phone consumers could use apps that are not approved by Google or Apple. Gatekeepers must allow consumers to use features that they have purchased outside the gatekeeper core platform. They cannot insist that consumers may only access features if the consumer has purchased them through the gatekeeper’s platform. For example, if a consumer subscribes to Spotify on Spotify’s website, Apple and Google would have to allow the consumer to use that subscription through the App Store and Google Play Store.
10. Self-preferencing
In ranking services and products offered, gatekeepers must refrain from treating their own, or those offered by a third party belonging to the same group, more favourably than similar services or products offered by third parties and must apply fair and non-discriminatory conditions to any such ranking.
What does this mean in practice?
Gatekeepers may not privilege their own services over their business user’s services when presenting rankings.
11. Use of services
Gatekeepers must refrain from technically restricting the ability of end users to switch between and subscribe to different software applications and services to be accessed using the operating system of the gatekeeper, including as regards the choice of Internet access provider for end users.
What does this mean in practice?
Google might be forced to allow users to access some services without subscribing (e.g. Hangouts).
12. Open APIs
Gatekeepers must allow business users and providers of ancillary services with access to and interoperability of with the same operating system, hardware or software features that are available or used in the provision by the gatekeeper of any ancillary services.
What does this mean in practice?
This could lead Facebook to open its proprietary Application Programming Interface (API), allowing app developers to access data or functionalities on its platform. For example, social networking and communication services, like Facebook or WhatsApp, would need to work with competing services: a Skype user could send messages to a WhatsApp user.
13. Performance measurement tools
Gatekeepers must provide advertisers and publishers, on request and free of charge, with access to the performance measuring tools of the gatekeeper and the information necessary for advertisers and publishers to carry out their own independent verification of the ad inventory.
What does this mean in practice?
This would bar self-advertising across channels.
14. Access to app stores
Gatekeepers must apply fair and non-discriminatory general conditions of access for business users to its software application store
What does this mean in practice?
Any app developer should be able to place their app in the App Store and the general terms for business would need to be fair and non-discriminatory.
The concrete implications of the DMA remain to be seen. But companies should start early by conducting a business impact analysis and planning their next strategic and operational moves.
#social#
Contact us
