Since the inception of GDPR in 2016, there have been several key regulation and compliance developments important for marketers operating in Europe. In December 2020, the European Commission proposed two key pieces of legislation to strengthen the EU’s efforts to protect consumers in their digital interactions. The Digital Markets Act (DMA) and the Digital Services Act (DSA) were designed to create a safer digital space and establish a collaborative environment to foster innovation and growth both in the EU and globally. This article gives a brief look at key European digital regulations you need to consider in 2022 and beyond.
Digital Markets Act
After being submitted in 2020, the Digital Markets Act (DMA) proposal was overwhelmingly adopted by the European Parliament’s Committee on the Internal Market and Consumer Protection (IMCO) in November 2021. The next step will be a vote by the European Parliament and Council to approve the legislation, with the earliest date that the DMA is anticipated to come into force being 2023.
The Digital Markets Act aims to reclassify certain technology companies (think Google, Apple, Facebook, and Amazon) as “gatekeepers” and place additional regulations on some of the ways they do business.
The goal of the DMA is to reduce the harm of concentrated digital markets by creating a more level playing field. This regulation should make it easier for smaller businesses to enter the market, in part by limiting the influence of Big Tech. It’s hoped that this will be achieved by disallowing Big Tech companies to use their platforms to rank their services or products higher than their smaller, third-party competitors.
To be classified as a gatekeeper, a tech company’s Core Platform Services (CPS) must have at least 45 million monthly active users, be important in businesses’ attempts to reach end-users, and have entrenched and durable control of these gateways, either at present or in the near future. Their annual EEA turnover must be equal to or above €6.5 billion for the last three financial years, or their market capitalization has been calculated at €65 billion. Gatekeepers should also be providing CPS across at least three Member States.
Which Sectors Are Covered?
The DMA will cover activities across eight sectors or CPS. These are:
- Online search engines
- Online intermediation services
- Social networks
- Video sharing platforms
- Communication platforms
- Operating systems
- Cloud services
- Advertising services
Obligations for Gatekeepers
The DMA sets out a range of obligations that gatekeepers must abide by, namely:
- Notifying the European Commission within three months, if they believe they meet the definition of a gatekeeper
- Notifying the European Commission if they plan a merger or acquisition of another digital service provider or CPS
- Guaranteeing freedom for users, to cover pricing, freedom to uninstall pre-installed software, product promotion outside of the platform, and the free use of third-party software
- Offering businesses and end-users the option of data portability within GDPR
- Transparency around online adverts, non-discriminatory search engine ranking, and the profiling of consumers
- Free access for business users to their data generated within the platform
- Non-discriminatory and fair access for business users to app stores
- Allowing business users to access hardware and software features
There are additional obligations around what a gatekeeper cannot do, namely:
- Combining personal data from different CPS without first obtaining GDPR consent
- Requiring business users to use their identification service alone
- Stipulating mandatory subscription or registry with other CPS as a condition of access
- Using data generated by business users but isn’t publicly available when competing with those business users
- Artificially ranking their services and products higher than those of other third parties
- The ranking methods used must be non-discriminatory and fair
- Restrict end-users from switching to another software application or service
Given the swiftly changing nature of the digital market, the DMA also embeds the ability to update these obligations as and when necessary dynamically.
Fines for Non-Compliance
The DMA will give the European Commission broad investigative powers, combined with the ability to levy fines for non-compliance. Initial fines are currently suggested at 10% of a company’s worldwide annual turnover. Periodic penalties also have the potential to be applied at 5% of a company’s average daily turnover.
Where systematic infringements are uncovered, additional fines or non-financial remedies may be imposed. These will be proportionate to each offense. Non-financial fines will be kept as a last resort but may include changes to a company’s structure, for example, the divestiture of parts or all of a business.
Digital Services Act
While the DMA targets the lack of competition in digital markets, the DSA focuses on transparency and consumer protection, applying to any business offering its services to users in the EU.
The DSA aims to modernize and create an EU-wide uniform framework on handling illegal or potentially harmful content online, the liability of online intermediaries for third-party content, protecting users’ fundamental rights online, and bridging the information misconceptions between online intermediaries and their users.
Which Sectors Are Covered?
The DSA will impact online intermediary services, including:
- Intermediary services – including internet access providers, network infrastructure, and domain name registrars
- Hosting services – cloud and Web Hosting services (which can include online platforms)
- Online platforms – app stores, marketplaces, social media platforms, and more
- Extensive platforms – any of the above that reach over 10% of European consumers
The DSA will cover online intermediary services offering their services within the European Single Market, no matter where in the world they’re located. Micro and small enterprises are currently excluded as the obligations are considered to represent a disproportionate burden.
Obligations Under the DSA
New obligations for digital service providers will be set on a sliding scale, with smaller providers such as intermediary services being subject to fewer obligations than their larger counterparts. These obligations include:
- Designing and implementing specific processes for users to request that illegal content be removed
- Allowing users to defend their actions if they believe their content has been unfairly removed
- Full cooperation with the Member States with regards to removing illegal content and identifying specific users connected to that content
- Offering a single point of contact and a designated legal representative
- Providing details of their content moderation processes, including algorithmic decisions
- Openly publishing details of removal requests from third parties or removals due to voluntary monitoring
New obligations that apply specifically to online platforms include:
- Creating internal handling systems to manage both the removal of illegal content and the suspension or termination of services (including user accounts)
- Full cooperation with dispute resolution services, including mediation
- Preferential responses to items flagged by trusted users
- Temporary suspension of users repeatedly posting illegal content
- Allowing full traceability of
- Identifying adverts posted on the platform, including the parameters used to determine which users receive which adverts
Online platforms that are also classed as gatekeepers will be subject to some additional obligations, including annual audits, risk analysis, mitigation measures, defining the parameters used within their recommender systems, and the appointment of a compliance officer.
Fines for Non-Compliance
In the case of the DSA, penalties for non-compliance have been suggested at up to 6% of worldwide annual turnover.
European Digital Regulations Aim to Make the Internet a Safer Place
Together, the DMA and DSA are forging a path to create a safer digital space in Europe, where users’ fundamental rights are protected. These acts are also designed to help establish a level playing field for businesses, no matter their size or market share.
While the EU Member States have generally welcomed these acts, there is still a mountain to climb before they’re officially put into action. But given the wide-reaching implications —
It’s important to be informed and aware when strategizing your SMS marketing efforts across the EU.