Meet the new EU regulation – the Digital Markets Act (or just DMA). It became applicable in May 2023, and it is the regulation pointed at the big players with dominant positions in the digital field. And while it may be true that DMA starts with them, many others should also be following carefully – as this regulation has relevance for all companies using platforms like Meta or Google to advertise their products and services.
The so-called ‘gatekeepers’ are large digital players providing important gateways between customers and companies in relation to a core platform service. This could be anything from search engines to app stores and messenger services.
On 6th of September 2023 the EU Commission designated six gatekeepers: Meta (owning Facebook, Instagram, WhatsApp and others), Alphabet (owning Google, Android), Microsoft, Amazon, ByteDance (owning TikTok), and Apple. Nevertheless, the number of gatekeepers could change as the digital market evolves.
The EU Commission also designated 22 Core Platform Services provided by the gatekeepers (e.g., intermediation, social networks, ads, browsers). As a maximum the gatekeepers have until 6 March 2024 (six months after designation) to comply with the “do’s” and “don’ts” under the DMA. They also need to submit a detailed report to the EU Commission outlining how the gatekeepers and their core platform services comply with the obligations in the Digital Markets Act.
As a main rule the gatekeepers must comply with the obligations in the DMA for each of their Core Platform Services. Going forward the gatekeepers are prohibited from doing the following:
If customers have been presented with a specific choice and have given consent in accordance with the definition and requirements in the GDPR, then the gatekeepers are allowed to do the actions listed above. If a customer rejects or withdraws their consent the gatekeepers are not allowed to request consent for the same purpose more than once within a period of one year.
The gatekeepers have the obligation to collect consent. However, the DMA contains an opportunity for gatekeepers to exceptionally collect consent for online marketing purposes via each third-party service in situations where it is not possible to collect the consent directly to the gatekeeper’s core platform service. It is expected that the gatekeeper will use this opportunity.
As mentioned earlier the consents in relation to the Digital Markets Act must be in accordance with the GDPR. This means that the consent must be a freely given, specific, informed and unambiguous indication of the customer’s wishes and that it shall be as easy to withdraw as to give consent. It has also been highlighted in relation to the DMA that dark patterns and nudging users into consenting are not accepted.
Even if you are not a gatekeeper, the Digital Markets Act will likely have an impact on your business and processes on gatekeepers’ digital platforms. When advertising on platforms like Google, Microsoft or Meta, you will most probably be meet with obligations to collect consents on behalf of gatekeepers, so you might need to revisit how you are asking for user consent in terms of processing personal data via the gatekeeper’s core platform services. In this regard, you will also need to assess how transparent your existing practices are.
The Digital Markets Act applies to all core platform services offered by gatekeepers to companies established in the EU or customers established or located in the EU.
Non-compliance can cost gatekeepers fines up to 10% of their global annual turnover. Repeated offenders could see this increase up to 20%. Even though the Digital Markets Act only applies directly to gatekeepers and core platform services it will with no doubt affect companies and customers using core platform services as an integrated part of their business/daily life.
Understanding the Digital Markets Act can seem overwhelming, but it doesn’t have to be. It’s the first step towards fair competition, innovation, and growth.