Regulating Platforms the EU Way? The DSA and DMA in Transatlantic Context

This article is part of a series of papers produced for the Wilson Center's Transatlantic Digital Economy Working Group 

The EU’s Digital Services Act (DSA) and Digital Markets Act (DMA) are often discussed as though they are one piece of legislation; and indeed, they were unveiled together on December 15, 2020. At the core of both proposals is an attempt to regulate online platforms, especially intermediary platforms that bring together consumers and providers, both of goods and services as well as information. Despite this link, they are very different proposals, intended to address different challenges and likely to have different impacts, both on the European digital market and on the transatlantic digital space. Both, however, raise fundamental questions about how the European Union and the United States may regulate ― or not regulate ― the digital economy in the years to come, and the ability of the EU and US to find a compatible approach.

The DSA is intended to update the 2000 E-Commerce Directive and particularly to address the proliferation of illegal and harmful content, goods, and services online in recent years. It seeks to provide greater transparency and protections for consumers and smaller businesses navigating the online marketplace. Along with the EU’s Democracy Action Plan, it will be key in regulating online political content that is contrary to European law and to bringing that effort from the member-state to European level.

The DMA is primarily concerned with competition in the digital economy and ensuring that large tech firms do not dominate the market to an extent that new entrants find it impossible to operate. It is unusual among legislative proposals in only applying to a limited number of companies that meet certain criteria, rather than applying horizontally. For that reason, it raises some fundamental questions about market dominance in the digital economy and how it should be addressed.

Despite these differences, the DSA and DMA do present a comprehensive picture of the EU’s approach toward platforms ― especially large, market-dominant platforms ― and raise some key issues about that approach. Specifically:

• The balance between transparency and intrusion. While greater transparency is certainly needed to inform and protect consumers and smaller businesses operating on platforms, there is a poorly defined point when that transparency becomes not only intrusive, but might expose proprietary information and normally protected intellectual property. In the platform economy, algorithms, for example, have a huge impact on consumers and sellers, but are also central to the business model of any platform, from startup to Amazon.
   
• The use of different rules for different market actors. In most economic sectors, regulations are applied equally to market actors. There are occasional exceptions for small market actors, who are given relief from burdensome compliance obligations until they reach a certain size (usually based on numbers of employees). There are also exceptions for those defined as natural monopolies (power companies, for example) and these are often regulated separately as utilities which provide public goods. Both the DSA and DMA establish different obligations depending on the size of a platform, although the DMA is especially consequential in this area.
   
• The balance between limits on the monetization of data and established business models. To date, the digital economy has imposed very few limits on the monetization of data, including both consumer data and the data platforms harvest from third party sellers and others. Indeed, that data has been central to the business model of many — if not all — platforms. At what point, if ever, should limits be imposed on those business practices to keep a market competitive? And on which specific practices?
   
• The potential international reach of these rules and especially their impact on a US-EU partnership seeking to recover from the last four years. There is no doubt that US companies (and companies from anywhere else outside of Europe) must abide by EU regulations, and the EU has the right to regulate as it sees fit. However, rules should be reviewed to ensure that they do not discriminate against non-EU companies in a way that is contrary to international rules. It should also be acknowledged that the EU has become the leading “rule writer” in the digital space, and other jurisdictions, sometimes with less administrative competence or alternative motives, adopt versions of EU rules that suit their interests.

THE DIGITAL SERVICES ACT

The DSA focuses on those providing intermediary services in the online world and attempts to ensure that consumers will have a secure and transparent environment. As the update to the E-Commerce Directive, it aims to plug shortfalls in treatment of illegal content. That includes content related to counterfeit or illegal goods and services, as well as illegal hate speech, which the EU defines as “public incitement to violence or hatred directed against a group of persons…defined by reference to race, colour, religion, descent or national or ethnic origin.” At least in part, the DSA can be viewed as the regulatory successor to the EU Code of Conduct on Countering illegal hate speech.

The DSA is also intended to bolster protections for consumers and small businesses using online intermediary services through measures that provide for greater transparency —along with reports and audits — in the customer-platform relationship, and the relationship between sellers and platforms.

Perhaps most importantly, the DSA reaffirms existing intermediate liability rules established by the E-Commerce directive, which largely shield intermediary services from liability for illegal content or activity contained in user-provided content. It does, however, impose a much more rigorous system for identifying and removing such content, with the potential for heavy fines if the platform fails to exercise sufficient diligence.

In order to make these enhanced obligations not too burdensome for those intermediary services that are not usually content providers or marketplaces, the DSA provides for different levels of regulation depending on the type of services provided:

• Basic intermediary service providers (internet access providers, domain name registrars, etc.) face only slightly enhanced requirements in terms of transparency reporting, registration in Europe, and cooperation with national authorities.
   
• Hosting service providers (cloud, webhosting services) will be subject to more transparency and consumer protection-related requirements).
   
• Online platforms, including those with third-party sellers or user-generated content, will be subject to a range of additional obligations, including greater transparency in advertising, vetting of third-party sellers, redress and complaint mechanisms, measures against abusive notices, and use of trusted flaggers to monitor content.
   
• Very Large Online Platforms (those with at least 45 million average monthly active recipients of their service in the EU) must abide by all the rules for online platforms, but face an additional set of reporting and auditing, as well as transparency related to recommender systems (algorithms), user access to elements of that information, data sharing with researcher, and potential codes of conduct.

Finally, the DSA establishes a system of Digital Service Coordinators (DSC) in each member state, brought together in an EU-wide Digital Service Board (EDSB). Each national DSC shall be able to request information, order cessation of infringements of DSA rules, and impose fines. The Very Large Online Platforms will also be subject to additional supervision, enforcement, and penalties from the European Commission. This system bears a strong resemblance to the system of Data Protection Supervisors and the European Data Protection Board. If the experience of the DPS and EDPB offer any lessons, the digital service coordinators and board may become energetic enforcers of the DSA with little interest in the impact on businesses.

THE DIGITAL MARKETS ACT

The DMA is intended to create “contestable and fair markets in the digital sector” by controlling the actions and impact of a few large market-dominating firms in the European digital space, the so-called “gatekeepers.” Thus, it is an unusual type of legislation, aimed only at a few major online platforms (the exact number is currently unknown, although conversations with European Commission officials indicate that the anticipated number is fewer than twenty). It is clearly aimed at reducing the market dominance of certain firms, but instead of relying on anti-trust investigations and corrective measures, the DMA establishes ex ante regulations that proscribe certain behaviors. The DMA explicitly does not limit the authority of the European Commission to initiate anti-trust investigations. The DMA also calls for fines of up to ten percent of total annual turnover in the case of non-compliance.

Gatekeepers are defined as those companies involved in core platform services and having a “significant impact on the internal market…[and] an entrenched and durable position” in that market. Specifically, a gatekeeper:

• Provides a “core platform service which serves as an important gateway for business users to reach end users” including intermediary services (marketplace, app stores, transport, etc.), search engines, social networking, video-sharing platforms, cloud services, and advertising services.
   
• Provides that service to at least 45 million monthly EU-based end-users at at least 10,000 business users in at least three member states.
   
• Has an annual turnover in the European Economic Area of €65 million in the last three years, or a market capitalization of €65 billion in the last year.

Determining gatekeeper status may require consultations with the Commission, and the Commission will also regularly review gatekeeper status, at least every two years.

Once a company is designated as a gatekeeper, it must not engage in activities that the Commission has identified as contributing to market domination. Specifically, a gatekeeper must:

• Not “self-preference” or discriminate in favor of its own services or goods in rankings over those of third parties using its platform.
   
• Refrain from using data derived from third parties active on its platform for its own business purposes;
   
• Not require pre-installation of any specific software and allow end-users to remove any such pre-installed software applications;
   
• Ensure interoperability between the gatekeeper’s own services and third-party software, as long as that software does not endanger the integrity of the gatekeeper operating system;
   
• Allow business users to make arrangements outside the gatekeeper’s platform for the sale or use of the same services or goods on other platforms;
   
• Allow business users, including advertisers, access to performance measuring tools of the gatekeeper; and
   
• Provide business users with access to data generated by their activities on the platform site.

In addition, the DMA puts gatekeepers on notice that some of these practices may be even further limited if the Commission determines that additional restrictions are necessary. It is possible, for example, that gatekeeper search engines will be required to provide other search engines with access to “ranking, query, click and view data” from free searches on the gatekeeper; or that gatekeepers will be required to provide business users interoperability with the operating system, hardware, or software used by the gatekeeper.

FINDING THE RIGHT BALANCE

There is no doubt that the DSA and DMA together provide a comprehensive framework for the regulation of online platforms doing business in the European market. Like all legislative proposals, certain elements are unclear and will need to be resolved through specific discussions between industry and regulators – this is especially true in the digital economy, where arcane technical points may make a huge difference in the impact of a regulation. But the two proposals also raise other issues in a way that is perhaps unique to the digital economy. EU officials are fond of saying that “what is illegal offline should also be illegal online,” but there has been little discussion of whether something that is legal offline (or not illegal), should be restricted or prohibited online, and in some places, the DSA, and particularly the DMA, appear to cross that line. It may be that the nature of the online space makes that advisable, or it may be a premature conclusion. As identified above, some key issues that arise from the DSA and DMA are:

• The balance between transparency and intrusion. Both the DSA and the DMA require major platforms to provide access to their algorithms under certain circumstances. Clearly there are times when algorithms can result in undesirable outcomes, and other times desirable ones. But in the digital economy, algorithms can be considered intellectual property worthy of being safeguarded. In some cases, the DSA and DMA require access by oversight authorities; how this is done and with what protections is something that requires examination. In a few cases, the wording could be interpreted to allow access by other businesses or even competitors — something that certainly threatens the intellectual property of the platform.
   
• The use of different rules for different market actors. The DSA requires a sliding scale of obligations, depending on the role and size of a particular intermediary service provider. This makes sense, given the different functions of cloud service providers vs webhosting providers vs marketplace or social media platforms. Cloud services do not generally make content publicly available, unlike marketplaces or social media companies, and thus present less risk related to illegal content. Very Large Online Platforms present the most risk, as their content is generally widely available and so logically would be subject to a higher level of scrutiny. The DMA is different, however, in that it only applies to the gatekeeper companies, and imposes a number of special restraints on those companies. The activities prohibited of gatekeepers will still be legal for the many other companies that are not gatekeepers. Oddly, a company that just missed qualifying for gatekeeper status could have several of these prohibited practices as key elements in its business model and continue to compete against the gatekeepers. There is clearly a need to identify ways of restoring competition to certain sectors of the digital marketplace, but whether it is by restricting the practices a few dominant companies — rather than pursuing competition investigations — is not clear. Should we expect that the prohibited practices for gatekeepers will soon be prohibited for all?
   
• The balance between limits on the monetization of data and established business models. The DSA does not significantly alter current business practices in the digital space, including how data is used to generate profits. It does require greater transparency related to online advertising, especially informing the consumer why the ad appeared on their screen. But the DMA does require gatekeepers to give up elements of business practices that have been core to the online marketplace to date. Some of those practices are undoubtedly less than desirable, such as self-preferencing or micro-targeted ads, but they have been part of the success of key companies in the digital economy. There may be reasons for limiting those practices, but it should be done with an examination of the financial impact to a broad range of types of companies.
   
• The potential international reach of these rules and especially their impact on a US-EU partnership. The DSA and DMA will influence discussions around the world on regulation of online platforms, and both will undoubtedly be copied by other governments, who may vary in their ability to fairly enforce such legislation. These proposals are also likely to have a significant impact on transatlantic relations in the digital sphere, as the United States — separately in Congress and the Biden administration — attempts to define a new US approach toward online platforms. In many ways, these proposals offer an opportunity for a comprehensive discussion of online platforms and how some of the challenges they present might be ameliorated. There could be a very good exchange on content moderation, from protecting against counterfeit goods to countering illegal hate speech. How can consumers be protected in the world of online marketplaces? What mechanisms can promote transparency as well as security of personal data? How can small businesses be assured of fair treatment when relying on much larger platforms? What is reasonable to expect from a platform in terms of ensuring that illegal content is taken down quickly? This is not to say that the US and EU will arrive at the same legislative solutions; our systems are probably too different. But as the EU moves to regulate platforms and the US considers what steps it might take, their responses should be considered in tandem. There is even room for a robust discussion of competition policy in the digital age. But two developments will undoubtedly hinder such a conversation and should be guarded against: the identification of only US-based companies as gatekeepers, and the perception that only US companies might find their intellectual property at risk. Both of these can be avoided, depending on how the DSA and especially the DMA are finalized and implemented.

The DSA and DMA were designed with the aim of making the online world more transparent and more competitive, as well as safer for consumers and small businesses. These are laudable aims. Platforms have come to play such a huge role in our lives and economies that regulating them in some way is a logical response. And there are legitimate concerns about platforms that dominate markets to the extent that those markets cannot be contested.

Inevitably, the DSA and DMA will influence the course of legislation in the United States and elsewhere. Legislating in a way that ameliorates concerns about discrimination against US firms and that encourages transatlantic discussion is in the interests of all. It will make EU legislation more authoritative and lay the groundwork for greater transatlantic collaboration as we seek to set the global rules for the digital economy.