The DMA could help make the internet a level playing field – but is the EU serious about taking on Big Tech?

An illustration of the DMA acting as a counterbalance to Big Tech's power.

Just a handful of massive companies, with wealth greater than some countries, controls almost every aspect of the internet. They can decide which voices to amplify or silence, which businesses to boost or crush (or acquire), and what personal data they will collect and monetize, all with almost no accountability or oversight.

This centralization of power into the hands of a few multinational corporations runs counter to the original dream of a free, open, and fair internet. And as the events of recent years have shown, they are a threat to democracy.

In December 2020, the European Commission released its proposal for the Digital Markets Act (DMA), the EU’s attempt to curtail Big Tech’s power and revive competition on the internet. Like the flurry of American antitrust investigations, the DMA is a sign that politicians finally have recognized how much Big Tech has abused its ever-growing power over the past decade.

As a company dedicated to building a better internet for all, we have been following the developments in the EU closely and we support the DMA. We’ve created this analysis to help our community better understand the issues around the DMA and what it would do. 

But there is also a strong caveat: This regulation will only be as effective as its enforcement. The EU must devote the resources necessary to fundamentally shift the balance of power on the internet back into the hands of people.

Who does the DMA apply to?

The DMA is a set of rules that target “gatekeeper platforms,” which are massive tech companies that control “core platform services” of the internet that link a business and its customers. A gatekeeper can control more than one core platform service, and many of them do. The DMA contains a list of what are considered core platform services, which includes search engines, social networking services, certain messaging services, and operating systems. The European Commission can also add services to that list as necessary.

In many cases, these core platform services function as a bottleneck, forcing all companies to use the same tool to reach the vast majority of their market. Controlling these bottlenecks gives a gatekeeper platform immense power to effectively cut off a company from the segment of the market it controls. Think of how Apple controls which apps it allows on its mobile devices or how Google controls which companies will be the first search result. This control coupled with Big Tech’s global scale has given these companies unprecedented power. 

To ensure that it does not hinder companies that are still developing, the DMA’s rules would only apply to gatekeeper platforms that have met all of the following criteria for the past three years:

  • Achieve either an average market capitalization of at least €65 billion — or have an annual turnover of at least €6.5 billion in the European Economic Area (EEA) 
  • Have at least 45 million monthly active end users within the EU 
  • Have at least 10,000 yearly active business users within the EU

(It is slightly more complicated than this, but these are the important standards to know.)

The DMA only targets the truly massive corporations. This way, companies and potential competitors to the Big Tech monopolists are not burdened with undue regulation.

What does the DMA do?

The DMA rules would impose a number of obligations on gatekeepers. These obligations are intended to prevent them from abusing their power and engaging in anti-competitive behavior. They do not address free speech on the internet or how to govern it (that is covered in the EU’s proposed Digital Services Act). Think of the DMA as essentially a list of “Dos” and “Don’ts” for Big Tech. Some of the most important obligations are listed below:

  • Article 5(a) — Don’t mix personal data without a user’s explicit consent
    This would prevent gatekeepers from combining personal data collected from their core platform services with personal data collected from other services or from a data broker without explicit consent. It would also prevent them from forcing you to automatically sign in to all of a gatekeeper’s services if you only want to sign in to one.
    Example: Google would not be able combine the data it has collected from you with commercially available data, like your credit score. You would also be able to sign in to Gmail without signing in to all of Google’s services.
  • Article 5(c) — Do allow business users to promote offers to end users
    In effect, gatekeepers would be required to allow businesses to inform their customers about alternative purchase options.
    Example: Apple would have to let app developers inform their users of cheaper subscription offers that are available via their website in the App Store. 
  • Article 5(e) — Don’t force business users to adopt the platform’s authentication system.
    Businesses could still choose to use the gatekeeper’s ID system, but it would not be required.
    Example: An app developer would be allowed to create their own ID system for their app and Google would not be able to force them to use its ID system.
  • Article 5(f) — Don’t cross-tie core products.
    Gatekeepers would not be able to force users to sign up for one of its core services as a precondition to getting access to another of its services or products. Gatekeepers’ products and services would be available to users separately.
    Example: Users would be able to access the Android operating system without a Gmail account.
  • Article 6(a) — Don’t spy on business users to gain an unfair competitive advantage.
    Currently, gatekeepers can use private data from their platform and monitor their business users’ data to determine how to place, price, and advertise competing goods or services. The DMA would ban this practice.
    Example: Amazon would no longer be able to use its search results data to determine what goods to clone and start selling itself.
  • Article 6(b) — Do allow users to uninstall any pre-installed software applications
    Gatekeepers would have to allow their users to uninstall any pre-installed software applications that are not essential to running the hardware.
    Example: You would be able to delete the pre-installed calendar or calculator apps on your smartphone.
  • Article 6(c) — Do allow third-party app stores and users to side-load apps.
    Under the DMA, gatekeepers would only be allowed to prevent third-party app stores if they damage or undermine the “integrity of the hardware or operating system.”
    Gatekeepers would not be able to prevent users from accessing services they acquired outside their platform.
    Example: Apple would not be able to block users from downloading apps that are not in the App Store.
  • Article 6(d) — Don’t give preference to platforms’ own products in rankings.
    Gatekeepers would not be able to unfairly rank their own products and services more favorably than their competitors. 
  • Article 6(e) — Don’t lock users in.
    Gatekeepers would not be able to technically restrict users from deleting apps or switching away from default apps. They also would not be able to force users to use a particular internet service provider.
  • Article 6(f) — Do make platforms interoperable with other service providers.
    Gatekeepers would have to make their platforms open to some key third-party service providers, like payment providers, digital identity providers, or ad-tech sellers, on the same terms as their own services.
  • Article 6(h) — Do make data portable and continuously accessible in real time.
    Gatekeepers would have to give all users the ability to download their data and take it to a rival. They would also have to make both end and business user data continuously accessible in real time to their competitors.
  • Article 6(i) — Do give businesses access to their own data.
    Gatekeepers would have to give business users real-time, continuous access to high-quality data from the gatekeepers’ platform about their sales, customers, and other commercial activity. 
  • Article 6(k) — Do provide fair and nondiscriminatory access to app stores.
    The DMA states that gatekeepers that manage app stores would have to accept apps onto their platform in a fair and nondiscriminatory manner.

What happens if a company violates a DMA obligation?

The DMA currently states that the European Commission alone will be responsible for enforcement, meaning they would investigate any alleged violations and hand out penalties to any gatekeepers that violate the DMA’s new rules. 

The authors of the DMA seem to understand the size of the companies they are trying to rein in. In fact, these companies are so large, they regularly set aside billions of dollars just to pay regulatory fines. In light of this, gatekeepers that violate the DMA would face:

  • Fines of up to 10% of the company’s total worldwide annual turnover
    Example: Facebook’s global revenue for 2019 was $71 billion. It could, therefore, be subject to a $7.1 billion fine.
  • Periodic penalty payments of up to 5% of the average daily turnover for ongoing infractions

And if a company repeatedly or systematically violates its DMA obligations as a gatekeeper, the Commission could impose additional penalties, including potential “structural remedies” (e.g., being forced to sell parts of the business).

The DMA could change the internet

Proton supports the DMA as a welcome recognition that it is time to stop letting Big Tech run the internet. 

As an organization dedicated to defending fundamental human rights and democracy. Big Tech’s accumulation of power has been an ongoing concern. Before we can create an internet that puts people first, we need to end the monopolies’ domination. The DMA targets many of the most egregious abuses over the past decade, especially in the mobile device sector. 

If the DMA’s obligations are enforced quickly and vigorously, they have the potential to change the very business model many of the gatekeepers rely upon. Several of the DMA’s obligations, such as the prohibition on mixing gatekeeper data and commercially available data, would make it harder for companies like Google and Facebook to monetize users’ personal data. 

And if these companies continuously violate the DMA, the Commission could force Google to divest from YouTube (or Facebook from Instagram).

The DMA’s success or failure will come down to how the current draft’s principles are fleshed out into actual provisions that can be implemented and how the Commission decides to pursue enforcement. Big Tech has been cementing its position for years, so it is important that the EU gets the DMA correct from the beginning. Every delay gives tech monopolists more time to further entrench their advantages.

One cause for concern is the amount of manpower the European Commission is calling for. According to recent documents, the task group that will lead DMA enforcement is to be composed of 80 individuals, which seems woefully inadequate given their task’s scope and complexity. Further, the Commission suggests creating this team only after the DMA is enacted, meaning they could be stuck playing catch up. 

The GDPR is a pertinent example. The GDPR has been successful in giving users a greater window into which companies have access to their data. The DMA is also taking inspiration from the GDPR in that it is legislation that aspires to be global in its impact. Unfortunately, the current DMA proposal did not learn from the GDPR’s mistake of not having national data protection agencies fully staffed when the GDPR was implemented. This staffing lag meant that it took over a year before any major penalties for GDPR infractions were handed out.

Advocating for a strong DMA 

We are now entering a critical phase of the DMA. Big Tech is going to try to exert all its influence to water down the DMA obligations and their enforcement, precisely because it would expose them to true competition. European citizens and independent tech companies must prevent these lobbying efforts from succeeding. 

We will go into greater depth on how we would like to see the DMA bolstered and implemented in another blog post. 

If you live in Europe and want an internet that respects your security, privacy, and freedom, contact your MEP and tell them you support a strong DMA that is actively enforced. 

The DMA represents the best chance society has had in years to check Big Tech’s power and break up the monopolists.

About the Author

Richie Koch

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

14 comments on “The DMA could help make the internet a level playing field – but is the EU serious about taking on Big Tech?

  • Excellent article for which I fully support. Not sure if it will help my problem in the future but maybe. I never get my android FREE apps from Google store because I don’t want them “spying on me” , knowing which devices and apps I have. I believe it is an ILLEGAL act by Google to force one to have an account and login, in order to download FREE apps. I hope this DMA will help.

    Reply
  • I just learned that reviews(!) on amazon are apparently being checked whether the authors are connected to someone owning the product via social networks. I mean, to my knowledge not even police is allowed to access such data without the consent of a judge.

    Wouldn’t it be possible to create a completely anonymous, encrypted social network? Emails are to a certain extent a ‘social net’ and protonmail is completely encrypted and offers the possibility to remain anonymous. You ‘connect’ to someone by giving him your ’email address’ in real life.

    Maybe it would still be possible to identify people by their relations. Which would of course defeat the whole ‘anonymity’. But using Facebook or Whatsapp right now is just scary.

    Reply
  • Even if I don’t like Big Tech’s control over its users’ data, instead of authorities & its supporters forcing productive, hardworking & serving people, to do the right thing, why don’t we just allow their users to choose alternative platforms that they like? If someone doesn’t like how their apps are treated in the app store, or whatever harmful action is being done, that person has a choice of leaving that app store or whatever ecosystem that is. Please remember, that these companies become big because people like their products & services. No one is being forced to use Big Tech’s systems. Furthermore, the exact opposite of the intention of such laws only happens; the competition is squashed, and the monopolies still thrive. Laws have passed every now and then but monopolies are still there.

    I firmly believe that forcing people to do the right thing, is not a right thing to do. And, the only true & long-lasting way to change systems, is to not change it, but create another system that makes other systems obsolete.

    Reply
  • Hello Protonmail users!

    I live in America, California to be precise, and have begun to shift my internet usage away from Google. I opened a “free” Protonmail email account and changed my search engine away from Google to a search engine called “Brave.” I followed with interest the Big Tech anti-trust cases which were enacted while former President Trump was still the President. Unfortunately I think what he pursued may not be followed up by the incoming new administration. Another major monopoly exists with our mainstream media companies and progressive stifling of certain sectors of U.S. citizenry. It is very scary to see this in the so-called “Land of the free and home of the brave.” I have closed my Facebook account, Instagram account, and other social media accounts. I have viewed the film entitled “The Circle” on Netflix streaming and a documentary (of sorts) about Google’s monopoly and what it does with your personal information. Scary again. I think I would much prefer to live in Europe rather than America at this pivotal time in our nation’s history. I am grateful there is a Protonmail where I can have an account.

    Reply
  • What’s this?
    The DMA represents the best chance society has had in years to check Big Tech’s power and break up the monopolists.
    “Share This!
    Share on Reddit
    Share on Facebook
    Email this to someone
    Tweet about this on Twitter”
    Are you just promoting or offering an alternative?

    Reply
  • I truly hope the U.S. wakes up and reins in Big Tech. Theoretically, free enterprise is ideal, but when you have bad actors, regulation is necessary and it looks as though the intention is only to go after the big guys. It appears that even when large entities think they are doing the right thing, it is not the right thing for everyone and they then use their power to push their opinion. Then they silence the opposition and eventually disable other platforms that are not totally independent. Competitors do not have a chance.
    Loved this article.

    Reply
  • Article 6b…I have not seen any changes..I still cannot uninstall either calendar nor weather app from my Samsung device
    I am very interested in seeing this article 6b clarified

    Thank you

    Reply
  • Where oh where is the DMA when it comes to political free speech in America…Free speech now only seems to apply to those on the left. Think Twitter/Facebook/Youtube banning legitimate free speech from the right…DMA…Crickets

    Reply
  • I agree with Anonymous (comment 24770) and have grave concerns about this proposed legislation.

    Not only am I sceptical that it won’t have the desired effect on competition (and think it will probably have negative unforeseen consequences), but I also worry that it will just be the thin end of the wedge. I mean, look at the arbitrary market threshold for the regulations: if these practises are really so terrible that they require regulation, why should any company or organisation, regardless of its size, be able to get away with them? Why shouldn’t Debian be held to the same standards as Microsoft, DuckDuckGo those of Google, etc?

    This legislation may only affect what big tech companies want to do. But it will create the precedence for future legislation that will regulate us all on the internet. Talk about the baby and the bathwater!

    Reply
  • The DMA is at least a start, but much further legislation will be needed internationally to ensure a truly free, fair and secure internet that fully respects people’s privacy. Ultimately, data collection and storage from users must be severely restricted. IP logging, IP checking, user tracking of any kind, location checking, etc., will ultimately have to be banned entirely if there is to be a truly private internet. The only data that a corporate or other commercial entity should be allowed to collect and store – for a limited time only and only with users opting in – should be e.g. details of a purchase transaction between the entity and a user. E.g. credit reference agencies should only be allowed to share data with recognised financial institutions and the individual concerned. Apart from recognised financial institutions (possibly, only where strictly necessary/justifiable) no other entities must be allowed to require users to provide detailed personal ID such as passport scans etc. Further, all websites have to be forced to accept TOR network and VPN connections. There is more, but the aforementioned give some idea of what is needed for a genuinely free, secure and privacy-friendly internet.

    But internet alone is not enough by far. We are all dependent on operating systems and software if we use a computer of any kind, including smartphones. To ensure that users’ privacy cannot be violated in any way whatsoever, it will be necessary to legislate that all software – inc. operating systems – must be ‘open source’, i.e., the source code must be published and available to anybody who wishes to check it. (Ideally, all operating systems and other software should be fully open source and free of restrictions etc. – not necessarily of cost.) Vendors of computer hardware, right down to smartphones, should be compelled to offer the buyer a choice of any compatible operating software, and producers of such hardware must be compelled to make it compatible with any current operating system. (E.g., buy a certain Fruit corp.’s smartphone and you could have it with any OS available, not just the maker’s own.) Locking of phones to a given network provider also cannot be allowed. Also, installation by any commercial operating system of any non-essential – to the operation of the OS – software should only be allowed with the user’s active consent, and must be fully uninstallable by the user. And there is more, of course.

    Personally, I avoid ‘Big Tech’ like the plague – or Covid 19! – and consequently use the best operating system available anyway, i.e. Linux, with TOR Browser, for a start. I also only use fully end-to-end encrypted email, messaging, etc. apps, and for some basic web browsing boot TAILS from a USB stick. I never use social media – so-called, as they’re anything but! – and as my search engine use DuckDuckGo exclusively. I never use Ebay, or anything connected with the ‘Big G’, and only where unavoidable – rarely – use the joint most ‘evil’ of the ‘Big Tec’ corps., the ‘Big River’. Ideally, I’d also like to use a proper, privacy-centred VPN, but at present don’t have the financial wherewithal for the paid version of ProtonVPN which is needed for TOR over VPN.

    Finally, a big ‘thank you’ and ‘three cheers’ to Proton for their sterling work in supporting open source and a free, secure, and privacy-respecting internet!

    Reply