The European Parliament's Internal Market and Consumer Protection Committee (IMCO) has just adopted its position on the proposed Digital Markets Act. A lot to digest in here, but some initial observations in relation to three areas in which IMCO proposes amendments: interconnection/interoperability, targeted advertising and internal compliance functions.
1. The DMA proposal has been the subject of much commentary, so I won't revisit the core proposal here, but there are some notable amendments proposed here by IMCO. There are two amendments proposed that related to "interconnection". "Gatekeeper" undertakings would be required to:
- "allow any providers of number independent interpersonal communication services upon their request and free of charge to interconnect with the gatekeepers number independent interpersonal communication services identified pursuant to Article 3(7)...."
- "allow any providers of social network services upon their request and free of charge to interconnect with the gatekeepers social network services identified pursuant to Article 3(7)..."
- "not engage in any behaviour discouraging interoperability by using technical protection measures, discriminatory terms of service, subjecting application programming interfaces to copyright or providing misleading information."
The reasons for these proposed changes are set out in a new Recital 52(a):
"The lack of interconnection features among the gatekeeper services may substantially affect users choice and ability to switch due to the incapacity for end user to reconstruct social connections and networks provided by the gatekeeper even if multi-homing is possible. Therefore, it should be allowed for any providers of equivalent core platform services to interconnect with the gatekeepers number independent interpersonal communication services or social network services upon their request and free of charge. Interconnection shall be provided under the conditions and quality that are available or used by the gatekeeper, while ensuring a high level of security and personal data protection. In the particular case of number-dependent intercommunication services, interconnection requirements should mean giving the possibility for third-party providers to request access and interconnection for features such as text, video, voice and picture, while it should provide access and interconnection on basic features such as posts, likes and comments for social networking services. Interconnection measures of number-independent interpersonal communication services should be imposed in accordance with the provisions of the Electronic Communications Code and particularly the conditions and procedures foreseen in Article 61 thereof. It should nevertheless presume that the providers of number-independent interpersonal communications services that has been designated as a gatekeeper, reaches the conditions required to trigger the procedures, namely they reach a significant level of coverage and user uptake, and should therefore provide for minimum applicable interoperability requirements."
One does wonder whether this front-on assault of the business models of these services will end up in European consumers having to end up paying for certain services that up until now they have enjoyed and come to expect to receive for free.
2. IMCO introduces into the draft the concept of a "renewed" consent to the lawful basis for processing data for targeted advertising purposes. It's amendments provide that a gatekeeper undertaking shall:
"for its own commercial purposes, and the placement of third-party advertising in its own services, refrain from combining personal data for the purpose of delivering targeted or micro-targeted advertising, except if a clear, explicit, renewed, informed consent has been given to the gatekeeper in line with the procedure foreseen in the Regulation (EU) 2016/679 by an end-user that is not a minor."
This would seem to create - potentially - different GDPR regimes (and data subject rights) depending on whether the data controller is a gatekeeper or not.
3. IMCO is envisaging a DPO-like compliance function:
"Gatekeepers shall establish a compliance function, which is independent from the operational functions of the gatekeeper and appoint one or more compliance officers, including the head of the compliance function.
The gatekeeper shall ensure that compliance function pursuant to paragraph 1 has sufficient authority, stature and resources, as well as access to the management body of the gatekeeper to monitor the compliance of the gatekeeper with this Regulation."
Finally, in the quote below, IMCO stridently makes the point that their intention is that the "rules are set by the co-legislators, not private companies!" This jars with the draft Digital Services Act (DSA) which envisages a wholescale outsourcing of the judicial function when it comes to policing online content to those very same companies. I wonder whether the Committee talked about that ...
Today, it is clear that competition rules alone cannot address all the problems we are facing with tech giants and their ability to set the rules by engaging in unfair business practices. The Digital Markets Act will rule out these practices, sending a strong signal to all consumers and businesses in the Single Market: rules are set by the co-legislators, not private companies!