The European Parliament has approved two new laws designed to regulate digital services, particularly aimed at tech giants including Amazon, Google, Microsoft, and Facebook.
The Digital Markets Act (DMA) is an antitrust law setting competition rules for "gatekeeping" tech giants, while the Digital Services Act (DSA) is intended to enforce more responsibility around online content and products, across a broader set of businesses including smaller platforms. The rules are intended to prevent deceptive market practices and to increase privacy protection.
Both laws were passed by large majorities, with the DMA getting 588 votes (and 11 against it) and the DSA getting 539 votes (54 against). Thirty people did not vote.
Antitrust escalation
"The European Parliament has adopted a global first," said a statement from Commission EVP Margrethe Vestager. "Strong, ambitious regulation of online platforms. The Digital Services Act enables the protection of users’ rights online. The Digital Markets Act creates fair, open online markets. As an example, illegal hate speech can also be dealt with online. And products bought online must be safe. Big platforms will have to refrain from promoting their own interests, share their data with other businesses, enable more app stores. Because with size comes responsibility — as a big platform, there are things you must do and things you cannot do."
In a blog post on LinkedIn, internal market commissioner Thierry Breton said: "The EU is the first jurisdiction in the world to set a comprehensive standard for regulating the digital space."
The acts will end the era of platforms which are "too big to care," and stop them from ignoring issues like Russian disinformation and the fomenting of the Capitol Hill attack
The rules have been in the making for nearly two years, and emerge from increasing tussles between the EU and tech giants like Google, Microsoft, and Facebook, including fines for Google and Facebook over privacy, and antitrust complaints against Microsoft.
The DMA is an antitrust law intended to protect smaller businesses in sectors dominated by tech giants, like cloud services and social media It defines some companies as "gatekeepers," if they are worth more than $75 billion (€73bn) have at least 45 million monthly users and $7.5 billion (€7.3bn) annual sales in the EU.
Under the DMA, firms cannot promote their own services higher than competitors in internet search results, and cannot reuse data collected from different services to cross-promote services.
It also demands that messaging services like Facebook Messenger, WhatsApp, and iMessage be ready to interoperate with smaller rivals, if asked to do so.
The DMA has been approved for July and will come into force six months after it becomes law. At that point, all gatekeepers must comply with its demands within a further six months.
DMA breaches can incur penalties of up to 10 percent of annual worldwide revenue, climbing to 20 percent for repeat offenders. For extreme cases, the Commission will be able demand that platforms be broken up, or even, for the worst platforms, potentially ban them from operating in Europe.
Meanwhile, the DSA aims to force platforms like Google, Amazon and Facebook to act against hate speech, disinformation, and promotion of unsafe products. It also wants to get rid of online abuse such as revenge porn.
Digital platforms will be liable for any unlawful content uploaded to their services, and they will have police content more actively.
The DSA is approved for September and must be applied across the EU. It will take effect 15 months after it is published, in January 2024. Under the DSA, companies risk penalties of up to six percent of their turnover.
Large platforms will have to comply more quickly with the DSA: they will have to come into line within four months of the law's recognition.
But can it work?
Enforcement looks like being a tricky issue, however. The Commission has announced a task force of 80 officials, a number which has been criticized as too small for such a mammoth undertaking.
The European Commission has established a taskforce of 80 officials to police the new rules, but critics argue that this number is insufficient.
In particular, European MP Andreas Schwab has pointed out that the EU's enforcement team will be going up against much bigger and better-funded legal teams from the tech giants.
In his blog, Breton said that all platforms must have a named legal representative in Europe, "so we will now know who to call if there is a problem."
Each Member State will set up its own internal regulator with power to enforce the rules, alongside a network of non-governmental organizations (NGOs) with particular expertise who will be trusted to pick up bad content.
"Class actions against platforms breaking the rules will be made easier, and damaged consumers can be compensated," warned Breton.
While the Commission will have the responsibility of supervising the gatekeepers, it will also be able to impose fees on very large platforms and search engines, to cover the cost of supervision and enforcement.
He also pointed out that the DG Connect directorate at the EU has already been active in these areas. Dedicated teams will be set up there, based around specific themes, such as societal, technical and economic aspects of the rules: "Issues such as risk assessments and audits will be handled by the societal issues team. The technical team will take responsibility for issues such as interoperability of messenger services or the use of non-fungible tokens for product tracing, or the development of standards supporting the new rules.
"Finally, the economic team will cover DMA-related unfair trading practices, such as data access or so-called FRAND conditions; or ensuring respect to the DSA-related liability exemptions or 'know-your-business customer' rules for marketplaces."