Technology companies are facing a set of legal and regulatory challenges in the United States and Europe. Companies should closely monitor developments, develop communications around their positions and the potential impact on their operations and begin to prepare to comply with new laws.
Here are three issues in play:
EU negotiators have reached an agreement on the Digital Markets Act (DMA). The DMA marks a significant step in Europe’s effort to promote competitive digital markets, with the Commission shifting from ex-post antitrust intervention to ex-ante regulation. It has the potential to reshape app stores, online advertising, e-commerce, messaging services and other everyday digital tools. DMA’s main objective is to guarantee a level playing field for digital players by imposing rules on what is acceptable behavior and not. The DMA could enter into force in October and companies would have to comply by February 2024.
Companies reaching a threshold of €7.5 billion ($8.3 billion) in revenue in Europe for the last three years, plus a minimum market value of €75 billion, ($83 billion) will be considered gatekeepers. Gatekeepers also need to have a minimum of 45 million monthly end-users and 10,000 annual business users. The final list of gatekeepers will be drawn up by the Commission, but Alibaba, Apple, Amazon, Booking.com, Google, Meta and Microsoft are expected to fall within the scope.
Core Platform Services
Gatekeepers must control one or more core platform services in at least three EU member states. These services include marketplaces and app stores, search engines, social networking, cloud services, advertising services, voice assistants and web browsers.
Prohibitions include preventing gatekeepers from combining data collected through their core platform services with data collected from other sources unless end-users consent after being offered a less privacy-intrusive alternative.
Gatekeepers will be prevented from bundling services together. DMA would allow users to freely choose their browser, virtual assistants or search engines. Gatekeepers will no longer be able to require app developers to use certain services to be listed in app stores. At the same time, gatekeepers will have to allow app developers fair access to the supplementary functionalities of smartphones.
The DMA will force gatekeepers to make their messaging services interoperable with those of rivals. However, a Parliament proposal to include interoperability for social media was dropped. Platforms will have to be open and interoperable with smaller messaging platforms, but not on group chats at least for the next four years.
The Commission will have the power to temporarily block acquisitions planned by gatekeepers if they systematically fail to comply with DMA obligations.
Penalties for breaching the rules can be up to 10% of annual worldwide turnover for first infringements and up to 20% for repeated infringements. Gatekeepers that break the rules at least three times in eight years risk facing a market investigation and, if necessary, behavioral or structural remedies — including a possible breakup of the company.
The European Parliament and the Council have reached a political agreement. The legal text will now be finalized and requires formal approval by the two co-legislators. Once adopted, DMA will be directly applicable across the EU and will apply six months after entry into force.
U.S. industry groups are criticizing the new law as biased against U.S.-headquartered companies and predict it will harm innovation in Europe. Some companies are likely to pressure the Biden administration to defend their interests in bilateral discussions. Members of the U.S. Congress working on tech reform say the EU’s new rules make clear the need for Washington to advance its own measures.
On March 25, President Biden and EU Commission President Ursula von der Leyen announced an agreement in principle on a new framework for transatlantic data flows. The framework is the result of lengthy negotiations between Washington and Brussels. The new framework is intended to address concerns raised by the EU’s Court of Justice when it struck down the Commission’s decision underlying the EU-U.S. Privacy Shield framework in 2020. Many in Europe are wary of data transfers to the United States because they believe transferred data will not be protected from being used by the U.S. Government.
While details and texts have not been finalized, the framework is expected to:
Negotiators could finish the details as soon as next month. However, European national data protection agencies and lawmakers will weigh in before the agreement is finalized. In addition, the new framework is certain to be tested in the EU courts. The initial industry reaction to a potential deal is positive.
The U.S. Congress has been debating tech reform legislation for months. House Speaker Nancy Pelosi wants to put three antitrust bills on the House floor, but passage will have to rely on votes from Republicans. The three bills collectively would:
Each bill has a Senate counterpart that has advanced out of committee. However, to achieve the 60 votes required for Senate passage, amendments will be offered during Senate floor debates that would alter the bills. Once both chambers have passed their version, a conference will negotiate differences. The Biden administrational also wants to reform antitrust law outside the traditional litigation route. It has appointed harsh critics of the tech sector to lead the Federal Trade Commission, at the Department of Justice and in the White House.
Other tech reform legislation — from a national data privacy law to moderating content on social media platforms — remains in play, but Democrats and Republicans have not yet aligned on an approach or pathway to enacting new laws.