Read more about the concept of data minimization: a principle of GDPR that limits the collection of data to what is adequate, relevant and limited.
Digital Services Act and Digital Markets Act, the theory
DMA and DSA. You read a lot about them, even on news sites like HLN.be. And rightfully so, because the Digital Markets Act (DMA) and the Digital Services Act (DSA) mark significant shifts in the online landscape. Before you start worrying about compliance, the Digital Markets Act is unlikely to change much for you. The Digital Services Act, however, rightly tightens existing rules.
Digital Markets Act (DMA)
Additional obligations for large platforms
Let's dive right into the heart of the matter: the European Commission has labeled Booking as a digital 'gatekeeper' and imposed stricter rules on the company. This is an example of the Digital Markets Act in action. It aims to ensure fair competition on digital platforms. Today, a handful of providers dominate the market for core services. In the DMA, such a player is called a gatekeeper and faces additional obligations. For example, Google or Apple cannot favor their own services. Think of the default Safari browser on an iPhone. Now, you must be able to choose your browser when setting up your iPhone.
The number of gatekeepers is limited. Alphabet (Google's parent company), Amazon, Apple, Bytedance (TikTok), Meta (Instagram, WhatsApp & Facebook), Microsoft, and since May 13, Booking are members of this select club. We are still waiting on X (Twitter) as they have appealed the decision that they are a gatekeeper.
The Digital Markets Act creates a fairer playing field. It helps you better understand how gatekeepers operate and how you can optimize your efforts. This benefits fairer competition and curbs the quasi-monopolies of some Big Tech companies.
A fairer playing field for European providers
For your company, there is probably no reason to panic. Joy might be a more appropriate reaction for the black box of major digital players is opening wide. The DMA, among other things, requires gatekeepers to provide more insight into the algorithms and processes they use to rank content, process user data, and make other important decisions that affect user interactions. Suddenly, you see information popping up about how a ranking is made. Below is an example from Booking.com and here is the full explanation of how they come to a search result.
Are you a European provider of online services? Then the Digital Markets Act creates a fairer playing field. It helps you better understand how gatekeepers operate and how you can optimize your efforts. This benefits fairer competition and curbs the quasi-monopolies of some Big Tech companies.
The Digital Markets Act can also demand interoperable standards. So platforms 1 and 2 must work in a way that allows mutual exchange. Think of Messenger and WhatsApp being used interchangeably. As a WhatsApp user, you can suddenly decide to work within WhatsApp through another messaging app. A whole new reality... WhatsApp updated its privacy policy on February 16, 2024, and added information about interoperability.
Digital Services Act (DSA)
A safer digital space for consumers and citizens
Now on to the second act. Europe is determined to create a safer digital space. This means, among other things, better protection of citizens' fundamental rights. While the DMA primarily has an economic motive (EU companies should get a fairer playing field), the DSA focuses on consumers and citizens. That's a good thing: our GDPR already provides a clear framework that respects stakeholders' data, but today's challenge is broader!
The DSA impacts more companies; it applies to a range of providers of intermediary services, offering services to individuals or companies in the EU. For those still grappling with the concept of intermediary services, this includes marketplaces, social networks, content-sharing platforms, app stores, or online travel and accommodation platforms. Want it more concrete? Think of 2dehands.be, linkedin.com, booking.com, jobat.be, youtube.com, tripadvisor.com, scarlet.be, one.com, and so on. A classification makes this digital forest of online trees clearer. The DSA categorizes these providers into four layers, with progressively stricter regulations.
Intermediary Services: think of a domain name provider or a telecom company
Hosting Services: your web and cloud services provider like Dropbox
Online Platforms: online marketplaces like 2dehands or Vinted
Very Large Online Platforms: giants with more than 45 million active EU users per month like Facebook, LinkedIn, YouTube, or Google
What impact does the DSA have on these platforms? On the one hand, it clearly outlines liabilities and responsibilities. On the other hand, it sharpens privacy obligations for these providers.
The DSA provides checks on who may offer services, products, or information. Spreading false information is monitored, and you must be able to easily file a complaint on each platform.
Liabilities and responsibilities
It is now clear - for a long time it wasn't! - that providers are not directly responsible for what happens on their platform. That does not mean they can let everything go. Far from it. They must have done everything possible to prevent fraud or, for example, the sale of illegal products.
They must therefore monitor and become gatekeepers. They are indeed responsible for correctly fulfilling this role. The DSA provides checks on who may offer services, products, or information. Spreading false information (does Fake News ring a bell?) is monitored, and you must be able to easily file a complaint on each platform.
Fun fact: platforms pay a contribution to finance the European supervisory authority. The contribution amounts to 0.05% of the profit in the previous financial year. So you can assume that there will be sufficient operating funds!
Additional privacy obligations
Personal data gets extra protection under the DSA. Cookie walls and dark patterns are banned. We will go into that further in a separate article because your cookie wall might deserve a makeover. Anonymous payment must be possible. There will likely be a tug-of-war between the Privacy and Taxation teams. Handling a sale on a site without personal data sounds challenging.
Data minimization becomes a spearhead. Buying socks and asking for your date of birth? That is more than ever not a good idea. Does that conflict with performing marketing after the purchase? A new balance must be found! Finally, there is a firm ban on targeted ads for children and teens and on targeted ads based on sensitive variables such as ethnicity, sexual orientation, or political preference.
And when does it start?
On August 25, 2023, the DSA already came into effect for very large online platforms (e.g., Zalando) and very large online search engines (e.g., Google), but from February 17, 2024, it applies to all platforms or intermediary services, for example, also a Bolero Crowdfunding or 2dehands.be.
The DMA officially came into effect on November 1, 2022, but the gatekeepers designated by the European Commission, namely Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft, were given until March 2024 to comply with the DMA.
By Yves Braeckman
As Head of Compliance I work on finding a balace between performing online interactions and respect for privacy in the broadest sense. The goal is to gain stakeholders’ confidence while creating durable digital solutions. Already today - but even more so in the years to come - compliance forms a cornerstone for any online activity.