The EU gave a “wake-up call” to the "Too big to care". It's a done deal, 2023 will lead us to a safer and more transparent digital environment, through two new regulations: the Digital Services Act (DSA), which will be implemented in 2024 and the Digital Market Act (DMA), from May 2, 2023. Their role is to promote competition and protect consumers of digital services. The big platforms, particularly the GAFAM (Google, Apple, Facebook, Amazon, Microsoft), are targeted in order to limit their economic domination.
1. What are DSA and DMA ?
2. Are there sanctions and penalties for non-compliance?
What are DSA and DMA?
Let's take a closer look at what these laws are. Generally speaking, the DMA focuses on the proper functioning of the internal digital market, with standardized rules, while the DSA is part of a preventive logic and therefore aims to neutralize possible problematic practices before they are noticed.
The DSA and DMA are regulatory tools that aim to:
· Create fair competition between digital stakeholders (competition law)
· Stimulate competitiveness, innovation and growth;
· Reinforce the freedom of choice of European consumers
The Digital Services Act (DSA)
The DSA's objectives are to fight against hateful, illegal online content, etc..
The DSA wants to make sure that what is illegal offline is illegal online. It tackles illegal content (incitement to hatred, illegal pornography, terrorism...) and products (such as counterfeit or dangerous items) to:
· Protect European Internet users and their fundamental rights (freedom of expression, consumer protection...);
· Help European SMEs to grow;
· Strengthen the democratic control and monitoring of very large platforms;
· Mitigate systemic risks, such as information manipulation or disinformation.
It will apply to:
· All companies offering "intermediary services" to users (social networks, messaging systems, marketplaces...).
· Hosting companies
· Very large platforms (with more than 45 million active users per month in Europe)
· Very large online search engines (with more than 45 million active users per month and more than 45 million European consumers respectively)
Implications of the DSA:
The Digital Services Act provides numerous and graduated measures to the online stakeholders, depending on their role. For the major digital players, this means:
· The prohibition of targeted advertising for underage users (the verification of the user's age must not lead to the processing of additional personal information either) or based on sensitive data (religion, gender, political opinion...).
· The opening of algorithms to analysis by the authorities
· Simplification and clarification of the conditions of use
· The prohibition of "dark patterns", those deceptive designs that push users to do things against their will (e.g. obscure privacy settings, pre-checked boxes, complicated unsubscribe settings, buttons that encourage the acceptance of cookies...).
· The establishment of moderation teams by platforms to enforce online the existing laws "offline"
· The implementation of a simple and direct reporting tool and the obligation to react quickly
· The obligation to cooperate with "trusted whistleblowers" (bodies, associations or individuals labelled within each state).
· The appointment of a "digital services coordinator" within each country who will be able to carry out investigations, refer cases to the courts and cooperate with the other coordinators.
The Digital Market Act
The objectives of the DMA is to promote fairer and more balanced competition by fighting the anti-competitive practices of GAFAMs.
According to the European Commission, there are more than 10,000 online platforms. 90% of which are SMEs today, operating on the European market, but only the largest platforms, described as "systemic", capture the bulk of the monetary value.
It will apply to: access controllers
Negotiations have focused on the definition of these "gatekeepers", which have become essential to benefit from the advantages of the Internet.
· A very important economic weight (7.5 billion turnover in the European Economic Area or a market capitalization/value of more than 75 billion euros with activity in at least three Member States)
· Control of an "essential platform service" in at least three European countries (email, social network, search engine, etc.) used by at least 45 million Europeans per month and more than 10,000 professionals per year in the Union.
· A "solid and sustainable" position on the market, which is characterized by exceeding the predefined thresholds in the previous 3 years.
The consequences of DMA
· The interoperability of instant messaging services (i-message, Facebook or WhatsApp) with smaller platforms (Telegram or Signal for example)
· The obligation to ask for users' "explicit consent" to send targeted advertisements, which will bring better protection of personal data.
· Greater freedom of choice for users to select their virtual personal assistant, browser, or search engine, by offering the possibility to use alternatives.
Access controllers will no longer be able to:
· Impose the most important software (web browser, search engines, virtual assistants) by default when installing their operating system. A multi-choice screen will have to be displayed so the user can choose between competing services;
· Favour their services and products over those of the sellers who use their platform (self-preference) or exploit the sellers' data to compete with them;
· Reuse a user's personal data for targeted advertising without their explicit consent;
· Impose certain additional services (e.g. payment system) on application developers.
Are there any sanctions and penalties for non-compliance?
The sanctions and penalties mainly concern GAFAMs. If the European Commission considers that an access controller is not complying with its obligations under the DMA, it can indicate concrete measures to be implemented. It can fine up to 10% of its total worldwide turnover and up to 20% for repeat offenders.
Under the DSA, each member state must determine the applicable penalties up to a limit of 6% of the company's annual revenue or turnover (lowered to 1% in case of incorrect information or refusal of an on-site investigation). Penalties are limited to 5% of daily turnover.
For very large platforms, the Commission can monitor compliance with the legislation itself. Companies that repeatedly fail to comply with the rules can be banned. If GAFAMs do not comply with this opening, they will be fined up to 10% of the company's global turnover. For Apple, this could mean a penalty of $36 billion. The Commission also reserves the right to ban, on European territory, the services of a company that does not respect these commitments.
There are several pieces of good news for companies in this new regulatory era that the European Union is preparing.
First of all, the EU wants to facilitate the compliance with standards with more flexible obligations in order to facilitate the growth of companies.
It will become economically profitable to be more responsible.
Having a positive impact is not only useful to demonstrate one's capabilities to investors and have a better ROI.
The general public likes to see companies make a sincere commitment and rewards them with support. Doing so is also a great opportunity for your growth and also for your employer brand.
International CSR initiatives will promote social, environmental and collective efforts, and will therefore also contribute to new business opportunities and long-term development perspectives.
In order to achieve this transformation, do not hesitate to seek the support of specialists. Measuring your social and environmental impacts and finding solutions to align your ESG strategy with your economic performance will be key to the sustainability of your business.
Author : Marie-Christine Aubin
To go further:
European Commission: The Digital Services Act package
On another subject: How finance is committed to a fairer digital world