Monday - June 20, 2022 June 20, 2022

Interview with Ian Brown

The Digital Markets Act: EU Regulation of Online Platforms


Author: Ludovica Formicola

Ian Brown is a leading specialist on Internet regulation, particularly relating to information security and privacy, digital elements of the election cycle, and pro-competition mechanisms such as interoperability. Dr. Brown is visiting CyberBRICS professor at Fundação Getulio Vargas (FGV) Law School in Rio de Janeiro, and an ACM Distinguished Scientist. He was previously Principal Scientific Officer at the UK government’s Department for Digital, Culture, Media and Sport; Professor of Information Security and Privacy at the University of Oxford’s Internet Institute; and a Knowledge Exchange Fellow with the Commonwealth Secretariat and UK National Crime Agency.

Portretfoto Ian Brown
Dr. Ian Brown

Can you introduce yourself and your job in relation to the Digital Markets Act (DMA)?

I am Ian Brown, a computer scientist who has been working on Internet regulation and public policy for many years. Since 2008, I have been exploring interoperability as a way to give Internet users more genuine choice online. It was interesting when the DMA came along in 2020, to seeing it being considered by the European Commission. In the past two years, I have been doing more research on what the DMA could do, specifically relating to interoperability of large online gatekeeper platforms. I also have been working with the Open Society Foundations, George Soros’ network of foundations around the world, and with some civil society groups in Brussels, such as European Digital Rights. I have been actively engaging in talks with the Members of the European Parliament (MEPs), Commission and Council to try to persuade them to include a broad interoperability obligation in the DMA.

Why does the DMA matter in your opinion?

Looking at the national markets for digital services in the EU, including search, social media, and messaging, you can see that only a few companies have a very large market share. For example, Google holds over 90% of the search market in most EU Member States. Similarly, Facebook’s free instant messaging products (i.e., WhatsApp, Instagram Messenger, and Facebook Messenger) have a very large percentage of the instant messaging market. Apple and Google’s operating systems together, have almost all the mobile phone operating system markets in most of the Member States. One downside is it limits the freedom of choice of Europeans. For example, people who would like to use a more privacy-focused instant messaging service, compared to Facebook’s instant messaging services, have a very limited choice of other services. Signal is an example of a great tool a small number of people use; however, most Europeans will have lots of friends, family, and colleagues already communicating via WhatsApp or Facebook Messenger. As a result, to stay in touch with those people, they have to stick with this narrow range of products and have no effective choice to leave. This limits the competitive pressure on bigger companies to improve the quality of their products over time. Additionally, it makes it difficult for smaller companies, including European SMEs, to break into those markets by offering services that operate differently.

What in your opinion are the most important provisions the DMA will introduce?

First of all, DMA defines the criteria to qualify as a gatekeeper firm. In the final text, gatekeepers are defined as those firms whose market capitalisation is over €75 billion, having 45 million users across the EU, and at least 10,000 business users. For companies that meet this definition there is a long list of obligations and prohibitions they will have to comply with. Some provisions are targeted at specific services. For example, companies such as Google, with a dominant search engine, will have to share certain information with smaller competitors to improve the quality of search. Therefore, one thing European users should notice, as the DMA takes effect, is there will be other services of significant better quality able to compete with the larger companies. A second aspect to consider is that gatekeepers will have to open up their instant messaging software. Somebody using another instant messaging service shall be able to send messages to their contacts on a different service. Given the current difficulty in persuading people to use alternative messaging services, this is a provision that will really make a difference.

How do small and medium enterprises (SMEs) benefit from the implementation of the DMA?

There are roughly 20 prohibitions that will apply to the gatekeepers for the benefit of smaller companies. I will give two examples. First, larger companies, such as Google and Apple, will be required to let people install alternative competing app stores on their mobile phones. This implies that small developers wanting to sell their apps to end users of Google and Apple phones, will have new ways of reaching customers, without having to pay the 30% fees that often apply to the app stores in question. This obligation brings a direct benefit to both small and big developers in Europe. Consider that Epic Games, the developer of the popular gaming app Fortnite, has been suing Apple to achieve the same result under U.S. law. A second example is that gatekeepers will no longer be allowed to combine the data they have about end users from their core services, including search engines and social networks, with other services they are developing, unless being given explicit consent. This is a measure that helps both SMEs and end users, because currently if gatekeepers wish to move into a new area or provide a new service, they can often do that using the data they already have about their billions of existing customers. This ability translates to unfair competition towards SMEs trying to develop similar services that, however, do not have all the data about Google, Apple, or Facebook’s European customers.

What elements of the DMA cause the most disagreements among EU institutions, potential “gatekeepers”, experts, and civil society? Are some elements still lacking?

There were two areas where there was a lot of debate and argument. One was on the definition of a gatekeeper, and specifically, how large a gatekeeper would have to be under the Act. The European Commission originally proposed a market capitalisation of €65 billion. However, during negotiations, the European Parliament was talking about setting capitalisation up to €100 billion and much larger sums. I personally think the Parliament wanted to focus the Act on a very small number of the biggest companies for good reasons. However, the downside is that always targeting the same American companies, namely Google, Apple, Facebook, Amazon, Microsoft, could have been very damaging for political relations between the U.S. and the EU. In fact, the US Department of Commerce complained about the DMA by accusing the EU of “tech protectionism”. As a result, the European Council started to push for lower limits to also include some European companies in the definition of gatekeeper. Therefore, the final DMA has ended up by setting capitalisation threshold to €75 billion. Such agreement implies that some European companies, such as Booking.com, will also potentially come under the definition of gatekeeper. Broadening the number of companies affected was sensible. Agreeing otherwise would have been unnecessarily damaging for the cooperation between the U.S. and Europe, which is especially important in regulating the Internet. Another area of concern is that the final version of the DMA does not go nearly as far as the European Commission originally proposed relating to mergers. I think this is something that will have to be addressed in future action. The German government is pushing for that already. In 2021, the Commission made some changes to its guidelines on the EU’s Merger Regulation. The update of this regulation is likely to be an area where there will be significant action to be taken. It is definitely a positive first step.

The interoperability measures the DMA will introduce have been criticised for being impractical. Specifically, some suggest it will take a long time for platforms to implement this obligation in all its technical aspects, possibly implying threats to end to end encryption. Are these worries reasonable?

I have personally been campaigning for and working on the encryption of services for 20 years. If you look at the DMA’s final text, gatekeepers will have to introduce interoperability obligations that comply with security and privacy protections. Provided encryption is the focus of my technical background and was also the topic of my PhD, I can reassure readers it is possible to have interoperability without breaking end to end encryption.

Now that the DMA and Digital Services Act (DSA) are a reality, how do you envision the future of Internet governance? What should be the EU’s direction?

The DMA and the DSA were only the first two of this large package of legislation that is being debated. The Data Governance Act has just been agreed, the Data Act and AI Act are being developed, while the ePrivacy regulation needs to be finalised. The EU is being ambitious in introducing this wide set of new laws. It will be very interesting to observe the evolution of Internet regulation in the next 5 to 10 years; it will certainly look very different. Moreover, given I have been researching the potential of interoperability to create more competition and choice online, I am really pleased to see such provision in several places in the DMA and being championed by MEPs. This might be something that turns up in other types of future law in relation to other specific industry sectors, such as banking. Interoperability is already partly present in the Revised Payment Services Directive (PSD2) and the EU Institutions are discussing how to make it a big part of future financial regulation.

 

This is the third of a series of articles entitled ‘The Digital Markets Act: The Future of Online Platforms’. With this project, Netwerk Democratie wishes to inform EU citizens about the most recent developments in Internet regulation, making complex topics fun and accessible. The first article provides a brief overview of the DMA and the DSA. In the second article senior economic consultant Dr. Cristina Caffarra discusses the “almost grotesque market power” of Big Tech companies.