Used Services and Cookies

Our website uses cookies to enhance your user experience. Some cookies are essential for the operation and management of the site, while others are used for anonymous statistics or personalized content. Please note that limiting cookie use may impair certain functions of the website.

More information: Imprint, Data protection

Essential cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website or, for example, saving your cookie settings. The website cannot function properly without these cookies. This category cannot be deactivated.
  • Name:
    ukie_a_cookie_consent_manager
  • Domain:
    blomstein.com
  • Purpose:
    Stores the cookie preferences of website visitors.
  • Name:
    blomstein_session
  • Domain:
    blomstein.com
  • Purpose:
    The session cookie is essential for the basic functioning of the website. It allows users to navigate through the site and use its basic features.
  • Name:
    XSRF-TOKEN
  • Domain:
    blomstein.com
  • Purpose:
    This cookie serves security purposes and aids in preventing Cross-Site Request Forgery (CSRF) attacks. It is a technical necessity.
These cookies collect information about how you use a website, e.g. which pages you have visited and which links you have clicked on.
  • Name:
    _ga
  • Domain:
    blomstein.com
  • Purpose:
    The Google Analytics cookie _ga is used to distinguish users by assigning a unique identification number to each visitor. This number is sent to Google Analytics each time a page is accessed in order to collect user, session and campaign data and to statistically evaluate the use of the website. The cookie helps website operators to understand how visitors interact with the website by collecting information anonymously and generating reports.
  • Name:
    _ga_*
  • Domain:
    blomstein.com
  • Purpose:
    The _ga_[container_id] cookie, specific to Google Analytics 4 (GA4), is used to distinguish website visitors by assigning a unique ID for each session and each user. It enables the collection and analysis of data on user behavior on the website in anonymized form. This includes tracking page views, interactions and the path users take on the website to give website operators deeper insights into the use of their site and improve the user experience.
  • Name:
    _gid
  • Domain:
    blomstein.com
  • Purpose:
    The _gid cookie is a cookie set by Google Analytics that is used to distinguish users. It assigns a unique identification number to each visitor to the website, which is sent to Google Analytics each time the page is accessed. This makes it possible to track and analyze user behavior on the website over a period of 24 hours.
  • Name:
    _gat_gtag_UA_77241503_1
  • Domain:
    blomstein.com
  • Purpose:
    The _gat_gtag_UA_77241503_1 cookie is part of Google Analytics and Google Tag Manager and is used to throttle the request rate, i.e. it limits data collection on high traffic websites. This cookie is linked to a specific Google Analytics property ID (in this case UA-77241503-1), which means that it is used for performance monitoring and control of data collection for that specific website property.

Taming Digital Markets Globally

16.04.2024

Since March 7th, all core platform services that the European Commission has designated as gatekeepers under the Digital Markets Act (DMA) so far, must comply with the DMA’s obligations and had to submit comprehensive compliance reports. In these reports, they must show in a detailed and transparent manner all relevant information needed by the European Commission to assess the gatekeeper’s effective compliance with the DMA.

In our series of briefings, we recap the key milestones of the DMA implementation, deep dive into the various obligations that gatekeepers are facing, lay out the DMA’s implications for stakeholders who are not (currently) within the direct scope of the legislation and update you on the current status of affairs in the DMA’s implementation.

This time we focus on: Regulators’ attempts to tame digital markets worldwide in the wake of DMA.

Regulation of digital markets abroad

After the EU adopted the GDPR in 2016, it was not only hailed as a first-mover when it came to restricting businesses’ leeway for collecting and processing consumer data, it was also soon credited with having set a global data protection standard. Similarly, observers anticipated an adoption of DMA-inspired antitrust legislation by other large nations in which big tech companies operate.

The DMA has been in the making for a good 3 years. During this time the European Commission’s attempt to regulate big tech companies has been closely watched by many regulators across the world considering similar regulation. Germany ‘jumped the gun’ and passed its own equivalent regulation in 2021, which is now – since the DMA has entered into force – of only complementary relevance. However, it’s worth to look at efforts of regulators outside the DMA to establish competition frameworks for big tech companies.

While the UK has put forth its own digital markets legislation, the US seem to remain ambivalent as to the timeline and contents of a proprietary competition regime for big tech companies. Other nations are either still in the process of drafting up antitrust regimes for digital markets or have recently shifted their focus towards a regulatory framework for AI.

UK: Digital Markets, Competition and Consumers Bill (DMCC)

In the UK, the DMCC is under way, a law that would put the UK’s Competition and Markets Authority (CMA) in charge of regulating companies with “strategic market status” (SMS). Within the CMA, the newly created Digital Markets Unit (DMU) will bear this task. As is the case for competition watchdogs in other European and North American jurisdictions, the CMA had already scrutinized the digital markets territory prior to tailored legislation for online platforms. Its blockage of Facebook’s (now Meta Platforms) acquisition of Giphy in 2021/2022 was one noticeable example of this. The DMCC, together with the creation of the DMU, institutionalizes this set of the CMA’s responsibilities.

Whereas the DMA relies primarily on quantitative thresholds to designate a company a gatekeeper (though the European Commission can still categorize a company as a gatekeeper when these thresholds are not met, and vice versa), the DMCC approach is more discretionary, allowing the UK regulator to determine SMS status based on various factors. These include market power and strategic significance. The DMA’s thresholds indicate cases in which companies typically reach gatekeeper status, while the DMCC only contains “safe harbour” thresholds below which a company cannot receive SMS status. Early collaboration between affected companies and the CMA is expected and deemed desirable in the process. Companies are not automatically designated to have SMS when they meet certain criteria. That requires an SMS investigation. The CMA may start such investigation into a company at any time if it has reasonable grounds to assume that the company may meet the SMS definition, to then decide within a statutory deadline of nine months (extendable by three months in exceptional circumstances) to conclude its assessment. An SMS designation would thereafter apply for a five-year period.

The DMCC gives considerable discretion to the DMU when it comes to imposing conduct requirements on SMS companies. The tools from which the DMU may choose are parallel to the restrictions laid out in the DMA - e.g. it can prohibit self-preferencing, tying, interoperability restrictions etc. -, but crucially the DMCC will see these restrictions not apply to all SMS companies regardless of the scope and nature of their business. Rules of conduct for an SMS company will be “tailored” to that company’s individual position and the risk it poses. In comparison, DMA gatekeepers will all be subject to one set of rules no matter their idiosyncrasies.

The DMU’s powers are more flexible than that of the European Commission in that it can impose structural remedies on an SMS company per its discretion. This could include far-reaching rulings such as divestments and ownership separation. The European Commission on the other hand can only resort to structural remedies after it has already issued three or more non-compliance decisions against a gatekeeper in the last eight years. Also, the DMCC contains exemptions for SMS companies’ duty to comply where net consumer benefits might outweigh detrimental effects on competition. The DMA does not provide for any efficiency justification.

Generally speaking, the DMCC is dubbed a more flexible and cooperation-based approach between regulator and SMS companies than the DMA. The idea is for the DMU to operate consent-based, gradual and solution-oriented as far as possible.

Yet, the DMCC will contain a more comprehensive merger control for SMS companies acquiring at least 15% of a UK target company, as well as financial fines of up to 10% of annual global turnover. Unlike the DMA, the UK bill introduces additional penal measures such as director disqualifications and civil penalties for senior managers. 

While these aspects of the bill have remained undisputed throughout its amendments so far, it appears to be not fully clear yet which new provisions a final DMCC might ultimately contain, such as potentially consumer law collective action provisions.

While the DMCC’s first draft was first introduced in April 2023, it has since been amended thrice. Its latest changes in March 2024 were supposed to, inter alia widen the scope of banned commercial practices with respect to fake reviews, as well as they regulate secondary ticketing.  A precise timeline for the DMCC’s entering into force is unclear, though it is believed to be signed into law within April 2024. However, it will likely not see implementation before late 2024.

USA: American Innovation and Choice Online Act et al

US developments in big tech regulation have already trailed those in Europe when it came to the GDPR. While state-by-state legislation for large online platforms exists today, national legislation is not yet in sight. The Biden administration has tightened antitrust enforcement through the Department of Justice (DoJ) and the Federal Trade Commission (FTC), but federal laws for the digital space have not progressed far as of now. The departments and agencies’ utilization of existing antitrust legislation to police big tech companies in lack of new regulation has seen mixed results: The FTC for example has lost court cases against both Meta and Microsoft in merger control cases. 

Different lawmakers have sponsored bills, but without success so far. A draft deemed one of the more promising examples is the American Innovation and Choice Online Act, a bill sponsored by both Democratic and Republican senators in 2022. It has not passed the US Senate yet and would still have to be approved by the US House of Representatives thereafter. This bill, together with other proposals such as the so-called ACCESS Act, would prevent large tech platforms from self-preferencing and prescribe rules for data transferability from one platform to another. Both these objectives are already tackled by the DMA, as described in BLOMSTEIN’s DMA Briefings on Self-Preferencing and Interoperability, Portability and Switching.

In general, more than a dozen legislative proposals on the field of digital market regulation have been made since the beginning of the Biden presidency. These aim for various goals such as tightening merger control or preventing companies from owning multiple parts of the digital advertising ecosystem (e.g., buy-side, sell-side and ad exchange).

Another, more recent attempt by Democratic senator Warren and Republican senator Graham with similar goals to that of the American Innovation and Choice Online Act, likewise seems to have lost momentum and has not yet led to a preliminary bill to be put to a vote. Until sentiment in the US Congress changes, it seems likely that US legislature aiming at big tech in a similar fashion to the DMA will keep originating in state congresses, most notably that of California which e.g. passed its own California Consumer Privacy Act in 2018, leading to a fragmented and partial digital markets regulation at best. US ministries and agencies’ ability to fill the legislative void are limited, even though the motivation to increase scrutiny over digital companies is there. That was recently demonstrated again by the US Consumer Financial Protection Bureau’s proposal to regulate digital payment providers. But without legislative backing, these attempts risk being struck down by US courts, as has happened repeatedly in the past. 

Digital Market Regulation Globally

Another country that saw a recent, yet unsuccessful, attempt to regulate big tech companies is South Korea. Unlike Europe, South Korea is home to proprietary tech companies that in many cases have market shares similar to those of the large US platforms in Europe, e.g. in fields such as online search engines, e-commerce or mobile messaging services. The South Korean government initially proposed competition laws resembling the EU's DMA in a Platform Competition Promotion Act. However, after facing backlash from industry, consumers, and the U.S. government, it was decided to delay the bill's introduction to gather more opinions.

Currently, South Korean authorities are consulting with its tech industry as well as with the US Chamber of Commerce. Survival, timeline, and contents of a revised bill are unclear as of now, though the South Korean President Yoon Suk Yeol has indicated that he wishes for South Korea to arrive at some form of big tech regulation. 

Meanwhile, other important markets for big tech companies - nations such as Taiwan, Japan, Canada or Australia -, are likewise moving towards more stringent antitrust enforcement and/or legislation or have already done so. Some of these countries seem to deprioritize antitrust legislation for now and focus on regulation for AI, just as the EU is also moving towards implementation of its novel AI Act.

BLOMSTEIN will continue to monitor and assess the developments and practical application of the DMA provisions. If you have any questions on the topic, Anna Huttenlauch and Elisa Theresa Hauch will be happy to assist you.

 

  1. DMA Briefing Series – Kick Off

  2. Private Enforcement under the DMA

  3. Use of End User / Business User Data (Article 5 para 2, Article 6 para 2)

  4. Most-Favored-Nation Clauses (Article 5 para. 3)

  5. Anti-Steering Practices (Article 5 paras. 4 and 5)

  6. Tying and Bundling (Article 5 paras.7 and 8)

  7. Advertising under the DMA (Article 5 para. 9 and 10 and Article 6 para 8)

  8. Self-Preferencing (Article 6 para. 5)

  9. Interoperability, Portability and Switching (Article 6 para. 3, 4, 6, 7, 9)

  10. Business User Access to Data (Article 6 para 10)

  11. Access to Data and Services (Article 6 para 10 - 12)

  12. Outlook: Digital Regulation around the Globe

back to overview