A pair of proposed laws from the European Union — the Digital Markets Act and the Digital Services Act — both target big tech firms, but they will target different companies in different ways.
The DMA targets the largest of the tech companies or “gatekeepers” and aims to open up their systems to outside market participants via interoperability and other provisions. Meanwhile, the DSA seeks to make edge providers responsible for the content and products published or promoted on their platforms.
Experts agree that the DSA is likely to have the biggest impact on companies that rely on advertising or e-commerce, while the DMA will most affect those companies that have a hardware component related to their software offerings — companies like Apple Inc., Alphabet Inc. and Microsoft Corp.
The DSA “is a direct challenge to both Meta [Platforms Inc.] and Google — the two companies dominating digital advertising — since their business model is based on leveraging search capabilities and the use of social media with targeted advertising,” said Raul Castanon, senior analyst at 451 Research, a technology research company that is part of S&P Global Market Intelligence.
To target or not to target
The DSA contains provisions that counter the offering of illegal goods, services or online content, including requiring platforms to provide users the ability to flag such content. It also bans certain types of targeted advertising.
A key question for Meta and Google is how the DSA will influence their targeted advertising model, which is responsible for the bulk of revenues.
If the DSA “effectively bans targeted advertising unless the target is verified to be over 18, this is a fairly massive change,” Jo Joyce, an information rights specialist at Taylor Wessing, said in an interview with S&P Global Market intelligence.
Joyce believes more clarity about the potential impact will emerge when the full text of the law is available. In an initial press release, the European Commission said only that targeted advertising will be banned when it comes to sensitive data like sexual orientation, religion and ethnicity, as well as ads targeted towards children.
Apple wishes DMA was DOA
The DMA will probably hit Apple the most, analysts said.
The iPhone manufacturer could potentially be forced to “open its payment system to competitors, a significant threat for a high margin business,” Castanon said.
Apple CEO Tim Cook has been critical of the DMA, pointing to a provision that would allow sideloading, where users are given the option to install apps from third-party app stores. Cook in April said the practice could pose risks to user security.
Microsoft’s vice president of European government affairs, Casper Klynge, has repeatedly said the company is supportive of the measures. Microsoft has a more open system and its high-growth cloud business may not be affected at all.
New laws, new challenges
Companies cannot really challenge the new laws due to how the European legal framework works, Joyce said. What they can do is work with the regulators on shaping the laws and continue engagement after the laws have been implemented.
Companies are already beefing up their compliance departments. “Among the bigger platforms, there is a lot of work being done to second-guess the regulators,” Joyce noted.
The regulators’ job is also unlikely to be easy. Enforcement of Europe’s sweeping privacy law known as the General Data Protection Regulation, which took effect in 2018, has been somewhat derailed by delays in investigations due to short-staffing. Specialists in information security are in high demand now, and usually, Big Tech has more resources to attract the best talent. And experts say DMA and DSA enforcement is likely to be tougher than GDPR.
“Some of the behaviors are much harder to observe. For instance, it is very hard to see if companies are doing self-preferencing,” Jacques Crémer, a researcher at the Toulouse School of Economics who has authored papers on competition in digital markets, told S&P Global Market Intelligence. Short-staffing and lack of talent mean the commission will have to prioritize areas it wants to pursue most.
GDPR as precedent
That is not to say GDPR has had no effect.
While GDPR fines are limited to up to 4% of the preceding year’s turnover or €20 million, fines from DMA can reach up to 20% of total worldwide turnover of the preceding financial year for repeated infringements. In July 2021, Amazon.com Inc. was fined €746 million for alleged violations of the GDPR in what has been the biggest penalty levied under this law so far, although this is likely to be negotiated down on appeal. According to law firm DLA Piper, the level of fines related to data privacy breaches has increased sevenfold in 2021 from 2020, with Amazon, Facebook and Google bearing the brunt.
“We know that the laws could have a very big impact. What we don’t know yet is the way in which the [European Commission] is going to implement them,” Crémer said.
Crémer believes the European Commission is likely to pursue the implementation “aggressively” given the “huge amount of political capital” it has put into designing and passing the laws.