Legislation, especially EU legislation, is rarely the most stimulating of topics. Recently, though, as the EU has taken a global leadership role on regulating AI, there have been some more exceptions to this rule. And as the EU finally trained its sights on Big Tech with March’s Digital Markets Act, due to come into force in October, it is no exaggeration to describe this as a landmark move from Brussels.
The Act aims, in its own words, to ensure that digital “gatekeepers” behave in a fair way online. It applies only to companies meeting specific criteria, such as at least 45 million monthly users. As such, commentators note that it applies not only to the likes of Google, Apple, Facebook, Amazon and Microsoft (GAFAM), but also Booking.com and Chinese e-commerce company Alibaba.
The principle of fairness underpinning the Act is the idea that dominance in the market for one good should not be leveraged to restrict competitors in the market for another. Apple, for example, has been very successful in selling its hardware: Macs and iPhones. But they should not, by this logic, be able to use this to control the apps that are bought on iPhones, to the detriment of potential rivals, and taking a 30% cut from all the profits along the way.
The result is a bold piece of legislation which forces the gatekeepers to open up their services to competition. Google will now have to offer alternatives to its search engine and maps on its Android phones. Apple will have to allow users to uninstall Safari and other pre-installed Apple apps, and to download apps beyond the App Store. Perhaps most strikingly, messaging services would be made interoperable with smaller competitors, meaning that someone using Facebook-owned Whatsapp could message a friend who uses a different service.
For the first time, these companies will genuinely have to toe the line. The days where they could just engage in a protracted, years-long legal battle, with the only possible punishment a fine a fraction of their revenue from the EU market, seem to be over for two reasons. Firstly, the punishment is far harsher: up to 20% of global revenue for repeat offences, with a provision to break up serial offenders. Exactly what this would mean for these US companies is unclear, but the shrug of impunity is hopefully something of the past.
Secondly, the new laws make it easier to prosecute Big Tech. There will now be clear ground rules, rather than just attempts to retrospectively prosecute people. This is called ex-ante regulation: legislation sets out clearly in advance what constitutes misbehaviour, and is therefore forward-looking and preventative rather than retroactive. Significantly, this places tech gatekeepers in the same category as “utility” sectors such as finance, energy and telecoms. The idea is that such legislation is needed in advance to protect consumers, because of the size and importance of these companies.
The industry’s army of lobbyists dismally failed to prevent legislation, despite its best efforts. Public protests by the companies continue, though. Google and Facebook, the latter represented by Nick Clegg, argues that the act will reduce innovation. Despite the obviously self-serving motivations of those advancing it, there is some truth to the claim. Preventing bundling of products clearly prevents that specific kind of innovation. Similarly, interoperability requirements present an immense headache for developers at these larger companies.
That is to say, it stymies one kind of innovation. The flipside of that is that preventing anti-competitive behaviour against smaller companies can only serve to stimulate innovation among such players. Whether this Act harms innovation overall depends on how you weigh up the overall impact of favouring these smaller companies against the large. In domains where vast amounts of upfront investment are needed, huge monopolies can be highly innovative; the world of apps and software is, on the whole, outside of that sphere.
The more serious problem is one of security. Take WhatsApp, known for its end-to-end encryption. The Act requires that it be made interoperable with smaller rivals, whose service may be less secure. Another concern is the requirement for consent to be able to use data from third-parties — a laudable principle, but not without its own issues. For example, using external security services to scan incoming emails for malicious content might require users’ consent. That will plague users with more “do you consent” pop-ups and leave busybodies like myself who derive a strange satisfaction from always selecting “do not consent” more at risk.
The law, overall, is a bold and long-overdue move with far-reaching consequences. It is not perfect, by any means. But it is a proactive approach to technology regulation that, we can hope, is here to stay.
Photo: Guillaume Périgois, Unsplash