Fairness is one of the two objectives pursued by the Digital Markets Act (DMA). Aside from making some sparse and broad references to what may constitute an unfair practice (see, for instance, Recital (33)), the DMA does not establish a normative definition of fairness based on criteria that could serve as benchmarks against which to assess gatekeepers’ conduct. As a result, the debate has been raging about how to interpret fairness for the purposes of the DMA. One issue that is central to that discussion is whether the DMA is restricted to protecting fairness in platform-to-business (P2B) relations. If so, consumers could benefit from the DMA only to the extent that businesses can reap the rewards of their contributions to the core platform service concerned.
However, taking a closer look at the DMA provisions that regulate platform-to-consumer relations (e.g., Article 5(2)), one realises that the DMA is not limited to protecting businesses. In fact, many DMA provisions benefit businesses only indirectly.
Whether the DMA protects fairness vis-à-vis consumers is not a theoretical discussion. It is a matter with significant practical implications for the effective implementation of the DMA. By means of example, in competition law enforcement, “consumer welfare” has been considered the golden standard against which to assess the anti-competitive effects of an agreement or unilateral conduct. However, competition authorities have not made full use of the instruments they have at their disposal (e.g., consumer surveys) to put the consumer at the centre of their administrative practice. Arguably, many decisions have missed the mark because they were based on the submissions of competitors and other businesses that focused on their perceptions of how consumers (would) behave. Surveys and the results of other empirical research have started to play a more prominent role in antitrust cases only recently.
Though the DMA undoubtedly protects gatekeepers’ business users, end users’ needs, preferences, and consumption patterns should not be cast aside. Indeed, the Commission should work closely with organisations protecting consumers’ interests and consumer and data protection authorities in order to assess the gatekeepers’ compliance plans. This is aligned with the legal basis on which the DMA rests; Article 114(3) TFEU lays down that, when adopting harmonising measures to complete the internal market, the EU “will take as a base a high level of [consumer] protection, taking account in particular of any new development based on scientific facts”. This clearly includes the decisions adopted by independent regulators that address practices the DMA (also) tackles.
Against this backdrop, this post discusses why the DMA cannot be deemed to protect business users only. It does so by illustrating that some provisions in the DMA are inspired by the definition of “fairness” in consumer law and data protection regulation. Finally, it also assesses whether the DMA provisions regulating platform-to-consumer (P2C) relations is designed in a manner that can protect end users in an effective manner.
Does the DMA only protect business users?
It may be argued that the DMA protects fairness in platform-to-business relations only, and that the benefits its implementation will confer on consumers are only a “by-product”. In support of this argument, Recital (33) defines unfairness by reference to the relationship between gatekeepers and business users (“unfairness should relate to an imbalance between the rights and obligations of business users where the gatekeeper obtains a disproportionate advantage”). Similar wording is used in Article 12(5), which lays down that, in updating certain obligations the DMA establishes, the unfairness of the practices pertinent to such obligations will be assessed against “the imbalance between the rights and obligations of business users and [the disproportionate] advantage [the gatekeeper obtains] from business users”.
The argument that the DMA does not protect fairness in platform-to-consumer relations does not hold water for the reasons set out below.
From a practical perspective, there are obligations in the DMA that may benefit business users only indirectly. For example, Article 5(2) prohibits the combination of personal data unless end users grant a GDPR-compliant consent. To the extent this prohibition manages to restrict the vast amount of (personal) data that gatekeepers may use, it could potentially level the playing field vis-à-vis gatekeepers’ competitors and business users. However, Article 5(2) primarily seeks to protect fairness in data processing vis-à-vis end users.
From a legal perspective, the overarching objective of fairness in the DMA does not lie in Recital (33), but in Recital (4), which refers to “serious imbalances in bargaining power and, consequently, to unfair practices and conditions for business users, as well as for end users of core platform services provided by gatekeepers, to the detriment of prices, quality, fair competition, choice and innovation in the digital sector”.
Moreover, though Article 12(5) undoubtedly refers to business users only, that provision covers one specific aspect, that is, the process under which certain obligations (e.g., Article 7) of the DMA can be updated. Provisions of the DMA that regulate aspects broader than those falling under Article 12 make explicit reference to end users. For example, Article 19, which establishes the process under which new services and new practices can be added to the DMA, provides that, when conducting the relevant market investigation, the Commission may consult business users and end users who are subject to the practices under investigation.
That the “fairness” objective of the DMA has a clear platform-to-consumer (P2C) component becomes clear if we detangle the goals and origin of some of the provisions that regulate the relations between gatekeepers and end users.
The concept of “fairness” in P2C relations for the purposes of the DMA
There are several prohibitions and obligations in the DMA that predominantly seek to safeguard fairness vis-à-vis business users. Notable examples include the prohibition of self-preferencing in ranking, and the obligation to grant access to the gatekeeping app store on FRAND terms. However, it would be wrong to assume that “fairness” in the DMA only refers to P2B relations. In fact, there are several examples illustrating that the concept of “fairness” in many DMA provisions is closely linked to consumer law and data protection regulations, which seek to protect consumers and data subjects respectively.
Starting from the anti-circumvention obligation, Article 13(4) establishes that gatekeepers should not engage in any behaviour that consists in the use of behavioural techniques or interface design. Under Article 13(6), gatekeepers are also prevented from subverting end users’ autonomy, or free choice via the design, or manner of operation of the user interface. In other words, the anti-circumvention obligation covers “dark patterns” that may influence an end user’s decision as to which service to use (the gatekeeper’s service or a third-party service). These provisions are particularly relevant to Article 6(3), which requires gatekeepers to present end users with “choice screens” and to technically enable them to uninstall gatekeepers’ applications and change the default settings of their device.
Article 13 was not inspired by competition rules (or other rules governing P2B relations). It was rather inspired by consumer protection rules, such as the Unfair Commercial Practices Directive (“UCPD”) that protects fairness in B2C relations. The UCPD prohibits misleading practices that deceive the average consumer. It also prohibits aggressive practices that impair the average consumer’s freedom of choice and thereby cause her to take a transactional decision that she might not take otherwise. The Commission’s Guidance on the revised UCPD explicitly mentions that it covers “dark patterns” in the digital economy; the Guidance specifies that, under the requirements of professional diligence in Article 5 UCPD, traders should take appropriate measures to ensure that the design of their interface does not distort the transactional decisions of consumers. The Guidance further notes that default interface settings have a significant impact on the transactional decision of an average consumer and that the way in which default settings are implemented can breach the UCPD.
Another example is Article 6(6) of the DMA, which establishes that gatekeepers should not restrict the end users’ ability to switch between different apps and services that are accessed using the gatekeeper’s services. This obligation seeks to reduce consumer lock in. The UCPD does the same: Article 9(d) prevents traders from creating barriers to switch, and the Guidance clarifies that this provision has a broad scope of application that can cover unfair non-contractual barriers that adversely affect consumers.
Similar remarks can be made on Article 5(2). The prohibition it establishes does not safeguard fairness in P2B relations. It rather relies on the GDPR, which establishes that data processing must be fair. Fair processing of personal data requires that data protection principles (e.g., transparency, data minimisation) are complied with and that at least a legal basis for legitimate processing, including consent (which is particularly relevant to the DMA), applies to any processing activity.
The above examples illustrate that several DMA provisions are inspired by (and even explicitly refer to) instruments that protect fairness in B2C relations. Such provisions, which do not regulate the commercial relations that gatekeepers have with their business users benefit the latter only indirectly.
Does the DMA effectively promote fairness in P2C relations?
The previous two sections explained why the DMA protects fairness in P2C relations. However, whether these obligations and prohibitions are designed in a manner that is conducive to reducing the bargaining power of gatekeepers vis-à-vis end users is debatable.
One of the factors that may undermine the effectiveness of the DMA provisions protecting fairness in P2C relations is that they place a heavy burden on the end user. For example, under Article 5(2), end users must decide whether they grant their consent to data processing. Under Article 6(3), end users must take a decision as to whether they wish to un-install apps and to change their default settings. However, the ideological premise that end users will act in a manner that achieves fairness (i.e., in a manner that reduces the imbalance in bargaining power between gatekeepers and consumers) may not yield the outcome we are expecting.
For example, under Article 5(2), data combination is allowed provided that end users grant their consent. In turn, consent rests on the principle of informational self-determination whereby individuals are granted the right to decide independently and freely what happens to their personal data. However, the DMA should not be concerned with how end users would behave in an ideal world where they feel empowered to exercise their rights. The DMA should be concerned with how end users actually behave. User behavior is underpinned by the so-called “privacy paradox”, a term that is used to describe the phenomenon whereby users claim to care about their privacy, but their (online) behavior suggests otherwise (since most users grant their consent to data processing without engaging with the privacy policies that set out how their data is used). Put differently, relying on a standard set by data protection regulation does not necessarily reflect how users (re)act in practice.
Moreover, even if users don’t want to agree to a gatekeeper’s data combination, they have very limited control over how their data is used and are often compelled or nudged to agree to their data being used when many may prefer a different option. It is now well-documented that many gatekeepers use choice architecture that has the effect of discouraging user engagement through poor accessibility, unbalanced presentation, and barriers to consumer action (see, for instance, the CMA’s market study on online platforms and digital advertising, paragraphs 177 et seq.). Surely, one can argue that such practices would not be compliant with the GDPR, and that they would probably breach the anti-circumvention obligation of the DMA. But, there is an important enforcement question lurking in the background. Who is going to take enforcement action against a gatekeeper that extracts consent that is not compliant with the GDPR? Is it going to be the Commission or a data protection authority? If it is the latter, it is known that the GDPR enforcement record has been underwhelming. If it is the former, it remains to be seen whether there are sufficient resources to monitor and take action against “dark patterns” pertinent to consent extraction.
Similar remarks can be made on Article 6(3). Though it is widely accepted that in the markets regulated by the DMA there is consumer bias that has largely been exacerbated by gatekeepers’ conduct, including pre-installs, prominent placement and default settings, the DMA follows a rather soft approach to these practices. For example, the DMA does not prevent gatekeepers from pre-installing their applications on their devices (or from concluding agreements with OEMs to have their apps pre-installed on devices).
The choice the EU legislator made (i.e., the fact that the DMA relies on end users to address the inertia caused by pre-installs, default settings and prominent placement) arguably does not take account of the findings of relevant empirical research. For example, according to the empirical research the CMA conducted in the context of its market study on mobile ecosystems, pre-installs and default settings have a major impact on user behaviour. Notably, gatekeepers’ first-party apps pre-installed on devices benefited from significantly greater usage than third-party apps which had to be downloaded. Conversely, gatekeepers’ first-party apps were used much less on devices where they had to be downloaded. Pre-installation and defaults have an even stronger impact on user behaviour where they are more easily accessible to users (e.g., because they are placed on the default home screen).
Such findings might explain why the Germans decided to follow a more paternalistic approach to the matter under consideration. Under Section 19a of the German Competition Act, the Federal Cartel Office has the power to altogether prevent an Undertaking of Paramount Significance for Competition Across Markets from exclusively pre-installing its own offers on devices and from presenting its own offers in a more favorable manner.
In other words, given the state of play in digital markets, it is debatable whether the best way to achieve fairness in P2C relations consists in empowering consumers. Put differently, the relevant DMA provisions assume that end users have been mutated from a set of powerless eyeballs to tech savvy consumers or digital vigilantes. We are not there yet.
This is why it is important for the Commission to work closely with organisations protecting consumers’ interests, which will be able to shed light on consumption patterns and behavioural techniques that may interfere with user choice. Moreover, cooperation with consumer and data protection authorities should arguably go beyond the discussions taking place in the context of the high-level group for the DMA, which is entrusted with providing the Commission with advice and recommendations for any general matter of implementation of the DMA. In assessing the gatekeepers’ compliance reports, the Commission should strive to have discussions with regulators that have built expertise on the complex technical matters the DMA addresses.
Leave a Reply