The world’s largest tech companies are gearing up for tighter rules on how they run their businesses and it’s important that you’re aware of how your business might be affected.
The reviewed act will enforce 6 of the world’s Big Tech firms (‘Gatekeepers’) to make it easier and cheaper for companies to compete on their platforms, increase transparency and rev up innovation from March 6th 2024 or potentially face serious fines.
In this article we’ll aim to outline what the Digital Markets Act (DMA) is, how it’s changing and how this might impact your business as well as the next steps you might want to look to take towards compliance.
What is the DMA?
The Digital Markets Act is a European Union (EU) and UK law established to make the markets in the digital sector fairer, more transparent and more contestable. In order to do so, the DMA establishes a set of clearly defined objective criteria to identify 6 leading gatekeepers in tech. These represent some of the biggest tech corporations and have specific and strict compliance requirements.
Gatekeepers will have to comply with the do’s (i.e. obligations) and don’ts (i.e. prohibitions) listed in the DMA. The DMA is one of the first regulatory tools to comprehensively regulate the gatekeeper power of the largest digital companies.
Who are the identified ‘gatekeepers?’
The 6 gatekeepers identified by the DMA are:
- Alphabet (Google, Android)
- ByteDance (TikTok)
- Meta (Facebook, Instagram, Whatsapp)
- Microsoft (LinkedIn)
The businesses provide Core Platform Services (CPS) as well as intermediary platforms (such as Amazon Marketplace, Google Maps, Google Play, Google Shopping iOS apps & Meta Marketplace). Third-party users of these businesses products and services will also be affected by the changes being enforced as of March 2024 and will need to ensure they’re complying with the tighter regulations as well.
The Core Platform Services that these gatekeepers provide which will have an impact on any businesses who use them are:
- 4 Social Media Networks ( Facebook, Instagram, LinkedIn & TikTok)
- 3 Online Advertising Services (Amazon, Google & Meta)
- 3 Popular Operating Systems (Google Android,, iOS, Windows PC OS)
- 2 Web Browsers (Chrome & Safari)
- 2 Large Communication Services (Facebook Messenger & Whatsapp)
- 1 Video Sharing Platform (YouTube)
- 1 Search Engine (Google)
Sounds overwhelming right? No need to panic. It’s actually pretty straightforward.
What will gatekeepers have to comply with?
The new rules will establish obligations for gatekeepers, “do’s” and “don’ts” they must comply with in their daily operations. The biggest requirements of gatekeepers to achieve those aims relate to:
Examples of the “do’s” for gatekeepers:
- Allow third parties to inter-operate with the gatekeeper’s own services in certain specific situations;
- Allow their business users to access the data that they generate in their use of the gatekeeper’s platform;
- Provide companies advertising on their platform with the tools and information necessary for advertisers and publishers to carry out their own independent verification of their advertisements hosted by the gatekeeper;
- Allow their business users to promote their offer and conclude contracts with their customers outside the gatekeeper’s platform.
Examples of the “don’ts” for gatekeepers:
- Treat services and products offered by the gatekeeper itself more favourably in ranking than similar services or products offered by third parties on the gatekeeper’s platform;
- Prevent consumers from linking up to businesses outside their platforms;
- Prevent users from uninstalling any pre-installed software or app if they wish so;
- Track end users outside of the gatekeepers’ core platform service for the purpose of targeted advertising, without effective consent having been granted.
What this means is that gatekeepers must work towards ensuring great transparency through their platforms and allow third party users to have access to the same data and audiences, without showing preference.
Users must also be made aware and able to easily port their data away from platforms and services as well as uninstall apps or functions that come pre-installed on gatekeeper’s platforms. In the same thread, user consent must be obtained before any data is collected or shared with third parties.
How do these changes to the DMA affect my business?
Smaller companies that use the gatekeepers’ services will need to be able to prove compliance with the DMA in the form of obtaining valid user consent prior to any personal data being collected or used.
These companies will also need to signal consent to the gatekeepers to maintain access to their platforms through a Content Management Platform (CMP). These enable a notification to be sent to users easily informing them about data collection, their consent preferences and secure storage of data. These CMPs can be integrated with gatekeeper platforms and signal when data has been obtained.
Some examples of Content Management Platforms are Dibomi, IBM Security Verify, Cookie Yes, Salesforce Security and Privacy, Trust arc and User Centrics.
What are the benefits of the updates to the DMA?
The tightening of regulations and stricter data collection, storage and usage laws has many benefits for businesses and users alike.
For start ups
- Broader opportunities to innovate and compete within the marketplace
- Fairer terms that don’t limit the development, growth and product & service offerings of these businesses
For businesses dependent of gatekeeper platforms
- Ability to work in a fairer business environment
- Better access to user that has been consented for
- Wider access to a range of audiences to facilitate innovation and growth
For online consumers
- Access to more (and better) services
- Create favourable conditions for accelerating innovation
- Increased ability for users of gatekeeper platforms to exercise privacy rights
- Better user data protection which in turn improves customer satisfaction and trust
- Improved opportunities to use platforms/services they want, how they want and at a better price
- Enables these businesses to maintain everything they’ve established and built and the volume of reach they’ve acquired
- Improved operations to support privacy compliance
- Improves brand reputation and consumer trust with better transparency over privacy services and consumer trust
What might happen if you fail to comply with the revived DMA?
Those businesses who don’t comply with the changes in regulations might find themselves in deep water…
Fines – Fines of up to 10% of the company’s total worldwide annual turnover, or up to 20% in the event of repeated infringements
Periodic penalty payments – PPP of up to 5% of the average daily turnover
Obligatory remedies – In the case of infringements additional remedies may be imposed on the gatekeepers according to the offence committed. If necessary and as a last resort option, non-financial remedies can be imposed, including behavioural and/or structural remedies, e.g. the divestiture of (selling of) parts of a business.
How can your business ensure they’re ready for changes?
Every business has a unique starting point, but it’s important to consider these strategies within the context of business priority and current maturity. By investing time, energy and resources into solutions today, organisations can take practical steps to ensure that data acquisition, analysis and activation continue to fuel growth, even in a privacy age.
Implementing a CMP that gets you ready for the DMA can help you meet the transparency and consent requirements of the DMA. In addition, rather than waiting for privacy rules and regulations to be formally implemented, organisations should get ahead of the curve by investing the time, energy, and resources required to free themselves of a reliance upon third-party cookies. This might include ensuring a fair value exchange, building strong relationships with users and businesses that use gatekeeper platforms and building trust through better transparency.
Should your business need help understanding the new changes to the DMA coming into play in 2024, or help adjusting how your business collects and uses customer data, get in touch! One of our friendly team will be happy to discuss how we can help.