Digital Markets Act Roundup: April 2024

Overview. Following an active March, enforcement of the Digital Markets Act (DMA), which entered compliance on March 7, 2024, has not slowed down this past month. The DMA establishes new rules and obligations for designated gatekeepers to foster fairness and contestability in the digital economy. In the first month, a variety of enforcement actions launched, most significantly the non-compliance investigations against Alphabet, Apple, and Meta. Below, the roundup highlights the most important developments related to the Digital Markets Act from the last month.

Related reading: Digital Markets Act Roundup: March 2024

Vestager Answers Questions from the DMA Working Group

On April 3, 2024, The European Parliament’s Committee on Internal Market and Consumer Protection (IMCO) held a meeting that included an exchange of views on the implementation of the DMA and current gatekeeper compliance, with a focus on self-preferencing and app stores. Executive Vice President of the European Commission, Margrethe Vestager, opened the session with remarks including her hopes for a DMA Brussels effect, stating that many jurisdictions across the planet have been inspired by the DMA and the Commission’s enforcement actions. The committee was invited to ask Vestager questions, prioritizing the DMA working group members who were present. Below are some highlights from the Q&A:

Importance of competition law. In response to questions regarding the need for competition law, Vestager urged the DMA working group not to dismiss competition law, which, due to its case-by-case nature, can investigate and catch new ways that companies attempt to evade the law. She pointed out that the DMA is not able to handle complex cases such as the ongoing antitrust case against Alphabet investigating abuse of dominance in the online advertising industry.

Digital Markets Act and AI. Beyond the incoming AI Act, Vestager pointed out that if AI is used in a core platform service, it will be governed by the DMA. She gave the example of Google rolling out AI-integrated search as a core platform service. The company would need to ensure the integration met its DMA obligations. Vestager did not elaborate on what this might mean more concretely; it would seem to indicate that there might be obligations on Alphabet to ensure it is not unfairly tying and bundling its AI services with search, a core platform service. There also could be obligations related to collecting and using personal data across Alphabet’s services. If the Commission found Alphabet collecting personal data from customers of one of its services to improve AI-search query results, or vice versa, they could be found non-compliant with the DMA. However, scrutiny of AI development and deployment is likely out of the DMA’s remit. Vestager did say that AI-generated material will also be governed by the Digital Services Act (DSA), which could mean that AI-search could be subject to risk mitigation assessments and measures.

Companies do not want to change. “Of course, there will be a fight,” Vestager said, stating that gatekeepers will not easily change their business models. She said that enforcement, therefore, must be harsh and pointed to the large fines that can be issued under the DMA. Meanwhile, there is strong criticism regarding the ineffectiveness of fines. Damien Geradin, an antitrust lawyer, says fines are merely the “cost of doing business for Big Tech, and the level of profit of these companies is such that no fine will exceed the profit of ignoring the law.” Though the DMA presents the possibility of structural remedies such as selling off parts of a gatekeeper's business, it is very explicitly a last resort for continued systematic failure to comply with the law. Even when a company is repeatedly in non-compliance, the DMA indicates that a behavioral remedy is more likely to be adopted, with Article 18 (8) stating that the Commission can modify remedies if deemed ineffective.

DMA’s impact on privacy and security. Vestager rebuked certain gatekeeper complaints that compliance would threaten the privacy and security of core platform services, stating that it is the gatekeeper's responsibility to apply appropriate compliance measures and safeguard services. The comments rebut opposition from Apple, which, to use the US Department of Justice phrase, “wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct.”

Role of national authorities. Vestager reiterated that national authorities play an important role in DMA enforcement and expects the Commission to cooperate with National Competition Authorities. She mentioned the French Autorité de la concurrence as a “valuable partner,” as this competition authority is particularly active in regulating the digital sector. Vestager stated she considers national authorities “equal team members.”

She ended the Q+A session optimistically, noting a general attitude change toward Big Tech and saying that such a shift in public perception leads to meaningful change in the digital economy.

Apple and Competing Music Streaming Services

On March 4, 2024, the Commission issued the record-breaking €1.8 billion fine to Apple over anticompetitive app store rules for music streaming providers. While Apple confirmed its intention to appeal the fine, on April 5, 2024, Apple accepted the demands to stop preventing music-streaming apps from informing users of alternative payment options other than the company’s App Store. Samuel Stolten for Bloomberg writes that Apple will now permit music streaming apps to request users to provide their email addresses so that they can send them a link directly to the developer's website. However, Apple still intends to charge a commission “of as much as 27% on app sales made on a developers’ web page, after a user has clicked on an external link from the app and made a purchase within seven days.” This commission fee would also cover auto-renewed subscriptions.

Foo Yun Chee for Reuters quotes an EU Commission spokesperson who states they “are currently assessing whether Apple has fully complied with the decision[. …] In general, if the Commission suspects that there is non-compliance with an adopted decision, it will send the undertaking concerned a Statement of Objections." Whether the Commission considers the new 27% commission fee to be in compliance is questionable, given that the Commission is separately conducting a non-compliance investigation into developers' ability to offer consumers deals or discounts on Apple's products

Apple’s moves have sparked further clashes with Spotify Technology SA, which refuses to accept the platform's new Music Streaming Services Entitlement (EEA), which Apple introduced to comply with the Commission’s anti-steering ruling. Spotify refuses to pay Apple a commission and has publicly refuted the new terms. Similarly, Spotify has declined to accept Apple’s Alternative Terms Addendum for Apps in the EU which would require Spotify to pay Apple a €0.50 Core Technology Fee for each annual install over 1 million.

Small Browsers Gain Market Share

On April 10, 2024, Reuters reported that small browsers were gaining market share due to choice screen prompts mandated by the DMA. These choice screens prompt users to select a default browser and search engine in an attempt to combat the dominance of Apple’s Safari browser, Google’s Chrome browser, and Google Search. Supantha Mukherjee and Foo Yun Chee report for Reuters that “Cyprus-based Aloha Browser said users in the EU jumped 250% in March - one of the first companies to give monthly growth numbers since the new regulations came in.” Mukherjee and Chee write that Norway's Vivaldi, Germany's Ecosia, U.S.-based Brave, and DuckDuckGo have also seen numbers rise, with some reporting drastic growth in the EU.

These initial findings come even as many phones in the EU are still not presenting users with choice screens. For example, iPhone users who have not yet updated their operating system will not see the choice screen, and many Android phones have yet to roll out choice screens, according to a report by Natasha Lomas and Ivan Mehta for TechCrunch. Moreover, companies like DuckDuckGo and Firefox warn that it is too soon to assess the effect of the regulation. They point out that choice screens will not include all browsers, with different options available in EU countries, so “exposure to potential users can vary substantially….”

Lomas and Mehta also find that growth in downloads may not be a direct result of the DMA. For example, privacy-conscious browser Aloha has claimed to have seen an uptick in users in the U.S. since the DMA came into effect, meaning that correlation with the DMA does not imply causation as the U.S. is outside the DMA’s purview. The authors write, “Aloha told TechCrunch it believes privacy awareness is rising generally, but also suggested growth in new installs in the EU may be helping to raise its position in the U.S. App Store.”

In general, small browsers are still largely unhappy with how choice screens are presented, which, they argue, are overly complex. If choice screens are too complex and consumers must jump through too many hoops, they will resort to default browsers. Gatekeepers can then use this as proof that consumers merely prefer their services and maintain their existing market power. Therefore, design is crucial. Indeed, part of the non-compliance investigations by the Commission is scrutiny of Apple’s browser choice screen design. So, while it is positive that smaller browsers are seeing a rise in downloads, it is too early to say whether this is a direct effect of the DMA or a mix of other factors.

Apple rolls out sideloading option in iOS 17.5

Mark Gurman for Bloomberg reported that the recent iOS 17.5 beta version was rolled out in the EU during the middle of April, adding features mandated by the DMA. This software update allows EU users to sideload web apps and third-party app stores. Gurman writes that while sideloading web apps is relatively easy, the experience of downloading third-party marketplaces remains extremely cumbersome. To install apps directly from websites, users have to approve the developer in the ‘Settings’ on their iPhone and can then download the app from the web. To install a marketplace, users must similarly approve a developer using the “Allow Marketplace from Developer” control in 'Settings' and download the app store from the website. This process requires users to go through multiple approval prompts.

For developers, utilizing these new distribution options is both burdensome and potentially financially offputting compared to distributing through the App Store. In order to distribute apps outside the App Store, a developer must agree to the Alternative Terms Addendum for Apps in the EU, be enrolled in the Apple Developer Program for two continuous years or more, and have an app that has more than one million first annual installs on iOS in the EU in the prior calendar year. A developer will still also be subject to the Core Technology Fee, although recently, Apple announced a three-year on-ramping process for small developers.

Juli Clover for MacRumors says, “if an app goes viral and exceeds the one million annual install threshold that triggers the [Core Technology Fee] CTF, the CTF won't be charged if the developer earns less than 10 million euros in global business revenue.” Thus, if an app suddenly grows in popularity, a small business or individual will not suddenly incur the fee. It should also be noted that hobbyists who make no revenue will not incur the fee. Apple states that less than 1% of developers would initially pay a fee, but together with the various requirements, a fee may be enough to scare developers away from agreeing to the new terms.

To distribute alternative app marketplaces, Apple asks either for a standby letter of credit from an A-rated financial institution in the amount of €1,000,000 or “be a member of good standing in the Apple Developer Program for two (2) continuous years or more, and have an Application that had more than one (1) million First Annual Installs on iOS and/or iPadOS in the EU in the prior calendar year.” These requirements may be why users have not seen an abundance of new marketplaces popping up yet, but The Verge has documented the introduction of the new app store, AltStore PAL.

Other Developments

Pay or Okay. On April 17, 2024, the European Data Protection Board (EDPB) adopted an Opinion following a GDPR request by the Dutch, Norwegian, and Hamburg Data Protection Authorities. The Opinion concerns 'pay or okay,' where online platforms offer users a choice between a paid subscription to access a service or free access, subject to accepting its terms for data collection and opting into behavioral and other forms of targeted advertising. The Opinion evaluated the validity of consent under GDPR to process personal data for advertising in 'pay or okay' contexts. In essence, the EDPB has ruled that 'pay or okay' is, in fact, not okay, concluding that “in most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice.”

As a result, platforms are encouraged to offer a free alternative to behavioral advertising to obtain valid consent; however, GDPR decisions will be made on a case-by-case basis, considering various factors. The main considerations include platform scale and whether the data controller is a very large online platform under the Digital Services Act or a gatekeeper under the DMA.

The EDPB is a member of the High-Level Group for the DMA, which offers advice on consistent implementation of legislation. As such, the ruling will likely be consequential not only for GDPR enforcement, but also influence the non-compliance investigation launched against Meta under the DMA. In that investigation, the Commission argues that “the binary choice imposed by Meta's ‘pay or consent’ model may not provide a real alternative in case users do not consent, thereby not achieving the objective of preventing the accumulation of personal data by gatekeepers.”

ByteDance Continues to Dispute Gatekeeper Status. ByteDance, the parent company of TikTok (designated as a gatekeeper), has tried to appeal its designation as gatekeeper from the get-go. Core to their argument is that they are a challenger to U.S.-centric tech giants and that business users do not have a dependency on its platform to reach end users. Initially, Bytedance requested an interim measure that would pause the need to implement the regulation until its appeal. The EU’s General Court dismissed the request, “finding that the company failed to demonstrate the urgency’ required,” according to Amrita Khalid from TheVerge. Bytedance has now appealed its designation in the first DMA court hearing held on April 29, 2024, but the outcome of the appeal is yet to be decided by the EU General Court. Bytedance argues that the Commission “failed to properly assess ByteDance’s objections to its gatekeeper status and should have conducted market investigations to appraise them.”

Apple iPadOS is Designated as a Gatekeeper. On April 29, 2024, the Commission concluded that Apple’s iPadOS, the operating system for Apple iPad tablets, has been designated as a gatekeeper under the DMA. Apple now has six months to bring iPadOS into compliance. The Commission launched a market investigation in September 2023 despite iPadOS not meeting quantitative thresholds for gatekeeper designation. However, the Commission finds that iPadOS is a significant gateway for business users to reach end consumers. In their investigation, the Commission argues that:

• Apple's business user numbers exceeded the quantitative threshold elevenfold, while its end user numbers were close to the threshold and are predicted to rise in the near future.
• End users are locked into iPadOS. Apple leverages its large ecosystem to disincentivize them from switching to other tablet operating systems.
• Business users are locked into iPadOS because of its large and commercially attractive user base and its importance for certain use cases, such as gaming apps.

While Apple has been adamant its user base did not meet the threshold, the Commission appears to have taken a holistic approach, citing Apple’s ability to leverage its ecosystem as a whole. Indeed, Apple previously maintained that it operates five different app stores across its products, namely, iPhone, iPad, Mac, Apple TV, and Apple Watch, and it is factually erroneous to treat them as a single store. However, the Commission recognizes that such products are designed to work in tandem and contain users within the company’s walled garden. The consequence of this ruling is that Apple must extend its changes to the iPhone App Store and iOS to iPad devices, including allowing third-party app stores, web app sideloading, interoperability requests, and browser choice screens.

Commission’s Whistleblower Tool. On April 30, 2024, the European Commission launched two whistleblower tools for the Digital Services Act (DSA) and the DMA. The Commission explains that the tools enable individuals to bring forward information “to identify and uncover harmful practices of Very Large Online Platforms (VLOPs) or Search Engines (VLOSEs) designated under the DSA, or any violations of the obligations of gatekeepers under the DMA.”

The tool allows whistleblowers to provide information anonymously, if they choose, in any of the EU official languages and in any relevant format, such as reports, memos, email exchanges, data metrics, or internal research.