When Facebook introduced Threads on July 5th, they excluded Europe due to non-compliance with the Digital Markets Act (DMA), an EU regulation effective since May 2, 2023. The question arises: Did the DMA function as intended, or were Europeans penalized by flawed legislation?

To comprehend the DMA’s relevance to us as an independent software company, we read and analyzed it from beginning to end. Our investigation aimed to determine if the criticisms, portraying EU laws as inefficient and uninformed, were justified.

Summary

The prevalent critique of the DMA often rests on vague condemnations, perpetuating the belief that the EU creates impractical laws. Our analysis showed quite the opposite.

Drafted by experts in law and technology, the DMA tackles numerous industry issues, benefiting consumers and smaller companies trying to compete with tech giants. It regulates market dominance, dark patterns, and unfair practices, aiming to prevent a few corporations from monopolizing choices.

Contrary to arguments that these regulations hinder consumers, the DMA fosters competition and ensures consumer choice. Those defending Facebook should reevaluate their stance considering philosophical, legal, political, and economic factors. Supporting mega-corporations over consumers is hardly in your or the public’s best interest.

The EU, as the world’s largest consumer market, has a unique global stance against the overwhelming dominance of a tech oligopoly. The fact that the DMA halted Facebook’s Threads in Europe doesn’t display ignorance or imbalance but rather indicates its efficacy and well-thought-out design.

Claims that consumers are hurt and incapable of decision-making are possibly mere corporate propaganda leveraging popular anti-EU sentiments to undermine the Union.

The Biden administration’s stance on the Digital Markets Act (DMA) remains unclear, but debates about the dominance of major digital platforms are growing in the U.S. A March 2021 document by the Congressional Research Service, a U.S. government think tank, noted that the EU’s digital regulations, including the DMA, could pave the way for potential cooperation between the EU and the U.S., while also acknowledging possible effects on the U.S. economy.

Reading and interpreting the DMA

1. Regulations

After a steep, but otherwise unspectacular climb in the opening pages, the first regulation that caught my attention was regulation 33. Up to that point, the document describes Facebook, Google, Apple, TikTok, Microsoft, Amazon, and how they operate without explicitly naming them. It’s a legal text, so obviously they need to find a way to describe a common rule without naming (potentially incriminating) individuals. Unsurprisingly, it’s somewhat painful and inconvenient to read if you are not a legal specialist. However, it’s completely understandable why it’s written the way it is.¹

Unfairness is defined as an “imbalance between the rights and obligations.” This is a standard legal definition. It’s philosophically and legally solid.² Regulation 34 says:

Contestability and fairness are intertwined.

Again a standard formulation. It logically implies that the previously mentioned balance between rights and obligations requires that contestability.

Philosophy: “We should decide for ourselves.”

DMA critique sometimes uses the liberal cliché that we don’t need laws as “We should decide for ourselves.” ³

If “we can decide for ourselves” were the only rule governing technology, it would put all the control in the hands of a few powerful companies. These companies could choose our choices, ignore our privacy, overlook ethical concerns, distort competition, and evade responsibility for problems at will. A lack of regulation would mean that the idea of us deciding for ourselves would be an illusion; instead, a few big companies would decide for us. Proper regulation is needed to ensure that the power to choose is truly in the hands of the consumers, not just those controlling the technology.

Philosophy: Companies are not people

These days, your only option is Apple or Android. And that’s not such a significant choice. Developers need to follow Apple’s rules if they want to make a living with mobile apps.

Do you feel sorry for Apple or Facebook, that they have to comply with state rules? It’s their phone, their OS, their business, right? Likely, you are projecting personal feelings onto a corporation. Companies are not people. Do not confuse personal liberty for corporate liberty. Trillion-dollar corporations do not need your compassion. They don’t suffer from restricted liberty like individuals or your mom-and-pop shop do. Companies should serve people’s needs and not the other way around.

Law: Collecting personal data at a big scale and using it competitively

Often overlooked by the end user that only thinks about their direct personal risks when offering private data:

The processing, for the purpose of providing online advertising services, of personal data from third parties using core platform services gives gatekeepers potential advantages in terms of the accumulation of data, thereby raising barriers to entry.

Collecting personal data at a big scale and using it competitively, will in itself result in an unfair (incontestable) advantage.

Law: Not giving consent

Giving consent should be as easy as not giving consent. This reflects an accurate understanding of how our big tech friends operate, given their often sneaky behavior. Regulation 37:

Not giving consent should not be more difficult than giving consent.

The double negative can make it a bit hard to understand. So again: Giving consent should be as easy as not giving consent. Remember how “do as you please” can be difficult law with children or, greedy, plump, stupid, or, simply, normal people?

Law: Children

Regulation 38, makes another point about children:

Children merit specific protection with regard to their personal data, in particular as regards the use of their personal data for the purposes of commercial communication or creating user profiles.

There is still a long way to go, but, so far, I haven’t seen anything particularly uninformed or particularly stupid in this regulation.

Law: inter-platform contestability

The next regulation (39) addresses Apple without spelling it out:

Where such restrictions relate to third-party online intermediation services, they limit inter-platform contestability, which in turn limits the choice of alternative online intermediation services for end users. Where such restrictions relate to direct online sales channels, they unfairly limit the freedom of business users to use such channels.

Again, quite accurate. Critics of this paragraph like to repeat Apple’s talking point about protecting customers from bad actors.

“But Apple protects me”

That Apple needs to control the App Store for the consumer’s safety has a simple retort: Apple’s own macOS shows that they don’t need to force people to use their store to protect consumers from bad 3rd party actors.

The way the regulation frames the situation, again, shows insight. Not just the consumer needs protection, 3rd parties need protection, too. And, in consequence, the consumer profits as well if 3rd parties are not forced to follow the so-called gatekeeper’s self-serving rules.⁴

Law: Whistleblowers

The next regulation (42) protects App Store whistleblowers:

Any practice that would in any way inhibit or hinder those users in raising their concerns or in seeking available redress for instance by means of confidentiality clauses in agreements or other written terms, should therefore be prohibited.

Meaning Apple (or Google) cannot prevent its developers or employees from outing information that exposes malpractice via sneaky American-style confidentiality agreements. Again, nothing wrong with that either.

Law: European and American law

In regulation 43 we learn that Gatekeepers can’t impose web browsers. Well argued, but reading such specific laws, my mind rushes to see if there are some edge cases where that would create issues. Can’t find any—but I’m sure an Apple fanboy collaborating with a sharp 100 Million Dollar lawyer from Manhattan could find 99 reasons why this is impractical and unacceptable.

Avoiding prejudgment and presumptions of guilt, as well as resisting the temptation to become too specific or to dwell on edge cases, contributes to the law’s unusual wording. Other reasons may be less noticeable but equally significant, and some might even be considered less noble or honorable.

At the same time—to a Western European—the law is not by the letter or how it can be bent, what counts is its intention (its “spirit”). Could be irritating for Americans with their case law and its quite common by the letter interpretations.

If you have trouble understanding the difference between the letter and the meaning of the law, I can’t think of a better explanation than this excellent episode from Kung-Fu.⁵

Law: Requiring business users or end users to subscribe to, or register with, any other core platform services

Regulation 44 is a perfect example where you need to separate the letter and the intention of the law, because you can bend its interpretation to make an example of how “unrealistic” such a requirement is if you take it by the letter.

The conduct of requiring business users or end users to subscribe to, or register with, any other core platform services of gatekeepers listed in the designation decision or which meet the thresholds of active end users and business users set out in this Regulation, as a condition for using, accessing, signing up for or registering with a core platform service gives the gatekeepers a means of capturing and locking-in new business users and end users for their core platform services by ensuring that business users cannot access one core platform service without also at least registering or creating an account for the purposes of receiving a second core platform service. That conduct also gives gatekeepers a potential advantage in terms of the accumulation of data. As such, this conduct is liable to raise barriers to entry and should be prohibited.

If that was too complicated, try this:

…requiring business users or end users to subscribe to, or register with, any other core platform services … should be prohibited.

It helps if you have some experience with Latin when you read this type of document. Not just to deal with the vocabulary, but also to find subject verb object, cut to the chase and delete every detour. Again, this is legal language, and it sounds like this for historical reasons, but also to make it hard for criminals to claim gaps or innocence.

Back to what it says: Yes, technically we sometimes might have to subscribe to X to get Y. If you look at the spirit of the law you understand that what is meant is that you shouldn’t abuse such eventualities.

Law: Against Online Advertisement Black Boxes

Number 45 shows a very rare insight into how dodgy the business of online advertisement really is:

The conditions under which gatekeepers provide online advertising services to business users, including both advertisers and publishers, are often non-transparent and opaque.

Yes. It’s a black box. The money you pay to Google and Facebook and the value you get out of it are intransparent. It boils down to “believe me.” So we’re clear: When you buy display ads you give Google money, trust them and at the end you judge whether it worked for you or not. You don’t get the specifics of how much they made, where exactly you advertised, for how much, and how much these people received. It’s outrageous.

Philosophy: “But the free market!”

I know. This type of simple argument may trigger free market advocates. They’re quick at shooting back:

1. If you don’t like Google’s or Facebook’s results you can go elsewhere.
2. Millions of businesses use them, so they probably work.
3. Check your sales performance. If it didn’t work, no one would book them.

Again, did you choose them because you really have the choice? No. You basically have Google, Facebook, TikTok, Microsoft, maybe, to pick from.

Reality: Publishers and the ad business

A handful of companies dominate the ad market to a degree where neither the advertiser nor the publisher taking ads has a choice. Neither of them has transparency over the share that the mediator takes.

How good is the return? Hard to say. “Advertisers are generally unhappy. Because of the lack of choice, they continue to advertise with Google & Co. Publishers that still produce the content to attract attention for advertisement, previously the predominant ad magnates and magnets, are all slowly going bankrupt, but they cannot compete with the big ad distribution networks. We don’t know exactly what Google’s share is but we know that Google is the only one in the triangle of Advertiser, AdNetwork and Publisher who gets rich.

Google provides us with a mountain of stats and technocrats tend to believe that with all these stats you might be able to optimize the design and placement of your ads until you find the magic formula where you earn more money from your ad investments than you spend. Which never happens. Google ads make money for Google, not for you or publishers.⁶

It’s becoming increasingly clear that the EU regulators know much better how online ads work than your average blogger. Transparency for the revenue they get from online publishers for placing your ads through their platform. Google and Facebook must fear this like the Great Irish Potato Famine.

Law: Apple is not allowed to look at Netflix’s App Store business data

Apple is not allowed to look at Netflix’s App Store business data or any other businesses they compete with:

To prevent gatekeepers from unfairly benefitting from their dual role, it is necessary to ensure that they do not use any aggregated or non-aggregated data, which could include anonymized and personal data that is not publicly available to provide similar services to those of their business users. That obligation should apply to the gatekeeper as a whole, including but not limited to its business unit that competes with the business users of a core platform service. (46)

Again, 100% reasonable. Of course Apple thinks this is a bad law. Fanboy: “But to a certain degree Apple/Google/MS compete with as good as all the apps on their app stores!” Oh, don’t you say…

Law: Do not prevent end users from uninstalling any software applications on their operating system.

With Regulation 49 again we find another 100% reasonable rule:

To enable end-user choice, gatekeepers should not prevent end users from uninstalling any software applications on their operating system. It should be possible for the gatekeeper to restrict such uninstallation only when such software applications are essential to the functioning of the operating system or the device.

Casual reminder: If you find a clever exception to the rule: Congratulations. It doesn’t prove it wrong. See the previous comments on the spirit of the law.

Law: Great news for camera, calendar or mail apps

Then, wow, great news for camera, calendar, or mail apps:

To ensure contestability, the gatekeeper should furthermore allow the third-party software applications or software application stores to prompt the end user to decide whether that service should become the default and enable that change to be carried out easily

Critiques of DMA suggested focus and modesty like “They should have focused on ‘allow apps to communicate directly with their customers'” or some other minor details. LOL.

Law: No more private APIs!

If you oppose the DMA as an indie dev you probably haven’t read it attentively. Look: No more private APIs!

The gatekeepers should, therefore, be required to ensure, free of charge, effective interoperability with, and access for the purposes of interoperability to, the same operating system, hardware or software features that are available or used in the provision of its own complementary and supporting services and hardware.

Law: Google needs to provide access to ranking, query, click, and view data to other providers of search engine services

Unfortunately, this is a difficult to understand passage, and, unless I misunderstood, also one of the most extreme.

The aim of the obligations is to allow competing third parties to interconnect through interfaces or similar solutions to the respective features as effectively as the gatekeeper’s own services or hardware.

What regulation 61 seems to propose is that search gatekeepers (Google) should be obligated to provide access to ranking, query, click, and view data to other providers of search engine services on fair, reasonable, and non-discriminatory terms. This access would enable third-party providers to optimize their services and compete effectively.

Gatekeepers should therefore be required to provide access, on fair, reasonable and non-discriminatory terms, to those ranking, query, click and view data in relation to free and paid search generated by consumers on online search engines to other undertakings providing such services, so that those third-party undertakings can optimise their services and contest the relevant core platform services. Such access should also be given to third parties contracted by a provider of an online search engine, who are acting as processors of this data for that online search engine.

Law: Don’t try to fool us

Zeus wrote this paper. Regulation 62 is thunder and lightning. First, set the rules for pricing, then strike: “And don’t think you can abuse these laws to evade your responsibility for misinformation!”

This obligation should not establish an access right and it should be without prejudice to the ability of providers of software application stores, online search engines and online social networking services to take the required responsibility in the fight against illegal and unwanted content as set out in a Regulation on a single market for digital services.

Law: Closing an account or un-subscribing should not be made be more complicated than opening an account or subscribing to the same service.

What is short-sighted, unrealistic or unreasonable about regulation 63?

Closing an account or un-subscribing should not be made more complicated than opening an account or subscribing to the same service. Gatekeepers should not demand additional fees when terminating contracts with their end users or business users.

Law: One for Mastodon

Regulation 64 is one for Mastodon:

gatekeepers should therefore ensure, free of charge and upon request, interoperability with certain basic functionalities of their number-independent interpersonal communications services that they provide to their own end users, to third-party providers of such services

Again, in a nitty-gritty American legal interpretation you can spin flaws into it. “This is Madness! This is Blasphemy! (against capitalism)” No, it’s the EU. If you read it as it was meant, you know it’s the right thing to do.

Law: Ask us if you find issues

It goes on admitting between the lines that tech protocols can get complicated,

It should be possible for the Commission, if applicable, to consult the Body of European Regulators for Electronic Communications, in order to determine whether the technical details and the general terms and conditions published in the reference offer that the gatekeeper intends to implement or has implemented ensures compliance with this obligation.

…and then it suggests that if gatekeepers have doubts whether or not they comply they can directly ask to avoid all speculation.

Law: Don’t get passive-aggressively sloppy about security

Again, they undermine that regulations cannot be a reason to get sloppy about security. Still 64:

In all cases, the gatekeeper and the requesting provider should ensure that interoperability does not undermine a high level of security and data protection in line with their obligations laid down in this Regulation and applicable Union law,

Law: Don’t use the DMA for Anti-EU Propaganda

Regulation 66 defines reasonable exceptions, but I also read it as a warning to not use the shock resulting from the instant implementation of EU laws to drum up resistance from the user base. It says that if one of our laws is really unreasonable, appeal and we can exempt you until the inadequate law gets revised and modified.

As an additional element to ensure proportionality, gatekeepers should be given an opportunity to request the suspension, to the extent necessary, of a specific obligation in exceptional circumstances that lie beyond the control of the gatekeeper, such as an unforeseen external shock that has temporarily eliminated a significant part of end-user demand for the relevant core platform service, where compliance with a specific obligation is shown by the gatekeeper to endanger the economic viability of the Union operations of the gatekeeper concerned. The Commission should identify the exceptional circumstances justifying the suspension and review it on a regular basis in order to assess whether the conditions for granting it are still viable.

It’s not a cop-out for everyone to Rock’n’Roll into the wild. It’s a provisional fairness measure. 67-68 specify.

Law: Inform us of your planned acquisitions

Winner takes it all? No! Inform us of your planned acquisitions, give us all the relevant data and we’ll use that data to understand market trends to prevent all your planned predominance tactics.

gatekeepers should inform the Commission of all of their intended acquisitions, prior to their implementation, of other undertakings providing core platform services or any other services provided within the digital sector or other services that enable the collection of data. (68)

Law: Privacy

Regulation 72 dedicated to ensure privacy is one for the books:

gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed

‘At least’! One can only imagine the shock on US business people’s faces when listening to their lawyers explaining what is in there and what it means for their business in Europe. “We’ll just shut everything down in the EU!” Turns to business analyst: “Right?” Business analyst remains silent.

Law: Compliance

The following paragraphs regulate how the commission can ensure compliance. What happens if they still don’t comply? Regulation 86 gets more concrete:

Compliance with the obligations imposed by this Regulation should be enforceable by means of fines and periodic penalty payments.

As we know penalties now are assessed on the scale of billions, not millions.

Nothing spectacular or unusual in the following paragraphs, still focusing on the execution of the strong rules specified before. 101 is somewhat interesting maybe: Who are the experts?

…each Member State should be represented in the advisory committee and decide on the composition of its delegation. Such delegation can include, inter alia, experts from the competent authorities within the Member States, which hold the relevant expertise for a specific issue presented to the advisory committee.

Coming to a close for the regulations part. 104 explains that if you think that things go wrong you don’t need to wait for the parliament to notice and act, but that as a consumer you can enforce your rights:

Consumers should be entitled to enforce their rights in relation to the obligations imposed on gatekeepers under this Regulation through representative actions

A good reminder in a time when the law seems to be different for the affluent and the common citizen. Again, the EU shows that it knows the bad actors and their tactics.

Plenty of bad news for big tech. For us it reads as common sense. This has been way more interesting, informed and informative than we thought.

Subject Matter, Scope and Definitions

Article 1+2

What follows are definitions. Mostly around what a gatekeeper is and how the EU defines them officially as such. There is not much to comment on here.

Gatekeepers

Article 3+4

Now we learn what gatekeepers are not allowed to do.

2. The gatekeeper shall not do any of the following:
(a) process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
(b) combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
(c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
(d) sign in endusers to other services of the gate keeper in order to combine personal data
3. The gatekeeper shall not prevent business users from offering the same products or services to end users through third-party online intermediation services or through their own direct online sales channel at prices or conditions that are different from those offered through the online intermediation services of the gatekeeper.

Practices of Gatekeepers That Limit Contestability or Are Unfair

Article 5: Obligations for gatekeepers

Okay, let’s finish this up:

III.5.7. The gatekeeper shall not require end users to use, or business users to use, to offer, or to interoperate with, an identification service, a web browser engine or a payment service, or technical services that support the provision of payment services, such as payment systems for in-app purchases, of that gatekeeper in the context of services provided by the business users using that gatekeeper’s core platform services

Just this month, Spotify took action and informed its users that it won’t accept payment for its Premium Service through App Store anymore. They’re in an ongoing battle with Apple for years.

News about this didn’t make the rounds because this change only affected a small group of Spotify users, as Spotify App Store subscriptions were only possible in a two-year window.

Reminder: The discussed regulations only apply in the EU. In other territories… Apple’s own rules about payment still apply.

The gatekeeper shall provide each publisher to which it supplies online advertising services, or third parties authorized by publishers, upon the publisher’s request, with free of charge information on a daily basis, concerning each advertisement displayed on the publisher’s inventory, regarding: (a) the remuneration received and the fees paid by that publisher, including any deductions and surcharges, for each of the relevant online advertising services provided by the gatekeeper; (b) the price paid by the advertiser, including any deductions and surcharges, subject to the advertiser’s consent; and (c) the metrics on which each of the prices and remunerations are calculated.

Sounds like: If you advertise in Der Spiegel via Google, Google has to tell both you and Der Spiegel how much they charge for ads on spiegel.de.

This brings light into the ad business black box. Again, the EU regulators know exactly what they are doing.

Article 6: Obligations for gatekeepers susceptible of being further specified under Article 8

Every paragraph is a little treasure trove of things I always wanted and never dared to hope for. Next person that casually criticizes the DMA gets a smackdown.

The gatekeeper shall allow and technically enable end users to easily change default settings on the operating system, virtual assistant and web browser of the gatekeeper that direct or steer end users to products or services provided by the gatekeeper. That includes prompting end users, at the moment of the end users’ first use of an online search engine, virtual assistant or web browser of the gatekeeper listed in the designation decision pursuant to Article 3(9), to choose, from a list of the main available service providers, the online search engine, virtual assistant or web browser to which the operating system of the gatekeeper directs or steers users by default (3. p.35)

It keeps getting better: this paragraph, translated into practical reality, tells Apple that they can’t cut the 20 billion Dollar deal with Google to set Google Search as a default, but they have to provide a lot of Search engines the first time a user opens Safari. Yes, “let the user decide.”

If you understand what the paper is discussing, it’s far from boring. They’re walking into a Saloon in a corrupt village in the far West like Clint Eastwood and clean the place up.

Reality: Privacy for 20 Billion Dollars

“Let the users decide.” As mentioned previously, users can’t decide anything if you let Google and Apple have their go, uncontrolled. Users don’t understand the industry enough to see how much they are limited in their choices. Few know why Google Search is the default search on iPhone and how much this is worth to Google. Google pays 1/8th of its revenue to Apple.⁷

Information Technology is so convenient and at the same time its large-scale operation is technically and financially so intertwined that it protects them through complexity. No one understands how they operate and those who do sound like pedantic nerdy conspiracy theorists.

Article 9: Suspension

There is not much to report that would be of interest to consumers or third parties. It’s mostly about how investigations are conducted, what obligations gatekeepers have at what stage of the investigation and what happens if they fail. Let’s continue with Article 9.1:

1. Where the gatekeeper demonstrates in a reasoned request that compliance with a specific obligation laid down in Article 5, 6 or 7 for a core platform service listed in the designation decision pursuant to Article 3(9) would endanger, due to exceptional circumstances beyond the gatekeeper’s control, the economic viability of its operation in the Union, the Commission may adopt an implementing act setting out its decision to exceptionally suspend, in whole or in part, the specific obligation referred to in that reasoned request (‘the suspension decision’).

Article 30: Fines: 10-20% of global operations

So, what happens if they do not comply? Companies risk a fine of up to 10% of their global annual revenue. Worst case, they risk being shut down partially or completely in the EU. So, what does it cost? Let’s move to Article 30.1:

In the non-compliance decision, the Commission may impose on a gatekeeper fines not exceeding 10 % of its total worldwide turnover in the preceding financial year where it finds that the gatekeeper, intentionally or negligently, fails to comply with…

10% of global turnover could be too low a fine… Maybe it’s worth risking it and just pay and go on with the malpractice? Think again…

Notwithstanding paragraph 1 of this Article, in the non-compliance decision the Commission may impose on a gatekeeper fines up to 20 % of its total worldwide turnover in the preceding financial year where it finds that a gatekeeper has committed the same or a similar infringement of an obligation laid down in Article 5, 6 or 7 in relation to the same core platform service as it was found to have committed in a non-compliance decision adopted in the 8 preceding years. (Article 30.2)

If “a gatekeeper has committed the same or a similar infringement of an obligation” within 8 years, the fine can go up to 20% of global operations. Still lower than Apple’s 30%, but at 20% it starts to hurt.

The Commission may adopt a decision, imposing on undertakings, including gatekeepers where applicable, and associations of undertakings, fines not exceeding 1 % of their total worldwide turnover in the preceding financial year where they intentionally or negligently:

If you’re just sloppy, the fine might be in the 1% region. But, likely the (cumulative?) 1% sloppiness fines could pile up on top of your 10%.

The financial liability of each undertaking in respect of the payment of the fine shall not exceed 20 % of its total worldwide turnover in the preceding financial year.

The subsequent paragraph specifies that the maximum fine from the EU will not exceed 20% of global revenue. So, likely, cumulative but with a cap. Lucky you, it’s not 30% of your revenue. That would be tough…

The rest is not that interesting for us. It mostly specifies process technicalities and then defines terms like ‘active business users’ or ‘submission of information’… it gets very technical at the end.

Final note: Individual countries cannot oppose findings from the EU court. A fully logical and pragmatic rule, but likely not a popular political declaration. Thank you for reading along.