Companies operating in the programmatic advertising and digital marketing industries are used to the European Union introducing new laws to try and regulate certain areas of their businesses.
Over the years, the EU has introduced new privacy directives and laws to regulate the collection and sharing of personal data. Examples include the ePrivacy directive and General Data Protection Regulation (GDPR).
More recently, the EU has turned its attention to anti-competitive behavior in the digital advertising and marketing industries. As a result, the EU, and the UK government, have opened antitrust investigations into the tech giants of the Internet — mainly Google, Meta, Apple and Amazon.
In its latest attempt to regulate the tech giants, the EU has introduced two new laws to curb anti-competitive behavior, create fairer competition in digital markets, and protect the fundamental rights of consumers in the EU.
The two laws are known as the Digital Marketing Act (DMA) and Digital Services Act (DSA).
In this blog post, we explain what the DMA and DSA are, their purposes, what the EU aims to achieve with them, and the impact they’ll have on the tech giants as well AdTech companies, publishers and advertisers.
Key Points
- The DMA and DSA are two of the centerpieces of the European digital strategy, and while the two legislation pieces are complementary to each other, they touch different fields.
- The European Union’s Digital Marketing Act (DMA) is a law designed to make competition in the digital industry fairer and more open, as well as better protect the fundamental rights of consumers.
- The DMA aims to do this by regulating the behavior of large tech platforms, or “gatekeepers” as they are referred to by the EU in the DMA.
- The European Union’s Digital Services Act (DSA) is a law that takes care of growth and competitiveness of businesses of any size and protects consumers and their rights.
- The DSA aims to also provide a level-playing field for companies operating in the digital market industry, but has a bigger focus on protecting consumers and their rights by ensuring transparency, protecting users from illegal content and holding online platforms accountable.
- The Digital Marketing Act will have the biggest impact on the largest online businesses: Google, Apple. Meta, Amazon.
- There are some new rules within the DSA and DMA that AdTech companies, publishers and advertisers will also need to follow to avoid being penalized.
- The DMA and DSA will take effect 20 days after the text is published in the Official Journal of the EU, which is expected to happen in 2022. The DSA will apply after fifteen months or from 1 January 2024, whichever comes later. The DMA allows for a grace period of only 6 months before its application.
What Is the European Union’s Digital Marketing Act (DMA)?
The European Union’s Digital Marketing Act (DMA) is a law designed to make competition in the digital industry fairer and more open, as well as better protect the fundamental rights of consumers. The DMA aims to do this by regulating the behavior of large tech platforms, or “gatekeepers” as they are referred to by the EU in the DMA.
Below we’ve listed the main parts of the DMA in the gray boxes and added additional information below them.
According the the EU, the DMA will:
Apply only to major providers of the core platform services most prone to unfair practices, such as search engines, social networks or online intermediation services, which meet the objective legislative criteria to be designated as gatekeepers.
This will certainly include companies like Google, Meta, Apple and Amazon.
Define quantitative thresholds as a basis to identify presumed gatekeepers. The Commission will also have powers to designate companies as gatekeepers following a market investigation.
One of the criteria might be revenue based, so that companies like Google, Meta, Apple and Amazon are marked as gatekeepers.
Prohibit a number of practices which are clearly unfair, such as blocking users from un-installing any pre-installed software or apps.
This will apply to companies like Google, Apple and even Microsoft as they all provide preinstalled applications on their devices that are sometimes unable to be uninstalled.
Require gatekeepers to proactively put in place certain measures, such as targeted measures allowing the software of third parties to properly function and interoperate with their own services.
An example of this is Apple’s ApplePay.
In May 2022, the European Commission released the preliminary findings of its antitrust investigation into Apple over its practices connected with mobile wallets on iOS devices.
The EU Commission claims that Apple is abusing its dominant position by not allowing third-party app developers to provide NFC-enabled contactless payments on iOS devices. By limiting access to this technology on iOS devices, Apple is essentially making ApplePay the only contactless app available to users.
This point aims to address this issue.
Impose sanctions for non-compliance, which could include fines of up to 10% of the gatekeeper’s worldwide turnover, to ensure the effectiveness of the new rules. For recurrent infringers, these sanctions may also involve the obligation to take structural measures, potentially extending to divestiture of certain businesses, where no other equally effective alternative measure is available to ensure compliance.
It must be noted that the fines for non-compliance are higher in the DMA than they are in the GDPR — 10% of worldwide turnover in the DMA vs 4% of worldwide turnover in the GDPR.
The point about the “divestiture of certain businesses” is an interesting one. The EU can only force companies based in the European Union to spin off their businesses, meaning it won’t be able to do this to Google, Meta, Apple and Amazon — only the US government can introduce laws to do that, which even then is an uphill legislative battle.
The EU has been trying to rein in big US tech companies like Google, Meta, Apple and Amazon for years, but to no avail.
Many folks in the programmatic advertising industry saw the GDPR as nothing more than a way to “tax” the US tech giants.
It seems that the DMA is the EU’s latest idea on how to tax these US companies while also aiming to make competition fairer and protect the rights of EU consumers.
Allow the Commission to carry out targeted market investigations to assess whether new gatekeeper practices and services need to be added to these rules, in order to ensure that the new gatekeeper rules keep up with the fast pace of digital markets.
Essentially, more antitrust investigations.
We Can Help You Build an AdTech Platform
Our AdTech development teams can work with you to design, build, and maintain a custom-built AdTech platform for any programmatic advertising channel.
What Is the European Union’s Digital Services Act (DSA)?
The European Union’s Digital Services Act (DSA) is a law that takes care of growth and competitiveness of businesses of any size and protects consumers and their rights. It aims to also provide a level-playing field for companies operating in the digital market industry, but has a bigger focus on protecting consumers and their rights by ensuring transparency, protecting users from illegal content and holding online platforms accountable.
It places the good of EU’s citizens at the heart of the law. Apart from citizens, the DSA refers to three other groups:
- Providers of digital services.
- Business users of digital services.
- Society at large.
According to the official information, the DSA will:
Ensure mechanisms and “trusted flaggers” to counter illegal goods, services or content online.
This means users, and online platforms as well, will have an impact on pointing out and banning anything that is recognized as illegal and therefore harmful to individuals or businesses. To put it simply, they will be able to flag things they see on websites and social media platforms, such as counterfeit and illegal products.
The mechanisms for flagging illegal goods and services and harmful content on platforms and online marketplaces will be easily accessible.
Force transparency of business users in online marketplaces.
Sellers will be able to check if their products and services have been marked as illegal in any official database.
New obligations will strengthen users’ positions and bring transparency to marketplaces, allowing buyers to feel confident they are buying from a trusted seller.
Protect users’ safety and fundamental freedom of expression.
A platform’s content moderation decisions can be challenged if a user disagrees with the decision. It will provide more freedom for creators, space for social minorities and an open discussion on any given topic.
Ban on certain types of targeted adverts on online platforms.
Ads targeting children or utilizing sensitive personal data, such as ethnicity, political views, sexual orientation will be banned. This unifies the law and organizes issues that Internet platforms have been dealing with in separate regulations.
Bring transparency measures for online platforms on a variety of issues, including on the algorithms used for recommendations.
Individual users and businesses will be able to learn more about how the online platform works and therefore will be more informed on advertising mechanisms, such as ad personalization and product recommendation.
Increase the safety obligations for very large platforms and very large search engines.
The European Union wants to prevent the misuse of platforms’ and search engines’ systems, so the new law introduces independent audits of their risk management systems.
Open access for researchers to the largest platforms’ and search engines’ key data, in order to understand how online risks evolve.
The cooperation between researchers and major players in the online services industry should increase the ability to predict and prevent harmful activities, goods, scams etc.
Eventually, the new European Board for Digital Services will support EU countries in overseeing structures on the new digital landscape.
Additionally, very large platforms will be supervised and enforced by the European Commission.
What’s the Difference Between the DMA and DSA?
The DMA and DSA are two of the centerpieces of the European digital strategy, and while the two legislation pieces are complementary to each other, they touch different fields.
The primary objective of the DSA is to protect Internet users. The law aims to do this by creating new obligations for online platforms. These platforms are to moderate content and be transparent about how they collect and use data.
The DSA assumes that users will have easy access to information about sellers, have access to mechanisms to allow them to report illegal goods and services, get information on how large platforms work, and be safer on the web. It puts EU’s citizens at the center of the whole digital world.
On the other hand, the DMA is a law created for regulating issues connected with competition in digital markets. The DMA aims to do this by ensuring large online platforms don’t engage in anti-competitive or unfair behavior.
The DSA and DMA will set new standards for businesses and consumers in the EU.
Thierry Breton, Commissioner for the Internal Market, said during the official press release:
“We are finally building a single digital market, the most important one in the ‘free world’. The same predictable rules will apply, everywhere in the EU, for our 450 million citizens, bringing everyone a safer and fairer digital space.”
When Will the EU’s DMA and DSA Go Into Force?
The European Parliament and the Council who represent the 27 EU Member States reached a political agreement on March 24, 2022 on the DMA. This agreement marked the end of the debate on digital markets, which had been going on for over a year. Thanks to the agreement, work on the law can be continued.
Currently, the law is being finalized and translated, but according to the procedures, it has yet to be formally adopted by the European Parliament and the Council. After adoption, the DMA and DSA will be published in the EU’s official journal.
The laws will take effect 20 days after the text is published, though not in full. The DSA will apply after fifteen months or from 1 January 2024, whichever comes later. The DMA allows for a grace period of only 6 months before its application.
The European Commission expects the new laws to be adopted in the fall of 2022.
What Will the DMA and DSA Mean for AdTech Companies and Walled Gardens?
Walled Gardens and the New Laws
The Digital Marketing Act will have the biggest impact on the largest online businesses: Google, Apple. Meta, Amazon.
These companies will be regarded as “gatekeepers” — defined as companies with a market capitalization of more than €75 billion ($83 billion USD) and 45 million monthly active EU users.
The DMA states that only gatekeepers will have to comply with the listed do’s and don’ts. Also, the act empowers the European Commission to extend obligations for gatekeepers in the future. Platforms also have to release a biannual report on their content moderation efforts.
But besides limiting the monopolies, the DMA will also bring other implications.
One of the key points in the DMA is that big tech companies will be forced to collaborate with smaller platforms.
WhatsApp, which has a massive user database — over 45 million people in the EU, and provides end-to-end encryption — could put its users’ security at risk by integrating with a platform that has flaws in their security protocols.
As long as WhatsApp is in control of its protocols, it can secure the privacy of its users. It cannot guarantee data safety after integrating with other service providers such as Signal or Telegram.
Further reading: The EU Digital Markets Act’s Interoperability Rule Addresses An Important Need, But Raises Difficult Security Problems for Encrypted Messaging — EFF
But let’s also look at this matter from other angles.
The one thing is that the DMA and DSA focus on users’ safety, so we can expect that some smaller providers will increase their product-development budgets and introduce new features as a way to compete with the larger companies.
The other thing is that smaller companies might not want to interoperate with companies like WhatsApp as they may lose revenue as a result of doing so.
Julia Weiss, spokesperson for the German messaging app Threema, shared her thoughts with Wired magazine:
“If existing users of free messenger A with bad privacy practices could communicate with users of privacy-conscious paid messenger B, they will not pay money for messenger B, effectively depriving it of its only source of revenue.”
Our attention should be drawn also by the other DMA’s aspect: Competitiveness.
To comply with the new rules:
- Google will have to provide an alternative to its search engine, Maps, and Chrome browser in its Android operating system.
- Apple will have to enable third-party payment options in its App Store as an alternative to its own payment system.
- WhatsApp will have to allow people to use its app to communicate with others using rival messaging apps.
This means that other services that rely on Big Tech’s businesses won’t be blocked anymore from developing their competing apps.
How Will the DSA and DMA Impact AdTech Companies?
The impact of the EU’s DSA and DMA won’t be as significant for AdTech companies compared to the impact on the walled gardens of Google, Meta, Apple and Amazon.
However, there are some new rules within the DSA and DMA that AdTech companies will need to follow to avoid being penalized:
AdTech companies will not be allowed to target minors. Profiling and targeting young people with ads will not be possible under any circumstances. Advertisers will have to be extra careful when collecting data; in case they were caught using the personal information of minors, they would be penalized.
Sensitive data is permanently excluded as targeting criteria for the whole advertising ecosystem. The new laws complement the existing security and privacy regulations (e.g. GDPR) for Internet users, meaning ad agencies, AdTech platforms, advertisers and publishers won’t have the possibility to display their ads based on these criteria. The only criteria that are not fully specified regarding the sensitive data are gender and gender identity.
Ad labeling for digital platforms and ad repositories for VLOPs. The DSA requires all digital platforms to place a clear label on creatives displaying information about the ad owner and targeting methods used to display the ad to the user. Very Large Online Platforms (VLOP) will have to build a public repository (available via API) of information containing: exposed ads, sponsor information, parameters used to target, and total exposures.
Dark patterns will be banned. Providers of AdTech-oriented services will have to build their processes and mechanisms in a way that allows users to make a conscious decision. Misleading information, including utilizing dark patterns, is banned.
How Will the DSA and DMA Impact Advertisers and Publishers?
As the new laws start to come into effect, advertisers and publishers will have to adjust.
Similarly to AdTech companies, they will have to be aware of what types of data they collect and how they want to utilize the information they have.
For some publishers, the new rules will significantly impact their businesses, e.g., websites for minorities or LGBT societies will have to find a way to get new customers, promote themselves and related products and services without using data such as sexual orientation.
Some advertisers and publishers will also probably need to reconsider their marketing plans and strategies as the targeting criteria will shrink, which will reduce the potential of reaching their target audiences.
We Can Help You Build an AdTech Platform
Our AdTech development teams can work with you to design, build, and maintain a custom-built AdTech platform for any programmatic advertising channel.