Sign in Subscribe
10 min read

Comments on the DMA rules

As part of my last article, I wanted to provide commentary on my groupings of DMA rules, but then I ran out of time and space. So this post is an extension of that one for a week when I've not had time to write a full-blown new article. I will try to catch up with an extra article next week. In the meantime, below is some of the exact text from my previous article, but the Comments section under each is new. It is, of course, my opinion and interpretation.

Data

Gatekeepers cannot use the data they gather by providing a core platform service to their advantage. This means they cannot collect data from third parties on the platform, use non-publicly available data to compete with their business users, combine platform data with other data or cross-use that data without explicit permission, freely given, to do so.

They also must provide both end users and business users, on request and free of charge, access to the data provided or generated by their use of the platform for data portability. This includes a real-time stream of this data.

Comments

Although I've separated this from the Advertising section below, the two are closely linked. You can't do targeted advertising without data, which means you're just stuck with contextual advertising, and the former is critical to how any of these free services make money. Contextual advertising isn't as effective and, therefore, earns less money. As long as you know what you're doing with it, the more data you have, the more you can charge for advertising.

So there are a few points to note here:

  • Gatekeepers with multiple platforms will argue that they should be treated as a single CSP because data can be shared within a CSP but not between them. This was precisely what Meta initially proposed for their platforms (which the EC rejected)
  • I believe users should have the right to access their own data. However, we must acknowledge that if it's easier for people who should have data to access it, it's also more accessible for people who shouldn't. As I said, I'm in favour of this improvement in transparency, but the DMA seems not to ignore trade-offs (see, in particular, the section on N-IICS).

This is the rule that's led to the 'Pay or OK' fight with Meta. They have proposed to comply with the DMA by giving users two options: give permission to use data as they always have or pay to access their services without ads. The EC is pushing back on that. That's a fascinating topic that would need a whole other article to explore properly. Mikołaj Barczentewicz has studied this question in more detail for anyone who wants to get their information from someone knowledgeable.

Software and App Stores

Gatekeepers must allow users to uninstall non-essential software, change the defaults (including an initial prompt to set the default) and allow third-party app stores with 'strictly necessary and proportionate' measures to ensure the integrity of the hardware or operating system. They also must not restrict the ability of end users to switch between and subscribe to different software applications and not treat their services more favourably. Finally, gatekeepers cannot require end users to subscribe to one core platform service to get full access to another.

Comments

While this applies to all software, the key ones that seem impacted for now are app stores and browsers. CSPs must allow the installation of alternative versions of both.

  • App stores:
    • This gets a lot of coverage, particularly for Apple, although Google is also impacted. The 30% they take 'feels' too high, but rather than set a maximum cut, the best way to find the correct number is to introduce competition and let businesses battle down to some lower value. This only works if competition is possible, which they're trying to enable.
    • Even ignoring Apple's current onerous terms on alternative app stores, it seems unlikely that they will get a vast number of users; most people will stick with the default because it's good enough and easy. The threat, though, is that the distribution of spend over users is almost certainly a power law (as is often the case in tech). The small number of high spenders, most likely mobile gamers who do a lot of in-app purchasing, will be strongly incentivised to move to an alternative app store if it can offer the same products/ services for less money (i.e. take a reduced cut). Apple will either have to compete on price or keep 95% of the users and 10% of the money (these numbers are made up, but you get the point).
    • Like above, this will weaken the platform's security. Maybe not by much, particularly if the alternative is built by an equally well-resourced tech firm. Again, there's a strong argument that it's still the right thing to do. But let's not pretend there isn't a trade-off.
  • Browsers:
    • Of the operating systems covered by the DMA, Apple's (iOS and iPadOS) are the only ones that restrict browser installation, so this time, it really is just about Apple.
    • There is some evidence that Safari preserves battery life better than other browsers, thereby improving the overall user experience of the device. There isn't any evidence that it's more secure, even though Apple sometimes claims it is. Anyway, this is to say there is a minor argument that Apple enforces the use of Safari to improve the user experience.
    • However, we can't ignore the fact that Apple collects up to $20 billion each year from Google to make their search engine the default in Safari. If users move away from Safari, Apple's bargaining position weakens, and the amount they extract will drop. That $20 billion is pure profit and represents about 20% of Apple's net profit in 2023. This matters to Apple, and I believe this restriction is in place to preserve money, not the user experience.

Integration and interoperability

Gatekeepers must allow providers of services or hardware and business users to interoperate with and access the same hardware and software features accessed or controlled by the platform.

Comments

To me, this really just applies to operating systems (Android, iOS, iPadOS, Windows) and the hardware on which they are installed. Apple's the only company here where hardware is a truly significant part of what they do. Android and Windows are generally pretty open platforms. They might have to make changes to comply, but I don't think they'll be fundamental to the businesses or their platforms.

For Apple, though, integration is a fundamental part of their business model, if not the fundamental part. The slogan "It just works" simply encapsulates this idea: combining Apple products and services is easier than combining products from other manufacturers because of their deep integration. This indeed favours their own devices and services over others, but it does so by offering a better user experience.

The argument in favour of the DMA is that Apple can continue to offer these improved experiences; they just need to make these integrations available to others to build products on at the same time, thereby driving competition and improving the overall user experience. This ignores a fundamental problem, though: you cannot iterate as quickly on a public interface/ API. Once other businesses depend on it, changes need to be introduced more slowly and announced in advance. Not doing so would annoy the ecosystem and almost certainly draw attention from the DMA or some other regulation for the anti-competitive disruption of third parties. This regulation will force Apple to slow down so everyone can keep pace with them. These more open integrations are also a security risk; again, there is a trade-off, even if you think it's worth making.

Arguably, a better implementation of this would be to make integration and interoperability a condition after some time, say a year or two. This would allow Apple to iterate quickly at the start and face competition soon. They would also be incentivised to build a hugely compelling product before that window expires, so fewer end-users are motivated to move to a competitor's product. Apple have said they do this, at least in John Gruber's interview following the last WWDC. They recently made the improved 'AirPods-like' pairing experience available to other Bluetooth devices. But it's hard to argue that 'this is what Apple does' rather than 'this is what Apple does while the European Commission is watching', based on what we've seen.

The final point is this is probably the key reason Apple Intelligence will be delayed in the EU. As much as people pretend it's spite over the app store, Apple Intelligence (along with some other WWDC announcements) looks like deep integration across the platform. Figuring out how to make those compliant with the DMA, particularly without introducing vulnerabilities into the system, will take time.

Payments

Gatekeepers shall not require end users to offer or interoperate with the gatekeeper's payment or identification service.

Comments

I have little to add here. This is the right thing to do and should have happened a while ago. Just because you own the platform does not mean you must own all payments. Apple Pay and Google Pay are excellent, convenient services, and I think most people will stick with them (myself included), but the option should be there.

Access to customers

Gatekeepers shall not prevent businesses from offering the same products or services elsewhere on different terms, communicating offers available through other channels, or accessing content and subscriptions acquired outside the platform.

Comments

I believe two behaviours are being targeted here:

  • Intermediation platforms—Marketplaces: Some platforms force business users to agree not to offer better terms elsewhere. For example, if you sell a product on my platform, you can't sell it cheaper elsewhere. Amazon has been accused of this in its Marketplace, for example. This seems like it should always have been illegal, and it's wild that no one's done anything about this before.
  • Intermediate platforms—App Stores: App stores generally don't allow businesses to point users to an alternative way to sign up for their service, e.g., telling them to the sign-up page on their website. This means companies that won't or can't give the store operator their 30% cut have long been stuck showing weird screens telling users how great things would be if they had an account without suggesting how to get one. These are called 'anti-steering' rules, i.e. you're not allowed to steer users elsewhere. This makes the user experience worse (you have to discover how to create an account yourself), so it feels like a good thing this is stopping.

Advertising

Gatekeepers must provide each advertiser or an authorised third party with information concerning the advertisement placement, the price and fees paid by the advertiser, the remuneration to the publisher, and the metrics used to set those values. Similarly, publishers or their authorised third parties must receive information concerning the remuneration and fees they received, the price paid by the advertiser, and the metrics on which those were calculated. Finally, advertisers, publishers, and their authorised third parties must be provided with access to the gatekeeper's measurement tools and data to carry out their independent performance verifications.

Comments

As I said above, advertising and data are very closely linked. These provisions, though, are about making advertising more transparent, giving advertisers and publishers the tools and data to look inside the workings of Google, Amazon, and Meta ads.

Again, this seems like a good thing; the more these ad platforms become black boxes, the more they can squeeze margins from both sides of the network without having to justify it. The platforms will argue that they already provide lots of data (and that's true). Still, if they comply with the true spirit of this, I expect they will have to deliver a better platform for advertisers and publishers with a better idea of how their money is being spent.

Number-Independent Interpersonal Communication Services

Gatekeepers must make their basic functionality interoperate with other providers while preserving the level of security (e.g. end-to-end encryption) across services. This functionality is:Immediately on designation: end-to-end messaging and sharing of images, voice messages, videos and other attachments between individualsWithin two years: end-to-end messaging and sharing of images, voice messages, videos and other attachments across groupsWithin four years: end-to-end voice and video calls between users and groups

Comments

This currently only applies to Meta's Messenger and WhatsApp. Anyone in the US will be surprised iMessage didn't appear, but that's not as big of a deal in the EU as it is in the US.

I see the appeal of trying this. I can't leave WhatsApp without convincing all my friends to do the same, and that's a powerful lock-in for Meta. To be clear, I have never even thought about leaving WhatsApp because it's free, I don't care, and it's more than good enough for what I do, but maybe that means I'm not the target. The argument is that I could use a new, better app without all, or even any, of my friends moving simultaneously. When communicating with anyone who did move to the new app, we get to take advantage of whatever that better app offers, and for those that stay on WhatsApp, we can still communicate over what will inevitably be some set of features that is worse than either app offers in isolation.

I'm sceptical that it would happen in large numbers, but my problem with this again is that it completely ignores trade-offs. Opening up an N-IICS to third parties while maintaining the existing levels of security isn't possible. If the message is end-to-end encrypted, Meta must share the key to decrypt it with someone else. Sure, it's still technically end-to-end encrypted but less secure. The more who can decrypt your messages, particularly if those people don't have Meta-level security budgets, the less secure it is.

There isn't a right or wrong answer here. You can choose to prioritise security or openness, but not only do these rules ignore that trade-off, but they seem to suggest that businesses should actively work not to make them.

So what?

I've said before that I agree with a lot of the spirit of the DMA, but thinking through the rules in this way has highlighted two things for me:

  • Trade-offs are ignored: Some of these rules will have additional consequences. For example, there is always going to be a trade-off between openness and security. There are arguments for making either the priority. In fact, you could argue that iOS has prioritised security, while Android has put more emphasis on openness. But pretending this compromise doesn't exist (or worse, legislating that it mustn't) isn't dealing with reality.
  • Users aren't the top priority: this sounds like an overwhelmingly negative comment, but it's not necessarily intended as such. Again, this is a trade-off, and the top priority here is to reduce the power of gatekeepers, even if doing so might make consumers worse off. For example, exposing iOS to third-party app stores will make the system less secure and increase malware and scams, often for people who bought an iPhone specifically so they wouldn't have to worry about these things.

Stopping anti-competitive behaviour from the tech giants is a good thing, and doing so really does require new laws rather than attempting to force-fit laws designed for a more 'physical goods' world. That far, at least, it's positive that the EU has done something that many other entities have not. But the DMA is trying to solve too many problems at once and ignoring trade-offs in doing so, and as a result, it runs a very real risk of doing more harm than good.