Taming Digital Markets Globally

Regulation of digital markets abroad

After the EU adopted the GDPR in 2016, it was not only hailed as a first-mover when it came to restricting businesses' leeway for collecting and processing consumer data, it was also soon credited with having set a global data protection standard. Similarly, observers anticipated an adoption of DMA-inspired antitrust legislation by other large nations in which big tech companies operate.

The DMA has been in the making for a good 3 years. During this time the European Commission's attempt to regulate big tech companies has been closely watched by many regulators across the world considering similar regulation. Germany 'jumped the gun' and passed its own equivalent regulation in 2021, which is now – since the DMA has entered into force – of only complementary relevance. However, it's worth to look at efforts of regulators outside the DMA to establish competition frameworks for big tech companies.

While the UK has put forth its own digital markets legislation, the US seem to remain ambivalent as to the timeline and contents of a proprietary competition regime for big tech companies. Other nations are either still in the process of drafting up antitrust regimes for digital markets or have recently shifted their focus towards a regulatory framework for AI.

UK: Digital Markets, Competition and Consumers Bill (DMCC)

In the UK, the DMCC is under way, a law that would put the UK's Competition and Markets Authority (CMA) in charge of regulating companies with "strategic market status" (SMS). Within the CMA, the newly created Digital Markets Unit (DMU) will bear this task. As is the case for competition watchdogs in other European and North American jurisdictions, the CMA had already scrutinized the digital markets territory prior to tailored legislation for online platforms. Its blockage of Facebook's (now Meta Platforms) acquisition of Giphy in 2021/2022 was one noticeable example of this. The DMCC, together with the creation of the DMU, institutionalizes this set of the CMA's responsibilities.

Whereas the DMA relies primarily on quantitative thresholds to designate a company a gatekeeper (though the European Commission can still categorize a company as a gatekeeper when these thresholds are not met, and vice versa), the DMCC approach is more discretionary, allowing the UK regulator to determine SMS status based on various factors. These include market power and strategic significance. The DMA's thresholds indicate cases in which companies typically reach gatekeeper status, while the DMCC only contains "safe harbour" thresholds below which a company cannot receive SMS status. Early collaboration between affected companies and the CMA is expected and deemed desirable in the process. Companies are not automatically designated to have SMS when they meet certain criteria. That requires an SMS investigation. The CMA may start such investigation into a company at any time if it has reasonable grounds to assume that the company may meet the SMS definition, to then decide within a statutory deadline of nine months (extendable by three months in exceptional circumstances) to conclude its assessment. An SMS designation would thereafter apply for a five-year period.

The DMCC gives considerable discretion to the DMU when it comes to imposing conduct requirements on SMS companies. The tools from which the DMU may choose are parallel to the restrictions laid out in the DMA - e.g. it can prohibit self-preferencing, tying, interoperability restrictions etc. -, but crucially the DMCC will see these restrictions not apply to all SMS companies regardless of the scope and nature of their business. Rules of conduct for an SMS company will be "tailored" to that company's individual position and the risk it poses. In comparison, DMA gatekeepers will all be subject to one set of rules no matter their idiosyncrasies.

The DMU's powers are more flexible than that of the European Commission in that it can impose structural remedies on an SMS company per its discretion. This could include far-reaching rulings such as divestments and ownership separation. The European Commission on the other hand can only resort to structural remedies after it has already issued three or more non-compliance decisions against a gatekeeper in the last eight years. Also, the DMCC contains exemptions for SMS companies' duty to comply where net consumer benefits might outweigh detrimental effects on competition. The DMA does not provide for any efficiency justification.

Generally speaking, the DMCC is dubbed a more flexible and cooperation-based approach between regulator and SMS companies than the DMA. The idea is for the DMU to operate consent-based, gradual and solution-oriented as far as possible.

Yet, the DMCC will contain a more comprehensive merger control for SMS companies acquiring at least 15% of a UK target company, as well as financial fines of up to 10% of annual global turnover. Unlike the DMA, the UK bill introduces additional penal measures such as director disqualifications and civil penalties for senior managers.

While these aspects of the bill have remained undisputed throughout its amendments so far, it appears to be not fully clear yet which new provisions a final DMCC might ultimately contain, such as potentially consumer law collective action provisions.

While the DMCC's first draft was first introduced in April 2023, it has since been amended thrice. Its latest changes in March 2024 were supposed to, inter alia widen the scope of banned commercial practices with respect to fake reviews, as well as they regulate secondary ticketing. A precise timeline for the DMCC's entering into force is unclear, though it is believed to be signed into law within April 2024. However, it will likely not see implementation before late 2024.

USA: American Innovation and Choice Online Act et al

US developments in big tech regulation have already trailed those in Europe when it came to the GDPR. While state-by-state legislation for large online platforms exists today, national legislation is not yet in sight. The Biden administration has tightened antitrust enforcement through the Department of Justice (DoJ) and the Federal Trade Commission (FTC), but federal laws for the digital space have not progressed far as of now. The departments and agencies' utilization of existing antitrust legislation to police big tech companies in lack of new regulation has seen mixed results: The FTC for example has lost court cases against both Meta and Microsoft in merger control cases.

Different lawmakers have sponsored bills, but without success so far. A draft deemed one of the more promising examples is the American Innovation and Choice Online Act, a bill sponsored by both Democratic and Republican senators in 2022. It has not passed the US Senate yet and would still have to be approved by the US House of Representatives thereafter. This bill, together with other proposals such as the so-called ACCESS Act, would prevent large tech platforms from self-preferencing and prescribe rules for data transferability from one platform to another. Both these objectives are already tackled by the DMA, as described in BLOMSTEIN's DMA Briefings on Self-Preferencing and Interoperability, Portability and Switching.

In general, more than a dozen legislative proposals on the field of digital market regulation have been made since the beginning of the Biden presidency. These aim for various goals such as tightening merger control or preventing companies from owning multiple parts of the digital advertising ecosystem (e.g., buy-side, sell-side and ad exchange).

Another, more recent attempt by Democratic senator Warren and Republican senator Graham with similar goals to that of the American Innovation and Choice Online Act, likewise seems to have lost momentum and has not yet led to a preliminary bill to be put to a vote. Until sentiment in the US Congress changes, it seems likely that US legislature aiming at big tech in a similar fashion to the DMA will keep originating in state congresses, most notably that of California which e.g. passed its own California Consumer Privacy Act in 2018, leading to a fragmented and partial digital markets regulation at best. US ministries and agencies' ability to fill the legislative void are limited, even though the motivation to increase scrutiny over digital companies is there. That was recently demonstrated again by the US Consumer Financial Protection Bureau's proposal to regulate digital payment providers. But without legislative backing, these attempts risk being struck down by US courts, as has happened repeatedly in the past.

Digital Market Regulation Globally

Another country that saw a recent, yet unsuccessful, attempt to regulate big tech companies is South Korea. Unlike Europe, South Korea is home to proprietary tech companies that in many cases have market shares similar to those of the large US platforms in Europe, e.g. in fields such as online search engines, e-commerce or mobile messaging services. The South Korean government initially proposed competition laws resembling the EU's DMA in a Platform Competition Promotion Act. However, after facing backlash from industry, consumers, and the U.S. government, it was decided to delay the bill's introduction to gather more opinions.

Currently, South Korean authorities are consulting with its tech industry as well as with the US Chamber of Commerce. Survival, timeline, and contents of a revised bill are unclear as of now, though the South Korean President Yoon Suk Yeol has indicated that he wishes for South Korea to arrive at some form of big tech regulation.

Meanwhile, other important markets for big tech companies - nations such as Taiwan, Japan, Canada or Australia -, are likewise moving towards more stringent antitrust enforcement and/or legislation or have already done so. Some of these countries seem to deprioritize antitrust legislation for now and focus on regulation for AI, just as the EU is also moving towards implementation of its novel AI Act.