Enforcing the Digital Markets Act

These are my notes from the excellent Digital Clearinghouse webinar this morning on enforcement of the Digital Markets Act (DMA), featuring the European Commission’s executive vice-president Margrethe Vestager, the chair of the Dutch competition and markets authority Martijn Snoep, the European parliamentarian and competition specialist Stephanie Yon-Courtin, and LSE law associate professor Orla Lynskey. The chair was competition economist Prof. Alexandre de Streel.

@vestager summarised: The #DMA will ban “unfair self-preferencing” by #gatekeepers, and their use of their business customers’ data to compete with them; and stop emergent gatekeepers from locking in users.

Digital Markets Act objectives

@DeStreel asks: do we need, as #JeanTirole states, more “participatory” (I’d say #coregulatory) platform governance? @vestager: only once democracy has caught up with the private powers and they have a real incentive to take part seriously ??

@lynskeyo asks: why isn’t cross-border #GDPR enforcement working? 1/ Regulation has ambiguous language (e.g. “inform without undue delay”, “draft decision”), 2/ Different national legal rules, and 3/ Disagreement between national DPAs about when a formal investigation should go ahead… and there are remaining issues with DPA cooperation.

Private enforcement has also seen national divergence, as to when individuals can go to court for compensation — resolved in competition law through the private enforcement directive — and #GDPR Art.80 collective redress.

@beuc has noted rules on admissibility of representative body vary and cause problems cross-border. This is all before considering the interaction between competition, data protection and consumer authorities. << Clearly the @EU_EDPB model needs significant improvement for #DSA.

Based on experience, Martijn Snoep, chair of the Dutch competition & markets authority, is convinced a strong EU-level enforcement authority is required, whether @EU_Competition or other agency; since it will face such powerful opponents, over issues at the heart of their business models. Without EU-level regulation of #DMA, the tech titans will simply pick off smaller countries by threatening to withdraw their services. Also: policymaking and enforcement must go hand-in-hand << UK moved away from this model under Cameron government.

@s_yoncourtin says we need coordination and streamlining of the European Competition Network, the consumer equivalent, the @EU_EDPB, and @BERECeuropaeu to effectively enforce the #DMA ??

@lynskeyo agrees that what is missing with @EU_EDPB is a central EU-level #GDPR enforcement agency (I agree!) @DClearinghouse doesn’t currently consider concrete cases << I think #DMA should convert it to a Commission enforcement agency ?

Chair of @AutoriteitCM: it takes years to build an effective new institution, so before creating a new digital authority, look carefully at adding on people and money to an existing structure/institution, which already has core values and ways of working.

Snoep is a fan of #coregulation for the #DMA ex-ante regulations, comparing it to merger control, where there are heated remedy negotiations at the end of the process — to avoid endless litigation. So authority should speak softly and carry a big stick — the power to negotiate, without time-consuming consensus-building.

Bravo chair of @AutoriteitCM for stressing DPAs protect fundamental rights, competition authorities the functioning of markets — which should always come second. His authority has always resolved differences in discussions with the Dutch DPA in the past with a “spirit of cooperation”.

Snoep adds: @BERECeuropaeu works well as a network of national regulators, because telecoms still largely operates nationally. But #DMA gatekeepers work largely at the EU level, and it would be terrible for them to face 27 different regulators, taking into account national interest. A more European #digital market will lead to better solutions, another argument for an EU-level regulator

@lynskeyo makes the important point that DPAs getting involved with data protection by design processes because they will then hesitate to enforce (with example of UK #tracingapp). @DeStreel pushes coregulation AGAIN. No! Orla adds: GDPR doesn’t talk about DPAs giving advice! @ICOnews budget is 75% advice, 25% enforcement, and there are questions about that balance. The advisory role should not in any way supplant the enforcement role that follows. This must be cleared up ??

@AutoriteitCM chair: we have employed data scientists, behavioural economists and psychologists recently — helps them design much better solutions << like @CMAgovUK.