DSA: banned gatekeeper practices

Posted on by

Here’s an OCR’d version of the European Commission’s leaked working document on Digital Services Act banned practices by “gatekeeper” platforms (such as Facebook and Google.)

DGs CNECT/GROW informal working document

List of (potentially) unfair practices 
[Based on CNECT/GROW evidence gathering and input of DG COMP from 18 September 2020.]

Blacklist/whitelist (unfair practices that are self-executing) 

Data related practices

1. Gatekeepers shall not use data generated and collected on the platform or on any of the gatekeepers’ other services for the purpose of its own commercial activities directed at consumers of the relevant platform, unless they are making this data accessible to business users (seeking to become) active in the same commercial activities (prohibition of exclusive use of data, unless ensuring non-differentiated sharing).

*NOTE: COMP refers to the notion of data silos as possible remedy.
[ALTERNATIVE: OBLIGATION FOR WHITELIST: Gatekeepers that collect third party business users data generated and collected on the platform or gatekeepers’ services shall share such data with these third party business users’ as well as other interested third parties subject to a consent by the third party business users.]
*Note COMP’s proposal slightly narrower focusing only on the use of advertising data:

Gatekeepers shall not use data received from business users for advertising services for any other purpose other than the advertising service.

Gatekeepers shall offer users the choice whether to combine off-site data with on-site data. *Note unclear whether reference is made to consumers and/or business users. Presumably this is a consumer-facing right, which appears close to personal data protection. To clarify, including possible legal basis implications.

2. Gatekeepers shall offer users the choice whether to combine off-site data with on-site data. 
*Note unclear whether reference is made to consumers and/or business users. Presumably this is a consumer-facing right, which appears close to personal data protection. To clarify, including possible legal basis implications.

Self-preferencing practices

3. Gatekeepers shall not provide preferential display/ranking in online search engines or online intermediation services for their own downstream services and offers (ban of preferential display/ranking).

4. Gatekeepers shall not pre-install exclusively their own applications nor require from any third party operating system developers or hardware manufacturers to pre-install exclusively gatekeepers’ own application (ban on exclusive pre-installation).

5. Gatekeepers shall not, through contractual or technical measures or otherwise, prevent users from uninstalling any (of the pre-installed) apps.

6. Gatekeepers shall not restrict the ability of business users to offer the same goods and services to consumers under different conditions through other online intermediation services or online search engines than through their own platform or services.
*Note COMP latest proposalfor a ban of exclusively wide parity clauses (although COMP does intend to include a ban of narrow parity attached to their ban on side-loading for app stores), and only concerning price, not other conditions.

7. Gatekeepers shall not, through contractual or any other measure with equivalent effect, prevent:

• third party sellers from promoting their offers to their customers and from concluding contracts with these customers for the provision of these customers’ services outside of the gatekeeper’s platform or services (ban on anti-steering).

• the installation of applications by third party business users outside the gatekeeper’s platform or service (ban on side-loading).

8. Gatekeepers shall not, through contractual or any other measure with equivalent effect, prevent [or discourage] business users to complain about gatekeepers’ practices (ban on complaints).

9. Gatekeepers shall not, through contractual or any other measure with equivalent effect, prevent [or discourage] business users complaints against discriminatory access conditions as well as closing of business user accounts and product delistings by gatekeeper platforms. *Note that the relevant issue is covered by P2B Regulation already, to the extent possible; politically it is namely difficult to go further given overlap with review E-commerce Directive, where EC explicitly stated it will not do content regulation, and where it promotes Terms of Service-based removal of harmful content.

Bundling and tying practices

10. Gatekeepers shall not require a user to sign up/register with an email service of the platform when using another of its products.

11. Gatekeepers shall not automatically sign users in to more than one of a gatekeeper’s products without giving users the possibility to opt into such a system.

Auditing of gatekeepers’ services

12. Gatekeepers providing digital advertising services shall submit to an annual audit of their advertising metrics and reporting practices. The audit shall assess the degree of transparency and accuracy of information available for business users to evaluate the performance of the gatekeeper’s advertising services. It shall be made public. The audit shall be co-designed with the European Commission.
*Note COMP alternative obligation to transmit pricing data to advertisers and publishers, combined with an obligation to provide access to advertisers and their agents to carry out their own independent verification

13. Gatekeepers shall submit their consumer profiling practices to an annual audit, which shall be made public. The audit shall focus in particular on cross-service tracking and their respect for EL) data protection legislation including the GDPR and e-privacy Directive/Regulation. The audit shall be co-designed with the European Commission.

General compliance measures

14. Gatekeepers shall provide to the competent regulatory authority any information that is necessary to ensure compliance with the rules and enable the same regulatory authority to continuously monitor the market developments.

15. Gatekeepers shall notify any planned mergers and acquisitions, as well as (technical) partnerships and new activities. Such a notification has no suspensive effect.

16. Gatekeepers shall appoint compliance officers to ensure compliance with the rules laid down in the legal act.

Graylist (unfair practices where intervention by the competent regulator is required) 

Data related practices

17. Gatekeepers shall not, through contractual or any other measure with equivalent effect, prevent third party sellers from accessing essential information that gatekeepers collect on the customers of these business users subject to the consent of these customers for such sharing of information with third party sellers (prohibition of access to one own’s customer data).

18. Gatekeepers shall not collect personal data beyond what is necessary for the provision of their services to the users of their services. [QUESTION: This is about exploitative conduct vis- à-vis consumers. Question remains whether we should keep it. In addition, data minimization is already in the GDPR, so idea here would be to address this through remedies below in relation to gatekeepers where this practice is potentially more distortive.]

19. Gatekeepers shall not restrict by technical or commercial means business users from accessing, handling or using the data that they provide, receive or generate in the course of their use of the gatekeepers’ platform or service (ban of restrictions on use of business users data).
*Note COMP has included this on the whitelist.

20. Gatekeepers shall take appropriate and reasonable technical and contractual measures to enable the business users and consumers of their platform or services to use any other platform or service by means of providing enhanced portability of personal and non-personal data or forms of interoperability.
*Note COMP limitation of mandated data portability to consumers

21. Gatekeepers shall share their search and click data in relation to search and search advertising at a nominal price, or under FRAND terms (obligation to share click-and-query data).

Self-preferencing practices

22. Gatekeepers shall not prevent, by any technical or commercial means, hardware manufacturers from providing their customers and business users with a choice of options for applications/services to be used on/accessed via the hardware. [ALTERNATIVE FOR OBLIGATION: Gatekeepers, irrespective if they are hardware manufacturers or not, shall ensure that their customers and users have a choice of options for applications/services to be used on/accessed via the hardware.] (ban on restriction of options)

23. Gatekeepers that are operating system developers or smartphone manufacturers shall allow third parties access to the same operating system or smartphone features that are available to/used by the gatekeepers’ own products or services.

24. Gatekeepers shall allow their customers to use identification services by third parties which provide the same level of security to access gatekeepers’ platform or services.

25. Gatekeepers shall ensure equal treatment between own activities and those of their business users in providing:
o Functionalities and quality of service of online intermediation services;
o Ancillary services to the gatekeeper’s online intermediation service directly related to the business users’ offers such as Delivery, Payment or insurance services;
o Identification services, which provide same level of security to access gatekeepers’ platform or services;

26. Gatekeepers shall not apply unfair or differentiated pricing conditions for the equal provision of platforms or services to third party business users. 
*Note COMP proposes broader possibility to attack any ‘unfair pricing’.

27. Gatekeepers shall not refuse to interoperate/access for third-party ancillary services at the request of its business users or third party service providers where the gatekeeper provides ancillary services to its online intermediation services (e.g. data analysis services, delivery, payment, etc.).

28. Gatekeeper shall not discriminate in providing interconnection between their service and other services, or in the interoperability between their service and related services. [ALTERNATIVE: Gatekeepers shall offer meaningful interconnection with and/or interoperability to their services]
*As regards 5 and 6, note CNECT/GROW reference to ‘ancillary services’ and ‘discriminatory interoperability’; COMP introduces a broad, positive obligation while referring to ‘competing services’, which risks reinforcing existing circle o f gatekeeper platforms.

29. Gatekeepers shall not through misleading technical or commercial means discourage customers [of its business users] from replacing services of these business users with their own.
*interoperability’; COMP introduces a broad, positive obligation while referring to ‘competing services’, which risks reinforcing existing circle of gatekeeper platforms.

Bundling and tying practices

30. Gatekeepers shall not require the acceptance of supplementary conditions or services that, by their nature or according to commercial usage, have no connection with and are not necessary for the provision of the platform or services to its business users.
[MORE CONCRETE ALTERNATIVE: Gatekeepers providing online intermediation services shall not differentiate the conditions for the provision of the relevant services for third party business users based on acceptance of supplementary services from third party business users on their online market place.]