The author is International Policy Director at Stanford University’s Cyber Policy Center
Four years ago, the groundbreaking GDPR law on data protection came into force. Now the EU is in the final stages of making history again with a new law that seeks to clarify up front competitive responsibilities for big tech companies. The aim of the Digital Markets Act (DMA) is to prevent these gatekeeper companies from abusing their market dominance and not simply taking them to court for antitrust violations.
Instead of breaking up monopolistic companies, the DMA would open them up, says French Digital Minister Cedric O. Amazon, for example, cannot use its insights into buyer activity to optimally position its own brands on its own platform. Users could seamlessly message friends on other platforms, and Apple would have to allow access to competing app stores. Default settings would no longer create lock-ins and give internet users some much-needed freedom.
It shouldn’t come as a surprise that big tech companies are criticizing the new rules, which aim to increase their responsibilities and diminish their power. It is also not surprising that the DMA has become one of the most heavily promoted pieces of legislation ever produced in Brussels. Facebook, Google, Microsoft and Apple alone spent around 20 million euros last year to influence this.
Lobbyists quickly sided with privacy as a possible argument. After all, what could be wiser than pitting one key EU achievement against another? It can be difficult to distinguish between the noise of lobbying and the alarm of civil rights. But while there are still details to be clarified about the combination of security and competition, there are also clear indications of how this can be achieved.
WhatsApp CEO Will Cathcart, whose company has implemented end-to-end encryption between users, foresees problems, as do others with a less direct impact on competition laws and a better record on privacy. They fear that the well-intentioned focus on interoperability could have security disadvantages. If consumers can choose their messaging platform, they should be able to interact with all other platforms, just like email does. Interoperability would reduce the cost and hassle of switching and increase competition and consumer choice. The question is whether these proposed obligations could conflict with those of end-to-end encryption.
But this is not an impossible mission. If an internet user has consciously chosen a messaging platform with the highest standards of encryption – to ensure confidentiality or to protect a source – the fact that their message is shared on another platform owned by a friend or colleague should not change the protection of their data . According to Matrix, an open-source project promoting secure communications that also proposes “bridges” for encrypted data, the DMA requires APIs to provide the same level of privacy protection for remote and internal users.
Additionally, it’s helpful to remember that competition and privacy go two ways. Monopolists can lower privacy standards more easily, as Facebook has done, because consumers have fewer alternatives. With more competition, chances are that better data protection will become a competitive advantage. Although the US lacks a federal privacy law, its courts are currently hearing several cases challenging the damaging relationship between privacy and antitrust law. Federal Trade Commission Chair Lina Khan called the new DMA legislation a “pioneering proposal to promote fair access to markets controlled by digital gatekeepers.” It recognizes the privacy, security and competition implications of corporate access to information. It is precisely this combination that the EU must now tackle.
The details of the DMA are still being worked out and the methods of enforcement will also be crucial. There is still some leeway between the political agreement reached and the final text after fine-tuning by experts. Only against this last iteration, which should be available in the next few weeks, can all concerns be weighed up seriously.
But the discussion about interoperability and encryption – or between GDPR and DMA – already points to a major challenge that the EU still has to face. After the DMA, the Digital Services Act, the AI Act and the Data Act will follow to ensure more countervailing power to balance that of tech companies. For EU legislators and regulators with ambitions to curb the power of big tech, the next big hurdle will be making sure these different laws work well together.
Privacy concerns should not block EU’s attempts to curb big tech power Source link Privacy concerns should not block EU’s attempts to curb big tech power