The final text of the Digital Markets Act (DMA)
Preamble 71 to 80
(71) To ensure the effectiveness of the review of gatekeeper status, as well as the possibility to adjust the list of core platform services provided by a gatekeeper, the gatekeepers should inform the Commission of all of their intended acquisitions, prior to their implementation, of other undertakings providing core platform services or any other services provided within the digital sector or other services that enable the collection of data.
Such information should not only serve the review process regarding the status of individual gatekeepers, but will also provide information that is crucial to monitoring broader contestability trends in the digital sector and can therefore be a useful factor for consideration in the context of the market investigations provided for by this Regulation. Furthermore, the Commission should inform Member States of such information, given the possibility of using the information for national merger control purposes and as, under certain circumstances, it is possible for the national competent authority to refer those acquisitions to the Commission for the purposes of merger control.
The Commission should also publish annually a list of acquisitions of which it has been informed by the gatekeeper. To ensure the necessary transparency and usefulness of such information for different purposes provided for by this Regulation, gatekeepers should provide at least information about the undertakings concerned by the concentration, their Union and worldwide annual turnover, their field of activity, including activities directly related to the concentration, the transaction value or an estimation thereof, a summary of the concentration, including its nature and rationale, as well as a list of the Member States concerned by the operation.
(72) The data protection and privacy interests of end users are relevant to any assessment of potential negative effects of the observed practice of gatekeepers to collect and accumulate large amounts of data from end users. Ensuring an adequate level of transparency of profiling practices employed by gatekeepers, including, but not limited to, profiling within the meaning of Article 4, point (4), of Regulation (EU) 2016/679, facilitates contestability of core platform services.
Transparency puts external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale. Enhanced transparency should allow other undertakings providing core platform services to differentiate themselves better through the use of superior privacy guarantees.
To ensure a minimum level of effectiveness of this transparency obligation, gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed, including whether personal data and data derived from user activity in line with Regulation (EU) 2016/679 is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the duration of the profiling, the impact of such profiling on the gatekeeper’s services, and the steps taken to effectively enable end users to be aware of the relevant use of such profiling, as well as steps to seek their consent or provide them with the possibility of denying or withdrawing consent.
The Commission should transfer the audited description to the European Data Protection Board to inform the enforcement of Union data protection rules. The Commission should be empowered to develop the methodology and procedure for the audited description, in consultation with the European Data Protection Supervisor, the European Data Protection Board, civil society and experts, in line with Regulations (EU) No 182/2011 (16) and (EU) 2018/1725 (17) of the European Parliament and of the Council.
(73) In order to ensure the full and lasting achievement of the objectives of this Regulation, the Commission should be able to assess whether an undertaking providing core platform services should be designated as a gatekeeper without meeting the quantitative thresholds laid down in this Regulation; whether systematic non-compliance by a gatekeeper warrants imposing additional remedies; whether more services within the digital sector should be added to the list of core platform services; and whether additional practices that are similarly unfair and limiting the contestability of digital markets need to be investigated.
Such assessment should be based on market investigations to be carried out in an appropriate timeframe, by using clear procedures and deadlines, in order to support the ex ante effect of this Regulation on contestability and fairness in the digital sector, and to provide the requisite degree of legal certainty.
(74) The Commission should be able to find, following a market investigation, that an undertaking providing a core platform service fulfils all of the overarching qualitative criteria for being identified as a gatekeeper.
That undertaking should then, in principle, comply with all of the relevant obligations laid down by this Regulation. However, for gatekeepers that have been designated by the Commission because it is foreseeable that they will enjoy an entrenched and durable position in the near future, the Commission should only impose those obligations that are necessary and appropriate to prevent that the gatekeeper concerned achieves an entrenched and durable position in its operations.
With respect to such emerging gatekeepers, the Commission should take into account that this status is in principle of a temporary nature, and it should therefore be decided at a given moment whether such an undertaking providing core platform services should be subjected to the full set of gatekeeper obligations because it has acquired an entrenched and durable position, or the conditions for designation are ultimately not met and therefore all previously imposed obligations should be waived.
(75) The Commission should investigate and assess whether additional behavioural, or, where appropriate, structural remedies are justified, in order to ensure that the gatekeeper cannot frustrate the objectives of this Regulation by systematic non-compliance with one or several of the obligations laid down in this Regulation.
This is the case where the Commission has issued against a gatekeeper at least three non-compliance decisions within the period of 8 years, which can concern different core platform services and different obligations laid down in this Regulation, and if the gatekeeper has maintained, extended or further strengthened its impact in the internal market, the economic dependency of its business users and end users on the gatekeeper’s core platform services or the entrenchment of its position.
A gatekeeper should be deemed to have maintained, extended or strengthened its gatekeeper position where, despite the enforcement actions taken by the Commission, that gatekeeper still holds or has further consolidated or entrenched its importance as a gateway for business users to reach end users.
The Commission should in such cases have the power to impose any remedy, whether behavioural or structural, having due regard to the principle of proportionality. In this context, the Commission should have the power to prohibit, to the extent that such remedy is proportionate and necessary in order to maintain or restore fairness and contestability as affected by the systematic non-compliance, during a limited time-period, the gatekeeper from entering into a concentration regarding those core platform services or the other services provided in the digital sector or services enabling the collection of data that are affected by the systematic non-compliance.
In order to enable effective involvement of third parties and the possibility to test remedies before its application, the Commission should publish a detailed non-confidential summary of the case and the measures to be taken. The Commission should be able to reopen proceedings, including where the specified remedies turn out not to be effective. A reopening due to ineffective remedies adopted by decision should enable the Commission to amend the remedies prospectively. The Commission should also be able to set a reasonable time period within which it should be possible to reopen the proceedings if the remedies prove not to be effective.
(76) Where, in the course of an investigation into systematic non-compliance, a gatekeeper offers commitments to the Commission, the latter should be able to adopt a decision making these commitments binding on the gatekeeper concerned, where it finds that the commitments ensure effective compliance with the obligations set out in this Regulation. That decision should also find that there are no longer grounds for action by the Commission as regards the systematic non-compliance under investigation.
In assessing whether the commitments offered by the gatekeeper are sufficient to ensure effective compliance with the obligations under this Regulation, the Commission should be allowed to take into account tests undertaken by the gatekeeper to demonstrate the effectiveness of the offered commitments in practice. The Commission should verify that the commitments decision is fully respected and reaches its objectives, and should be entitled to reopen the decision if it finds that the commitments are not effective.
(77) The services in the digital sector and the types of practices relating to these services can change quickly and to a significant extent. To ensure that this Regulation remains up to date and constitutes an effective and holistic regulatory response to the problems posed by gatekeepers, it is important to provide for a regular review of the lists of core platform services, as well as of the obligations provided for in this Regulation.
This is particularly important to ensure that a practice that is likely to limit the contestability of core platform services or is unfair is identified. While it is important to conduct a review on a regular basis, given the dynamically changing nature of the digital sector, in order to ensure legal certainty as to the regulatory conditions, any reviews should be conducted within a reasonable and appropriate timeframe.
Market investigations should also ensure that the Commission has a solid evidentiary basis on which it can assess whether it should propose to amend this Regulation in order to review, expand, or further detail, the lists of core platform services. They should equally ensure that the Commission has a solid evidentiary basis on which it can assess whether it should propose to amend the obligations laid down in this Regulation or whether it should adopt a delegated act updating such obligations.
(78) With regard to conduct by gatekeepers that is not covered by the obligations set out in this Regulation, the Commission should have the possibility to open a market investigation into new services and new practices for the purposes of identifying whether the obligations set out in this Regulation are to be supplemented by means of a delegated act falling within the scope of the empowerment set out for such delegated acts in this Regulation, or by presenting a proposal to amend this Regulation.
This is without prejudice to the possibility for the Commission to, in appropriate cases, open proceedings under Article 101 or 102 TFEU. Such proceedings should be conducted in accordance with Council Regulation (EC) No 1/2003 (18). In cases of urgency due to the risk of serious and irreparable damage to competition, the Commission should consider adopting interim measures in accordance with Article 8 of Regulation (EC) No 1/2003.
(79) In the event that gatekeepers engage in a practice that is unfair or that limits the contestability of the core platform services that are already designated under this Regulation but without such practices being explicitly covered by the obligations laid down by this Regulation, the Commission should be able to update this Regulation through delegated acts.
Such updates by way of delegated act should be subject to the same investigatory standard and therefore should be preceded by a market investigation. The Commission should also apply a predefined standard in identifying such types of practices. This legal standard should ensure that the type of obligations that gatekeepers could at any time face under this Regulation are sufficiently predictable.
(80) In order to ensure effective implementation and compliance with this Regulation, the Commission should have strong investigative and enforcement powers, to allow it to investigate, enforce and monitor the rules laid down in this Regulation, while at the same time ensuring the respect for the fundamental right to be heard and to have access to the file in the context of the enforcement proceedings. The Commission should dispose of these investigative powers also for the purpose of carrying out market investigations, including for the purpose of updating and reviewing this Regulation.
Contact us
Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60
Email: george.lekatis@cyber-risk-gmbh.com
Web: https://www.cyber-risk-gmbh.com
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.
Understanding Cybersecurity in the European Union.
2. The European Cyber Resilience Act
3. The Digital Operational Resilience Act (DORA)
4. The Critical Entities Resilience Directive (CER)
5. The Digital Services Act (DSA)
6. The Digital Markets Act (DMA)
7. The European Health Data Space (EHDS)
10. European Data Governance Act (DGA)
11. The Artificial Intelligence Act
12. The European ePrivacy Regulation
13. The European Cyber Defence Policy