When the General Data Protection Regulation (GDPR) came into effect, tech companies were forced to consider their users' privacy more deeply when they collected their personal information. Restrictions placed by the European Union on how personal data could be collected and processed have changed how major companies view their customer data and helped increase the steps taken to protect that data and use it for the right purposes.
Many acts have since been introduced in other jurisdictions to help regulate how many tech companies use customer data and generally conduct business. Now, the EU has submitted two new proposals to help control these big tech companies' actions and force them to take on greater responsibility for their impact on the digital world.
What Are the Digital Services and Digital Markets Acts?
The Digital Services Act (DSA) and the Digital Markets Act (DMA) are a single set of rules intended to create a safer and open digital space across the European Union.
The goals of the DSA and DMA are to protect the rights of digital service users and to create a more level playing field that will encourage innovation and growth in the European Single Market and across the globe.
Digital services are a category of online services that range anywhere from simple websites to infrastructure services and digital platforms. The rules focus on digital marketplaces, social networks and platforms where content is routinely shared.
The Digital Markets Act governs the actions of gatekeepers. These gatekeepers are online platforms that provide the gateway between consumers and businesses and digital services.
These new rules come as the digital landscape takes center stage within our lives, creating a need for legislation to evolve as digitalization occurs at a rapid pace. Andrew Pery, AI Ethics Evangelist at Milpitas,CA.-based digital intelligence company ABBYY, explains why the legislation is only now being introduced. "As with any other disruptive technologies, regulatory frameworks always lag behind innovation. This is no different from the growth of digital marketplaces and services," said Pery.
The purpose of the DSA and DMA is to modernize the rules regarding digital services and create a balance between information flow and user security. Pery goes on to explain that "these two legislative initiatives impose much needed onerous obligations and accountability on digital service and platform providers to control systemic abuses that span disinformation."
Related Article: Why Advanced Data Security Helps Improve Customer Experience
How Will These Acts Impact Tech Companies?
The DSA and DMA are seemingly focused on the so-called monopolies like Facebook and Google. Brian Byer, VP and General Manager of New York, NY.-based Blue Fountain Media, believes that the big tech giants have a target on their backs. "The assault is coming from several fronts. The FTC is trying to break up Facebook & Google. The EU is piling-on by further exposing anti-competitive practices of Facebook and other big tech companies."
However, even though the acts were created to target these large companies, John Story of Boston, MA.-based marketing technology company Acoustic, says that currently the impact of these acts will remain minimal since they are only proposals at this stage.
But even if it takes a few years to be ratified, the message is clear says Story, "the key takeaway is that the largest single market in the world has made it very clear that they intend to curtail the dominance that big tech attains through its unique access to the richest and most voluminous data," pointed out Story.
Considering there will be some time before these laws can be properly enforced, these companies will have some time to better position themselves and prepare for any potential impact to come.
For the companies who don’t comply with the DSA and DMA, there will be some pretty hefty fines for non-compliance. For the DSA, large platforms can be fined up to 6% of global turnover, but the punishment doesn’t necessarily end there. After initial fines are introduced, service providers will have an opportunity to remedy their situation. Failure to comply could result in a temporary suspension of service.
In the case of violation of the DMA, fines can reach up to 10% of a company’s worldwide annual revenue, with periodic penalty payments of up to 5% of average daily turnover also required. Lastly, if fines fail to result in changed behavior, additional methods can be pursued, including the divestment of parts of a business.
Differences Between These Acts and Other EU Regulations Like GDPR
The largest fine handed out from the GDPR was to Google for 50 million euros, so many wonder about the differences between GDPR, DSA and DMA and what it could mean for fines. Byer explains "GDPR was really ahead of the consumer privacy laws in the US. But both of these new EU mandates address market fairness."
However, while they address different areas, there are some overlapping similarities between GDPR and these new laws. "As with GDPR the Digital Services Act and Digital Markets Act impose increased accountability and transparency on Digital Service Providers and Platforms as to the use of their services, to promote fair business practices and institute appropriate technological and organizations measures to minimize and control abuses that harm users of digital services," Pery highlighted.
With these new regulations, Story believes that even if fines aren't immediately apparent, the EU's goal is to limit the power that big tech companies seem to have. "One would have to expect that DMA is only the beginning of the EU actively seeking to legislate, regulate and enforce against Big Tech and their perceived abuse of market position," he pointed out.
Data is a critical component of the business model for many of these companies. While the GDPR fees may pale compared to the multibillion-dollar revenues major tech companies post each year, with DSA and DMA it is clear that they are now firmly in the crosshairs of regulators.