Despite its honourable intentions, the European Unions’s new Digital Markets Act (DMA) risks becoming yet another example of regulatory overreach. Its interoperability requirements and potential loopholes could, in practice, trigger unintended consequences and do more harm than good.

Policymakers should review it, ensuring its ambition to foster competition does not come at the expense of citizens’ rights and trust.

Building on the foundation of the General Data Protection Regulation (GDPR), recognised as one of the most important data privacy laws globally, the DMA aims to set new rules regulating the power of tech giants. While GDPR laid the ground for protecting user privacy, there are concerns about how the DMA’s requirements may interact with these protections.

Fair competition

The DMA is a new EU regulation aiming to ensure fair competition in the digital economy by imposing rules on large tech companies known as ‘gatekeepers’. It aims to prevent gatekeepers giving their own services an unfair advantage over competitors on their platforms, to prevent them abusing their dominant positions and promote a more open and competitive online market.

Google must no longer automatically set its own search engine as a default on Android devices, and it is also under pressure to stop prioritising its own services, like Google Flights or Maps, in search results. Meta cannot combine user data across different services like Facebook, WhatsApp and Instagram, without explicit consent. Microsoft can’t pre-install or favour its own software, like Edge or Bing.

Similarly, Amazon may have to stop ranking its own products more favourably than those of third-party sellers on its marketplace, and Apple to allow users to install apps from outside the App Store.

While the DMA restricts self-preferencing, its interoperability requirements oblige major tech companies to grant third parties access to some restricted technologies and data. This is the other side of the coin.

In essence, this means they must also let other services ‘plug into’ their platforms, which should in theory lead to more competition. However, such access and requirements raise potential loopholes which could significantly compromise privacy and pose security risks. For example, messaging apps may be required to interoperate with third-party services, potentially weakening encryption if those services lack strong privacy safeguards.

Warnings

In a recent detailed briefing, Apple warned the DMA’s interoperability requirements, if not carefully modified, could undermine GDPR by allowing companies, including those with a history of poor privacy practices, access to sensitive user data. Apple’s long history of prioritising user privacy and security through strict controls and technology such as Secure Enclave could be at stake, as companies could gain broad access to sensitive device features and personal information under the DMA’s current rules, ultimately undermining these protections.

If the idea is to make tech giants more open by forcing them to share their tools and systems with others, it must be done carefully, without discouraging investment in new features and improving security. Smaller developers and startups could struggle to compete if larger companies exploit interoperability mandates without sharing the same level of commitment to user privacy and security.

This regulation could end up hurting competition by making it harder for new ideas and smaller players to succeed, while also putting users’ privacy and security at risk by requiring companies to share sensitive data without the right protections in place. In other words, rather than encouraging competitiveness, the regulation could unintentionally slow innovation and undermine user trust.

Refining the DMA

To address these risks, the DMA should be refined to balance between openness and the protection of innovation and privacy. This can be achieved by limiting how much data the regulation insists must be shared, and under what conditions. Regulators should work closely with privacy experts, tech companies, and civil society organisations to monitor how these rules play out, ensuring they are applied without producing side effects.

In its current form, the DMA carries some serious loopholes which could outweigh its intended benefits. The EU must take a step back and revise it in close collaboration with stakeholders, to ensure competition, privacy, and innovation are not being compromised.

Any failure to do so could negatively impact users and damage the EU’s standing as a global leader in digital privacy and innovation.

Photo: Dreamstime.