It’s a bad week for Big Tech: While the European Commission didn’t name Amazon, Apple, Facebook and Google in the two new bills it put forward Tuesday, it might as well have.
With the Digital Markets Act, or DMA, and Digital Services Act, or DSA, the commission proposed a new set of rules around illegal content, dangerous e-commerce products and anticompetitive behavior, all of which are areas that have triggered numerous inquiries into Big Tech in the U.S. and abroad.
Apparently, the EU is done tiptoeing around these issues. The bill reads like an amalgamation of measures designed to tackle some of the biggest criticisms of technology today.
The DMA focuses on stopping large tech companies from indulging in a specified list of unfair practices designed to thwart competition. It also demands more price transparency for online advertisers and the capability for users to port their data to other platforms, if desired.
The DSA covers a range of online platforms, from social media networks and app stores to online booking sites for travel. It also has implications for e-commerce marketplaces. The framework broadens the responsibility of large platforms, mandating that they proactively seek out and handle illegal content, monitor their marketplaces for dangerous third-party products and establish tools or processes — like reporting features, verifications, yearly audits and new transparency measures.
The proposals may have different focus points, but according to the commission, they work together to accomplish two primary goals: “To create a safer digital space in which the fundamental rights of all users of digital services are protected, [and] to establish a level playing field to foster innovation, growth, and competitiveness, both in the European Single Market and globally.”
But most significantly, the bills seek to ensure compliance by putting violators on the hook for massive fines as percentages of total annual global revenue.
In their current form, the DMA and DSA still preserve some basic liability protections for tech companies over the content posted by users, similar to Section 230 of the Communications Decency Act in the U.S. But the rules would clearly add more stipulations and responsibilities to the mix, particularly for the largest companies.
Together, they make for the first major update, and most ambitious expansion, of Europe’s approach to tech in decades.
For years now, Margrethe Vestager, the EU’s executive vice president in charge of competition and digital policy, has launched numerous probes into some of the world’s largest tech companies, including those mentioned above and up until as recently as the past few weeks. But little has changed, at least in terms of reining in tech companies behaving badly.
Where the European Commission has been far more successful in curbing the tech sector is with the General Data Protection Regulation, a piece of legislation geared toward protecting the data rights of European consumers. GDPR was adopted in 2016 and enforcement began in 2018, spurring platforms to adapt their privacy policies and offer more transparency. The regulation inspired others, including several U.S. states, to create their own versions, like the California Consumer Privacy Act.
The tech sector clearly responded differently to these actions. That could be because facing sporadic probes and fines is inherently different than bumping up against a more concrete set of rules enshrined in legislation. It’s far easier for Big Tech, with its big wallets, to be blasé over random or isolated investigations. It’s a cost of doing business.
But the fines listed in this proposal could be another thing altogether.
If passed, the rules would grant regulators the ability to penalize violators as much as 6 percent of their annual global revenue, should they fail to monitor the content or products on their platforms. The fine for anticompetitive behavior would be even more severe: Infractions not only carry the risk that officials would move to break up the company, but the fee goes up to as much as 10 percent of annual global revenue.
Consider that Amazon pulled in $280.5 billion in 2019. If it finds itself on the wrong end of these rules, its cost could come to more than $28 billion. And it’s not clear what would happen if the company were found to be in violation of both rules. But on its face, the aggregate potential could amount to a whopping 16 percent of total global revenue. At least at some point in the future.
The bills aren’t likely to go into effect anytime soon. They’re just proposals at this time, so they will need to be discussed, debated and some of the details will likely change over time. Then they must be voted on and approved by the European Council, which represents the 27 national governments in the bloc, and the European Parliament before they can become law.
The GDPR took four years to pass — which should give companies time to prepare.