Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Questions? Please contact [email protected]
Introduction
Although it would appear that no fewer than 10 000 online platforms operate in the EU, the digital market seems to be moulded by just a handful of them. This raised concerns among the Authorities in terms of, among others, transparency and fair competition. The Digital Markets Act (DMA)1, together with the upcoming Digital Services Act (DSA), forms a central part of the package proposed by the Commission to address such concerns, setting up specific obligations for the digital giants, the so-called gatekeepers. A gatekeeper, according to the DMA, is an undertaking providing core platform services (such as online intermediation services, online search engines, video-sharing platform services, web browsers etc.), which:
According to the DMA, the Commission shall designate an entity as a gatekeeper, when the above criteria are met, taking into account certain thresholds in terms of: annual EU turnover2, minimum number of active users3 and timeframe4. Even if such thresholds are not strictly met, the Commission is also entitled to label an entity as a gatekeeper when, due to its data driven advantages (in particular related to its access to personal data, analytics capabilities and corporate structure) and other criteria, the entity is in a position to influence the market.
While we cannot predict all the ramifications of the upcoming DMA, impacting as it does a complex and, to some extent, opaque framework, yet we can expect at least a few consequences for the entities relying upon digital marketing services (whether to profit from advertising spaces or promote their positioning).
1. Information on costs and metrics associated with digital advertising
The conditions on which gatekeepers provide online advertising services to business users (including both advertisers and publishers) have, in fact, been considered by most commentators as opaque and non-transparent: apparently, advertisers and publishers are not provided with a clear picture of the conditions required to access advertising services. The logic of referral and / or monetization criteria have not been (nor seem to currently be) set out for business users such as publishers and advertisers. There has been heated debate about gatekeepers using “arcane” algorithms to calculate the metrics, resulting in business users being unable to understand how costs are calculated and, ultimately, unable to determine whether a particular service is profitable. Several parties have red-flagged this dysfunctionality. Among others, it is worth noting the EU paper Study Online advertising: the impact of targeted advertising on advertisers, market access and consumer choice5. The Study pointed out that “advertisers cannot understand why they win or lose auctions for specific keywords and how the final price for the impression or conversion is determined. Likewise, publishers face similar uncertainty since they observe only their personal ad revenue, but how much is pocketed by the intermediary remains unknown. The same applies to performance data of the advertisement or the ad-inventory”.
Therefore, the legislator decided to include the requirement for gatekeepers to provide publishers and advertisers with detailed information on the costs associated with particular advertising services. This principle is clearly explained in Recital 45 of the DMA, where the legislator introduces the need to ensure that: (i) publishers and advertisers are informed of the costs associated with a relevant ad (including through disclosure of the remuneration received by the publisher – or the average remuneration), and (ii) it is made clear to them what criterion is used to calculate the pricing model (e.g. price for impression, per view, etc.). Article 5(9) and (10) state that this information should be provided free of charge.
A very similar approach is proposed for the calculation of metrics. In particular, Recital 58 underlines the importance of publishers and advertisers being provided with free of charge access to gatekeepers’ performance measuring tools, so they can carry out their own assessment of gatekeepers’ services (the same obligations are further explained in Article 6(8)).
2. Expected limitations in targeting
Gatekeepers often collect directly end users’ personal data for the purpose of providing advertising services when end users use third parties’ websites and apps. They also receive a vast amount of data from the business users that rely upon their services. Considering that some gatekeepers may also provide various core platform services, they are well-placed to combine and cross-use personal data. For this reason, the legislation decided to put some limitations on the gatekeepers’ ability to process personal data (see Article 5(2) of the DMA). In particular, gatekeepers are prevented from (i) processing end users’ personal data for the purpose of providing advertising services, if such data is retrieved from the use of services offered by third parties making use of core platform services of the gatekeepers, (ii) combining personal data derived from multiple services offered by the gatekeeper or by third parties, (iii) cross-using personal data (derived from a core platform service) in other services offered separately by the gatekeeper and vice-versa, and (iv) signing in end users to other services of the gatekeeper in order to combine personal data. However, this prohibition can be overridden if the end user provides a GDPR-valid consent.
The main consequences of the above approach appear to be that:
The main thrust of the DMA is, in any event, clear: the legislator is trying to reduce the power of the gatekeepers in concentrating data. The same approach seems to be adopted by the Authorities in relation to the market in general: outside of the DMA framework, we find other attempts, from the local DPAs, to reduce the ability of companies to target users and enrich data. For instance, the Italian Garante in its Guidelines on cookies and other tracking tools6 seems to require that consent should be obtained from logged in users for any activity which links different data sets, irrespective of the device used, which is a provision very close to point (iv) of the DMA’s obligations as set out above (although the Italian Garante’s requirement appears even stricter than the obligation introduced by the EU legislator). For this reason, platforms are looking for alternative solutions that offer the possibility to provide non-personalised ads to users, that do not rely on tracking users, that do not rely on the use of cookies and similar technologies, etc.
3. Limitations on targeting minors and profiling based on sensitive data
Originally expected to be addressed by the DMA and then shifted to the DSA, bans on targeting of minors and other vulnerable users are becoming a reality. Article 24 (1b) of the DSA, which is expected to apply from the beginning of 2024, prevents the targeting of minors or relying upon sensitive personal data for the purpose of displaying advertisements. Although it is as yet unclear which age thresholds are being considered and whether Member States will have any autonomy in shaping them: this is a key battleground.
Such regulations should provide a safer digital space, given that in the current legal framework, advertising profiles include all sorts of sensitive data. Based on what has been identified by several stakeholders and commentators, ads are (also) based on special categories of data.
It is not possible to dive into such topic here – as it would require more research and double checks, in order to get a clear sense of the size of the phenomenon. However, even if the DSA had not introduced a limitation on targeting minors and profiling based on sensitive data, it may not result easy to justify such an extent in the use of data: first and foremost, the consent collected from a user may result as not being valid and, moreover, a risk assessment may lead to the consequence that less data should be processed.
Conclusions
It appears that the legislator decided to draw up a set of rules in the DMA, aimed at ensuring more transparency and correcting what has been detected as an imbalance in the market. Such rules include provisions to strengthen the position of publishers and advertisers.
Moreover, the DMA appears to complete the GDPR’s requirements, with the aim of strengthening the protection of personal data and preventing from carrying out certain processing activities (e.g. the combining of personal data, collected from different sources).
The DMA’s intended purpose is clear: however, much will depend on how it will be interpreted and applied by the relevant Authorities. The DMA will not end the debate: we will keep you posted
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR)
© Copyright 2006 – 2022 Law Business Research

source

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *