Digital Markets Act and the interoperability requirement: is data protection in danger?

0

The past year has been a landmark period for the regulation of digital platforms in the European Union (EU) and it is likely that the next few months will prove to be similarly important, as the rules contained in Regulation 2022/1925 will become fully applicable.[1]

Regulation 2022/1925, more commonly known as the Digital Markets Act (DMA) is, together with its sister regulation Digital Services Act (DSA), part of a wider spectrum of measures aimed at controlling the digital market and preventing abuses by the powerful firms in the field, the so-called gatekeepers. Not only does the DMA provide for the identification of such firms, but it also imposes specific rules on them.

The new packet has been the focal point of many discussions because of its strong obligations to tech giants, ranging from the DSA’s rules for managing harmful content to the DMA’s complementary approach to competition law. In this regard, the DMA introduces a requirement which has significant impact on service providers: interoperability.

1.     The status of interoperability today

The DMA defines interoperability as «the ability to exchange information and mutually use the information which has been exchanged through interfaces or other solutions, so that all elements of hardware or software work with other hardware and software and with users in all the ways in which they are intended to function».[2]

Interoperability provides the possibility for digital services to work together and communicate with each other.[3] Its inclusion in the regulatory framework of the digital market is not new nor surprising. In the 2010 Digital Agenda, for instance, the European Commission identified the lack of it as one of the biggest obstacles to digitalization. Today, it is considered one of the necessary tools for innovation and competition.[4] Indeed, it can prevent users from suffering from network effects,[5] allow consumers to mix services from different firms,[6] and can ensure lower prices, the reduction of transaction costs, and the promotion of data-driven innovation.[7]

Notably, interoperability is already a reality in certain areas, including those related to the digital market. E-mail communication through different platforms, for instance, has been possible for a long time.

The DMA aims to extend interoperability to other communication tools, specifically messaging applications: namely, a WhatsApp user cannot send a message to a Telegram one. Nor can an iPhone owner send an online message to an Android user through the iMessage App. The means of communication must necessarily be a common platform, resulting in the aggregation of market power. Now, gatekeepers’ communications services, including messaging applications, will have to provide the necessary interfaces that allow for horizontal interoperability, that is, the interoperability among competing products.[8] To be compliant, communication services must be interoperable with regard to their basic functionalities, namely end-to-end messaging, voice and video calls, and the sharing of images, voice messages, videos and files. The timeframe for gatekeepers to achieve this ranges from four years (for what regards voice and videocalls) to immediately from the time the gatekeeper is officially identified as such for what concerns end-to-end messaging between two individuals.

However, such a requirement has been the source of discussion, as ensuring interoperability may be problematic for privacy.

2.     The clash with encryption

Internet users are becoming increasingly aware of the importance of keeping their data private, and, as a reaction, platforms have secured their services. By means of example, nowadays most messaging apps are encrypted. Nonetheless, encryption is an important tool for privacy, and authorities, including the European Commission, have acknowledged its importance.[9] Among these, some (notably, WhatsApp, Apple’s iMessage and Android Messages) are end-to-end encrypted by default, meaning the encryption and decryption keys are stored at the endpoints of the communication.[10] A popular tool to secure data, not only does it make communications «secure, free from eavesdropping and hard to crack»[11], but it also allows for the easier introduction of new features and for more accurate filtering of spam and other kinds of abuse.[12] As a way to efficiently keep information private, encryption is essential for the protection of human rights, such as freedom of expression. It stands as a tool for the protection of democratic values and the liberty of users.

Both European citizens and businesses rely on end-to-end encryption to protect their data, especially in contexts where vulnerable minorities (such as refugees, victims of domestic abuse, journalists and the LGBTQIA+ community) are at risk.[13] It can serve, for instance, as a safe space for members of the LGBTQIA+ community who may not live in a supporting environment and are subject to discrimination. Moreover, it can be a useful tool for journalists to investigate, share and exchange information more freely. It can prove to be especially useful for whistle-blowers, who can feel more protected when effectively shielded by external surveillance.

The above-mentioned features function in a closed system. And, while on the one hand the users of a closed system receive such benefits, on the other hand closed systems create the kind of market dynamics the EU wants to limit. In order to facilitate interoperability, firms will have to offer open and stable APIs on request and establish technical, common standards.[14] This is considered to be extremely risky by some experts[15] and even companies have expressed their concerns.[16] However, others have noted how this measure’s benefits will outweigh its costs Indeed, there are a number of options to achieve interoperability, such as switching to a decentralised end-to-end encrypted protocol or introducing a warning targeted at users whose conversations may be insecure. And, while the maintaining of stable APIs could prove expensive and time-consuming, it is reasonable to ask such a commitment from gatekeepers,[17] especially considering that the path towards interoperability can foster competition and innovation, pushing companies to find progressive solutions instead of creating more barriers.

Nevertheless, with the entry into force of the DMA, the digital market will need to find a solution for the conflict between privacy and interoperability. This requires a throughout impact assessment, and it may be necessary for the EU to lengthen the timeframe provided to the companies to become compliant. This would imply more time to check that all security features are still ensured. Moreover, a general strengthening of controls is needed. Both gatekeepers and the Commission must make sure that the firms asking for interoperability are in line with the required privacy standards and must provide all necessary information to ensure this. Certainly, this will require cooperation between EU institutions, gatekeepers and field experts.

[1] Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828.

[2] Id., Art. 2.

[3] OECD, Data portability, interoperability and digital platform competition, 2021, 12.

[4] W. Kerber – H. Schweitzer, Interoperability in the Digital Economy, 2017, 39.

[5] Id., 20.

[6] Ibid.

[7] Id., 42.

[8] Art. 7, Regulation (EU) 2022/1925.

[9] M. Koomen, The Encryption Debate in the European Union, 2019, 2.

[10] IBM, What is end-to-end encryption?, in ibm.com.

[11] R.E. Endeley, End-to-End Encryption in Messaging Services and National Security—Case of WhatsApp Messenger, 2018, 96.

[12] E. Rescorla, End-to-End Encryption and Messaging Interoperability, in educatedguesswork.org, 7 April 2022.

[13] Internet Society, DMA and interoperability of encrypted messaging, 2022, 3.

[14] Ibid.

[15] A. Muffett, Explaining fundamental problems of the EU #DMA demanding instant #messenger #interoperability, via fun analogies with food & sex, in alecmuffett.com, 25 March 2022.

[16] C. Newton, Three ways the European Union might ruin Whatsapp, in platformer.com, 29 March 2022.

[17] M. Hoggson, Interoperability without sacrificing privacy: Matrix and the DMA, in matrix.org, 25 March 2022.

Share this article!
Share.

About Author

Leave A Reply