1
In recent years, the accumulation and entrenchment of power by a few large firms in the digital markets sector and the complementary decrease in the level of competition has become visible around the world. Market dominance in itself is not unlawful, [1] but in the absence of significant competition, there is an increasing risk that the firms will abuse their power over businesses and individuals that interact with the digital markets. In addition, the entrenchment of this power is likely to create barriers for new entrants and to reduce the incentive for innovation and maintenance of quality by the large firms. [2] Furthermore, multi-sided platforms, [3] that offer access to their services without monetary payment and instead make their profits with targeted advertising, may unilaterally increase the prices for the advertisers in the absence of competitors with comparable outreach and targeting quality. This increase in prices would potentially be passed on to consumers. [4] In most cases, the users of these platforms “pay” with their attention or personal data, [5] thereby adding an economic value to the generally non-rival personal data and making its collection an important factor in the digital markets. [6] Therefore, the lack of competition in these markets has an impact on the way this data is collected, processed and made available to the users, [7] which can lead to infringements of the users’ data protection rights as part of their fundamental rights. [8] In short, the current developments in digital markets pose risks to competition, consumer rights as well as data protection rights.
2
Regulators around the world are starting to react to these issues with more proactive steps to promote competition before damage to the markets and their participants could become irreversible. [9] Several countries have conducted and published marked studies, [10] initiated court proceedings against large online platforms, [11] or began drafting legislation to regulate the digital markets efficiently. [12]
3
While most such legislation is still in drafting stage, the German legislator has introduced a new regulatory tool in section 19a of the German Act against Restraints of Competition (“GWB”). [13] Its development has been significantly influenced by the administrative order of the German Federal Cartel Office (“Bundeskartellamt”) against Facebook on the basis of traditional competition law, [14] the first case to take the academic debate forward and apply data protection principles in a competition law case. [15] This approach, however, is currently pending a ruling by the Court of Justice of the European Union (“CJEU”). Given this context, this discussion will focus in particular on the concerns arising from handling data-related matters under the new regulation.
4
This discussion will show that the new German regulation provides a good first step towards regulating large online platforms and digital markets but that improvements are necessary. The regulation successfully addresses the data-related concerns which have previously been confronted in the Facebook case. But several structural aspects need to be amended before this regulation can serve as template for other jurisdictions.
5
Part of these structural aspects will be outlined in the subsequent chapter following an account of the Facebook proceedings and section 19a GWB. The shortcomings of another structural aspect, the section 19a(1) GWB designation process, will then be discussed in chapter 3, followed by an analysis of potential issues arising from data-related concerns. Chapter 4 will then compare the German regulation with a similar UK framework under development, in order to gather and evaluate possible improvements to the German regulation. Chapter E will analyse the extent to which the Digital Markets Act (“DMA”), an EU regulation expected to be adopted soon, is compatible with the existing German legal framework including section 19a(1) GWB and will then compare the approach taken in the DMA with the German and UK approaches. The discussion will conclude with recommendations for the German regulation in light of the abovementioned issues and comparison with the UK framework.
6
On 6 February 2019, the Bundeskartellamt enacted an administrative order against three entities of the Facebook Group ("Facebook"), subsequently renamed as Meta. It held that Facebook abused its market dominance as prohibited under section 19(1) GWB. The abuse was established in an infringement of the principles in Articles 6 and 9(2) of the General Data Protection Regulation (“GDPR”) [16]: Facebook’s policy to merge data collected from its users via several applications with the personal profiles on the users’ Facebook accounts was held to constitute unlawful data processing due to a lack of valid consent. [17]
7
On appeal, the Higher Regional Court Düsseldorf (“OLG”) granted Facebook the requested interim relief under summary proceedings, basing its decision on competition-related issues. [18] Upon appeal by the Bundeskartellamt, the Federal Court of Justice (“BGH”) overruled the OLG decision. [19] In particular, it relied on a different statutory basis for finding abuse of market dominance, citing constitutional and competition law considerations instead of GDPR principles. [20]
8
The case has since advanced to the main proceedings. The first OLG hearing closed with the announcement of a preliminary reference to the CJEU to clarify whether the Bundeskartellamt can rule on GDPR violations and, if so, whether Facebook violated the GDPR provisions. [21]
9
Following the proceedings by the Bundeskartellamt, the German legislator initiated an amendment to the GWB to increase its effectiveness in regulating digital markets. [22] At the heart of this amendment is Section 19a GWB, which grants the Bundeskartellamt the power to prohibit certain conduct of large online platforms in a two-step mechanism.
10
In a first step, the Bundeskartellamt designates a company as having “paramount significance for competition across markets” (“PSC”) by considering the factors in Section 19a(1) GWB. This designation is valid for five years, during which the Bundeskartellamt can take the second step of enforcing any of the prohibitions listed in Section 19a(2) GWB to support competition. Two of these prohibitions can be seen as protruding into data protection law.
11
Section 19a(2)(1)(4) GWB grants the Bundeskartellamt the power to prohibit a firm from making access to its services conditional on either (i) a user’s consent to data merging (similar to Facebook’s conduct described above) [23]; or (ii) a business’ consent to data processing for purposes other than providing its services. This prohibition builds on the concept in Article 6 GDPR but, unlike in the Facebook case, the Bundeskartellamt will not have to refer to the GDPR when seeking to enforce this prohibition.
12
Section 19a(2)(1)(5) GWB enables the Bundeskartellamt to prohibit actions constraining interoperability and data portability if these actions hinder competition. A business is deemed to constrain interoperability if it hinders different systems from working together as seamlessly as possible. It is deemed to constrain data portability if it hinders the retrieval of digitally stored personal data by data subjects wishing to transfer this data to another business. [24] This prohibition overlaps notably with the right to data portability in Article 20 GDPR. Together with Section 19a(2)(1)(4) GWB, this prohibition can be seen to empower the Bundeskartellamt to address data issues that are similarly dealt with by the GDPR.
13
The remaining paragraphs will outline four structural aspects of Section 19a GWB that are subject to criticism but whose detailed analysis is beyond the scope of this discussion.
14
The disconnection from the GDPR in the two prohibitions addressed above might lead to the development of deviating interpretations on data-related aspects in German competition law and EU data protection law, as the last instance for proceedings based on the GDPR is the CJEU but for the GWB it is the BGH. This is criticised because it could impede harmonised enforcement and thus weaken legal certainty within the EU. [25]
15
Furthermore, there are two ways by which Section 19a GWB aims to increase the protection of competition by speeding up regulatory interventions. [26] Neither is without criticism.
16
First, the regulation cuts down on the time that appeals might take: instead of giving the parties two instances for appeal (OLG and BGH), orders under Section 19a GWB can only be appealed at the BGH. [27] However, this loss of an additional instance for appeal might be held to unduly reduce legal protection for the firms. [28]
17
Second, the legislator shifted the burden of proof so that, in case of enforcement, designated firms must show why they are legitimate in carrying out actions that are otherwise prohibited under Section 19a(2) GWB. [29] This additional burden of proof is criticised because some of the prohibited actions are not perceived to be harmful to competition under traditional competition law. [30]
Lastly, the justification of the extended powers in Section 19a GWB is called into question. Under the ex post approach of Section 19 GWB the Bundeskartellamt can only act upon a suspicion that a firm had abused its market dominance. In contrast, the ex ante approach of the new Section 19a GWB allows the Bundeskartellamt to act pre-emptively even without such suspicion. Some of the newly introduced obligations may require large online platforms to substantially revise their business strategy. Due to these drastic consequences, this regulation requires strong justification. This justification may be found under competition law principles, which provide that, if the market cannot regulate itself through competition, the state can interfere by imposing special responsibilities on entities in sufficiently powerful market positions. These responsibilities include a refrain from exploiting users and from further distorting competition. Insofar as any digital market cannot regulate itself, the state is therefore justified in imposing such responsibilities, in the form of additional obligations under Section 19a GWB, on entities that it designates as being in such powerful positions. [31] However, some argue that more observation is still required before it can be established that digital markets cannot regulate themselves, so as to justify interference. [32] Regardless, the advantages of the new regulation in preventing exploitation of businesses and private users constitute a sufficient basis to consider an ex ante approach necessary. [33]
The administrative order against Facebook has sparked a discussion in Germany on how large online platforms should be regulated. It brought to attention the issues of applying traditional competition law to data-related conduct of multi-sided platforms. Together with two expert reports that recommended cautious steps towards stronger regulation, [34] the legislator concluded from this order that a new legal instrument, tailored to the needs of the digital markets, was necessary: Section 19a GWB. [35]
20
This chapter will first consider if the designation process is sufficiently limited to powerful online platforms. It then will turn to the issues encountered in the Facebook case regarding data-related enforcement: the legitimacy of applying the new powers in GDPR-related areas, and the justification for the overlapping applicability of competition and data protection authorities. It will defend the new regulation against these GDPR-related concerns, but acknowledge that the designation process risks being over-inclusive.
21
The scope of application of Section 19a GWB is determined as follows:
“(1) The Bundeskartellamt may issue a decision declaring that an undertaking which is active to a significant extent on markets within the meaning of Section 18(3a) is of paramount significance for competition across markets. In determining the paramount significance of an undertaking for competition across markets, account shall be taken in particular of:
1. its dominant position on one or several market(s),
2. (…)” [36]
22
This scope plays an important role. The designation must not be over-inclusive to ensure that the ex ante regulation is justified under competition law principles by limiting it to powerful platforms. The designation also must not be under-inclusive as it might otherwise not tackle issues in the digital market effectively. This section will explain how this regulation was intended to have a narrow scope but that vague formulations and insufficient definitions resulted in an over-inclusive regulation.
23
As a starting point, the designation is unlikely to be over-inclusive because the legislator had intended to specify a narrow scope, and because this scope is accepted by the Bundeskartellamt. According to the official explanations, the regulation addresses only a small group of firms with a strategic position on digital markets. [37] These mainly include the largest US American tech companies (Google, Apple, Facebook, Amazon and Microsoft). [38] An extension to large Chinese platforms or possibly to future European businesses, as hinted by the president of the Bundeskartellamt, [39] would also not risk a significant expansion of scope. This intention to specify a narrow scope is demonstrated in the following two aspects.
24
The enforcement structure of Section 19a GWB helps avoiding over-inclusiveness: unlike Section 19 GWB, which can also be enforced in civil courts, the enforcement of Section 19a GWB is reserved for the Bundeskartellamt. [40] Together with the limitation of courts available for appeals to the BGH, this leaves only two state entities with the competencies to interpret Section 19a GWB. Therefore, it is unlikely in practice that the scope of designation under Section 19a(1) GWB will be interpreted substantially broader than anticipated.
25
Moreover, the new powers avoid over-inclusiveness through passage of time. A company which the Bundeskartellamt designated under section 19a GWB might lose market power and eventually fall outside the scope of this regulation. To avoid that those companies remain subject to additional prohibitions, the designation is limited to a time period of five years. [41]
26
However, vague formulations in the new regulation risk it to be applied over-inclusively and thereby undermine the intention of creating a narrow section. This can be observed in three instances.
27
First, the new term PSC risks being over-inclusive because its defining factors might be interpreted more broadly than anticipated. The specification of these factors in section 19a(1)(2) GWB and thereby also of the scope of the new term is left to the Bundeskartellamt. [42] This provides the Bundeskartellamt with powers to broaden the scope of application. Even if the Bundeskartellamt does not decide to designate additional companies, the lack of precedents for the application of PSC complicates the self-assessment process for companies in determining if they might satisfy the designation requirements. [43] This uncertainty risks placing undue pressure on companies that are not intended to be designated.
28
On a separate note, it is unconvincing that the use of this vague term would help to avoid under-inclusiveness. Some argue that the broad terminology supports the removal of enforcement barriers; if too many detailed obligatory requirements had to be satisfied, large online platforms with ample resources to spend on legal counsel could appeal on narrow technical points in an attempt to prolong court proceedings on the applicability of Section 19a GWB. [44] With this strategy, these firms could potentially even avoid enforcement. However, the broader scope of application, which would be necessary to avoid under-inclusiveness on this basis, weakens the legitimacy of the new regulation and, at least theoretically, risks the regulation being struck down as disproportionate intrusion into the companies’ fundamental rights. [45]
29
Second, the regulation creates another risk for over-inclusiveness by introducing the “dominant position on one or more markets” as one of five equal factors instead of making it an obligatory requirement for the designation. Since not all factors have to be considered in every investigation, this structure relieves the Bundeskartellamt from determining the relevant market, a difficult task in digital markets. [46] It is probable that the Bundeskartellamt will make use of this chance to avoid a potential source of error and accelerate the investigation procedure. [47] Although this strategy initially seems to support the aim of avoiding under-inclusiveness by providing the addressed companies with one less reason for appeal, courts generally do not strike down orders in competition law over controversial market definitions. For example, the summary proceedings on the Facebook case did not address the Bundeskartellamt’s determination of the relevant market. [48] To the contrary, if the market dominance test was introduced as obligatory requirement, the regulation would express more clearly that the term PSC constitutes a stronger position than the market dominance requirement in Section 19 GWB. [49] Currently this relation cannot be clearly deduced from the wording of the regulation. This is another aspect that makes the regulation appear over-inclusive.
30
Third, by using a reference to another section that is not limited to digital markets, the regulation risks being more over-inclusive. According to the official explanation, the reference of Section 19a(1)(1) GWB to “markets within the meaning of Section 18(3a)” also covers analogue multi-sided markets, such as shopping centres with markets regarding the shops and regarding their customers, or private television broadcasters with the market of the advertising providers and the market of the subscribers. [50] The non-exhaustive list of factors also does not cater explicitly to digital markets. [51] Therefore, this oversight extends the scope of the new regulation beyond digital markets.
31
To conclude, official publications regarding the new regulation and the inclusion of some aspects display the intention of the legislator to introduce Section 19a GWB with a very narrow scope. If the regulation was always acted upon within this limited scope, it would strike a balance between over- and under-inclusiveness. However, the wording of this regulation is overly broad in the abovementioned parts so that it creates a foundation for over-inclusive application. Therefore, this designation process needs clarification.
32
The Bundeskartellamt is not empowered to enforce data protection law, as this is the purpose of the national data protection authorities within the EU. In order to subject companies that are active throughout the EU only to one investigation per data protection issue, the GDPR introduced the one-stop-shop mechanism to determine which one of the data protection authorities in the EU is competent to enforce a specific matter. [52] However, the new Section 19a GWB awarded the Bundeskartellamt powers to enforce prohibitions connected to data processing and data portability, which are also regulated under the GDPR. By applying these new powers, the Bundeskartellamt may act autonomously in the sphere of data protection law. Whilst the Bundeskartellamt could thereby provide valuable support to the data protection authorities in enforcing some GDPR principles more efficiently, these powers risk undermining the one-stop-shop mechanism. This section will argue that the Bundeskartellamt cannot rely on any existing exceptions to the one-stop-shop mechanism to justify its new powers. However, it will also show that the Bundeskartellamt does not need to comply with the one-stop-shop mechanism because it merely enforces data protection related matters supplementary to the enforcement of competition law.
33
To begin with, the new powers of the Bundeskartellamt are useful for compensating the time delay observed in data protection enforcement. Under the one-stop-shop mechanism, the only competent data protection authority for cases with cross-border processing of personal data is the authority in the jurisdiction with the main establishment of the respective firm in the EU, called the lead supervisory authority (“LSA”). [53] As most large online platforms have their main establishment in Ireland, [54] the Irish Data Protection Commission (“IDPC”) is the LSA for most situations addressed by Section 19a GWB. While the IDPC has initiated several investigations against large online platforms, [55] these investigations highlight an inherent flaw of the GDPR in practice: time delay. The first complaints have been submitted as soon as the GDPR entered into force, but almost three years later the IDPC is still far from reaching most decisions. [56] This delay has sparked criticism. [57] Therefore, help from the Bundeskartellamt could be beneficial for the enforcement of data protection.
However, the powers of the Bundeskartellamt would not be justified if they necessitated a breach of the one-stop-shop mechanism. This mechanism is important to improve compliance with the principle of sincere cooperation (Article 4(3) TEU) in comparison to the former Data Protection Directive (“DPD”), [58] because, unlike competition law, the GDPR is only enforced by national authorities and not directly at EU level. [59] Nevertheless, some strategies have been developed to avoid this mechanism, the three most relevant of which are set out below.
35
One exception to this mechanism has been established by the French data protection authority CNIL in a case against Google. [60] It argued that, in line with the guidelines by the European Data Protection Board (“EDPB”) for identifying LSA, [61] Google did not have a place of central administration in the EU because the Irish headquarters had no autonomous decision-making powers. Therefore, all EU data protection authorities were competent. However, this argumentation seems to rely on the wording of the first GDPR proposal. [62] This wording has since been changed to reflect that it is sufficient for a place of central administration to have the power to make autonomous decisions regarding the implementation of data collection, not necessarily its purposes. [63] Therefore, the CNIL-interpretation is not persuasive.
36
Further alternatives have been set out in the opinion by advocate general Bobek, [64] and have recently been accepted by the CJEU in its decision. [65] In particular, he set out two approaches on how supervisory authorities other than the LSA could be authorised to handle cases against large online platforms or oblige the LSA to handle them in a certain manner. Both approaches require the LSA to have failed acting promptly in its investigations. [66] Due to the time delay issue of the IDPC, a German data protection authority could apply these approaches to handle cases against large online platforms. However, there are no indications for the development of a cooperation structure of this authority with the Bundeskartellamt.
37
This outline shows that all three strategies lack authority to justify the Bundeskartellamt’s new powers. Therefore, the Bundeskartellamt cannot directly enforce data protection law without undermining the one-stop-shop mechanism.
38
Instead, the Bundeskartellamt can address data-related concerns and thus replace otherwise delayed actions with supplementary data protection enforcement. The Bundeskartellamt is not prohibited from handling a competition law case despite data protection concerns; in some decisions, competition authorities have to regulate aspects that are also covered by data protection laws in order to efficiently enforce compliance with competition law. [67] The remaining paragraphs will set out the legal foundation for this reasoning in two points.
39
First, the new powers only extend to supplementary enforcement of data-related aspects because the two GDPR-related prohibitions under Section 19a(2)(1)(4)-(5) GWB are based on competition law. Regarding data processing, only data that is relevant for competition and that results in anti-competitive effects on new market entrants or other businesses is taken into account. The interoperability- and data portability-related prohibition is explicitly limited to conduct that hinders competition. Furthermore, data portability itself may improve competition law through positive effects on innovation, [68] which often leads to competitive advantages. [69] It might therefore support smaller companies and increase competition.
40
Second, competition and data protection law have similar goals, irrespective of different methods and situations they can be applied to, [70] so that mutual enforcement supports each other’s objectives. Two of these goals are highlighted below.
41
One common goal is consumer welfare. The main objective of data protection is to counteract power imbalances between organisations and individuals. [71] It protects personal data as a fundamental right of the weaker individuals. [72] Data protection law therefore pursues the goal of consumer welfare. [73] Competition law’s main objective is maintaining competition on the market by interfering when companies abuse their market dominance. [74] The reason for maintaining competition, in turn, is the facilitation of low prices, high quality and innovation to benefit the consumers. Accordingly, competition law essentially strives for consumer welfare as well, [75] potentially as the main goal that interacts with other goals. [76]
42
Another goal common to both competition law and data protection law is promoting and upholding the internal market. [77] Regarding data protection, this goal has manifested in the replacement of the DPD with the GDPR that increases EU-wide harmonisation in its capacity as a Regulation. And competition law supports the internal market by preventing trade barriers between Member States. [78]
43
On this basis, it can be deduced that the main goals of competition and data protection law are substantially the same. This finding substantiates the expectation that both authorities complement each other’s actions when either of them regulates a matter. [79] Accordingly, they do not act over-autonomously when applying principles from the other sphere of law for supplementary enforcement.
44
Therefore, the new powers granted to the Bundeskartellamt are not in conflict with the one-stop-shop mechanism. Their reach into the sphere of data protection law is justified because they are centred in competition law and merely allow the Bundeskartellamt to enforce these principles as supplementary effects. As such, the new regulation does not risk leading to over-autonomous actions by the Bundeskartellamt in the sphere of data protection law.
45
As established above, the Bundeskartellamt has been awarded competencies that can enforce data protection-related aspects as supplementary effects. These new powers result in the applicability of both competition and data protection law to the same matters. This might pose a risk for the potentially affected companies as overlapping applicability may weaken legal certainty when the authorities take different approaches and apply different interpretations to similar matters. [80] This would make it increasingly difficult for companies to avoid administrative orders via specific changes of conduct. However, the following two arguments will successfully refute this risk.
The risk of overlapping application is limited to a very small number of instances. As outlined above, the designation process in Section 19a(1) GWB is intended to ensure that only very few platforms with particularly powerful positions in the digital markets can be faced with the prohibitions in Section 19a(2) GWB. Therefore, only these few companies can be subject to overlapping applicability. The number of instances that may fall under both regulations is further limited because only two of the seven available prohibitions, from Section 19(2)(1)(4)-(5) GWB, are sufficiently connected to data protection.
47
This risk is further reduced by sufficient cooperation between the two authorities. So far, the only type of cooperation set out in law between the two authorities is the exchange of information. [81] Nevertheless, cooperation between the competition and data protection authorities is likely to arise in practice even without legal obligation. For example, in the Facebook case the Bundeskartellamt has been cooperating with German data protection authorities, in particular with the Federal Commissioner for Data Protection and Freedom of Information (“BfDI”), throughout its investigation. [82] The BfDI subsequently also publicly approved the Bundeskartellamt’s administrative order. [83] As the new powers in Section 19a GWB have removed all doubts on the fact that the competencies of the two authorities overlap, it is even more likely that voluntary cooperation will arise between these authorities to coordinate their approaches and decisions. Therefore, any remaining risk of overlapping application is highly unlikely to manifest in practice.
48
In conclusion, the risk that the overlapping applicability of data protection law and the new competition law powers may result in overlapping application is limited to an insignificant number of cases. The cooperation that is expected to take place in practice decreases this risk even further.
Given the abovementioned shortcomings of the GWB amendment, a comparison with a similar piece of upcoming legislation, the UK approach to regulate digital markets, will help to discover improvements for the German regulation. Both regulations grant the empowered authorities similarly broad competencies, despite the fact that the new German regulation is located within competition law whereas the UK aims to create a new regulatory unit for which it can define new powers. The broad powers for the Bundeskartellamt came about because the German regulation inherited none of the traditional competition law requirements. Therefore, these two approaches are directly comparable, irrespective of the debate on whether competition law is the right sphere of law to address the issues on digital markets. [84]
50
After a short introduction to the UK approach, the issues identified regarding the new German regulation will be addressed from the perspective of the UK proposal. This will display some advantages of the UK approach over the German system and give suggestions on how the German regulation could benefit from these insights.
51
While the exact structure of the envisaged regulatory regime is pending legislative action, a high-level overview can be deduced from the Advice of the Digital Markets Taskforce, [85] in line with the latest government statement. [86] The new regulatory regime, the Digital Markets Unit (“DMU”), is established within the framework of the Competition and Markets Authority (“CMA”), [87] but it will remain unconnected to the powers of the CMA. [88] This regulation will create an ex ante system, so that the DMU can impose additional obligations on large online platforms in advance of any verifiable abuses of market dominance.
52
In particular, the DMU will be empowered to establish and enforce rules for large online platforms whose activities provide them with strategic market status (“SMS firms”) in two steps. [89] First the DMU will designate a company as SMS firm for a fixed period of time, [90] taking into account several factors. [91] Then the DMU will establish an enforceable code of conduct tailored to the SMS firm. [92] It will also address the roots of the strategic status and market power of SMS firms by imposing on them effective and proportionate pro-competitive interventions (“PCIs”), consisting of a broad range of remedies with the aim of promoting competition. [93]
53
The evaluation of risks stemming from Section 19a GWB shows that some improvements are necessary to increase its legitimacy. This section will outline aspects from the UK structures which address the issues identified in the German designation process. It will also display how the implementation of further aspects of the UK approach might enhance the available prohibition structure and the cooperation between the authorities.
54
According to the Digital Markets Taskforce, the test to designate firms as having SMS in the digital markets should be the following:
a firm only has SMS if “the firm has substantial, entrenched market power in at least one digital activity”. [94]
55
This section will consider this SMS test in three parts and deduce three aspects that would be beneficial to be included in the German regulation in order to avoid over-inclusiveness.
56
The first part is an assessment of whether the firm has substantial market power in at least one digital activity. The next two paragraphs show that this approach is one step closer to avoiding over-inclusiveness than the German regulation and should thus serve as inspiration for the German legislator. But simply mirroring this approach would be insufficient to substantially improve the German law.
57
The aspect that would be beneficial for the German legislation is the obligatory requirement to assess the market power because it narrows the scope of application more than an optional factor. The market power assessment could be made compulsory in the German regulation either by adopting the UK requirement on substantial market power, or by giving the market power factor more weight than other factors. [95] However, it would be even more beneficial for the German regulation to take this test another step further and diminish the scope of application through the implementation of a requirement for market dominance in at least one digital market. [96] As the online platforms that are expected to fall under this regulation will all satisfy this test in one digital market or another, this step would not result in under-inclusiveness. Instead, it would further tackle over-inclusiveness and put at ease companies that the legislator does not intend to target.
58
The aspect that should not be considered for the German regulation is the fact that the SMS test does not require significant market power across markets but that substantial market power in one specific activity suffices. [97] While it can be presumed that power across markets will nevertheless play a role in designating SMS firms, this formulation could potentially lead to over-inclusiveness and is therefore not advisable for the German system.
59
The second part, the requirement of entrenched market power, aims to exclude firms with only temporary market power to avoid stalling innovation. This requirement would also be beneficial to the German system. It would tackle the risk of over-inclusiveness by avoiding the designation of firms whose market power is only a temporary phenomenon without sufficient adverse effects on the digital markets to justify the additional obligations.
60
As a third part, the test sets out that the market power has to relate to a “digital activity”, explicitly referring to digital as opposed to analogue markets. In the current German legislation, the wording in Section 19a(1)(1) GWB also includes multi-sided platforms that are active only on non-digital markets. Thus, it is advisable for the German legislator to add the word “digital” in order to reduce the risk of over-inclusiveness.
61
The above considerations regarding the three parts of the SMS test set out three requirements that should be implemented in the German designation process in order to reduce the scope of the regulation. The current legislation risks being over-inclusive.
62
In post-Brexit UK, the proposed regulation does not risk acting over-autonomously by way of working around the one-stop-shop mechanism because the UK is not directly bound by the EU GDPR anymore. While the UK will presumably remain connected to the GDPR rules to some extent by way of an adopted adequacy agreement, [98] this does not interfere with the UK legislator’s ability to assign additional competencies to different supervisory authorities. The UK can therefore decide independently to curtail the powers of other national authorities like the Information Commissioner’s Office (“ICO”) by granting some of their powers to the new DMU. This section will show that the proposed scope of PCIs that are available to the DMU also does not risk over-autonomous actions by the DMU. Furthermore, this section demonstrates that this structure for prohibitions is beneficial for the German system because it is expected to be more effective in regulating digital markets.
63
The PCIs available to the DMU are extensive: aside from prohibitions connected to competition, they comprise data-related prohibitions, including interoperability and defaults intervention, and obligations to provide access to data and to separate collected data. [99] They are proposed to be set out in non-binding guidance to create a fully flexible system to enforce any change short of ownership separation. [100] Their scope is limited by requiring them to be targeted, effective and proportionate to the adverse effect on competition or consumers. [101] In so far as this proportionality test is conducted thoroughly and the data protection-related PCIs are agreed upon in cooperation with the ICO, [102] these broad powers are sufficiently justified to regulate the digital markets.
64
This particularly flexible structure of PCIs is beneficial for the German regulation. Although the suggested PCIs are roughly in line with the German prohibitions, the UK approach is better suited to adapt to new challenges in the digital markets that need to be regulated in the future. However, in order to uphold the legitimacy of the extended powers within the competition law framework, the German system would have to introduce an additional requirement of sufficient connection between the prohibition and competition law.
65
This section showed that the UK approach provides no basis for indications that it might include over-autonomous actions. Furthermore, the German legislator should consider introducing a more flexible prohibition system along the lines of the PCIs in the UK.
66
According to the UK proposal, the DMU will be awarded competencies that overlap with those of the following authorities: CMA, ICO, the Office of Communications (“Ofcom”) and the Financial Conduct Authority (“FCA”). [103] This establishes a risk of overlapping application on similar matters by the DMU and either of these authorities, which might manifest in weakened legal certainty in case the authorities apply different interpretations. However, the Digital Markets Taskforce sets out a comprehensive structure for cooperation between the abovementioned authorities that is likely to create an effective basis to avoid issues of overlapping applicability. The following paragraphs will describe separate aspects of this structure and consider which of these aspects would benefit the German regulation.
67
Firstly, these authorities will be able to share information among them if this information is relevant for their duties. [104] This part is already established in Germany in Section 50f(1) GWB and does not need amending.
68
Furthermore, Ofcom and the FCA are supposed to receive joint powers with the DMU in relation to SMS firms, in which case the DMU should always take the lead. [105] While cooperation under the new regulation between the Bundeskartellamt and telecommunications or financial supervisory authorities has not been discussed at this stage, it might be helpful for future cases. Either way, the decision to make the authority that enforces the ex ante regulation the primary authority should be carried over to the German legislation for any matter in which Section 19a GWB will be involved. This would help to avoid situations with unclear decision-making hierarchies.
69
Overlapping powers with the CMA on competition-related conduct by SMS firms also will not be an issue in practice: the location of the DMU within the CMA structure will presumably generate internal arrangements to avoid double investigations with the aim of managing shared resources efficiently. As the new Section 19a GWB is enforced by the Bundeskartellamt itself as German competition authority, this situation does not have to be catered for in Germany.
70
Moreover, the Taskforce suggests that the DMU should always consult with the ICO on compatibility of its planned PCIs with data protection laws. [106] While such consultation is practised without legal foundation in Germany, the German regulation would benefit from mirroring the UK approach on this account and introducing an obligation to consult with data protection authorities before deciding data protection-related matters.
71
The relationship between DMU and ICO is also specified by the proposed competencies for the DMU to refer discovered breaches of data protection laws onto the ICO. [107] These competencies would be useful to increase data protection enforcement without exceeding the limit of supplementary enforcement. However, implementation in Germany is limited by the one-stop-shop mechanism of the GDPR, so that only cases without EU-wide cross border issues or with the LSA located in Germany could potentially be referred on to the German data protection authorities by the Bundeskartellamt. Therefore, this aspect would not improve the German cooperation structure.
72
In short, the Taskforce established a strong cooperation structure which is tailored to the legal environment of the UK and can be expected to succeed in avoiding risks resulting from overlapping applicability. Therefore, although the German regulation would benefit from mirroring the UK structure completely, only two parts can and should be implemented in Germany: making the Bundeskartellamt the primary authority on cases regulating digital markets and introducing a consultation requirement with the relevant data protection authorities for data-related decisions.
73
The application of the GWB amendment through the DMA will be limited in scope by new European legislation and is expected to be adopted soon. In order to assess the consequences that the DMA will have on the functioning of Section 19a GWB, this chapter will first analyse its compatibility with the German approach in the areas of competition law and data protection law as well as the enforcement of the new regulations against large online platforms. Following this will be a comparison of the DMA to the German and UK approaches on the basis of the findings in the previous comparison.
74
The DMA has initially been inspired by the first steps taken in the UK towards a new legislation directed specifically at large online platforms and services but has undergone extensive change since then. [108] While the first proposal was only published on 15 December 2020, [109] the DMA has by now been unanimously adopted by the Council of the EU in the third and final reading, with only the adoption by the European Parliament outstanding. [110] This adoption relates to the latest version of the DMA published on 11 July 2022 with significant changes to the initial proposal. [111] For clarification, this version will be referred to in this discussion as “DMA” and the initial proposal as of 15 December 2020 as “DMA proposal”.
75
Once adopted, this regulation will provide the Commission with additional powers in dealing with the most influential providers of core platform services, the so-called gatekeepers, and their commercial relations with businesses and consumers on digital markets. [112] Its structure is similar to that of the German and UK approaches in so far as it also consists of two steps. First, the Commission will designate undertakings for gatekeepers in accordance with qualitative and quantitative factors set out in Article 3 of the DMA. Subsequently, these gatekeepers will be subject to the obligations listed in Articles 5–7 DMA. These obligations can be enforced by the Commission with fines of up to 10% of the undertakings’ total worldwide turnover pursuant to a decision of non-compliance with these obligations and up to 20% of their turnover for repeated non-compliance. [113] Aside from various competition related obligations, the proposal also takes into account data protection in particular. This includes obligations to refrain from combining and cross-using personal data from end users collected via different services without consent in Article 5(2)(b) and (c) DMA and obligations for certain services for interoperability pursuant to Article 7 DMA.
76
Due to the interlaced relationship of the German and European jurisdictions, the scope of application of the GWB amendment is dependent on its compatibility with the new DMA. The first chapter will address this compatibility and explain how Section 19a GWB will likely still be broadly applicable parallel to the DMA and beyond it, despite some inevitable restrictions and unresolved issues. The second chapter will determine the compatibility of the DMA with other legal fields touched by it, exemplified by the DMA’s relationship with national data protection authorities. It will show a number of shortcomings in terms of the cooperation structure and consider their solutions in practice. The third chapter will argue that the success of the DMA itself is dependent on its enforcement in cooperation with national competent authorities (“NCAs”), which has not been extended as widely as it could have been in order to be more efficient.
77
The DMA has been developed in the form of a European regulation and will therefore be directly applicable in all Member States as per Article 288(2)(2) TFEU. [114] It follows that, once adopted, the DMA will enjoy primacy of application as the stricter law over the German legislation including section 19a GWB. [115] In order to determine the potential remaining impact of the GWB amendment on digital platforms after the enforcement of the DMA, it is therefore necessary to analyse its compatibility with the new EU legislation.
78
To start with, Article 1(5) DMA prohibits the enforcement of national legal obligations on gatekeepers that would exceed those available to the Commission under Articles 5-7 DMA “for the purpose of ensuring contestable and fair markets”. As mentioned above, competition law is generally aimed at maintaining competition in the markets for the benefit of consumers. [116] This aim also lies at the heart of Section 19a GWB by way of imposing additional prohibitions on undertakings with PSC. [117] As Section 19a GWB has a similar purpose as the DMA, it would initially be blocked in its entirety by Article 1(5) DMA.
79
However, Article 1(6) DMA sets out three exceptions for national competition rules. One of these is Article 1(6)(b) DMA for national competition measures prohibiting unilateral conduct by gatekeepers insofar as they enforce obligations that go beyond those imposed under the DMA. In line with Recital 10 DMA, this exception is aimed at traditional competition law regulations prohibiting abusive conduct by way of individualised assessments. The Bundeskartellamt will thus at least remain competent to apply Section 19 GWB to undertakings irrespective of their status as gatekeeper under the DMA. Whether Section 19a GWB can be applied within the scope of this exception, however, is less straightforward. It would need to satisfy the following requirements: (i) Section 19a GWB has to be regarded a competition law rule, (ii) it needs to target unilateral conduct, and (iii) it has to impose further obligations on gatekeepers.
80
It remains in dispute whether Section 19a GWB should be considered part of competition law or, instead, of the general regulatory law. Competition law is generally understood to protect existing competition from collusion and abusive conduct by way of prohibiting individual conduct. Regulatory law in turn aims to break up more or less closed networks in specific sectors to create a basis for competition through more intense proactive measures. [118] On the one hand, Section 19a could be located within regulatory law due to its ex ante approach; since this regulation does not always require proof of practices that distort competition but can be applied prior to any such consequences, it might not be sufficiently linked to the aim of safeguarding competition but be classified as proactive. In addition, the individual investigation of an undertaking only focusses on its PSC status irrespective of any actual misconduct as basis for prohibitions. [119] On the other hand, it can be argued that Section 19a GWB has the character of competition law since prohibitions will only be imposed on an individual basis at the discretion of the Bundeskartellamt, following thorough investigations into the conduct of an undertaking and its threat to competition. [120] This point is reinforced by the location of this section within the GWB in the chapter on market dominance and by its parallels to the market dominance test in Section 18 GWB, especially Section 18(3a) GWB, and to the detrimental effects listed in Section 19(2) GWB. [121] These parallels are also indicated in the Government Draft on the Tenth GWB amendment in determining that conduct prohibited under Section 19a(2) GWB may in some cases also be prohibited under Sections 19, 20 GWB. [122] In addition, Section 19a GWB is not confined to a specific sector but constitutes an extension to the tools available to combat market abuse. [123] Accordingly, while Section 19a GWB shows some traits of regulatory law, it can still be firmly placed within the competition law framework and satisfies this requirement under the exception in Article 1(6) DMA.
81
That Section 19a GWB is aimed at prohibiting unilateral conduct is already evident in its structure; the Bundeskartellamt needs to investigate one undertaking at a time in order to declare it to have PSC and must subsequently be subject to the prohibitions in Section 19a(2) GWB. It therefore only addresses conduct demonstrated by the undertakings themselves as opposed to unlawful cooperation with other undertakings.
82
Section 19a GWB needs to impose obligations on the targeted gatekeepers that go beyond those imposed under the DMA. From the wording in Article 1(6)(b) DMA (“imposition of further obligations”) it remains unclear whether a rule only falls under this exception if it provides for obligations that are not covered by the DMA or whether a rule can already apply under this exception if it merely imposes obligations that could be imposed by the Commission at a later point of time but have not yet been initiated against the respective gatekeeper under the DMA. The former interpretation would require a detailed comparison of the scope of prohibitions in Section 19a(2) GWB and Articles 5-7 DMA. Due to the broadly similar prohibitions available under both regulations, this would result in a very limited scope of application left for Section 19a GWB. However, Recital 10 of the DMA provides the crucial detail in the following phrase: “the application of [national competition] rules should not affect the obligations imposed on gatekeepers under this Regulation” (emphasis added). On this basis, the latter interpretation can be followed, permitting national competition law authorities to enforce any obligations against gatekeepers as long as they have not yet been imposed under the DMA.
83
It follows therefore that Section 19a GWB is covered by the exception in Article 1(6)(b) DMA and can continue to be applied to gatekeepers both before the Commission imposes specific obligations on them and afterwards insofar as the obligations then go beyond those enforced by the Commission. Nevertheless, due to the ongoing dispute regarding the character of Section 19a GWB and the interpretation of Article 1(6)(b) DMA, the actual scope of application of the German regulation is not legally settled and therefore likely to be subject to court rulings in the future. [124]
84
However, even if future court rulings would curtail the scope of application of Section 19a GWB beyond the scope determined above, this norm would still remain relevant for three reasons. Firstly, the GWB already has and will continue to play an important role in collecting information and experience in the sphere of regulating large online platforms until the DMA will start applying. [125] Secondly, the scope of application of Section 19a GWB goes beyond that of the DMA with regard to the designation process. Aside from the potential gatekeepers in accordance with the DMA, Section 19a GWB may extend to (a) local companies, as it does not require any impact on the internal market, (b) companies that are active in the digital sphere but do not provide core platform services in line with the definition in article 2(2) DMA, and (c) companies below the indicative quantitative thresholds due to its sole reliance on flexible criteria. [126] Even though these extensions would not cover the main addressees of this regulation, they could still have an impact on companies in the periphery. Thirdly, Section 19a GWB would eventually rise in importance by way of its flexibility in a situation in the future where the inflexible requirements listed in Articles 5-7 DMA would be fully enforced.
85
On a separate note, this interpretation leads to the following question: what happens if the Commission decides to impose an obligation on a gatekeeper after a national authority has already imposed a similar obligation on the gatekeeper within its jurisdiction? Technically, this obligation should not be necessary anymore as the undertaking should have already complied with the obligation. But if the obligation has not yet been fulfilled, the undertaking might now face two potential sanctions. The topicality of this issue becomes apparent in the following example. Irrespective of the fact that the case was based on Section 19 GWB instead of Section 19a GWB, as both sections have been demonstrated to be covered by the exception in Article 1(6) DMA, a final court ruling against Meta, formerly Facebook, in the abovementioned Facebook case might impose obligations similar to those in Article 5(2)(b) DMA on this undertaking. If, following such a decision, the Commission decided to regulate Meta as gatekeeper with regard to the same issue, it would remain unclear on the basis of the DMA whether Meta would face additional sanctions. [127]
86
There is a fundamental principle in EU law, called ne bis in idem, which is enshrined in Article 50 of the Charter of Fundamental Rights [128] (“Charter”) and protects everyone from repeated punishment for the same offence in criminal proceedings in the EU. The term “criminal” has been interpreted broadly and is recognized to also cover competition law proceedings. [129] On this basis, the enforcement of sanctions by the German court and the Commission in the above example could infringe Article 50 of the Charter if all conditions were satisfied. Until recently, the CJEU had applied a narrow scope of this principle in competition law by requiring not just the same offender and the same facts but also the same offence in order to find that duplicate proceedings infringed this principle. As an offence committed under two different legislations is almost always determined to be different, this principle would not have been of significance in situations similar to the above. [130] However, in two recent CJEU decisions, bpost [131] and Nordzucker, [132] the CJEU has established and confirmed a more lenient approach, demanding only the accordance of offender and facts, thus making this principle relevant for future DMA applications. It will nevertheless remain difficult to demonstrate that the duplicate proceedings cannot be justified: the first requirement for this justification, that duplicate proceedings are provided by law, can be justified due to the exception in Article 1(6) DMA that it applies without prejudice to national competition law. In order to refute the second requirement, that both proceedings must pursue complimentary instead of coincidental aims, the court would likely need to deviate in the specific case from the characterization of the DMA as regulatory instead of competition law. [133] And the basis to satisfy the third requirement of proportionality and coordination between both proceedings has recently been introduced in Article 38(1) DMA in the form of a new cooperation mechanism for national competition authorities. [134] This shows that the outcome of a case will particularly depend on the evaluation of the aims and extent of cooperation in the application of the DMA.
87
Due to these uncertainties regarding the new scope of the ne bis in idem principle, it is expected that the entry into force of the DMA will provide the courts with lots of new litigation. This is the case despite the fact that related issues have already been resolved within competition law regarding the relationship between the competencies of the Commission and NCAs. [135] Therefore, further legislative work would be beneficial to resolve the aforementioned issues.
88
That said, the current framework should be able to function in the majority of cases despite these issues, due to a crucial and broadly welcomed amendment to the DMA; unlike the initial DMA proposal, the new version of the DMA provides for a so-called high-level group in Article 40 DMA. [136] This group will consist of up to 30 representatives from a list of European bodies and networks in the areas of electronic communication regulation, data protection, competition, consumer protection and media regulation. It should meet regularly with the Commission in order to provide the Commission with advice on how to enforce the DMA in its areas of expertise with the aim to create a consistent regulatory approach. In particular, this group should report on any potential trans-regulatory issues between the EU and national level regulation pursuant to Article 40(6) DMA. If this group is sufficiently engaged with these processes, well-staffed and kept up-to-date on all levels, it could mitigate the issue described above by actively coordinating the investigations and workstreams which the authorities involved are working on. This is all the more likely as no authority should rationally have any interest in engaging in legal struggles with each other and thereby prolonging the imposition of prohibitions on gatekeepers. In addition, the abovementioned new Article 38(1) DMA sets out that the Commission and NCAs enforcing competition law are supposed to cooperate through the European Competition Network (“ECN”) or alternative arrangements and have the power to exchange even confidential information. On this basis, the abovementioned issues should be very unlikely to occur in practice.
89
The new competencies transferred to the Commission under the DMA touch on a number of different areas of law. These include, in particular, those areas of with bodies and networks are participating in the high-level group, as listed in the previous paragraph. This sub-chapter will discuss one of the issues arising from this overlap: the compatibility of the DMA with national data protection authorities.
These authorities derive their competencies from directly applicable EU law, as the GDPR is mainly enforced on a national level. Therefore, the competencies are not overruled by the application of the DMA. In addition, even separate national competencies would not likely be prohibited by Article 1(5) DMA, as data protection rules are not enforced “for the purpose of ensuring contestable and fair markets”, and because they are not connected to any gatekeeper status. It is also unlikely that actions by data protection authorities would be caught under Article 1(7) DMA, which prohibits decisions that run counter those adopted under the DMA. This is because decisions to improve data protection usually benefit the increase of fairness on the market as well, as indicated by the number of data protection-related obligations in Articles 5-7 DMA. Therefore, similar tensions could arise as those described above regarding competition law, when the Commission imposes an obligation on a gatekeeper which has previously been enforced by a data protection authority.
91
Similar to the previous section, this issue might be resolved in practice through the new high-level group under Article 40 DMA, in addition to a high-level cooperation assurance for NCAs in Article 37 DMA. The legislators seem to have at least incorporated part of the recommendations published by the European Data Protection Supervisor (“EDPS”) regarding the development of structured cooperation between the Commission and the relevant authorities. [137] Nevertheless, the implementation of these recommendations fell short of actual obligations for information exchange and consultations throughout investigations and assessments which would have created complementary roles. [138] Instead, the competencies of the new high-level group will be limited to the provision of advice and expertise to the Commission while the information collected within the powers in the DMA remains limited to be applied under this regulation only, as per Article 36(1) DMA. Thus, any cross-authority cooperation arrangements regarding information exchange are prohibited. This prohibition might likely lead to other authorities requiring extra resources to investigate the same matter, which could have been spent on other cases in the interest of the citizens. The prohibition on information exchange could even result in incoherent decisions on the basis of varying findings within the repeated investigation. Nevertheless, in practice it is likely that amicable coordination meetings by the high-level group will present a practical solution in such cases and should help the system run sufficiently and smoothly despite the creation of a theoretically difficult and legally uncertain situations regarding competencies and consequences.
92
Irrespective of the abovementioned compatibility issues, the DMA will only be successful in improving the digital markets if it is able to enforce the vast number of obligations efficiently against all previously designated gatekeepers. The limitation of the designation to three years at a time in Article 4(2) DMA should make efficiency the priority in the enforcement system of the DMA. In light of this, the Commission has already announced that it will be hiring additional staff and organise them in teams around “thematic domains” for increased efficiency and expertise. [139] Nevertheless, given the size of the potential gatekeepers and the detailed investigations necessary for each designation and effective enforcement of each obligation, it is likely that the additional staff will not suffice. [140]
Against this backdrop, many voices have suggested the establishment of a cooperation framework with NCAs to help enforce this extensive new regulation, one of them being the Bundeskartellamt, [141] in agreement with the ECN. [142] But no such legal basis has been added to the DMA since. The only possibility for NCAs to get involved is by launching investigations on gatekeepers and their non-compliance with the obligations in Article 38(2), (7) DMA. But instead of acting upon the results of such an investigation, the NCAs are required to pass on the information to the Commission, losing all influence on the application of this information against the undertakings concerned. Therefore, it is viewed with scepticism if this mechanism will be applied by NCAs, as they would be expected to use their resources for own projects and investigations. [143]
94
The reasons for the legislator’s refusal to include NCAs any further down the line include the increase of efficiency by way of organising the whole process in one hand without delays through information exchange and approval requirements, and a costly cooperation network. [144] But due to the fact that the Commission will likely remain relatively understaffed, these efficiency losses through procedural delays would not be outweighed by efficiency gains from shared enforcement competencies. NCAs are also not intended to be involved in this process in order to avoid the development of an atmosphere of competition between the Commission and NCAs. [145] However, these issues could be better avoided through enhanced cooperation procedures. The exclusion of NCAs from this area of enforcement might even fuel competition as NCAs either have to be faster in their regulation of gatekeepers than the Commission or they have to be creative to find new ways for achieving their goals when getting impatient with the predictably busy Commission. The only reason that cannot be denied is the upholding of thorough harmonisation not just of the applicable set of rules, as set out in Article 1 DMA, but also of the process and decisions, especially since most gatekeepers are active within the whole EU. [146] Nevertheless, a lack of harmonisation could be reasonably mitigated by way of more tightly knit cooperation procedures. This has also been demonstrated by the functioning system of parallel enforcement between EU and NCAs in competition law. [147] It therefore would still be preferable for the legislators to include the NCAs in the enforcement framework. [148]
95
The following comparison, based on the topics and findings of the comparison between the German and UK approach, aims to further inform the German approach on possible improvements while also pointing out potential amendments that would be beneficial to the not yet adopted DMA. However, keeping in mind the different preconditions for national legislation compared to EU legislation, the DMA will not provide many recommendations for the German approach, as some potentially beneficial aspects cannot be carried over onto the national level and others would not fit into the flexible framework selected by the German legislator.
96
Due to the similar two-step structure of all three approaches, the designation process in the DMA is directly comparable. Nevertheless, the EU legislation has developed a more complex method with several alternative designation paths. For the comparison, this process will be divided into the following three parts which are in turn considered below: (i) the three main requirements listed in Article 3(1) DMA, (ii) the three quantitative thresholds set out in Article 3(2) DMA and (iii) the list of elements in Article 3(8)(2) DMA.
97
Prior to that, it is worth noting that unlike the other approaches, the DMA expects undertakings to initially notify the Commission themselves in order to avoid a thorough market investigation. This requirement could increase efficiency, but would likely only be used by undertakings that are certain that their gatekeeper status is unavoidable. These undertakings in turn could probably be easily determined by the Commission anyway. Therefore, the efficiency gains from this initial requirement are limited and would not be sufficiently beneficial to be recommended to the other jurisdictions.
98
The main requirements of Article 3(1) DMA require significant impact on internal markets, the provision of core platform service as important gateway for users and an entrenched and durable position. The internal market requirement is unique to the EU and therefore beyond consideration for other frameworks. Instead, the entrenchment requirement is similar to the UK approach and should likewise be recommended to the German approach to avoid stalling innovation by putting new and recently growing undertakings at risk of designation.
99
The requirement on the provision of an important core platform service is similar to the UK requirement insofar as it goes beyond the requirement of multi-sided platforms as applied in Section 19a GWB and thereby reasonably narrows the scope of this regulation to the intended type of undertaking. At the same time, the conclusive list of services covered by the term “core platform service”, set out in Article 2(2) DMA, avoids an issue faced by the UK definition on whether only digital platforms or any activities on digital markets are included. [149] Nevertheless, while the list comprehensively includes all services that appear significant for this framework at the current moment, it is an inflexible term potentially limiting the scope of this regulation in the future. Therefore, it would not be recommended for the German legislation to adopt a similar list in a binding manner in order to retain its flexibility. At the same time, this specific list does not particularly hinder the EU legislation from achieving its goals. It rather is an example of how the European legislator has decided to base the DMA structure with an emphasis on predictability, while both the UK and German approach are leaning more towards flexibility and time-resilience of their framework. [150]
100
The quantitative thresholds of Article 3(2) DMA, which include annual turnover, number of active users and maintaining this number of users over the last three years, could be favourable compared to the German and UK approaches by providing the EU designation process with a level of objectivity and thereby increasing legal certainty and predictability. On the other hand, the fact that only satisfying the quantitative thresholds places the burden on the undertakings to show that they nevertheless do not satisfy the qualitative requirements under Article 3(5) DMA could be problematic because the size of an undertaking is not in itself informative of the importance of the respective core platform service on the market. [151] While the DMA proposal had provided for a rebuttal system which allowed undertakings to refute the presumption with reference to the list of elements which is now found in Article 3(8) DMA, this process has now been changed for the worse. According to Recital 23 DMA, designated undertakings may only rebut the Commission’s presumption by taking into account elements directly linked to the quantitative criteria. These additional elements could still not help reliably determine the importance of the core platform service within the undertaking or the market. If applied in accordance with Recital 23, this approach will likely lead to over-inclusion. [152] Therefore, this approach is not beneficial even to the predictability-based EU framework and should not be considered in the German system.
101
This list of elements from Article 3(8)(2) DMA is to be taken into consideration in a market investigation pursuant to Article 17 DMA, in case any of the quantitative thresholds are not satisfied. This includes, inter alia, elements on size, number of users, network effects, scale and scope effects, user lock-in, conglomerate corporate structure and other structural characteristics. There is a striking similarity to the German designation factors under Section 19a(1)(2)(2)-(5) GWB. Nevertheless, due to the fact that both of the other jurisdictions do not rely on quantitative criteria and are solely based on investigation procedures by the authorities instead of notification requirements, there is no need for additional elements of this type.
102
In short, the complex designation system with different routes could render the process more predictable in some ways but does not appear necessary or recommendable to national jurisdictions. In particular, this system would not provide other jurisdictions with additional benefits as it does not limit the application to the handful of largest online platforms, as was expected during the legislation process, but is intended to be extended to about 15 companies. [153]
103
The Commission generally does not risk acting over-autonomously as the European legislator can grant it the necessary competencies. In addition, unlike the non-binding list in the UK on types of conduct that may be prohibited at the DMU’s discretion, the DMA leans towards the German approach by having established a pre-defined and inflexible list of prohibited conduct. The actions by the Commission against gatekeepers are therefore more predictable, not only for companies but also for other authorities. Accordingly, the DMA is in no risk of permitting over-autonomous actions but also could not be replicated in Germany due to the EU’s characteristics.
104
Due to its similarity with the German and UK approach, the DMA also awards the Commission competencies that will create an overlap with other authorities. These authorities are identified in the list of components for the new high-level group in Article 40(2)(a)-(e) DMA. For example, this includes the European data protection authorities due to the abovementioned regulations in the data protection field like limitations to data collection or use and the new Article 7 DMA on inter-operability. In addition, the overlap extends to NCAs which would usually enforce EU regulations like the GDPR. This is exemplified in a remark that the Commission is now able to rule on certain data issues by itself in order to avoid a blockade through slow enforcement by the IDPC. [154] Although this possibility could be claimed as a positive outcome, these new powers generally undermine the competencies previously handed to NCAs and at the same time risks overlapping and contradictory decisions.
105
While this issue could practically be solved again by pointing to the high-level group in Article 40 DMA, the cooperation regulations outside the competition law field remain insufficient. This is particularly clear when compared to the rules in the UK which determine the DMU as main coordinator in its field while setting up structures for regulated cooperation with each involved agency. However, a coordination system as thorough as this one could not be implemented as easily on the EU level due to the need to coordinate authorities in 27 Member States. Thus, the high-level cooperation is a reasonable compromise. Nevertheless, the very limited basis for information exchange set out above would benefit particularly from an expansion, and obligatory consultation requirements would also be welcome for certain authorities, like the UK has established for the ICO. There might also be situations in which overlaps with other EU regulations cause incoherent decisions, in particular those regulations listed in Recital 12 DMA that are applicable per se without prejudice to the DMA. However, a detailed consideration of such overlaps goes beyond the scope of this discussion as it would not provide new insights for the improvement of the German legislation. In practice it remains likely that these possible overlaps will be solved amicably because all involved authorities are expected to pull in the same direction and should therefore be interested in thorough cooperation. Nevertheless, this paragraph has demonstrated that the DMA does not provide any suggestions on how to avoid overlapping applications in the German legislative framework.
106
The new Section 19a GWB succeeded in removing the doubts that have been raised in response to the Facebook case regarding the application of data-related principles in competition law. It dispelled risks arising from over-autonomous applicability and overlapping application by both spheres of law. However, the legitimacy of applying these new powers is drawn into question because the wording of the regulation does not sufficiently limit the scope of firms addressed by it.
107
In search of improvements for this new regulation, the comparison with the UK approach and the DMA currently under development resulted in the following list of recommendations that should be incorporated in the current German legislation in order to improve its effectiveness and legitimacy:
108
The scope of designation should be limited in order to avoid over-inclusiveness by supplementing it with three strict requirements. The regulation should require the firms to have market dominance in at least one of the digital markets it is involved in. The entrenchment criteria proposed by the UK approach and incorporated in the DMA should be adopted. And the limitation of the scope of application to firms that are active on digital markets as opposed to non-digital markets should be formulated unambiguously.
109
The prohibitions that are enforceable against designated companies should be determined in a more flexible manner in order to improve the effectiveness of the legislation in regulating digital markets within the limits of autonomy available to the Bundeskartellamt. The new types of prohibitions available to the Bundeskartellamt should be set out and kept up to date in non-binding guidance, mirroring the UK approach on PCIs. The new structure should differ from the UK proposal only by introducing an additional requirement regarding a connection to competition law. This would also help Section 19a GWB in regaining a broader scope of application beyond the DMA after its entry into force.
110
The extent of cooperation between the involved authorities set out in the legislation should be extended by two requirements in order to avoid the risk of overlapping application which could result in weakened legal certainty. In investigations under Section 19a GWB by the Bundeskartellamt that also touch areas which are regulated by other authorities, the German legislator should make it compulsory for the Bundeskartellamt to consult with those authorities in advance of a decision. This is in line with the UK approach regarding cooperation with the ICO. The Bundeskartellamt should also be empowered to take the lead in deciding these cases while cooperating with other authorities.
111
Although it would be recommended for the German legislator to draft a new amendment soon to incorporate the abovementioned aspects, the political reality has to be accounted for. The proposed DMA, which will significantly reduce the scope of application of the new German legislation, as set out above, is expected to enter into force in the near future and possibly start applying in 2023. [155] Until then, the German regulation will primarily gather practical experience with the regulation in its current shape instead of drafting an amendment on the basis of theoretical discourse. To this end, the Bundeskartellamt has already initiated proceedings on the basis of the new regulation against Facebook and Oculus, [156] Amazon, [157] Google, [158] and Apple. [159]
112
Against this backdrop, instead of waiting for a new legislative amendment, the Bundeskartellamt and involved courts should implement some of the recommendations by way of interpreting the regulation accordingly in their decisions. In this way, the entrenchment, market dominance and digital market criteria should be read into the legislation in order to provisionally compensate the legitimacy issues. Regarding the scope of prohibitions, it is sufficient to interpret them reasonably broadly to fit upcoming cases. The proposed cooperation principles should be detailed as theoretically non-binding but practically obligatory guidance either in a judgment or in a publication by the authorities.
113
To conclude, whilst several aspects of the German regulation in Section 19a GWB need to be improved, the German legislator took an important step towards regulating digital markets more effectively by publishing the first regulation worldwide that directly targets large online platforms. This discussion explained that the German legislator succeeded in applying the lessons learned from the Facebook case regarding the limits of traditional competition law against data-related concerns. It further discussed some remaining issues of the regulation and recommended strategies for improvement. These recommendations may also serve as a starting point for other jurisdictions in drafting similar regulations, in addition to further inter-jurisdictional exchange and the collection of practical experience. The discussion also established the continuing significance of Section 19a GWB after the entry into force of the DMA and the overall compatibility of this European approach by way of practical solutions based on a new coordination group. Insofar as the enforcement of the DMA will not be slowed down due to resource issues or extensive litigation, these two approaches have a good chance of making a real impact on the digital market. And maybe they will even succeed in creating another Brussels effect, following the GDPR, by “exporting” the idea of this type of regulation for large online platforms around the world. Overall, these developments promise to lead to an effective and legitimate legislative tool to regulate large online platforms that had plenty of time below the radar of regulators to accumulate and entrench their power in digital markets.
*by Karin Jackwerth, LL.B. English and German Law Graduate at University College London
[1] Jason Furman and others, ‘Unlocking Digital Competition: Report of the Digital Competition Expert Panel’ (13.03.2019), 6; Marija Stojanovic, ‘Can Competition Law Protect Consumers in Cases of a Dominant Company Breach of Data Protection Rules?’ (2020) 16 European Competition Journal 531, 532.
[2] Katharine Kemp, ‘Concealed Data Practices and Competition Law: Why Privacy Matters’ (2020) 16 European Competition Journal 628, 658f; CMA, ‘Online Platforms and Digital Advertising: Market Study Final Report’ (B6-113/15, 01.07.2020) (“Market Study”), paras 6.5-6.14.
[3] On Multi-sided platforms one party sets up relations to parties in different markets and enables interaction between those parties, in Mark-Oliver Mackenrodt and Klaus Wiedemann, ‘Zur kartellrechtlichen Bewertung der Datenverarbeitung durch Facebook und ihrer normativen Kohärenz mit dem Datenschutzrecht und dem Datenschuldrecht’ (2021) 65 ZUM 89, 91. For a collection of further definitions see Bundeskartellamt, ‘Arbeitspapier – Marktmacht von Plattformen und Netzwerken’ (09.06.2016), 8ff < www.bundeskartellamt.de/SharedDocs/Publikation/DE/Berichte/Think-Tank-Bericht.html > unless otherwise stated, all URLs were last accessed 07.08.2022.
[4] Market Study (n 2), paras 6.15-6.23.
[5] On the costs for seemingly free services see Chris Jay Hoofnagle and Jan Whittington, ‘Free: Accounting for the Costs of the Internet’s Most Popular Price’ (2014) 61 UCLA L. Rev. 606.
[6] Francisco Costa-Cabral and Orla Lynskey, ‘Family Ties: The Intersection between Data Protection and Competition in EU Law’ (2017) 54 CML Rev 11, 12; Jan Krämer and others, ‘Making Data Portability More Effective for the Digital Economy’ (CERRE, 15.06.2020), 51 < https://cerre.eu/publications/report-making-data-portability-more-effective-digital-economy/ >.
[7] For a critical evaluation of the evidence on six adverse effects on data privacy see Aline Blankertz, ‘How Competition Impacts Data Privacy – And Why Competition Authorities Should Care’ (Stiftung neue Verantwortung, September 2020) < www.stiftung-nv.de/de/publikation/how-competition-impacts-data-privacy >.
[8] Costa-Cabral (n 6), 12. In Germany, rights on personal data are constitutionally protected by art 2(1) in connection with art 1(1) of the German Basic Law; they are a core part of human dignity, Volker Boehme-Neßler, ‘Privacy: A Matter of Democracy. Why Democracy Needs Privacy and Data Protection’ (2016) 6 International Data Privacy Law 222, 223.
[9] Filippo Lancieri and Patricia Morita Sakowski, ‘Competition in Digital Markets: A Review of Expert Reports’ (2020) Stigler Center Working Paper Series No. 303, 84 < www.chicagobooth.edu/-/media/research/stigler/pdfs/workingpapers/303competitionindigitalmarketslawreview.pdf >.
[10] See Autorité de la concurrence (France), ‘Opinion 18-A-03 on Data Processing in the Online Advertising Sector’ (06.03.2018) < www.autoritedelaconcurrence.fr/en/opinion/data-processing-online-advertising-sector >; ACCC (Australia), ‘Digital Platforms Inquiry - Final Report’ (26.07.2019) < www.accc.gov.au/publications/digital-platforms-inquiry-final-report >; Konkurrensverket (Sweden), ‘Market Study of Digital Platforms’ (01.06.2021) < https://www.konkurrensverket.se/en/news/market-study-of-digital-platforms/ >.
[11] See Department of Justice (USA), ‘Justice Department Sues Monopolist Google For Violating Antitrust Laws’ (21.10.2020) < www.justice.gov/opa/pr/justice-department-sues-monopolist-google-violating-antitrust-laws >; FTC (USA), ‘FTC Sues Facebook for Illegal Monopolization’ (09.12.2020) < www.ftc.gov/news-events/press-releases/2020/12/ftc-sues-facebook-illegal-monopolization >.
[12] See European Commission, Proposal for a Regulation of the European Parliament and of the Council on Contestable and Fair Markets in the Digital Sector (Digital Markets Act) COM(2020) 842 final (“DMA Proposal”); Japan Fair Trade Commission, ‘Study Group on Improvement of Trading Environment surrounding Digital Platforms’ (12.12.2018) Interim Discussion Paper 7 < www.jftc.go.jp/en/policy_enforcement/survey/index_files/190220.2.pdf >.
[13] Gesetz gegen Wettbewerbsbeschränkungen, available in English at < www.gesetze-im-internet.de/englisch_gwb/ >.
[14] Bundeskartellamt, administrative order as of 06.02.2019, B6-22/16 (“Administrative Order”).
[15] The EU approach is characterised by strict separation of competition and data protection law, see Case C-238/05 Asnef-Equifax [2006] ECLI:EU:C:2006:734; Google/Doubleclick (Case No COMP/M.4731) Commission Decision [2008] OJ C184/10; Facebook/WhatsApp (Case No COMP/M.7217) Commission Decision [2014] OJ C417/02.
[16] Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L119/1.
[17] Administrative Order (n 14), paras 494ff.
[18] OLG Düsseldorf, judgment as of 26.08.2019, VI Kart 1/19 (V) (“OLG-Facebook-decision”).
[19] BGH, judgment as of 23.06.2020, KVR 69/19, available in English at < https://www.bundeskartellamt.de/SharedDocs/Entscheidung/EN/Entscheidungen/BGH-KVR-69-19.html >.
[20] Blankertz (n 7), 16; Mackenrodt (n 3), 90; Stephan Manuel Nagel and Stefan Horn, ‘Die Facebook-Entscheidung des BGH – ein neuer Kompass für die Missbrauchskontrolle?’ (2021) ZWeR 78, 112-114.
[21] OLG Düsseldorf, order for reference as of 24.03.2021, Kart 2/19 (V). See also OLG, ‘Facebook gegen Bundeskartellamt: Vorlagebeschluss beim EuGH’ (press release no. 11/2021, 23.04.2021) < https://www.olg-duesseldorf.nrw.de/behoerde/presse/archiv/Pressemitteilungen_aus_2021/20210423_PM_Facebook-Beschluss/index.php >.
[22] GWB-Digitalisierungsgesetz (BGBl. I p. 2, 18.01.2021) (“GWB Digitisation Act“).
[23] The Facebook case is mentioned in the Government Draft of the GWB Digitisation Act (Bundestag printed matter 19/23492, 19.10.2020) (“Government Draft”), 76.
[24] Commission ‘Competition Law 4.0’, A New Competition Framework for the Digital Economy (Federal Ministry for Economic Affairs and Energy, 2019), 39.
[25] Torsten Körber, ‘Die Digitalisierung der Missbrauchsaufsicht durch das „GWB-Digitalisierungsgesetz“ im Spannungsfeld von moderater Anpassung und Überregulierung’ (2020), 75 < https://ssrn.com/abstract=3543719 >.
[26] Resolution Recommendation and Report on the GWB Digitisation Act (Bundestag printed matter 19/25868, 13.11.2020) (“Resolution Recommendation”), 119ff. This acceleration is deemed necessary since for example it is unforeseeable when the Facebook case will be definitively decided, Rupprecht Podszun, ‘Die 10. Novelle des Gesetzes gegen Wettbewerbsbeschränkungen (GWB): Stellungnahme für den Ausschuss für Wirtschaft und Energie des Deutschen Bundestags’ (expert opinion, Deutscher Bundestag 2020), 7f.
[27] S 73(5) GWB.
[28] Sebastian Louven, ‘§ 19a GWB kommt – Was ändert sich beim Rechtsschutz?’ (Louven.Legal, 14.01.2021) < https://louven.legal/2021/01/14/%C2%A7-19a-gwb-kommt-was-aendert-sich-beim-rechtsschutz/ >.
[29] S 19a(2)(3) GWB; Government Draft (n 23), 77f.
[30] In favour see Verbraucherzentrale Bundesverband e.V., ‘Fairen Wettbewerb in digitalen Märkten sicherstellen’ (expert opinion, Deutscher Bundestag 2020), 14; against see Körber (n 25), 56-60.
[31] Cf Commission ‘Competition Law 4.0’ (n 24), 48; Körber (n 25), 51-52.
[32] Cf Körber (n 25), 46f, 81. See also Christine S. Wilson and Keith Klovers, ‘The Growing Nostalgia for Past Regulatory Misadventures and the Risk of Repeating these Mistakes with Big Tech’ (2020) 8 Journal of Antitrust Enforcement 10, comparing strong regulation of big tech companies to controversial historic US railroad and airline regulations.
[33] Cf Laurine Signoret, ‘Code of Competitive Conduct: A New Way to Supplement EU Competition Law in Addressing Abuses of Market Power by Digital Giants’ (2020) 16 European Competition Journal 221, 230; Damien Geradin, ‘What Is a Digital Gatekeeper? Which Platforms Should be Captured by the EC Proposal for a Digital Market Act?’ (2021), 4-7 < https://papers.ssrn.com/abstract=3788152 >.
[34] Heike Schweitzer and others, Modernisierung der Missbrauchsaufsicht für marktmächtige Unternehmen: Gutachten für das Bundesministerium für Wirtschaft und Energie (1st edn, Nomos Verlag 2018), 192f, an executive summary is available in English at < www.bmwi.de/Redaktion/DE/Downloads/Studien/modernisierung-der-missbrauchsaufsicht-fuer-marktmaechtige-unternehmen-zusammenfassung-englisch.pdf?__blob=publicationFile&v=3 >; Commission ‘Competition Law 4.0’ (n 24), 46ff.
[35] Anne C. Witt, ‘Excessive Data Collection as a Form of Anticompetitive Conduct: The German Facebook Case’ (2021), The Antitrust Bulletin, 21 < https://doi.org/10.1177/0003603X21997028 >.
[36] Section 19a of the Act against Restraints of Competition, available in English at < www.gesetze-im-internet.de/englisch_gwb/ >.
[37] Government Draft (n 23), 61.
[38] Torsten J. Gerpott and Tobias Mikolas, ‘Zugang zu Daten großer Online-Plattformbetreiber nach der 10. GWB-Novelle’ (2021) CR 137, para 1; Witt (n 35), 1.
[39] Klaus Janke, ‘Wir können jetzt früher einschreiten’ HORIZONT (Frankfurt (Main), 11.02.2021), < www.bundeskartellamt.de/SharedDocs/Publikation/DE/Interviews/2021/210211_HORIZONT.html >.
[40] S 19a(1)(1), (2)(1) GWB; Gabriela von Wallenberg, ‘10. GWB-Novelle – Ordnungsrahmen zur Digitalisierung der Wirtschaft’ (2020) 53 ZRP 238, 239.
[41] S 19a(1)(3) GWB; Resolution Recommendation (n 26), 112.
[42] Monopolkommission, ‘Policy Brief: 10. GWB-Novelle – Herausforderungen auf digitalen und regionalen Märkten begegnen!’ (2020), vol 4, 3.
[43] Körber (n 25), 51. For the same reason the Commission ‘Competition Law 4.0’ recommended the retention of the market dominance requirement instead of introducing a new legal concept, see Commission ‘Competition Law 4.0’ (n 24), 50.
[44] Deutscher Bundestag, ‘Wortprotokoll der 95. Sitzung’ (protocol no. 19/95, 2020), 10.
[45] Companies are covered in particular by arts 2(1), 12, 14 of the German Basic Law.
[46] Romina Polley, ‘Paradigmenwechsel in der deutschen Missbrauchsaufsicht – Der Referentenentwurf zur 10. GWB-Novelle’ (2020) 8 NZKart 113, 116. For problems of distinguishing digital markets see also Ralf Dewenter and others, ‘Abgrenzung zweiseitiger Märkte am Beispiel von Internetsuchmaschinen’ (2014) 2 NZKart 387; Commission ‘Competition Law 4.0’ (n 24), 27ff.
[47] Cf Körber (n 25), 51.
[48] OLG-Facebook-decision (n 18). For another example see LG Berlin, judgment as of 19.02.2016, 92 O 5/14 Kart (Google Snippets).
[49] Government Draft (n 23), 73f; Körber (n 25), 51.
[50] Government Draft of the Ninth GWB Amendment (Bundestag printed matter 18/10207, 07.11.2016), 49; Körber (n 25), 49.
[51] Körber (n 25), 50; Sebastian Louven, ‘§ 19a GWB: Welche Unternehmen sind betroffen?’ (Louven.Legal, 01.11.2020) < https://louven.legal/2020/11/01/%C2%A7-19a-gwb-welche-unternehmen-sind-betroffen/ >.
[52] Recital 127 of the GDPR.
[53] Art 56(1), (6) GDPR.
[54] Mandy Hrube, ‘EuGH: Schlussanträge des Generalanwalts zur Zuständigkeit von Datenschutzbehörden bei grenzüberschreitender Datenverarbeitung’ (2021) CR R25.
[55] IDPC, ‘Data Protection Commission Opens Statutory Inquiry into Facebook’ (17.12.2018) < www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-opens-statutory-inquiry-facebook >; IDPC, ‘Data Protection Commission Opens Statutory Inquiry into Google Ireland Limited’ (22.05.2019) < www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-opens-statutory-inquiry-google-ireland-limited >.
[56] An open letter by the platform noyb describes that the first two out of six steps of the investigation took the IDPC almost two years and therefore expects a decision to take years, ‘Open Letter on “Confidential” Dealings in Facebook Case’ (noyb, 25.05.2020), 4 < https://noyb.eu/en/open-letter >. The exceptions are two decisions against Twitter and WhatsApp respectively, see IDPC, “Data Protection Commission Announces Decision in Twitter Inquiry” (15.12.2020) < https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-twitter-inquiry >; IDPC, “Data Protection Commission Announces Decision in WhatsApp Inquiry” (02.09.2021) < https://www.dataprotection.ie/index.php/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry >.
[57] Catherine Stupp, ‘Dutch Lawsuit Seeks Quicker Resolution in Google Case; Consumers and Privacy Groups are Frustrated with Lengthy GDPR Process’ Wall Street Journal (New York, N.Y., 07.01.2021); Kelvin Chan, ‘EU Ruling on Data Privacy Leaves Facebook Exposed’ Toronto Star (Toronto, 14.01.2021).
[58] Directive of the European Parliament and of the Council 95/46/EC of 24.10.1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/0031. Shortcomings on its compliance with article 4(3) TEU are evident in Case C-230/14 Weltimmo [2015] ECLI:EU:C:2015:639 and Case C-210/16 Wirtschaftsakademie [2018] ECLI:EU:C:2018:388.
[59] Alberto Miglio, ‘The competence of supervisory authorities and the ‘one-stop-shop’ mechanism’ (2020) 28 EU Law Live, Weekend Edition 10, 10-11.
[60] CNIL (Commission Nationale de l’Informatique et des Libertés), Délibération de la formation restreinte n° SAN – 2019-001 du 21.01.2019 prononçant une sanction pécuniaire à l’encontre de la société Google LLC, a press release is available in English at < www.cnil.fr/en/cnils-restricted-committee-imposes-financial-penalty-50-million-euros-against-google-llc >. See also Lokke Moerel, ‘CNIL’s decision fining Google violates one-stop-shop’ (2019) < https://papers.ssrn.com/abstract=3337478 >.
[61] Article 29 Data Protection Working Party, ‘Guidelines for Identifying a Controller or Processor’s Lead Supervisory Authority’ (WP 244 rev.01, 05.04.2017), as endorsed by the EDPB in its first plenary meeting (EDPB, ‘Endorsement 1/2018’ (25.05.2018)), 5.
[62] European Commission, Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) [2012] COM(2012) 11 final, art 4(13).
[63] Moerel (n 60), 10-11.
[64] Case C‑645/19 Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v Gegevensbeschermingsautoriteit, Opinion of AG Bobek (13.01.2021).
[65] Case C‑645/19 Facebook Ireland Limited, Facebook Inc., Facebook Belgium BVBA v Gegevensbeschermingsautoriteit [2021] ECLI:EU:C:2021:483.
[66] Ibid para 115-122.
[67] Costa-Cabral (n 6), 23; cf Sebastian Louven, ‘When Privacy Meets Competition’ (Louven.Legal, 01.10.2020) < https://louven.legal/2020/10/01/when-privacy-meets-competition/ >. See also Wolfgang Kerber, ‘Updating Competition Policy for the Digital Economy? An Analysis of Recent Reports in Germany, UK, EU, and Australia’ (2019), 41 < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3469624 >; Boris Paal, ‘Marktmacht im Daten(schutz)recht’ (2020) ZWeR 215.
[68] Krämer (n 6), 10, 64.
[69] Prodromos Chatzoglou and Dimitrios Chatzoudes, ‘The Role of Innovation in Building Competitive Advantages: An Empirical Investigation’ (2018) 21 European Journal of Innovation Management 44, 56.
[70] See Costa-Cabral (n 6), 17-18.
[71] Administrative Order (n 14), para 530.
[72] Costa-Cabral (n 6), 17.
[73] Nela Grothe, Datenmacht in der kartellrechtlichen Missbrauchskontrolle (1st edn, Nomos Verlag 2019), 31.
[74] Ibid 88.
[75] Cf Miriam Buiten, ‘Datenschutzverletzungen als Kartellrechtsverstöße’, in Elena Beyer and others (ed), ‘Privatrecht 2050 - Blick in die digitale Zukunft’ (1st edn, Nomos Verlag 2020), 335. See also David A. Balto and Matthew C. Lane, ‘Monopolizing Water in a Tsunami: Finding Sensible Antitrust Rules for Big Data’ (2016) 12, < https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2753249 >; Margrethe Vestager, ‘Competition is a Consumer Issue’ (13.05.2016) < https://wayback.archive-it.org/12090/20191129205633/https://ec.europa.eu/commission/commissioners/2014-2019/vestager/announcements/competition-consumer-issue_en >; Richard Whish and David Bailey, Competition law (9th edn, Oxford University Press 2018), 19.
[76] Ariel Ezrachi, ‘EU Competition Law Goals and The Digital Economy’ (2018) < https://papers.ssrn.com/abstract=3191766 >; Ceara Tonna-Barthet and Louis O’Carroll, ‘Procedural Justice in the Age of Tech Giants – Justifying the EU Commission’s Approach to Competition Law Enforcement’ (2020) 16 European Competition Journal 264, 268-271.
[77] Hans-Georg Kamann and Dominik Miller, ‘Kartellrecht und Datenschutzrecht – Verhältnis einer „Hass-Liebe“?’ (2016) 4 NZKart 405, 407-408.
[78] Costa-Cabral (n 6), 19.
[79] Inge Graef and others, ‘Limits and Enablers of Data Sharing: An Analytical Framework for EU Competition, Data Protection and Consumer Law’ (TILEC Discussion Paper 2019-024, Digital Clearinghouse 2019), 20.
[80] Monopolkommission, Hauptgutachten. Wettbewerb 2018 – XXII. Hauptgutachten der Monopolkommission gemäß § 44 Abs. 1 Satz 1 GWB (Nomos Verlag 2018), para 683, a summary is available in English at < www.monopolkommission.de/en/press-releases/219-biennial-report-xxii-competition-2018.html >; Torsten Körber, ‘Die Facebook-Entscheidung des Bundeskartellamtes – Machtmissbrauch durch Verletzung des Datenschutzrechts?’ (2019) 7 NZKart 187, 194. See also EDPS, ‘Opinion 4/2017 on the Proposal for a Directive on Certain Aspects Concerning Contracts for the Supply of Digital Content’ (14.03.2017); Christian Schwedler, ‘Schutz von Nutzerdaten durch Missbrauchskontrolle – das Bundeskartellamt als Datenschutzbehörde’, in Torsten Körber and Ulrich Immenga (eds), Innovation im Kartellrecht - Innovation des Kartellrechts (Nomos Verlag 2020), 66-67 regarding the potentially conflicting Facebook decision.
[81] S 50f(1) GWB.
[82] Administrative Order (n 14), para 555.
[83] BfDI, ‘Landmark Decision on Facebook by the Bundeskartellamt’ (21.02.2019) < https://www.bfdi.bund.de/SharedDocs/Pressemitteilungen/EN/2019/06_BundeskartellamtzuFacebook.html;jsessionid=7270302A187803EE431468D9A459410D.intranet222 >.
[84] On this debate see Sebastian Louven, ‘Braucht es mehr materielles Kartellrecht für digitale Plattformen?’ (2019) ZWeR 154, 187-191.
[85] CMA, ‘A new pro-competition regime for digital markets: Advice of the Digital Markets Taskforce’ (CMA 135, 08.12.2020) (“Taskforce Advice”).
[86] Department for Digital, Culture, Media & Sport and Department for Business, Energy & Industrial Strategy (UK), ‘A new pro-competition regime for digital markets’ (CP 489, 20.07.2021).
[87] CMA, ‘New Watchdog to Boost Online Competition Launches’ (07.04.2021) < www.gov.uk/government/news/new-watchdog-to-boost-online-competition-launches--3 >.
[88] Taskforce Advice (n 85), para 7.3.
[89] Ibid para 4.33.
[90] Ibid para 4.28.
[91] Ibid paras 4.7-4.24.
[92] Ibid paras 4.35-4.37.
[93] Ibid paras 4.60-4.81.
[94] Taskforce Advice (n 85), paras 4.9-4.22.
[95] Cf Daniela Seeliger, ‘Öffentliche Anhörung zum Entwurf eines Gesetzes zur Änderung des Gesetzes gegen Wettbewerbsbeschränkungen für ein fokussiertes, proaktives und digitales Wettbewerbsrecht 4.0 (GWB)’ (expert opinion, Deutscher Bundestag 2020), 2.
[96] Polley (n 46), 117; Körber (n 25), 78.
[97] Taskforce Advice (n 85), para 4.7ff.
[98] Draft Commission implementing decision pursuant Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom [2021].
[99] Taskforce Advice (n 85), para 4.68.
[100] Taskforce Advice (n 85), para 4.67. This approach rather aims to offer an alternative to breaking up monopolies, see Greg Ip, ‘In Britain, a Middle Way for Reining in Big Tech; Government-Appointed Panel Seeks to Bolster Competition without Invasive Regulation’ Wall Street Journal (New York, N.Y., 13.03.2019).
[101] Taskforce Advice (n 85), para 4.76.
[102] Ibid para 4.77.
[103] Cf ibid para 6.3.
[104] Ibid paras 6.8-6.11.
[105] Taskforce Advice (n 85), paras 6.12-6.15.
[106] Ibid para 4.77.
[107] Ibid para 5.7.
[108] This inspiration is indicated in the following expert study by demonstrating the similarities of the UK approach with the ‘New Competition Tool’ (NCT) which has now been partly incorporated into the DMA: Heike Schweitzer, ‘The New Competition Tool: Its institutional set up and procedural design’ (2020) < https://op.europa.eu/en/publication-detail/-/publication/1851d6bb-14d8-11eb-b57e-01aa75ed71a1 >; see also Maik Wolf, in Münchener Kommentar zum Wettbewerbsrecht (4th edn, CH Beck 2022), section 19a para 97.
[109] Commission, ‘Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act)’ COM (2020) 842 final.
[110] Council of the European Union, ‘Voting result [on the] Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act)’ 2020/0374 (COD), ST 11507 2022 INIT, 18.07.2022.
[111] Council of the European Union, ‘Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act)’ 2020/0374 (COD), PE 17 2022 INIT, 11.07.2022.
[112] Cf. Jürgen Basedow, ‘Das Rad neu erfunden: Zum Vorschlag für einen Digital Markets Act’ (2021), 1 < https://papers.ssrn.com/abstract=3773711 >.
[113] Articles 29, 30 of the DMA.
[114] Consolidated Version of the Treaty on the Functioning of the European Union [2008] OJ C-115/47.
[115] Rehbinder, in Ulrich Immenga and Ernst-Joachim Mestmäcker (eds), Wettbewerbsrecht (6th edn, CH Beck 2020), section 22 GWB para 18.
[116] Grothe (n 73), Buiten (n 75).
[117] Government Draft (n 23), 75; Wolf (n 108), section 19a para 1.
[118] Franz Jürgen Säcker, ‘Das Verhältnis von Wettbewerbs- und Regulierungsrecht’ (2015) EnWZ 531, 532.
[119] Wissenschaftliche Dienste des Deutschen Bundestags, ‘Die Anwendbarkeit von § 19a GWB im Lichte des europäischen Gesetzgebungsverfahrens zum „Digital Markets Act“’ (07.01.2022) WD 7 - 3000 - 114/21; PE 6 - 3000 - 067/21, 13 < https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj4_vrB37T5AhXMCewKHcYnCh0QFnoECAMQAQ&url=https%3A%2F%2Fwww.bundestag.de%2Fresource%2Fblob%2F880748%2F856d83cb24c61822c508aa47f27e18e7%2FWD-7-114-21-PE-6-067-21-pdf-data.pdf&usg=AOvVaw0Gy0SADi2TIrAOjHBChH66 >.
[120] Wissenschaftliche Dienste des Deutschen Bundestags (n 119); Florian Haus and Anna-Lena Weusthof, ‘The Digital Markets Act - a Gatekeeper’s Nightmare?’ (2021) WuW 318, 324f; Rupprecht Podszun, ‘Competition in the digital economy: What next after the Digital Markets Act? Statement for the Economic Committee of the German Bundestag’ (2022), 9 < https://ssrn.com/abstract=4096357 >.
[121] Haus and Weusthof (n 120), 324.
[122] Government Draft (n 23), 78.
[123] Wolf (n 108), section 19a para 97.
[124] Wissenschaftliche Dienste des Deutschen Bundestags (n 119), 14f.
[125] The German government laid down its intentions on this point in the Resolution Recommendation (n 26), 10.
[126] Cf. Podszun (n 120), 10.
[127] Basedow (n 112), 6-7.
[128] Charter of Fundamental Rights of the European Union [2012] OJ C-326/02.
[129] See Case C-501/11 Schindler [2013] ECLI:EU:C:2013:522.
[130] Dimitrios Katsifis, ‘Ne bis in idem and the DMA: the CJEU’s judgments in bpost and Nordzucker – Part I’ (The Platform Law Blog, 28.03.2022) < https://theplatformlaw.blog/2022/03/28/ne-bis-in-idem-and-the-dma-the-cjeus-judgments-in-bpost-and-nordzucker-part-i/ >.
[131] Case C-117/20 bpost [2022] ECLI:EU:C:2022:202.
[132] Case C-151/20 Nordzucker [2022] ECLI:EU:C:2022:203.
[133] For example, this characterization is indicated in recital 10 DMA; see also Giorgio Monti, ‘The Digital Markets Act – Institutional Design and Suggestions for Improvement’ (2021), 14 < https://ssrn.com/abstract=3797730 >.
[134] Dimitrios Katsifis, ‘Ne bis in idem and the DMA: the CJEU’s judgments in bpost and Nordzucker – Part II’ (The Platform Law Blog, 29.03.2022) < https://theplatformlaw.blog/2022/03/29/ne-bis-in-idem-and-the-dma-the-cjeus-judgments-in-bpost-and-nordzucker-part-ii/ >.
[135] Basedow (n 112), 7.
[136] See for example Damien Geradin, ‘The leaked “final” version of the Digital Markets Act: A summary in ten points’ (The Platform Law Blog, 19.04.2022) < https://theplatformlaw.blog/2022/04/19/the-leaked-final-version-of-the-digital-markets-act-a-summary-in-ten-points/ >.
[137] EDPS, ‘Opinion 2/2021 on the digital markets act’ (10.02.2021), para 40.
[138] Ibid para 41.
[139] Thierry Breton, ‘Sneak peek: how the Commission will enforce the DSA & DMA’ (LinkedIn, 05.07.2022) < https://www.linkedin.com/pulse/sneak-peek-how-commission-enforce-dsa-dma-thierry-breton/ >.
[140] On the need for additional staff and expertise see an open letter signed by the Bureau Européen des Unions de Consommateurs (BEUC), the Federation of German Consumer Organisations and 16 others, ‘Resources to ensure effective enforcement of the Digital Markets Act’ (27.06.2022) < https://www.beuc.eu/sites/default/files/publications/beuc-x-2022-068_open_civil_society_letter_-_resources_to_ensure_effective_enforcement_of_the_dma.pdf >.
[141] Bundeskartellamt ‘Digital Markets Act: Perspektiven des (inter)nationalen Wettbewerbsrechts’ (07.10.2021), 37ff < https://www.bundeskartellamt.de/SharedDocs/Publikation/DE/Diskussions_Hintergrundpapier/AK_Kartellrecht_2021_Hintergrundpapier.html?nn=3590858 >.
[142] ECN, ‘Joint paper of the heads of the national competition authorities of the European Union: How national competition agencies can strengthen the DMA’ (22.06.2021) < https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiE-aa8ubT5AhWLr6QKHTtuA_AQFnoECAIQAQ&url=https%3A%2F%2Fec.europa.eu%2Fcompetition%2Fecn%2FDMA_joint_EU_NCAs_paper_21.06.2021.pdf&usg=AOvVaw3MLbJg3Pkf2GsQyRHNdkZs >.
[143] Alexandre de Streel and others, ‘Making the Digital Markets Act more resilient and effective’ (CERRE, 26.05.2022), 76 < https://cerre.eu/publications/european-parliament-digital-markets-act-dma-resilient-effective/ >; Geradin (n 136).
[144] Cf. de Streel (n 143), 75.
[145] Laura Kabelka, ‘Umsetzung des DMA könnte in Deutschland zu Rechtsunsicherheit führen’ (EURACTIV.de, 11.04.2022) < https://www.euractiv.de/section/innovation/news/umsetzung-des-dma-koennte-in-deutschland-zu-rechtsunsicherheit-fuehren/ >.
[146] Monti (n 133), 5, 17.
[147] Cf. Justus Haucap and Heike Schweitzer, ‘Revolutionen im deutschen und europäischen Wettbewerbsrecht’ (2021) WRP 2021 issue 7, I < https://www.ruw.de/suche/pdf/wrp/wrp-07-2021-i-efa3cbbb1e3235af4f1c66f46b97100d.pdf >.
[148] For additional arguments see Bundeskartellamt (n 141), ECN (n 142) with further references.
[149] While the recent CMA Market Study only covered digital platforms, the Taskforce Advice (n 85) in para 6 does not refer exclusively to platforms and therefore appears to propose the latter. This would considerably broaden the scope of applicability for the DMU powers since a rising number of businesses from different sectors is active in the digital markets. On this point, see Kiran Desai, ‘The CMA’s Report, Online Platforms and Digital Advertising, In Context’ (2020) CoRe 210, 213-215.
[150] Thomas Tombal, ‘Ensuring contestability and fairness in digital markets through regulation: a comparative analysis of the EU, UK and US approaches’ (2022), 32f < https://www.tandfonline.com/doi/full/10.1080/17441056.2022.2034331 >.
[151] Damien Geradin, ‘One needed area of improvement for the Digital Markets Act: The designation of gatekeepers’ (The Platform Law Blog, 10.01.2022) < https://theplatformlaw.blog/2022/01/10/one-needed-area-of-improvement-for-the-digital-markets-act-the-designation-of-gatekeepers/ >.
[152] Geradin (n 136).
[153] Christina Caffarra and Fiona Scott Morton, ‘The European Commission Digital Markets Act: A translation’ (Voxeu, 05.01.2021) < https://voxeu.org/article/european-commission-digital-markets-act-translation >.
[154] Irish Council for Civil Liberties, ‘Remarks by Johnny Ryan at the CRA “Disrupted Times” Conference in Brussels’ (ICCL, 04.04.2022) < https://www.iccl.ie/2022/remarks-by-johnny-ryan-at-the-cra-disrupted-times-conference-in-brussels/ >.
[155] Natasha Lomas, ‘EU’s new rules for Big Tech will come into force in Spring 2023, says Vestager’ (TechCrunch, 05.05.2022) < https://techcrunch.com/2022/05/05/digital-markets-act-enforcement-margrethe-vestager/ >.
[156] Bundeskartellamt, ‘First Proceeding Based on New Rules for Digital Companies – Bundeskartellamt also Assesses New Section 19a GWB in its Facebook/Oculus Case’ (28.01.2021) < www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/28_01_2021_Facebook_Oculus.html >.
[157] Bundeskartellamt, ‘Proceedings against Amazon based on new rules for large digital companies (Section 19a GWB)’ (18.05.2021) < www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/18_05_2021_Amazon_19a.html >.
[158] Bundeskartellamt, ‘Proceeding against Google based on new rules for large digital players (Section 19a GWB) – Bundeskartellamt examines Google's significance for competition across markets and its data processing terms’ (25.05.2021) < www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/25_05_2021_Google_19a.html >; Bundeskartellamt, ‘Bundeskartellamt examines Google News Showcase’ (04.06.2021) < www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/04_06_2021_Google_Showcase.html >.
[159] Bundeskartellamt, ‘Proceeding against Apple based on new rules for large digital companies (Section 19a(1) GWB) – Bundeskartellamt examines Apple’s significance for competition across markets’ (21.06.2021) < www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/21_06_2021_Apple.html >.