Blog Martijn Snoep: Navigating the Online Platform Regulatory Revolution: Charting a New Course for Regulators
Online platforms are influential digital ecosystems that facilitate interaction and value exchange among users. They leverage network effects and economies of scale to drive their innovative business models, which benefit many of us. However, some of these online platforms also present systemic risks to a fair, open, and transparent digital economy, and perhaps even more important, to the integrity of our open and democratic societies. This is the result of these platforms’ roles as gatekeepers to markets and innovation, hoarders of vast amounts of personal data, enablers of algorithmic discrimination and conduits for the spread of misinformation and hate speech. It is therefore a welcome development that online platforms become subject to a wave of new EU regulations that will permanently regulate at least the biggest online platforms. This will be a not to be underestimated sea change for the culture and self-image for those platforms who rose from start-up to online behemoth in a digital near Wild West.
But this development will also require a significant transition for the various government agencies involved in the enforcement of these regulations. Many of them will need to migrate from traditional one-off enforcement actions to building long-term regulatory relationships, comparable to those between financial institutions and their own regulators. To add to this challenge, a plethora of enforcement agencies across the EU will be involved in regulating online platforms, and these agencies are all used to look at the world through one specific lens. Ignoring for the moment that also in countries outside the EU digital regulation and enforcement is being rolled-out or contemplated. To ensure legal certainty and a level playing field within at least the EU and to preserve the benefits these platforms also bring, having an EU-wide coordinated enforcement strategy will be key. In conclusion, those that are to be regulated as well as the regulators are only standing at the beginning of what can be called, without too much exaggeration, an ‘online platform regulatory revolution’.
New impactful regulations: the start of an online platform regulatory revolution
First, let’s take stock of the most impactful new regulations and their enforcers, while not forgetting that general competition, consumer protection, privacy and media laws will continue to apply to platforms as well. The Platform-to-Business (P2B) Regulation, effective since July 2020, applies to various online platforms. It promotes transparency and bans unfair business practices. Public enforcement is optional for EU member states. If a member state decides to enforce the regulation, a designated national enforcer would be responsible for ensuring compliance.
The Digital Services Act (DSA) provides a broader framework for online platform user protection, safety, and accountability across services. Enforcement will be carried out by national enforcers and the European Commission. A variety of national enforcers will handle cases involving smaller platforms or more local issues, while the European Commission will handle cases involving the very large platforms with cross-border implications.
The Digital Markets Act (DMA) targets only the very large platforms that qualify as ‘gatekeepers’ and aims to promote fairness and access to markets by imposing specific rules and obligations. The European Commission has exclusive competence to enforce the DMA but can be assisted by designated national enforcers, typically the national competition authorities.
While not specifically aimed at online platforms, the Data Governance Act (DGA) and the Data Act (DA) create a secure, trustworthy, and fair environment for data sharing and data use, impacting online platforms by setting rules and guidelines for data management, access, and sharing. These acts promote, for example data sharing, interoperability, data protection, and data sovereignty. Public enforcement is done at the national level.
Lastly, the draft Artificial Intelligence (AI) Act aims to establish a legal framework for AI technologies also used by online platforms, ensuring trustworthiness, transparency, and accountability. Online platforms will most likely have to deal with national enforcers.
The case for coordinated enforcement
As one can see, these new regulations support a wide variety of related, but sometimes also conflicting goals and will involve an equally wide variety of regulators with different focuses, backgrounds, and lenses through which they will look at the same behavior of online platforms. In addition, some prohibitions in regulations with one particular goal also refer to compliance with prohibitions in other regulations with a different goal, and those will most likely be enforced by a different regulator. Such cross-references make sense but require alignment between the regulators involved. This all adds to the need for an EU-wide coordinated enforcement strategy, which, in such a complex situation, starts with an aligned vision on enforcement.
The ultimate goal of public enforcement is, contrary to popular belief, not imposing fines but ensuring compliance. Fines are an essential part of the regulators’ toolbox but the box should also contain market studies, the provision of guidance, monitoring compliance, accepting remedies in case of inadvertent non-compliance, and publicly demanding sector-wide corrective measures. Different from traditional one-off enforcement, where a company is hit with a fine for a violation and the enforcer moves on to the next perpetrator, the new digital regulations require new enforcement strategies focused on achieving compliance by the regulated online platforms. At the same time, there is no room to invent new ways of working before getting started. So it will be learning by doing, though not by “moving fast and breaking things”.
The 3 key directions for the development of these new ways of working are:
- Focus on effective rather than legal compliance: Regulators should aim high. Their efforts should be geared towards effective compliance, which aims to create not only formalistic compliance with the rules but also a more comprehensive and proactive compliance culture within the sector. Effective compliance does not only ensure organizations are legally compliant. It also checks whether the potentially conflicting underlying goals of the regulations are achieved in practice. Moreover, effective compliance promotes compliance-by-design and compliance when adopting new technologies that do not neatly fit the current regulatory framework. Key to effective compliance is a continuous regulatory relationship between dedicated joint teams of regulators and the regulated companies where dilemmas are shared without automatic legal grandstanding by either side. This requires regular engagement with in-house compliance officers in an account-management setting and rotation schemes on the side of the regulator to avoid regulatory capture and – the opposite – regulatory discord. Instruments to achieve effective compliance include guidelines and other soft law instruments that are updated regularly based on new insights and developments, taking into account prohibited behavior as well as the creation of safe harbors. Other instruments are market studies to review the effectiveness of compliance in light of the regulations’ goals and behavioral studies of compliance cultures within companies or sectors.
- Mitigate information and resource asymmetry: In the area of online platforms, the information and resource asymmetry between the biggest online platforms and the regulators is huge. No one regulator is able to fulfil the task of ensuring even legal compliance, let alone effective compliance. Cooperation among regulators is a requirement but not a solution. Information and resource asymmetry can only be mitigated by also involving outside experts, complainants, civil society and the proverbial wisdom of the crowd through open and transparent processes. The solution lies in activating this wisdom of the crowd when it comes to drafting guidelines, conducting market studies, enforcement prioritization, identifying non-compliance, remedy design, and dispute settlement. The same wisdom must be followed in the development and use of new AI and data management tools necessary for monitoring compliance and the handling of complaints.
- Ensure cross-regulator cooperation: It is likely that most EU member states will not opt for setting up one regulator to enforce all the new laws applying to online platforms. That means that extensive cooperation between different national regulators in the area of competition, consumer protection, telecom, security, data protection, media, and finance is required. Both at the national level and at the EU level with the different directorates-general involved. In order to avoid turf wars, enforcement gaps and forum shopping, regulators, must do their utmost to create a collegial culture that respects differences in background, size and focus, and where knowledge, experience and successes are shared actively and instantaneously. The Digital Regulation Cooperation Platform set up in the Netherlands, inspired by a UK example, by the Netherlands Authority for Consumers and Markets (ACM), responsible for competition, consumer protection and telecom, together with the data protection authority, the financial conduct authority and the media regulator can be seen as a first step in this direction. The platform will have two separate chambers, one for DSA and one for AI Act coordination to which also other authorities will be invited. Also, the way the Commission and national consumer protection authorities work together in the Consumer Protection Cooperation (CPC) network may provide inspiration on how to coordinate enforcement efforts across jurisdictions. Furthermore, the Joint Supervisory Teams, one of the main forms of cooperation between the European Central Bank and national banking supervisors, inspires cooperation between the Commission and national regulators under the DMA. Probably the biggest challenge will be to cooperate and bring everyone together across digital regulation silos that the different laws are likely to create. But such cooperation will be vital.
In conclusion, a regulatory revolution has been initiated as a result of the wave of EU regulations for online platforms. Where successfully complied with and enforced, these regulations will reshape online-platform ecosystems and pave the way for a fairer, more open and transparent digital economy. The impact will be much wider than that, though. What is at stake here is not only the digital economy, but the integrity of our open and democratic societies.