German FCO Suspects Apple App Ad Tracking Policies are Anticompetitive

Report from TechCrunch

In Brief – The Bundeskartellamt, Germany’s national competition authority, has announced that it suspects that Apple is not treating third-party app developers as equally as required under the special German antitrust regime established to regulate the largest digital platforms. In 2022, the Germany regulator began investigating 2021 changes Apple made to its iPhone operating system requiring third-party apps to get direct opt-in permission from users to track their online activity for the purpose of serving targeted ads as potentially being unfair to competitors. While Apple heralded their tracking policy as promoting user privacy, many app developers and competitors in the digital advertising business complained that Apple’s changes harm competition and unfairly benefit Apple’s own advertising business. After three years the German antitrust watchdog says that Apple’s policy raises several concerns, including that Apple applies rules to data processing for advertising by third-parties that do not apply to Apple’s own data practices involved in advertising, Apple applies more consecutive user consent boxes to third-party apps than to itself, and that Apple’s tracking consent dialogues are unequal, with the language for consent to Apple tracking designed to encourage users to accept while language for tracking by third-party apps steers users against acceptance. Similar EU member state antitrust investigations have also been initiated in Poland, France, and Italy.

Context – The German law allowing the FCO to regulate digital giants was a harbinger of the Digital Markets Act. Some German officials have questioned the DMA for being too limited in the types of conduct they can address. While there are seven DMA “gatekeepers”, only 24 of their designated “core platform services” are covered by the law. Germany’s Section 19(a) authority allows the FCO to regulate any service of the five designated digital giants. For example, the FCO used its authority to regulate Google’s auto services that are currently outside the scope of the DMA. Allegations that Microsoft uses Office 365 to benefit products like Teams and its cloud services are not in scope for the DMA, but they are for the FCO.

EU Online Disinformation Code is Being Formally Integrated Into the DSA

Report from EuroNews

In Brief – The European Commission has announced that the Code of Conduct on Disinformation will be formally integrated into the Digital Services Act (DSA) governance regime in July. The EU effort to promote best practices to limit disinformation began in 2018 with an initial voluntary Code of Practice that was then strengthened in 2022. The updated version being formally integrated into the DSA is signed by 42 entities including digital platforms, led by giants Google, Meta, Microsoft, and TikTok, participants from across the digital advertising ecosystem, fact-checkers, civil society organizations and researchers. It establishes commitments including cutting financial support for purveyors of disinformation, more effective labelling of political advertising, targeted policies to reduce manipulative behavior such as deceptive bots and fake accounts, and providing better tools to empower users, researchers, and the fact-checking community to identify disinformation. The disinformation code is the second to be recently set for DSA integration following the Code of Conduct on Countering Illegal Hate Speech.

Context – Codes of conduct play a formal role in the DSA process. Although they do not replace the requirements of the law, the DSA regulators will recognize that a signatory abiding by a code is an indicator of DSA compliance. They are also voluntary. With the Trump Administration harshly criticizing the EU for policing online content as disinformation that some conservatives argue is just ideological disagreement, and cancelling elections in Romania based on charges of deceptive content on TikTok, which top platforms sign on, how they claim to comply, and how they are judged, may become a very charged issue. Twitter was an initial signatory but pulled out following its acquisition by Elon Musk and the shift from formal fact checkers to Community Notes. X's efforts to contain disinformation is being investigated. Meta has signed the code but has announced its own plans to drop paid fact checkers and adopt community notes. Google also has signed the code but has reportedly notified the Commission that it would not be adopting fact checking in its search service or on YouTube.

The GDPR One Stop Shop Mechanism Suffers Big EU Court Setback

Report from Irish Legal News

In Brief – The EU’s General Court has sided with the European Data Protection Board (EDPB), made up of the EU’s national data protection authorities and the European Data Protection Supervisor, ruling that the collective can overrule a national privacy regulator on enforcement of the General Data Protection Regulation (GDPR). The case pitted the EDPB against the Irish Data Protection Commission (DPC), which is the lead supervisory authority under the GDPR’s “one-stop-shop” mechanism for companies based in Ireland, which includes many of the largest digital platforms. In a series of complaints against Facebook filed in 2018 by privacy advocates across Europe, the DPC arrived at decisions that privacy advocates, including many national authorities, criticized and challenged. The EDPB required the DPC to revise their decisions and impose tougher penalties. The Irish argued that the EDPB was overstepping its authority. The General Court, the EU’s second highest, has ruled that the EDPB’s interventions were consistent with its authority under the GDPR and struck a clear blow against the primacy of home state authorities.

Context – Meta has been mired for years in a quagmire involving European privacy advocates frustrated with the GDPR. The law's One-Stop-Shop regime that was billed originally as a business-friendly streamlining of regulatory compliance was a top target of critics. Privacy advocates vociferously complained that Ireland’s DPC was lax and slow. They pressed other member state privacy authorities to intervene and overrule the DPC via the EDPB. And they largely succeeded. The DPC has since taken more aggressive GDPR stances with digital giants. And the One-Stop-Shop mechanism was effectively jettisoned from subsequent EU digital regulation measures, including the DSA, the DMA, and the AI Act. The Commission is in the regulatory driver's seat for the biggest platforms. That said, regulatory overlaps, including involving the Commission’s digital regulators and the privacy regulators, continue to crop up, such as over Meta’s subscription plans and the regulation of AI providers.

Meta Further Opening FB Marketplace to Resolve EU Antitrust Complaint

Report from Bloomberg

In Brief – Meta has announced a further opening of its Facebook Marketplace to classified competitors, allowing classified ad firms in Europe to place their listings on Marketplace through the Facebook Marketplace Partner Program. The cost for these ads will be based on the number of times a user clicks on a button within the listing. The new program follows on a pilot with eBay. Meta’s moves to allow competitors onto its Marketplace platform came after a November decision of the European Commission to fine Meta 800 million euros for unfairly bundling Marketplace into Facebook’s huge social network and abusing its dominance in online advertising. Meta launched Facebook Marketplace in 2016 and quickly integrated it into its core social media platform. Marketplace has since grown into one of the top classifieds ads platforms in many markets, including in Europe. The Commission claimed that tying the Marketplace to Facebook gave the service an unfair advantage over other online classified platforms and consumer-to-consumer shopping competitors, and that Facebook also imposed unfair terms and conditions on those competing businesses when they advertised on Facebook, often requiring them to share user data that was then used to benefit Marketplace. Meta continues to object to the level of the fine and recently filed an appeal at the European General Court.

Context – Competition regulators for the European Union and UK initiated parallel investigations of the Facebook Marketplace in 2021. Meta reached a settlement with British competition regulators in 2023 by agreeing to allow classifieds and shopping services that advertise on Meta's social media platforms to opt out of data sharing that could be used to benefit Marketplace. European Commission regulators turned down a similar offer. In the EU, the Commission also now regulates Meta as a Digital Markets Act “gatekeeper” and its Marketplace as a “core platform service”, meaning that the company must comply with the law’s 18 requirements on Marketplace without specific antitrust enforcement action.