Minimizing Privacy Risks in Regulating Digital Platforms: Interoperability in the EU DMA

The EU Digital Markets Act purports to benefit consumers and improve the competitiveness of digital markets. It is likely to have negative and unaddressed consequences, however, in terms of information privacy and security. I illustrate this by focusing on the DMA’s interoperability mandates. Only one of those obligations—on the interoperability of messaging services — is accompanied by a potentially adequate safeguard: a requirement that any third-party service must offer at least the same level of user security as the original service. This is a very demanding standard, which may render the interoperability provision a dead letter for the foreseeable future, but which nonetheless offers welcome privacy benefits from the consumer perspective. The remaining obligations that I analyze are accompanied either by no safeguards, or by insufficient safeguards.

By Mikołaj Barczentewicz^[1]

I. INTRODUCTION

It is notoriously difficult to use the law to strengthen information privacy and security, even where that is the explicit goal of legislation. Thus, perhaps the least we should expect of the law is not to unintentionally weaken the level of privacy and security. Unfortunately, pursuing even seemingly unrelated policy aims may sometimes yield that negative effect. Here, I analyze some of the provisions included in the proposed EU Digital Markets Act (“DMA”).^[2] The DMA purports to benefit consumers and improve the competitiveness of digital markets. It is l