Private Enforcement of the EU Digital Markets Act: The way ahead after going live

1. Introduction

With the provisions of the Digital Markets Act1Regulation (EU) 2022/1925 of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828. (‘DMA’, ‘Regulation’) going into effect as of 2 May 2023, the European Union has introduced its ex-ante instrument to regulate the digital markets.2See the timeline for the DMA provisions: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_6423. This innovative body of rules targets large digital platforms which provide ‘core platform services’ and qualify as ‘gatekeepers’.3Article 2(1) of the DMA. Such online platforms provide an important gateway between business users and consumers; their position can grant them the power to act as a private rule maker, thereby creating a bottleneck for the digital economy. Although EU competition law was considered insufficient to ensure contestability and fairness in the digital markets, the DMA is widely inspired by it. Gatekeepers are designated as such based on a number of criteria (e.g., significant impact on internal market, core platform services with an important gateway position, entrenched and durable position) and the reaching of thresholds. Within six months of such a designation, gatekeepers must ensure compliance with a list of obligations and prohibitions as defined by Articles 5, 6, and 7 of the Regulation.

Although the European Commission expects that the DMA will also be enforced through businesses’ and consumers’ private actions, there exists no harmonisation act for corresponding damage claims similar to the EU Antitrust Damage Directive (‘Damages Directive’).4Directive (EU) 2014/104 of 26 November 2014 on certain rules governing actions for damages under national law for infringements of the competition law provisions of the Member States and of the European Union. The present article focuses on the likelihood of private enforcement of the DMA (2), analyses its rules regarding private actions (3), identifies principles known from EU competition law which might apply as well to the private enforcement of the DMA (4), takes into account German draft rules recently issued in this respect (5), and gives a final outlook (6).

2. Likelihood of businesses’ and end users’ legal actions

Under the DMA, the Commission has the exclusive power to designate core platform providers as gatekeepers. It is considered the ‘sole enforcer of the Regulation’ (Article 38(7)) and has been entrusted with similar powers as in the competition field. The Commission can carry out inspections, send requests for information, impose interim measures, and impose fines. Furthermore, the DMA sets forth provisions on cooperation between the Commission and national courts. Indeed, given the purpose of the DMA ‘to ensure contestability and fairness for the markets in the digital sector in general, and for business users and end users of core platform services provided by gatekeepers’ (Recital 7), it seems likely that businesses and consumers affected by infringements of the Regulation will pursue potential claims. Although protecting digital markets from bottlenecks and foreclosures has been central for the DMA, it is clear from the wording of the obligations in Articles 5, 6, and 7 that the Regulation protects the interests of the gatekeepers’ potential victims.

The material rules are to some extent modelled after recent competition cases, such as the Amazon Marketplace case and the Apple App Store case. In this view, Article 5(3) of the DMA prohibits gatekeepers from ‘prevent[ing] business users from offering the same products or services to end users through third-party online intermediation services’ at more attractive prices or conditions. Pursuant to Article 5(4), gatekeepers have to ‘allow business users, free of charge, to communicate and promote offers, including under different conditions, to end consumers acquired via its core platform service […] regardless of whether, for that purpose, they use the core platform services of the gatekeeper.’ Similarly, the prohibition in Article 6(5) of the DMA reminds one of the Commission’s approach adopted in the Google Shopping case, as gatekeepers shall ‘not treat favourably, in ranking and related indexing and crawling, services and products offered by the gatekeeper itself than similar services or products of a third party. The gatekeeper shall apply transparent, fair and non-discriminatory conditions to such ranking.’

As far as the DMA’s provisions are sufficiently precise and unconditional, they create individual rights and, thus, can be considered to have direct effect under Article 288 TFEU.5See CJEU, C-43/71, para. 9 – Politi/Italian Ministry of Finance; C-26/62, p. 16, rule 1 – Van Gend & Loos. As such, they may be directly relied upon by affected business users and end users of core platform services against infringing gatekeepers before the national courts.6A. Komninos, The Digital Markets Act and Private Enforcement: Proposals for an Optimal System of Enforcement, in: Eleanor M. Fox Liber Amicorum (ed. N. Charbit and S. Gachot), 2021, p. 427; available at: https://awards.concurrences.com/en/awards/2022/academic-articles/the-digital-markets-act-and-private-enforcement-proposals-for-an-optimal-system-3007. In fact, the Regulation requires gatekeepers to provide access and use options for business users. Furthermore, specific obligations concern the use of data received and the structure of service contracts between gatekeepers and business users. Article 39 suggests that business users or end users will be empowered to submit claims at any stage, without prior intervention of the Commission. Thus, as in other fields of EU law, the national courts are entrusted with the effective protection of individual rights under the DMA via actions for injunctive relief and damage actions.

In the legislative process, the governments of France, Germany, and the Netherlands (‘Friends of an effective DMA’) issued a joint statement and welcomed the Commission’s proposal for the Regulation. Regarding private enforcement, they recalled that ‘[p]rivate enforcement would further increase the effectiveness of the DMA. Therefore, it must be clarified that private enforcement of the gatekeeper obligations is legally possible.’7Joint Statement ‘Strengthening the Digital Markets Act and Its Enforcement’, 2021, available at: www.permanentrepresentations.nl/documents/publications/2021/05/27/strengthening-the-digital-markets-act-and-its-enforcement.

3. Private enforcement provisions of the DMA

Against this background, it is surprising that the DMA itself does not contain an explicit reference to private enforcement. Notably, it does not include a provision on the compensation for damages caused by an infringement of the DMA, unlike Article 54 of the parallel EU Digital Services Act8See Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC (Digital Services Act). which confirms that ‘[r]ecipients of the service shall have the right to seek […] compensation from providers of intermediary services, in respect of any damage or loss suffered due to an infringement by those providers of their obligations under this Regulation.’

However, it becomes clear from the Regulation that its effectiveness implicitly relies on private enforcement activities by, for example, business users and end users. The final DMA sets forth at least some provisions regarding the contribution of private actors to the enforcement of gatekeepers’ obligations. Firstly, Article 27 provides for the possibility of any third party to inform the competent national authority or the Commission of any gatekeeper practice or behaviour falling within the scope of the DMA.

Secondly, according to Article 39(1) of the DMA, national courts may ask the Commission to transmit to them ‘information in its possession or its opinion on questions concerning the application of this Regulation’. The provision resembles Article 15 of Regulation 1/2003 regarding the implementation of Articles 101 and 102 of TFEU and only makes sense if the court adjudicates on private actions. In addition, Article 39(2) requires the Member States to forward to the Commission a copy of any judgement rendered in this respect, while (5) stipulates that national courts ‘shall not give a decision which runs counter to a decision adopted by the Commission’ under the DMA. Thus, the provision in conjunction with Recital 92 establishes a mechanism of cooperation between the Commission and national courts that is highly similar to their cooperation in competition cases.

Thirdly, in view of facilitating private actions for damages following from non-compliance with DMA obligations, Article 42 extends the applicability of Directive (EU) 2020/1828 to ‘representative actions brought against infringements by gatekeepers’ of provisions of the DMA ‘that harm or may harm the collective interests of consumers’. Following the same line, Article 43 clarifies that Directive (EU) 2019/1937 shall apply to the reporting of all breaches of the DMA and the protection of whistle-blowers.

4. Inspiration from private enforcement of EU competition law

Although private actions under the DMA are possible and expected (e.g., injunctive relief or damages), their legal framework has to be assessed. This applies in particular to actions for damages as potentially caused by an infringement of Article 5 or 6 of the DMA, as the Commission has not introduced a DMA-specific harmonisation instrument like the Damages Directive. In the past, the focus has been on competition damages cases, yet private enforcement has also played an important role for bringing infringements to an end (i.e., through injunctions), especially for Article 102 of TFEU cases and presumably future cases under the DMA.

European Union and national law

The DMA’s lack of provisions on actions brought by business users, end users, or even competitors of infringing gatekeepers of core platform services does not mean that there is a lack of applicable rules. The situation resembles that of competition law under the pre-Damage Directive law at the time. Given that the DMA is directly applicable EU law, its general principles apply, as was the case in EU competition law and recently under the EU General Data Protection Regulation9Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data, repealing Directive 95/46/EC.: it is settled case-law of the Court of Justice of the EU that, in the absence of EU rules, the national legal order of each Member State is to establish rules for actions intended to safeguard the rights of individuals (principle of procedural autonomy). However, those rules shall not be less favourable than those governing similar domestic cases (principle of equivalence) and shall not make it excessively difficult or impossible to exercise the rights under EU law (principle of effectiveness).10CJEU, judgement of 20 September 2001, C-453/99, par. 29 – Courage (competition law); and judgement of 4 May 2023, C-300/21 – UI/ Österreichische Post, para. 53 (data protection law).

Against the background that the provisions of the DMA are widely inspired by competition law, the case law of the CJEU regarding the private enforcement of EU competition law might as well provide lessons. In addition, as key material provisions of the Damages Directive can be considered as a de facto codification of the case law of the CJEU, fundamental principles of the Directive might also be applicable to infringements of the DMA. In contrast, not all procedural rules seem to be transposable to the DMA which, as a sector regulation, would need its own rules.11R. Podszun, Private enforcement and platform regulation: Two GAFA cases – and what they tell us about the Digital Markets Act, June 2021, available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3862497.

Right to full compensation

For instance, the right to full compensation of any party that has suffered a damage caused by an infringement of the gatekeepers’ obligations under, for example, Article 5 or 6 of the DMA, such as business users or end users of core platform services, might apply. As the CJEU confirmed, full compensation for damages caused by non-compliance with EU law is complementary to fines imposed by the Commission. Thus, in addition to its compensation function, the right to full compensation has a deterrent effect, as it would reduce incentives for gatekeepers to non-comply and serve to avoid potential infringements of the DMA.

Joint and several liability

Equally, the principle according to which several entities and persons participating in the infringement are jointly and severally liable might apply to the DMA. Article 2(1) of the DMA defines the gatekeeper as ‘an undertaking providing core platform services, designated pursuant to Article 3’ by the Commission. The notion of undertaking is defined in (27) as ‘an entity engaged in an economic activity […], including all linked enterprises or connected undertakings that form a group through the direct or indirect control of an enterprise or undertaking by another’. Such a definition echoes competition law and its interpretation by the CJEU. This could mean that all entities and persons concerned are jointly and severally liable in a similar way, though liability under the DMA will have to take into account the specific features of each gatekeeper.

Quantification and estimation of harm

Similarly, the intrinsic characteristics of the digital markets and the broad range of platform-related practices that the DMA targets or prohibits make the quantification of harm challenging. The damage depends on the concrete DMA infringement, its scope, duration and impact. Some difficulties resemble those of quantifying damages caused by certain forms of exclusionary or exploitative conduct in Article 102 of TFEU cases (e.g., loss of profit). Other challenges exist in cases where specific data-related obligations and prohibitions are infringed. In the event, for example, of an infringement of Article 5(2) of the DMA, an economically valid method to attach a monetary value to abusive conduct relating to personal data (e.g., non-consensual combination) would be needed. These challenges show that, under the DMA as well, national courts must be empowered to estimate damages, provided there are sufficient facts serving as the basis for such an estimation.

Follow-on and stand-alone actions

As known from the private enforcement of EU competition law, both follow-on and stand-alone actions are possible in relation to (alleged) infringements of the DMA. Follow-on actions can rely on the binding effect of Commission decisions finding an infringement of the DMA pursuant to Article 39(5). However, follow-on actions cannot be expected soon, as specifically the obligations of the DMA will only apply starting in March 2024.

In turn, in the aftermath of (binding) designations of gatekeepers, stand-alone actions intended to enforce obligations and prohibitions under the DMA might be seen earlier (e.g., for injunctive relief). With regard to stand-alone actions, it remains to be seen whether Article 8(1) of the DMA potentially leads to a shift in the burden of proof, as it requires gatekeepers to ‘ensure and demonstrate compliance with the obligations laid down in Articles 5, 6 and 7’ of the DMA.

5. German draft rules for the private enforcement of the DMA

On 5 April 2023, the German government formally adopted a draft amendment of the German Competition Act (‘Draft-GWB’) which makes proposals for the private enforcement of the DMA.12See https://www.bmwk.de/Redaktion/DE/Pressemitteilungen/2023/04/20230405-bundeskabinett-beschliesst-verschaerfung-des-gesetzes-gegen-wettbewerbsbeschraenkungen.html. The draft is now subject to the legislative process. It could rely on the already existing section 19a of the GWB, which is similar to the DMA, by imposing certain obligations on large online platforms. Indeed, Germany can be seen as a frontrunner in this field.13See e.g. https://www.nortonrosefulbright.com/en/knowledge/publications/41cb9705/private-enforcement-of-the-digital-markets-act-germany-as-a-frontrunner. It handles the private enforcement of the DMA expressly in parallel to the private enforcement of the competition rules.

Some key aspects of the proposal can be summarized as follows:

Claims for injunction, rectification, and damages

The provision containing the legal basis for claims for injunctive relief, rectification, and damages for infringements of competition law would be extended to infringements of Articles 5, 6, and 7 of the DMA (sections 33 and, by reference, 33a of the Draft-GWB).

Disclosure

Similarly, the provision on disclosure would also be applicable to damage actions for infringement of the DMA (section 33g of the Draft-GWB). Therefore, both claimants and gatekeepers could require the other party to disclose the relevant information necessary to file a damage action or defend against one.

Statute of limitations

The limitation provision in section 33h of the Draft-GWB would apply as well to claims for injunctions, rectifications, and damages regarding infringements of Articles 5, 6, and 7 of the DMA. This means that they have to be made within five years (based on knowledge) or ten years (regardless of knowledge) from the end of the infringement.

6. Outlook

Although the Commission is considered the ‘sole enforcer’ of the DMA and the Regulation itself – contrary to the parallel EU Digital Services Act – does not contain an explicit reference to private enforcement, it is expected that private enforcement will develop as an important pillar of the overall DMA enforcement. The effectiveness of the DMA, beyond the centralised model of public enforcement, even requires a decentralised model of private enforcement. Given the innovative and specific character of the obligations imposed on large digital platforms which provide core platform services and qualify as gatekeepers, many aspects of private actions are far from clear. In any event, not only are the provisions of the DMA inspired by competition cases, but their private enforcement can also take inspiration from competition law. At least the core principles as formulated by the CJEU and as set out in the Damages Directive seem to be applicable as well to infringements of the DMA.

It remains to be seen whether the Commission will one day introduce an instrument similar to the Damage Directive that complements the DMA. Until then, it is for the Member States to establish the rules for actions intended to safeguard individual rights (e.g., of business users and end users). The recent draft German rules on the private enforcement of the DMA, handled in parallel with the private enforcement of the competition law, indicates the Member States’ clear intention to facilitate actions for injunctive relief or damages against gatekeepers. To avoid any fragmentation across the EU, the cooperation mechanism set up under Article 39 of the DMA will be important, particularly in terms of the Commission submitting written and oral observations in procedures before national courts. In addition, national courts are expected to clarify questions under the DMA via requests for a preliminary ruling by the CJEU pursuant to Article 267 of TFEU.

By Giulia Rurali, Martin Seegers

Vous pourriez être intéressé par ...