EU's Big Tech overhaul laws will be nigh impossible to enforce

The Digital Markets Act and the Digital Services Act will together change Big Tech oversight for the better — if the EU can implement them efficiently.

CEO of Alphabet and Google Sundar Pichai joint press conference with Polish Prime Minister Mateusz M...
NurPhoto/NurPhoto/Getty Images

The European Union today passed a pair of landmark Big Tech oversight laws that will together severely limit the powers of the world’s largest technology companies. Each carries harsh penalties for offenders, though actually catching those offenders in the act will be much, much easier said than done.

The laws work in tandem, with each seeking to provide specific protections for consumers and other companies. The Digital Markets Act (DMA) is all about reining in Big Tech companies and ensuring they don’t abuse their power; walled garden services like Apple’s iMessage will find themselves in the DMA’s crosshairs. The Digital Services Act (DSA), meanwhile, sets out rules for the handling of sensitive information, like location data sold to ad tech firms.

Both the DMA and the DSA have been moving through the European Parliament for years. Now that they’ve passed, you can bet the rest of the world will be watching their fallout.

DMA vs. DSA — Though they police similar companies, the DMA and the DSA are separate laws, each with its own rules and punishments.

The Digital Markets Act is directed specifically at corporations the European Parliament designates as “gatekeepers” of the tech industry — those with annual turnovers of at least 7.5 billion euros (about $8.25 billion). A big focus of the DMA is interoperability, meaning services like iMessage and Apple Pay will need to play nice with similar services offered by Google and other competitors. Self-preferencing is explicitly prohibited by the DMA, too.

The Digital Services Act is more about how tech companies — all of them — handle user data. They’ll need to be much more open with their algorithms, for one thing, especially in relation to moderation. The DSA also sets up a framework to protect user data from the targeted ad industry. Larger platforms will face more scrutiny here; those with 45 million or more monthly active users will actually be subject to independent audits.

Enforcement learning curve — The EU has set up some pretty severe punishments for violating these new laws. A Big Tech company can be fined 10 percent of its annual turnover for breaching the DMA, with repeat fines moving up to 20 percent. The DSA brings with it fines of up to 6 percent of annual turnover.

But the thing about punishing Big Tech is that it’s, well, big. Very, very big, to such an extent that the actuality of keeping it managed is, in general, nigh impossible. The European Commission will do most of the enforcement itself here, and it will set up a number of new teams to do so. The Commission is planning to hire more experts in the next few years to cover enforcement.

Both laws will go into effect beginning in 2023, with some of the DSA’s provisions starting even later. We’ll be waiting with the popcorn to watch them play out.