EU reveals plans to protect whistleblowers from punishment in new legislation
Digital Markets Act aims to strengthen internal markets, prevent misuse of personal data, and impose massive fines on companies
The EU adopted a proposal on the Digital Markets Act (DMA) on Tuesday, part of which will protect whistleblowers from retaliation for alerting authorities to violations of new laws imposed on Big Tech companies.
The latest proposal on the DMA was accepted by an overwhelming majority of the Internal Market and Consumer Protection Committee and will introduce new rules for the biggest tech businesses, setting out what they will and will not be allowed to do in the EU.
Part of the latest DMA proposal stipulates that Internal Market MEPs should ensure adequate protections are afforded to whistleblowers at companies who fall under the DMA's remit and violate its rules.
Companies that will be bound by the DMA, should it be passed into law after consideration by the European Parliament, are known as 'gatekeepers'. A business qualifies as a gatekeeper if it operates in the European Economic Area (EEA), generates €8 billion (£6.7 billion) in annual turnover, and has a market capitalisation of at least €80 billion (£67 billion).
Gatekeepers will also have to operate a core platform in at least three EU countries and have at least 45 million end users, as well as more than 10,000 business users.
As part of the EU's so-called 'dos and don'ts', gatekeepers must "refrain from imposing unfair conditions on businesses and consumers". Lawmakers specifically identified data-driven profiling and targeted advertising as an area requiring change.
Content syndication isn't dead, but your data processes might be
It's a new (lead) generation
In line with GDPR, gatekeepers will be punished for collecting personal data for their own commercial purposes or to deliver targeted advertisements to consumers unless users give "clear, explicit, and renewed informed consent".
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Crucially, collecting and using the personal data of minors to drive direct marketing or targeted advertising strategies will be entirely forbidden, regardless of whether they have given consent.
Punishments for violating the rules as set out in the DMA, should they be adopted into law, will be in the form of fines of no less than 4% and no greater than 20% of the gatekeeper's global turnover.
“The EU stands for competition on the merits, but we do not want bigger companies getting bigger and bigger without getting any better and at the expense of consumers and the European economy," said Andreas Schwab, Rapporteur and German MEP for the European People's Party on Tuesday.
"Today, it is clear that competition rules alone cannot address all the problems we are facing with tech giants and their ability to set the rules by engaging in unfair business practices," he added. "The Digital Markets Act will rule out these practices, sending a strong signal to all consumers and businesses in the Single Market: rules are set by the co-legislators, not private companies!"
"With the Digital Markets Act, the EU is putting an end to the absolute market dominance of big online platforms in the EU," said Anna Cavazzini, Internal Market and Consumer Protection Committee chair and German MEP for Greens/EFA.
The DMA will also give new powers to the EU enabling it to effectively halt so-called 'killer acquisitions' initiated by gatekeepers. The European Commission will be able to restrict gatekeepers from making acquisitions that could damage the internal market and impose “structural or behavioural remedies” where gatekeepers have exhibited systematic non-compliance.
If the timescale across which GDPR was implemented in EU member states is anything to go by, the DMA will likely take a few years to be enacted into law, according to Usman Wahid, data, digital, and technology team lead at KPMG, and will require great effort on behalf gatekeepers to introduce.
"Complying with the proposed regulation will be a significant exercise for online platforms," he said. "The proposals will affect the business models, operating models, organisation and governance of most of the online platforms which are subject to the regulations.
"We believe online platforms should start their assessment by considering the structure of the proposed regulation and whether a precedent already exists within existing EU law.
Wahid added that the DMA has a similar legislative structure to existing competition laws and is "a good starting point with lessons learned applied to enhance the chances of success".
Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.