TikTok’s parent company, ByteDance, has not managed to suspend the effects of the European Commission’s designation decision (for comment on the designation decisions, see here). However, the appeal that ByteDance directed at the designation decision will be given the benefit of an expedited procedure. This is the first time that the General Court uttered a single word on the DMA’s application and enforcement, albeit in the phase of interim measures.
The President of the General Court’s order issued on 9 February 2024 (one month in advance of the deadline for compliance with the substantive obligations of the DMA in March) is relevant on two main fronts. Although ByteDance sought to suspend the effects of the obligations under Articles 5 and 6, the focus of this phase focused on the interpretation of Article 5(2) and Article 15 DMA. The European Commission produced interesting arguments to defend its position that illuminate the interpretation of the regulation from a broader perspective, that have advanced some of the most salient discussions that gatekeepers will engage with the public authority.
ByteDance’s arguments and the high threshold of the phase of interim measures
The acts adopted by the institutions of the European Union are presumed to be lawful. The European Commission’s designation decisions are not an exception to the general rule. Articles 278 and 279 TFEU enable a judge to hear an application for interim measures to order the suspension of the operation of an act that has been challenged before the General Court or prescribes any interim measure if a set of exceptional circumstances are met. These exceptional circumstances are given when the suspension of that act is justified, prima facie, in fact and in law, and that it is urgent to avoid serious and irreparable harm to the applicant’s interests before a decision is reached in the main action presented before the Court (para 9 of the Order).
ByteDance that the sense of urgency of the suspension of its designation decision was justified in light of the serious and irreparable damage that it would suffer as a consequence of having to comply with the substantive obligations of the DMA (inter alia, Articles 5, 6, 8, 11, 14 and 15) as from 6 March 2024 (para 15 of the Order). Even though ByteDance formulated the request with reference to all these provisions – including Article 8 of the DMA, which subjects gatekeepers to specification procedures of the obligations under Articles 6 and 7 – it set out its arguments only with regard to the obligations laid down in Articles 5(2) and 15 of the regulation.
On the side of the request for suspension of the mandates contained in Articles 5 and 6 DMA, it argued that the imminent application of both provisions would have prevented it from using its TikTok platform in the same way that it had done up until this moment. The platform requires an investment of a huge cost in a context characterised by incumbency advantages from which the competing platforms of large technology companies benefit to innovate and offer new features and products (see a fully-fledged development of the same argument in Kühn and Butkevičiūtė). Therefore, it will not be able to use, for example, TikTok’s data insights to offer new products and services to encourage its users to focus on its products and, on top of that, it will have to provide access to its service to all its competitors on equal terms. In particular, the restrictions introduced under Article 5(2) DMA may severely limit TikTok’s ability to rely on existing insights regarding its users (paras 36 and 37 of the Order).
When translated to the wording of interim measures, TikTok upheld that the application of the prohibition embedded in Article 5(2) DMA posed a significant (and potentially existential) risk for the platform’s business model as a whole, despite the fact that its particular impact could not be quantified. In a similar vein, the consent requirement established by the provision would reduce its sales forecasts in the EU because it would, at the very least, delay the development of new functionalities both in the platform and in the form of new digital services. Given that its only launchpad for its successful entry into the EU market is that of its end-user base and their data, the application of Article 5(2) would preclude TikTok from using the only avenue available to it to effectively compete in this emerging sector and would prevent the market from tipping (paras 38 to 41 of the Order).
On the part of the impact of the application of Article 15 DMA (i.e., the obligation to audit its consumer profiling techniques, see a review of the draft and final version of its regulatory templates), ByteDance was much more adamant in defending that an irreparable breach would be caused with respect to its confidential and proprietary information. In the gatekeeper’s own words, Article 15 DMA would require it to disclose detailed confidential information regarding its commercial strategy and to publish detailed information concerning the way in which it profiles its users, which would cause significant competitive harm to its business on two distinct fronts. First, the obligation would provide a competitive advantage to its non-gatekeeper competitors, which are not required to disclose similar information (para 17). Second, the obligation would enable its gatekeeper competitors to obtain insights into TikTok’s business strategies in a way that would significantly harm its business through the establishment of an unfair competitive advantage (para 18).
Against the background of the applicant’s arguments, the General Court did not produce any finding of its own, but it agreed in substance with the Commission’s counterarguments. The GC dismissed the request for interim measures because the applicant failed to prove the first condition relating to urgency had been satisfied (para 58).
The European Commission’s dispute of the applicant’s arguments
Since the General Court reproduced the European Commission’s arguments in disputing the applicant’s claim for interim relief, one would guess that the line of reasoning was, at least prima facie, made good by the Court. Bearing in mind the European Commission’s assertions, this finding is particularly relevant.
Article 15 of the DMA: ex-ante revision of the regulatory template
Regarding the interpretation of the gatekeeper’s obligations to audit its consumer profiling techniques, the European Commission did not expand the provision’s terms, as it did when it issued the regulatory template on the provision. On the contrary, it negated the validity of the same notions that it had upheld and introduced when designing the provision’s outlook. Let me clarify the counter-intuitive argument.
In principle, Article 15 DMA requires the gatekeeper to make publicly available an overview of the audited description of any techniques for the profiling of consumers that it applies across its services (Article 15(3) of the DMA).
When it issued its regulatory template, the European Commission expanded the contours of this obligation as a response to the necessary intervention of third parties in enforcing and future-proofing the regulation. The last version of the regulatory template for Article 15 DMA established that the non-confidential overview “should enable third parties to obtain an adequate understanding of those profiling techniques and, consequently, to provide meaningful input on them to the Commission. To this end, the overview should constitute a fair representation of the description, while allowing the gatekeeper, where appropriate, to summarise and omit information from the description, including in order to protect business secrets or information that is otherwise confidential”.
The non-confidential overview of the audited description was, therefore, enlarged as a consequence of the European Commission’s interpretation. Despite the safeguards established in the regulatory template, ByteDance’s claim was that the breach of confidentiality would arise in the context of this non-confidential overview. It is, thus, hardly comprehensible that the European Commission simultaneously upheld before the General Court that Article 15(1) DMA does not require any type of publication, and that it only requires that information be communicated to the Commission and, indirectly, to the European Data Protection Board (para 23 of the Order). The EC even established that the overview consists of the preparation of a “simple overview” which is less detailed and specific than the document it is supposed to summarise (para 26), without providing an adequate depiction of the obligation that it itself introduced through the regulatory template (i.e., the need that the overview provides a meaningful input and a fair representation of the description).
If one observes the European Commission’s intervention in isolation before the General Court, one will derive that it tempered down the interpretation of Article 15(3) DMA with detriment to the power of third parties to scrutinise the results and substantive obligations of gatekeepers that it expanded and drew into the regulatory template.
Article 5(2) DMA: not an obligation but a shield against the prohibition
Article 5(2) DMA is one of the most substantial obligations engrained into the DMA. If not the most substantial. This is the reason behind the fact that authors have highlighted both its positive and negative traits, see Botta and da Costa Leite Borges and my own paper on the problematic issues surrounding its application. ByteDance’s interpretation of the provision indicated nothing close to reality: it reversed the logic of Article 5(2) DMA and upheld that the obligatory nature of requiring end-user consent would undermine its business model. However, the institutional setting and design of the prohibition must be regarded in the complete reverse, as the European Commission rightly pointed out.
Article 5(2) DMA prohibits the processing, cross-using, and combination of personal data across core platform services. The provision, however, provides an open door for the gatekeepers to authorise that type of conduct, regardless of the explicit prohibition, by stating that they can seek effective consent in the sense of Articles 4(11) and 7 of the DMA, to override the prohibition (para 47 of the Order). It lies with the gatekeeper to decide whether it wishes to ask for the user’s consent so that it can continue to leverage personal data in this particular way, as Alphabet has already done in relation to its core platform services. Moreover, ByteDance cannot simply rely on the fact that its users will not provide their consent in the sense of Article 5(2) DMA to satisfy the extensive requirements established for interim relief. In the Commission’s own words, there is nothing preventing the gatekeeper from taking the appropriate measures to inform TikTok’s end users of the possible advantages that they might draw from the cross-use or combined use of their data (para 47). Likewise, it is not only the individualised force of Article 5(2) that may hinder TikTok from performing this cross-using and combining of personal data across its core platform services but also other regulatory constraints that may undermine its inability to use this data, notably EU data protection regulation (para 48).
To end with, from the procedural perspective, the European Commission also remarks on an aspect that may well be instrumental for the future resolution of the appeals against the rest of the designation decisions that both Apple and Meta have presented before the General Court. ByteDance’s request for interim relief could not have been accepted in any case with relation to the suspension of Article 5(2) DMA because the gatekeeper did not even attempt to submit a request for suspension under Article 9(1) of the DMA (para 57 of the Order). In other words, the gatekeepers are conditioned in the scope of the arguments that they may raise before the General Court to their previous action in the administrative procedure before the European Commission. In the absence of exhausting all the legal instruments at the gatekeeper’s disposal at the administrative level, the gatekeepers cannot simply allege any type of defence/attack against the European Commission if it does not bear coherent with their previous administrative enforcement strategy.
The doctrine of the exhaustion of administrative remedies, when opposed to Article 47 of the Charter, may apply as a precondition for bringing a legal action when it is justified only if it is provided for by law if it respects the essence of that right and is subject to the principle of proportionality (following Joined Cases C-439/14 and C-488/14, para 49). The first of these requirements is, however, not particularly clear in the context of the DMA, given that the regulation does not explicitly flesh out that the gatekeeper must exhaust available administrative action prior to seeking legal action before the EU courts.
Against the backdrop of the discussion between the European Commission and ByteDance, the General Court has not been as prone to accept the gatekeeper’s line of reasoning as it did when Amazon appealed its designation under the DSA (see here). The comparison of both scenarios may hint at the idea that the European Commission’s leeway in enforcement may be greater (and wider) when interpreting the DMA than other pieces of legislation approved under the Union’s all-encompassing digital strategy.
________________________
To make sure you do not miss out on regular updates from the Kluwer Competition Law Blog, please subscribe here.