The Digital Markets Act (DMA)’s provisions started to apply on 2 May 2023. Since then, undertakings have been forced to check whether they met the quantitative thresholds. If that was the case, the DMA compelled them to notify their potential gatekeeper status to the European Commission. The first wave of designation decisions relating to six gatekeepers and twenty-two core platform services (CPSs) took place in September 2023.
However, a few undertakings met the thresholds in 2024 (i.e., considering years 2021, 2022 and 2023), namely Booking.com’s intermediation service and X’s social networking service. In May 2024, Booking.com became the seventh gatekeeper, and its compliance deadline was set for 14th November. Following its tradition of reaching out to stakeholders, the European Commission held its seventh compliance workshop to provide the opportunity for the gatekeeper to explain its technical solutions for compliance. I already covered previous compliance workshops (e.g., Apple, Meta and ByteDance) under The Power of No Series. Today’s the turn of Booking.com.
At face value, Booking.com’s compliance strategy did not seem especially targeted at providing more information to stakeholders at the compliance workshop. Instead, the discussion revolved around its legal representatives constantly defending the same solutions it had already put forward in its non-confidential summary of the compliance report.
Parity clauses, again (weren’t those inapplicable?)
According to Booking.com, it basically removed and/or waived all parity requirements applicable to EEA-based travel offerings. Its business users no longer have to provide the same or better rates and conditions to the platform for their EEA inventory than those that they make available on any other OTA or on their own offline channel. In other words, all narrow and wide parity clauses have been (finally!) removed from all standard and negotiated agreements touching upon European business users (i.e., hotels), following the mandate of Article 5(3) DMA. Aside from the Member States where it had eliminated the wide parity clauses due to national regulations (Belgium, France, Italy, Portugal, Austria and Germany), the elimination of those clauses applies now to all 27 Member States (including EEA countries). In practice, the gatekeeper explained, that meant amending five of its standard agreements with partners and issuing more than 70 waivers regarding its negotiated agreements. The platform communicated such changes as early as June 2024 to all partners e. The elimination of the parity clauses came into effect for both new business users joining the platforms and existing partners on 2 December 2024. Booking.com still does not comply with the obligation to this day.
Stakeholders repeatedly questioned the gatekeeper on whether the removal of those parity clauses would also impact the hotel’s ranking on the platform. The platform holder confirmed that the ranking does not take prices outside of the Booking.com platform into account.
Furthermore, Booking.com offers three Premium Programmes (Genius, Preferred and Preferred Plus) to its business users to enhance their visibility on the platform. Although the gatekeeper did not consider it was required to do so, Booking.com removed parity as an eligibility requirement to take part in its Premium Programmes, out of precaution.
Finally, the point that brought the most controversy vis-à-vis stakeholders was that of determining what ‘measures with equivalent effect’ to these parity clauses meant in the context of the DMA. Recital 39 recognises that such measures should also be eliminated by the gatekeeper given that they equally contribute to limiting the business users’ choice to differentiate its commercial conditions. The DMA provides a few examples, such as imposing an increased commission rate or the de-listing of business users’ offers. According to Booking, none other of its business practices meet the requirement of such measures bearing an equivalent effect, given that the platform does not impose any other type of conduct upon the business users.
Stakeholders strongly disagreed with such a characterisation, insofar as they questioned whether such measures with equivalent effect could be told apart from the fact that Booking.com imposed them on the business users. For instance, their price-quality score or the application of the Booking Sponsored Benefit (BSB), which entails that the platform reduces the end users’ price unilaterally without reducing the business user’s margins. To those calls, Booking reiterated that none of them qualified as measures with an equivalent effect to parity, since they were not required to participate on the platform, either because they were voluntary or because they were unilaterally imposed by the platform. Since some national competition authorities (NCAs) took issue with those measures prior to the DMA’s application, the platform’s interpretation of the regulation does not seem so straightforward. For instance, the Spanish competition authority recently considered BSB’s features in the context of Article 102 TFEU. The NCA uncovered the fact that the platform applies BSB at its own discretion, but it does so with reference to prices placed outside of the platform. If Booking finds that the price offered by the hotel is not competitive vis-à-vis other OTAs, then it is more incentivised to operate the cut to the price on its own platform. It is, therefore, difficult to square the circle of how the application of BSB does not impinge on an equivalent effect to parity.
Moreover, as some stakeholders pointed out, BSB is not widely applied to all hotels and properties available on the platform. In fact, it is only tied to those business users who have opted into Payments by Booking. Simply put, if those business users agree to their payments being processed by the platform, then Booking may decide on its own accord to make their prices more competitive vis-à-vis the rest of similar travel-based offerings. This interpretation of the DMA, framed in these terms, does not only question the gatekeeper’s compliance with Article 5(3) but also with Article 5(7), according to those same stakeholders. On that point, the gatekeeper later argued that it already complies with Article 5(7) to the extent that the provision does not compel it to offer alternative and additional payment services on its own CPS. The provision is particularly aimed at those scenarios of app stores tying their own billing systems for in-app transactions and, thus, fall outside of the scope of the gatekeeper’s activities, its legal representatives set forth.
Despite the back-and-forth between the gatekeeper and the concerned stakeholders (including hotel associations from different Member States), Booking.com did not cave at any given point and maintained that its interpretation of the DMA was correct and in line with the standard of effective enforcement enshrined in Article 8(1). As always, the European Commission will be the judge of that.
Anti-steering clauses: get ahold of the end user’s email address
A similar story can be told about Booking.com’s interpretation of its compliance with Article 5(4) DMA. The provision compels gatekeepers to enable business users to communicate with end users for the particular purpose of directing promotional offers and concluding contracts with them, via its own CPS or through other channels. In this instance, the gatekeeper did not put forward its technical implementation with the provision. Rather, it explained how and why it already complies with the provision and how the terms presented under the obligation meet its current business conduct.
According to Booking.com, Recital 40 provides for the possibility of the gatekeeper’s remuneration even if it must allow such communications to take place with the business users. To ensure such remuneration takes place, the gatekeeper interprets that it lies at the core of the commercial relationship’s existence when the traveller makes a reservation with a hotel on the platform. At that moment, it is not compelled to share any information with the business user which is not directly related to catering the service. In particular, hotels receive the end user’s name, phone number and address, but not their email. This is the case because the gatekeeper interprets that the traveller is not ‘acquired’ in the sense of Article 5(4) until Booking is directly remunerated by the business user for facilitating this relationship. As it were, the hotel cannot exercise the possibilities opened by Article 5(4) until the end user arrives at the accommodation’s check-in. Even in that case, the business user is free to ask for any details from the guest, but it cannot use any of the platform’s services (as provided by the mandate) to that effect. The exchange of information and communication of promotional offers can only take place face-to-face (in the real world, so to speak).
Bottom line: an end user’s email address will not be available to the business user until the end user arrives at the accommodation’s check-in. Stakeholders criticised such a compliance strategy because there is no reasonable justification for Booking.com to take hold of the end user’s email address. In fact, some stakeholders even took the point further and argued that even if the gatekeeper refuses to share the end user’s email address, it should make a proactive effort to share those details once it considers the end user is ‘acquired’ in the sense of Article 5(4) DMA. In terms of efficiency and for the sake of the traveller’s commodity, it would make sense to ask for their email once and not twice due to the gatekeeper’s restrictions. Booking.com denied that it was compelled to satisfy the stakeholder’s demands under the regulation’s provision.
As one of the contributors pointed out in the conversation, it does not make much sense for Booking to stand sideways as an intermediator regarding the business relationships of hotels vis-à-vis its travellers whilst it asserts that it holds the most direct contact with the consumer in parallel to limiting other alternative channels of communication. The discussion went on throughout the third session of the compliance workshop, which revolved around Booking.com’s implementation of the data-related obligations under Articles 5(2), 6(9) and 6(10).
Articles 5(2) and 6(9) did not draw much of the attention at the workshop. The platform briefly set out that Article 5(2) does not really impinge on its data infrastructures, since all its different brands process and combine data at their own back-ends and, as such, the data flows between them are limited and quite irrelevant. To that effect, Booking.com ensured that it does not process personal data across the CPS (and across its services) for the purposes of advertising, despite that BEUC’s representative repeatedly questioned such an assertion given that its privacy policies and statements indicate to the contrary. Alongside Apple, Booking.com is one of the few gatekeepers to avoid showing a consent moment to their end users to exempt its CPS from the prohibitions embedded in Article 5(2).
In that same vein, Booking.com set out the introduction of its Data Portability API from a technical perspective as a means of compliance with the data portability obligation under Article 6(9). Questioned by a representative of the Coalition for Online Data Empowerment, Booking.com defended that its API aims to ensure security and to avoid access by bad actors by introducing two-factor authentication at different stages of the end user’s experience in providing access to a third party to its data. The gatekeeper’s defence of its API design, however, may contribute more to discouraging third-party developer innovation in accessing that data than to triggering new business opportunities, as argued by CODE.
Finally, Booking.com put on the show it had prepared all along the workshop. At the stage of Article 5(4), it had already made clear that it would not share the end user’s email address with its business users at any given point in time. And its presentation of the tools available to business users under Article 6(10) was not particularly appalling, either. In fact, prior to the DMA compliance deadline, Booking.com defended that it already complies with the provision to the extent that it grants access to a whole range of analytics through its Extranet, including aggregated and non-aggregated data relating to the customer’s origin, bookings and promotions or the business user’s performance on the Premium programmes. Fundamentally, the DMA only operated two new additions: the new Insights Dashboard in the Attractions and Cars data portal.
To put it in simpler words, Booking.com does not provide any additional information related to its core service (i.e., accommodation) as a consequence of the implementation of Article 6(10) DMA. Participants in the compliance workshops vehemently asked: what about the filters that end users employ to reach the hotel’s offer? And what about receiving more data on what proportion of guests choose different types of payment? To every single one of those requests, Booking.com systematically closed off the door to providing such access, given that it interprets that the data does not correspond with the information falling within the scope of Article 6(10), email address included.
But what role do you play, after all?
The culmination of the compliance workshop was perfectly aligned with the narrative the gatekeeper had upheld throughout. It is a third party with respect to the services it provides (and advertises) via its platform, but it is a first party for everything else. This was made particularly clear when participants of the workshop wondered why it had not included a single implementation measure relating to Article 6(5) in its compliance report. In Booking’s mind, the answer was quite clear: since it does not cater for first-party inventory on its platform, it does not compete with third-party inventory (i.e., properties and hotel rooms). As such, it does not incur in self-preferencing, because it has nothing to self-preference with.
There is a caveat to that explanation. Booking Holdings Inc. holds several brands aside from Booking.com, namely Agoda, KAYAK, Priceline and OpenTable. The European Commission explicitly pointed out in its designation decisions that those brands did not fall within the CPS it designated (para 47 of the designation decision). Nonetheless, the fact that they are excluded from the CPS does not necessarily alter the reality that those BHI sister brands to Booking.com do cater for first-party inventory on the platform. Intuition just points out the fact that self-preferencing may be taking place after all if the platform does include first-party inventory on its ranking besides third-party inventory coming from its business partners.
Against this background, the compliance workshop set out in so many words what the gatekeeper’s compliance strategy is. It is quite similar to that of ByteDance: to defend it must not comply with some of the DMA’s provisions because its values already align with the regulation’s spirit. It is now up to the European Commission to determine how it can respond to such a challenge, bearing in mind that it all boils down to the credibility it must assign to Booking.com’s words, as stemming from its confidential version of the compliance report.
________________________
To make sure you do not miss out on regular updates from the Kluwer Competition Law Blog, please subscribe here.
