#EU#DMA#BigTech#Regulation#Antitrust: "The DMA is a first, and a great deal of earnest effort is going into its implementation. But we don’t know what “success” will look like, even on its own terms. Of course, even a limited set of improvements would be better than the status quo. Godspeed, but let’s be realistic also. The more fundamental point is that the real interesting question is not if we can nibble the gatekeepers at the margin: but whether we can disintermediate them at least in part so that we do not need to rely entirely on a proprietary Web 2.0 that they comprehensively control. Antitrust complaints in the US have at least some prospect of involving divestments and break ups as the eventual remedy – though this will also be a long and inevitably hard fought road. This is not on the cards in Europe through digital markets regulation."
People should think about what Apple’s boundary conditions for the #CTF mean. If Apple is willing to hold off on charging a fee for three years, it probably means that most small development businesses on the AppStore don’t see a profit for three years. Apple knows how long it takes for devs to get from sign up to ship, and they know how long it takes to get from shipping to decent revenue. It’d be naive to think they don’t use that information. #DMA
RT @1Br0wn
“Apple could offer a more comprehensive service (than ChatGPT/Claude apps) by embedding a third-party AI assistant in its operating system.” << But thanks to the #DMA, so can competitors (in the EU) https://ft.com/content/9528edd3-f963-4694-b28a-8584f1378278
Now that Apple is forced to open their mobile operating systems for third party devs in an unprecedented manner, can we work on an indie foss podcatcher that does not suck?
I’ll speak about theory and practice of Digital Markets act. And implications for cybersecurity, privacy, competition. Bonus points: information about one actual case in which I was involved. It considers something that all of you use each and every day :-)
The EU declares Apple's iPadOS as a 'gatekeeper' due to its vast app ecosystem, locking in businesses like yours or users like you.
The European Union's designation of Apple's iPadOS as a "gatekeeper" signals a significant win for small businesses and startup owners in fostering a fair digital marketplace.
This move further underscores the EU's commitment to regulating tech giants such as Apple and gives smaller businesses the opportunity to thrive and innovate.
Apple must now comply with the DMA within 6 months. Our CEO, @jon, welcomes this, noting that iPads and iPhones share the same ecosystem and that Apple controls both as the gatekeeper.
Are you aware of harmful practices by companies under the Digital Services Act and Digital Markets Act?
We've launched whistleblower tools to report violations of obligations by Very Large Online Platforms, Search Engines and gatekeepers under the #DSA and #DMA.
You have to analyse every Apple announcement through the lens of how it will use it to maintain its market power and attack regulation. So, will Apple’s promised Rich Communication Services (RCS) support make iMessage fully interoperable at least with Google’s Messages? What would the most grudging compliance with Chinese 5G regulations look like?
Google apparently makes RCS support ubiquitous regardless of carrier support (via IP), as well as using a specific telco gateway. Will Apple do the same, or push individual telcos to enable RCS support on their networks? (Many already do.)
Apple won’t support Google’s end-to-end encryption extension but instead work to standardise it in RCS. How long will that take?
Trade body GSMA is responsible for the RCS standard. Telcos in the past, unlike Internet developers, have been most open to developing backdoored encryption standards for mobile communications. Will Google and Apple be able to override this here?
I haven’t tried digging out a good translation of the relevant Chinese 5G regulations, but they are allegedly the source of Apple’s change of mind on RCS support. Supporting it within a single country of course does not mean support anywhere else in the world. Many (most?) of the DMA gatekeepers are trying to limit DMA benefits to their EU users (and in Apple’s case withdrawing them once a user leaves the EU for 30 days!)
I was excited by the #Europe#DMA news back in March, when will we finally be able to communicate with #WhatsApp users from other platforms like #Matrix ?
The Commission said both business and end users are “locked-in” to #Apple’s #iPadOS ecosystem due to its size and user base, which it said the company leverages to disincentivize users from switching to competitors, giving Apple six months to ensure full compliance. #DMA
🔴 We designated Apple’s iPadOS as a gatekeeper under the Digital Markets Act.
Our investigation shows that its tablet operating system is an important gateway for businesses to reach consumers due to its large and commercially attractive user base and its importance for specific use cases.
We also discovered that Apple leverages its large ecosystem to disincentivise end users from switching to other tablet operating systems.
We will keep monitoring #DMA compliance very closely.
Wczoraj dowiedzieliśmy się, że Spotify zdecydowało się zrezygnować z nowych warunków UE wprowadzonych, a wcześniej zinterpretowanych, przez Apple. Te pozwoliłyby Spotify na korzystanie z alternatywnych metod płatności ze względu na Core Technology Fee. Zamiast firma przesłała aktualizację aplikacji z informacjami o cenach i szczegółami dotyczącymi subskrypcji poza App Store, bez podawania użytkownikom linku. Apple zareagowało momentalnie.
Spotify twierdzi, że Apple niesłusznie zablokowało aktualizację i ponownie „sprzeciwiło się Komisji Europejskiej”.
Apple udzieliło komentarza serwisowi 9to5Mac, pisząc, że Spotify musi korzystać z uprawnień EOG do usług strumieniowego przesyłania muzyki, aby uwzględnić tzw. CTA (wezwanie do działania) w celu zakupu poza App Store.
Spotify powtórzyło wczoraj swoje przekonanie, że Apple dąży do „ukarania deweloperów nowymi opłatami” w ramach swoich zasad korzystania z alternatywnej metody płatności w UE. Dlatego gigant muzyczny zdecydował się przesłać aktualizację i pozostać przy starszym systemie App Store.
Apple nie zatwierdziło aktualizacji ze względu na to, że Spotify zawierało informacje o cenie i instrukcje, jak zarejestrować się poza App Store i twierdząc, że będzie musiało zażądać uprawnienia i zapłacić Apple 27% prowizji.
Rzecznik Spotify także podzielił się tym oświadczeniem z 9to5Mac:
Apple po raz kolejny sprzeciwiło się decyzji Komisji Europejskiej, odrzucając naszą aktualizację za próbę komunikowania się z klientami na temat naszych cen, chyba że zapłacimy Apple nowy podatek. Ich lekceważeniu konsumentów i deweloperów dorównuje jedynie pogarda dla prawa.
Dla przypomnienia, w zeszłym miesiącu Apple zostało ukarane grzywną w wysokości 2 mld USD „nadużywanie” zasad App Store dla usług MOD (Music on demand). Wraz z grzywną Komisja Europejska stwierdziła również, że Apple musi złagodzić swoje zasady przeciwdziałania sterowaniu. Apple odrzuciło jednak to orzeczenie i odwołuje się od niego.
Nice! @brave for iOS just got updated to support the new "marketplace-kit" scheme. Brave only calls the scheme when trackers blocking is disabled. As we reported earlier, Apple implemented the new scheme in a way that allows tracking across websites based on the unique client_id.
Now users in the EU can use Brave to safely install alternative marketplaces. We would like to thank Brave for considering our advice about potential #tracking.
Prof. David Erdos has shared his latest (excellent) research “showing i) little UK GDPR enforcement, ii) worrying gap with formal law expectations & iii) limited accountability for this.”
A less polite version would be: the 🇬🇧 government has demonstrated how a law on the books it dislikes (the General Data Protection Regulation) can be undermined by the appointment of supine or actively hostile Information Commissioners. (As prime minister, Margaret Thatcher was against its predecessor Data Protection Directive from the start; not much has changed.)
I hope the European Commission is not going down the same route with the Digital Markets Act’s Art. 7 (on NIICS interoperability), which it was hostile to from start (early 2020) to finish (enforcement). Legislators learned from the GDPR that it is too easy for national regulators to be deliberately undermined by governments looking to attract technology firm investment (see also: Ireland and Luxembourg). The Commission therefore has a central enforcement role. So I’m especially disappointed by the flimsiness of its finally-published decision not to designate iMessage as a DMA gatekeeper NIICS. It hardly justifies the “exceptional” non-designation decision (Art. 3(5)), or “manifestly call[s] into question” the quantitative tests it meets [1]. I wonder if Meta now feels slightly foolish to have obeyed that provision in (somewhat) good faith 🫠
I still remember the jaw-dropping moment the new 🇬🇧 Information Commissioner in 2009 told a law conference (just about his first public appearance) he didn’t think data protection law should apply to the private sector. (He previously ran the advertising “self-regulatory” Advertising Standards Authority.) It’s fortunate indeed for GDPR enforcement it contains rights of private action, so effectively taken up by Max Schrems. Meanwhile, the Commission’s lack of legal action to force some member states to properly implement the legislation, enchantment with mass surveillance/data retention, and some of its adequacy decisions, are much less impressive than the Court of Justice’s judgments on Schrems’ two cases.
I was reminded last week talking to a BigTech competitor these much smaller firms have to be extremely cautious about upsetting a company they may rely on for key resources, and the Commission has spent most of its time preparing for DMA enforcement talking to those two groups. So perhaps Schrems’ None of Your Business, or something similar, will have to take up the rights of the individuals the legislation is ultimately supposed to help 🤷🏻♂️ Fortunately the DMA also contains rights of private action, as well as the ability of organisations to take representative actions (thanks to campaigning by consumer and digital rights groups in its final stages). As with the Schrems I and II cases, these apparently small issues can ultimately have enormous global impact [2].
[1] Where does the DMA talk about the relative intensity of use of one core platform service versus another? This provides two of three reasons for the decision! Who cares if iMessage for Business is lightly used, given it’s likely iMessage itself is used by many microbusinesses, very few of whom I imagine were part of the “corporate users of iPhone to whom the Commission reached out during the market investigation”? Really, the EC didn’t even bother with a large-scale survey, and/or demand data from Apple?
I also heard from an impeccable source Apple threatened to withdraw iMessage from the EU if it had been DMA-designated. The EC should not be rewarding such blackmail, even if it was highly likely to be a bluff.
[2] For now, we might have to rely on technology and philanthropy to improve messenger interoperability, such as this great project: a cross-platform, memory-safe OpenMLS library to enable interoperable, end-to-end encrypted messaging (E2EE) in multiple clients, combining “Matrix’s decentralized and federated infrastructure with Signal’s low metadata footprint.” 🎯
What’s happening with TikTok in the US is a strong reminder about the vulnerability of centralized platforms to censorship and surveillance. The Open Technology Fund notes Signal “provides a high level of metadata protection, but is centralized and thus easily censored. In addition, Signal cannot efficiently provide E2EE for large-group communications.” I hope Signal will move in this direction over time, as well as towards interoperability with other platforms implementing its own protocol (with metadata guarantees) as well as the IETF’s open Messaging Layer Security standard.
The "marketplace-kit" scheme won't hand off the call to the MarketplaceKit process unless it is triggered from a button's onclick event. This seems to be a "security measure" to prevent automatic invocation. But the call can easily be hidden in a search button, for example.
This whole thing is caused by Apple insisting on inserting themselves between the 3rd-party app marketplaces and users.