🇪🇺 The Brussels Effect: Thoughts on the Digital Services Act and Digital Markets Act
The EU has been on fire with its rollout of the Digital Services Act and the Digital Markets Act as an answer to Big Tech antitrust, consumer privacy, and competition in Europe.
The EU has been on fire with its rollout of the Digital Services Act and the Digital Markets Act as an answer to Big Tech antitrust, consumer privacy, and competition in Europe. On top of that, we are seeing EU nation states beginning to roll out taxation on digital goods sold in their regions. These moves were predicated long ago by the increasing power of technology in the world, and more importantly, by the companies with that control. It just so happens that the majority of those companies are in the US or China.
The Brussels Effect then is the idea that rules, regulations, and legislation put in place by the European Union have broader, sweeping implications for the companies in which they impact -- the lowest common denominator effect. Since technology, specifically software, companies can reach a theoretically unlimited audience of customers, they tend to build things in a scalable way to cater to all. Yes, there are ways that companies need to build specific to regions or different nations, but even that is done in a relatively scalable way — think language internationalization.
As a technology company starts to build one-off specific features for regions/countries they incur an upfront cost as well as continued maintenance to keep that up. This dips into the extremely high margins we tend to see in the software industry, specifically SaaS companies who can see ~80% margins. No company wants to give up that profit margin.
In 2016 the EU announced consumer privacy restrictions on operating digital business through the use of GDPR (Global Data Protection Regulation), effective in 2018. EU officials now continue to impart further restrictions through digital taxation and the Digital Markets and Digital Service Acts. Software companies react by the way they know how: building a solution once and default to those same restrictions for every region they are operating in — globally.
What this means then is that the power of the EU stretches way beyond its region. In the same way that the global internet has changed nations, nations change the global internet. The EU and its regulations are shaping the global internet (minus China) by leveraging restrictions on digital business run in the EU, bringing companies along for the ride. Again, no company wants to lose out on margins, but losing out on margins is much less painful than losing out on business in an entire market, or in this case, a continent.
Working in tech since 2010, I have seen the Brussels Effect first hand. It is extremely powerful at moving massive companies to rearrange budgets, resources, and teams to come up with novel ways to abide by the new regulations at scale. GDPR is a great example, which took technology companies by storm, forcing them to provide data transparency, safety, and control to the end user. At LinkedIn, we had an entire cross-company effort that touched nearly every team with hundreds of engineers contributing. That's a huge scale when it comes to changing something. Scale that is typically reserved for large, strategic, and moonshot initiatives -- though, this time for regulation’s sake.
The other way that EU regulation and taxation impacts broader digital business is that it causes innovation directly related to said regulation. Taken another way, it creates an opportunity for businesses to pop up and provide solutions. Take the GDPR example again, the need for privacy controls didn’t just stop at the larger tech companies -- it impacts all tech companies. In the same way that AWS, Microsoft Azure, and Google Cloud Platform unlock big company compute and storage resources for cheap, companies including the big cloud providers now offer scalable software tools for consumer data transparency, safety, and control to tech companies, big or small. How many times have you see the same “Can we sell your data via these cookies?” pop ups? The Brussels Effect creates further industry. I can even see the new taxation and regulation increasing the importance of software firms like TaxJar which provide simple, global APIs and tax liability tools for all businesses.
The last way the Brussels effect impacts the technology industry is that it inspires similar technology policy in other countries. The EU is trailblazing privacy, antitrust, and taxation regulation, and the whole world is taking notice. The concept of a digital technology company avoiding taxes in their home country by movement of financial entities internationally has been going on for some time, but the idea that, no matter where a company is operating, they need to pay a tax on the sale of digital goods to the country in which they are sold is novel in tech. After GDPR was announced, California followed suit with the California Consumer Privacy Act that was inspired by GDPR to better protect US citizen data privacy. As with global digital taxation, some of the moves haven’t been done before, and the EU is testing them out. Make sense since they don’t have much skin in the game of lost profits, but much to gain through taxation. At least they are calling a spade a spade and trying to increase what’s considered to be fair.
Of the three recent announcements, the first two -- the DSA and DMA -- were proposed in December by the EU. They are separate, but very much related. The DSA aims to help protect EU citizens by creating accountability of online platforms. Some examples include mechanisms for users to flag content, rules on how consumers can be traced (aka customer profiles), algorithm transparency, and access to data by researchers. On the other side, the DMA targets the power of internet gatekeepers over industry and consumers. Gatekeepers here are defined as large platforms who exceed a European market revenue of 6.5 billion euros, being present in at least three countries, and having at least 45 million active users per month. If a gatekeeper participates in anti competitive behavior, the most notable example being the Amazon use of third-party seller data to create competing lines of Amazon branded products, they can be fined up to 10% global revenue -- or broken up, but that’s not likely. With GDPR, we saw 4% global revenue at stake for noncompliance. We also have seen the EU not be shy about fining Google $8 billion. That’s a large chunk for any company, even those with high margins. What this comes down to then is that the proposals aim at privacy and antitrust concerns while ensuring that Big Tech doesn’t become too big and powerful.
The last of the announcements is the digital tax led by France, and while it isn’t fully agreed upon by all of the EU quite yet, the concept is well received. Individual nations are starting to follow suit like Spain and the UK. The current digital sales tax in France was paused over the last year while the US and the EU tried to work something out, but the 3% tax on all digital sales in France by technology companies like Google pulled in ~$400 million in 2019 alone. Not a small number, and a good reason to want to continue. That same digital sales tax is going to begin again next week as the US imposes its own tariffs on French created goods again on the 6th. At the same time, the US and technology companies are lobbying for a global digital tax reform, which makes sense -- it’s something to build once and scale.
While the EU’s Digital Services Act and the Digital Markets Act are proposals right now and will likely change as they make their way to legislation, and while I am a proponent of a free and open internet, I do see value in the proposals. As a consumer, they provide me control, privacy and transparency. As a business, they provide safeguards against anticompetitive behavior by incentivising technology companies through the use of fair and transparent competition rules -- and huge fines. Re: the digital tax, it’ll be harder to police, but I also believe that it’s necessary and has a pretty easy to see corollary to the sale of physical goods.
However, while I agree that this legislation is important, will benefit from it as a consumer, and am glad that the EU is taking a step forward to try and do what they can to protect, regulation efforts always take away from a company’s resource allocation towards building the next new product. While that might be ok in some instances, as with fair consumer features like reporting bad actors on platforms, it does make me wonder what else could have been built with all of those resources that will be diverted to meet the demands of each requirement, or what could have been done with the effort put into thinking about and instating the regulations in the first place. As with most decisions, there’s a balance trade-off. For most of us, software has leaned towards open and free, or fast and loose. That’s changing, and now we are trading off speed for quality control -- like most startups that become big companies.
With these proposals, and through the Brussels effect, we know that the global citizen, including those in the US, will benefit from increased transparency, safety, and control on internet platforms. In fact, the DSA and the DMA are shaping up to be a roadmap for how the US can further rope in Big Tech as they seek to squash similar anticompetitive behavior through the Google and Facebook antitrust lawsuits. While I am no lawyer, the regulation around antitrust doesn’t seem easy to come up with or defend. We discussed the need for new regulation that better fits the technology sector, and we are getting a forward-looking proposal that hits on incentives, likely without reversing mergers. The EU is taking a step forward to provide something to build off of, whether we like it or not, and it’s going to be interesting to see how the US responds to these actions. If history is any indicator, we know they’ll greatly influence tech’s common denominator.