The past week has been marked by the announced deal on the Digital Markets Act (DMA) by the European Council and Parliament. One of the newly created obligations imposed on the biggest tech firms that caused a lot of ink to flow following the declaration is the interoperability that will be required from their solutions.
What does interoperability mean?
Imposing interoperability means that tech products will have to work with other systems as well. Efforts in other sectors have been pursued to render systems and platforms interoperable, such as in healthcare where it is crucial for health professionals to be able to access information collected via different services to support patients.
In the context of the DMA, the lawmakers agreed that the services of Apple, Meta, Amazon and Google services will have to open up and interoperate with other platforms if they call for it.
This obligation has been included so far in the provisional Article 6 of the DMA, stating that gatekeepers will have to “allow business users and providers of ancillary services access to and interoperability with the same operating system, hardware or software features that are available or used in the provision by the gatekeeper of any ancillary services“[1].
For messaging services, it means that in practice, users of any platform would be able to exchange messages, send files or make video calls across different messaging apps, thus giving them more choice[2].
Whether you are using WhatsApp, iMessage, Messenger, Signal or any other app on the market, this will not affect your ability to communicate anymore with your contacts that may use another app. Hence, you are free to choose the app you actually prefer, rather than joining the one where your contacts are.
This measure aims at targeting the ‘network effect’ that derives from the Bigtech platforms’ oligopolistic situation. As an example, you may have already thought about quitting WhatsApp but you feel stuck because by doing so you would lose the ability to communicate with your family and friends because they are all on this app as well.
What’s the fuss about encryption?
Nevertheless, the practicalities of such interoperability are still to be defined. Some apps are free, others require a paid membership. They obey distinct terms and conditions, privacy policies and data protection rules. Therefore, further work will be required to ensure the full implementation of such an imperative and the future DSA will also supplement the DMA.
Again, Bigtech executives and lobbyists have deplored the EU initiative, arguing that the DMA will instead hinder privacy rights and claiming that fair competition, privacy and good quality product cannot go together.
Specifically, from a security perspective, their argument is that guaranteeing interoperability will not be possible with the current distinct encryption measures that are protecting users’ correspondence in the first place.
Indeed, messaging apps use end-to-end encryption, which means that the data in the messages in transit is being encoded, therefore unreadable, and can only be decoded with a secret key once the information has arrived at its destination. For the gatekeepers, it will be a ‘privacy and security nightmare’[3] for them to figure out how encryption can be maintained by allowing the services’ interoperability.
However, it is doubtful that their interests are the same as the users, and are actually privacy-related. Technical solutions to address these concerns are certainly achievable and some have already been highlighted in the sector[4].
The DMA also targets ‘killer acquisitions’ as the EU Commission recognises that more work around mergers is likely to be needed. The hire of more than 100 lawyers, engineers and data scientists to audit algorithms is also planned according to Thierry Breton. The penalties envisaged could reach up to 10% of the company’s global turnover (where the GDPR sets a maximum of 4%).
In any case, the legal text still needs to be finalised from a technical perspective, and then be approved by both Parliament and Council. Afterwards, it will come into force and the rules will apply only six months later, around October 2022 according to Margrethe Vestager.
[1] IMMC.COM%282020%29842%20final.ENG.xhtml.2_EN_ACT_part1_v8.docx (europa.eu)
[2] Deal on Digital Markets Act: ensuring fair competition and more choice for users | News | European Parliament (europa.eu)
[3] Security experts fear the DMA will break WhatsApp encryption – The Verge
[4] How do you implement interoperability in a DMA world? | Matrix.org
