The EU’s Digital Markets Act ― Sacrificing Security Controls for Government Authority
Last week, European Commission (EC) Executive Vice President Margrethe Vestager―the face of the EU’s regulatory onslaught against the most successful American innovators―visited DC to tout Europe’s efforts to regulate the tech sector. Her goodwill tour focused in particular on the Digital Markets Act (DMA), a broad and prescriptive bill with the purported aim of limiting the market power of six so-called “gatekeeper” companies (five of which, it’s worth noting, are based in the United States).
Speaking at a public event hosted by the American Enterprise Institute, Vestager repeatedly brushed off questions about threats to user security stemming from the DMA. “That’s a red herring, and I think that’s a diversion of the discussion, because a company can provide the safety and security it wants while at the same time providing the choice that comes as an obligation with the DMA,” she insisted.
She ventured to take this flawed argument a step further after the moderator raised the security risks associated with forcing Apple to allow software to be downloaded from unauthorized third-party app stores or even random websites. Vestager blithely described that as “an Apple question.”
Unfortunately, this flippant attitude towards the safety and security of users is not new from the EC. Late last year, EU antitrust regulators launched a call for tenders for a study on the possible security concerns stemming from the DMA―months after the law had already entered into force. The approach of “act first, ask questions later” is particularly dangerous when users’ personal privacy and device security are involved, and it’s certainly not an approach to be copied by US lawmakers in their rush to regulate tech.
Under the DMA, American tech companies are left to pick up the pieces and find some way to protect European smartphone users who are already dealing with degraded digital services and privacy protections. Meanwhile, the EC has claimed DMA compliance as a moral victory, with lawmakers like Vestager and Internal Commissioner Thierry Breton patting themselves on the back for blowing up Apple’s business model. But it’s not just Apple receiving the EU’s thumb in its eyes. Despite overwhelming evidence the iPhone is more secure than Android’s open ecosystem, the EC is telling European smartphone customers it doesn’t really care about the impact the DMA has on their right to data security.
From start to finish during the development of tech regulations in the EU (including the DMA), European regulators have neglected―and at times, willfully ignored―security risks and privacy tradeoffs created by their regulatory overreach, a fact that should alarm us all.
Published on April 16, 2024