Join Us
Show/hide mobile navigation
How the DMA Will Hurt Consumer Choice
News Article

How the DMA Will Hurt Consumer Choice

by David McGarry


Beginning this week, companies must ensure they meet the regulatory demands of the European Union’s (EU) Digital Markets Act (DMA). As commentators have often noted, the DMA’s de facto protectionist structure targets American tech companies almost exclusively because U.S. firms comprise five of the six “gatekeeper” firms the law targets.

EU officials promote the law as a pro-consumer, pro-competitive measure. However, the DMA will harm both consumers and competition. Its mandates will harden the regulatory flexibility that thus far has promoted the constant innovation to which the digital age owes its excellence. Moreover, besides these explicit flaws, the law provides enforcers with wide discretionary latitude, ensuring companies lack any reasonable means to determine what businesses practices will attract scrutiny.

The EU’s purported intention to promote consumer choice deserves credulous scrutiny. Many consumers prefer closed and integrated platforms and tech ecosystems, which often offer conveniences and security features. The DMA gainsays many such choices, prescribing which consumer-chosen features tech companies may continue to offer.

This month, Apple published a paper that examines how the DMA will change its products with respect to privacy and cybersecurity. Apple’s comparatively tight technical controls, which must undergo significant changes to comply with the DMA, make it a particularly notable gatekeeper platform. For example, iOS (Apple’s operating system) devices thus far have barred users from downloading apps outside the vetted App Store. The DMA compels operating systems to allow this process, called “sideloading,” despite its inherent cybersecurity risks.

By fiat, Europe has materially degraded its citizens’ cybersecurity. As the Apple report acknowledges, “the changes the DMA requires will inevitably cause a gap between the protections that Apple users outside of the EU can rely on and the protections available to users in the EU moving forward.”

Even European government agencies recognize the dangers of sideloading. “Government agencies, both in the European Union and outside of it, have been quick to recognize the risks created by these new distribution options and the need for protective measures,” Apple says.
“These agencies…have reached out to us about these new changes, seeking assurances that they will have the ability to prevent government employees from sideloading apps onto government-purchased iPhones.”

To mitigate sideloading’s risk, Apple will expand its Notarization program to iOS devices. Before distributing apps on iOS devices, app developers will need to submit their products to this part-automated, part-human security vetting. “We will apply these same checks to all app updates, with the aim of stopping bad actors from sneaking malware or other dangerous features into each app after the initial download,” the report notes. Apple will also vet alternative app stores to ensure rudimentary compliance with security standards.

One wonders whether this compromise measure – sideloading, but with vetting – will satisfy EU regulators. Apple proposes to retain veto power as to what apps its users can download, which, depending on Apple’s implementation and enforcers’ mood, could trigger accusations of DMA noncompliance.

However, Apple writes, it will not proscribe apps that push objectionable products (e.g., apps that push pornography, illegal drugs, and pirated content). “This means Apple won’t be able to prevent apps with content that Apple wouldn’t allow on the App Store…from becoming available on alternative app marketplaces,” the report says.

Apple also will allow apps to conduct transactions outside its native payment system. “This opens up new options for developers,” Apple says, “but it also means users of those apps will not have the same protections and benefits they have come to rely on through Apple’s private and secure commerce system.”

“The burden will fall on users to figure out for themselves, on an app-by-app basis, what benefits and protections might be available to them,” the report continues. Of course, most users lack the technological expertise to “figure [it] out for themselves.” This simple fact causes many users to choose relatively constricted, more-secure systems such as iOS rather than freer, riskier systems such as Android. Neither system’s bundle of benefits and drawbacks makes it superior to the other. However, before the DMA’s paternalistic, know-it-all micromanagement, each consumers could choose which one best suited his personal needs, abilities, and proclivities best. The market provided consumer choice, which the DMA has excised.

The DMA continues Europe’s trend of myopic tech regulation, promoting non-secure devices, technological stagnation, and poor cybersecurity. For EU residents, it means less security and less choice. For Americans, however, it provides a case study of the harms well-meaning technocracy can inflict on consumers and competition.

Too many American lawmakers hope to mimic the DMA – see such proposals as the American Innovation and Choice Online Act. Moreover, President Joe Biden and his flacks in the administrative state have largely embraced – and, at times, actively abetted – the regulation’s gravest flaws. Importing this style of short-sighted regulation will only serve to crush America’s global technological leadership and smother future innovation and economic growth.


Published on March 7, 2024