Re: DMA amendments

On Sat, Dec 25, 2021 at 12:15 AM Mark Nottingham <mnot@mnot.net> wrote:

> I finally got around to reading the DMA amendments, and have listed what
> seems especially relevant to us below.
>

Thanks for doing this, Mark! It's very useful, especially for those of us
not already following the text closely. And merry christmas/happy new year!

Comments inline.
Thanks,
Nick

The new recital 52a (broken into paragraphs for convenience)s:
>
> >(52a) The lack of interconnection features among the gatekeeper services
> may substantially affect users choice and ability to switch due to the
> incapacity for end user to reconstruct social connections and networks
> provided by the gatekeeper even if multi-homing is possible. Therefore, it
> should be allowed for any providers of equivalent core platform services to
> interconnect with the gatekeepers number independent interpersonal
> communication services or social network services upon their request and
> free of charge. Interconnection should be provided under the conditions and
> quality that are available or used by the gatekeeper, while ensuring a high
> level of security and personal data protection.
> >
> > In the particular case of number-dependant intercommunication services,
> interconnection requirements should mean giving the possibility for
> third-party providers to request access and interconnection for features
> such as text, video, voice and picture, while it should provide access and
> interconnection on basic features such as posts, likes and comments for
> social networking services.
> >
> > Interconnection measures of number-independent interpersonal
> communication services should be imposed in accordance with the provisions
> of the Electronic Communications Code and particularly the conditions and
> procedures laid down in Article 61 thereof. It should nevertheless presume
> that the providers of number-independent interpersonal communications
> services that has been designated as a gatekeeper, reaches the conditions
> required to trigger the procedures, namely they reach a significant level
> of coverage and user uptake, and should therefore provide for minimum
> applicable interoperability requirements.
>
> Also:
>
> > (57a) The implementation of gatekeepers’ obligations related to access,
> installation, portability or interoperability could be facilitated by the
> use of technical standards. In this respect the Commission should identify
> appropriate, widely-used ICT technical standards from standards
> organisations as provided for under Article 13 of Regulation (EU) No
> 1025/2012 or where appropriate ask/ request European standardisation bodies
> to develop them.
>

That seems like a very explicit recognition of the benefit of using
existing standards and recognizing the benefits of technical standards to
accomplish interoperability. And it seems like the relevant text in Article
13 suggests consulting with expert groups, so there might be very direct
ways we could provide input.


> The amended Article 2 offers a definition for interoperability:
>
> > (23a) ‘Interoperability’ means the ability to exchange information and
> mutually use the information which has been exchanged so that all elements
> of hardware or software relevant for a given service and used by its
> provider effectively work with hardware or software relevant for a given
> services provided by third party providers different from the elements
> through which the information concerned is originally provided. This shall
> include the ability to access such information without having to use an
> application software or other technologies for conversion.
>
> It also pulls web browsers into the definition of 'core platform service'.
> I'm not sure how that's related to our work, but personally I find it
> concerning.
>

I wasn't entirely clear what the implications were of being a "core
platform service": would that mean that interoperability or portability (or
maybe just other non-preferencing style requirements) would apply to web
browsers?


> The amended Article 6(1)(f):
>
> > (f) allow business users, providers of services and providers of
> hardware free of charge access to and interoperability with the same
> hardware and software features accessed or controlled via an operating
> system, provided that the operating system is identified pursuant to
> Article 3(7), that are available to services or hardware provided by the
> gatekeeper. Providers of ancillary services shall further be allowed access
> to and interoperability with the same operating system, hardware or
> software features, regardless of whether those software features are part
> of an operating system, that are available to ancillary services provided
> by a gatekeeper. The gatekeeper shall not be prevented from taking
> indispensable measures to ensure that interoperability does not compromise
> the integrity of the operating system, hardware or software features
> provided by the gatekeeper or undermine end-user data protection or cyber
> security provided that such indispensable measures are duly justified by
> the gatekeeper.
>
> ... and the new 6(1)(fa)-(fb):
>
> > (fa) allow any providers of number independent interpersonal
> communication services upon their request and free of charge to
> interconnect with the gatekeepers number independent interpersonal
> communication services identified pursuant to Article 3(7). Interconnection
> shall be provided under objectively the same conditions and quality that
> are available or used by the gatekeeper, its subsidiaries or its partners,
> thus allowing for a functional interaction with these services, while
> guaranteeing a high level of security and personal data protection;
>
> > (fb) allow any providers of social network services upon their request
> and free of charge to interconnect with the gatekeepers social network
> services identified pursuant to Article 3(7). Interconnection shall be
> provided under objectively the same conditions and quality that are
> available or used by the gatekeeper, its subsidiaries or its partners, thus
> allowing for a functional interaction with these services, while
> guaranteeing a high level of security and personal data protection. The
> implementation of this obligation is subjected to the Commission's
> specification under Article 10(2a);
>

As expected or predicted, chat and social networking are very directly
called out as requiring interoperability. That seems to confirm one
conclusion of our last call that we should start gathering resources on
those topics in particular (even if they're not the "easy" ones).

The operating system requirements are certainly interesting too, although I
suspect that's less relevant to us and to communications standards work.


> ... and finally the rewritten 6(1)(h):
>
> > (h) provide end users or third parties authorised by an end user, upon
> their request and free of charge, with effective portability of data
> provided by the end user or generated through their activity in the context
> of the use on the relevant core platform service including by providing
> free of charge tools to facilitate the effective exercise of such data
> portability, in line with Regulation (EU) 2016/679, and including by the
> provision of continuous and real-time access;
>

I had the impression that maybe our CG was less interested in collecting or
recommending standards work on portability (downloading data and
potentially importing it somewhere else) rather than interoperability
(ongoing interactivity), but portability is an area where there might be
more experience with legal requirements and some existing implementations
from social networks and other large service providers (eg. Facebook,
Google Takeout, the Data Transfer Project). And providing advice on
standards might be very useful here for the "effective exercise"
requirement.