Written by 15:57 La Repubblica, Media

DMA, what will change with the new European rules for WhatsApp?

by Vincenzo Tiani for Italian Tech (Italian version)

7 March, the day that will shake up big tech, is just around the corner, but no, the reason is not the AI Act. That one took another step towards approval a few days ago and will only see the light of day, in case of a positive vote by the plenary of the European Parliament, in mid-April, on the 10th or 11th probably.

7 March, however, is the date on which the Digital Markets Act (DMA) will become fully operational for all ‘gate keepers’ designated as such by the European Commission on 6 September 2023. Gate keepers are the only companies regulated by the DMA, unlike its companion regulation, the Digital Services Act (DSA), which for large platforms imposes more burdens but otherwise applies to all online intermediaries, including start-ups. According to the regulation, gate keepers are those platforms that, for at least three years, due to their size and importance in terms of consumers reached and businesses, have been able to influence the choices of these two categories in the EU territory and make the fortune or otherwise of many small companies accessing the market through their services. The criteria identified by the European legislator are to have at least 45 million monthly active users and 10,000 companies using their services in at least three Member States, a global turnover of at least 7.5 billion in the past three years or a valuation of at least 75 billion euros.

They are currently: Alphabet (parent company of Google), Amazon, Apple, Byte Dance (parent company of TikTok), Meta (parent company of Facebook, Instagram, WhatsApp) and Microsoft. While it is difficult to have any doubts about this list, identifying the services that fall under the DMA umbrella, the ‘core platform services’, is proving to be more problematic. They are divided into the following categories: social networks, intermediary services (such as marketplaces and app stores), advertising systems, video-sharing services, search engines, browsers for online navigation, operating systems and messaging systems. Just recently, after documented complaints from stakeholders, the Commission decided to remove Bing, Edge, Microsoft’s Microsoft Advertising, and Apple’s iMessage from the first list, in addition to the other services already removed by the European Commission, Gmail, Outlook.com, and the browser used by Samsung on its phones.

Interoperability as a key to market access

The DMA was created to give the many SMEs that make up the European productivity artery the legal tools to compete with Big Tech, making certain contractual provisions imposed on SMEs illegal, which have increasingly increased the power of gatekeepers. One of these tools is that of interoperability, a goal that was already being pursued in 2016 with the GDPR, the Data Protection Regulation, by guaranteeing the right to portability of one’s personal data from one service to another. To easily understand these two concepts, interoperability and portability, one only has to think of what happened with mobile phone numbers twenty years ago. If interoperability already allowed us to interact between different phones and operators, number portability allowed us to change operators without changing phone numbers. From then on, removing a major obstacle for consumers, tariffs went down thanks to increased competition, and operators began to compete on the quality of their offerings.

Here, the principle pursued by the European legislator is the same: if the market opens up to SMEs and start-ups, which can interact with other services offered by gatekeepers, the user will see the ‘switching cost’ lowered, which often holds him back from abandoning the known service for a new one. Returning to the parallel with the telephone, the ‘switching cost’ in those days was that of having to give the new number to all one’s contacts, at a time when there was no WhatsApp and SMS costs were very high. Today, it is that of asking one’s friends to download a new app that very few use, to continue chatting together.

The effects of the DMA on messaging apps

As anticipated, among the services identified are the so-called ‘number-independent interpersonal communication services’, in which, at the moment, only WhatsApp and Messenger, both from Meta, are included, while iMessage has been excluded. This means that Meta’s two platforms will have to ensure the interoperability of their services with other similar platforms, such as Signal, Telegram, Wire, Viber, allowing their users to send messages without having to download another app. If my friend is alone on Signal, when he writes to me, I will read the message on WhatsApp.

Before we fully understand how this will work, the designation of WhatsApp and Meta alone tells us something about the number of users of the other operators in the European market. Telegram, which is often mentioned as an alternative to WhatsApp, had, according to Statista’s data, 6.52 million users in France, 5.57 in Spain, 5.04 in Germany and 4.73 in Italy in 2022, respectable figures, but far from the 45 million claimed by the DMA when added together.

But while Meta has been talking for some time about integrating Messenger, WhatsApp and Instagram and making them interoperable, an operation which, although complex, is facilitated by the fact that they are services of the same group, it is quite a different matter when it comes to opening up to third parties. Article 7 of the DMA, which regulates precisely the interoperability requirements for messaging services, sets out three steps. First, the possibility of exchanging messages, photos, voice messages, videos and other files between individuals must be guaranteed. Within two years, this must also be possible in group chats; and within four years, interoperability must also be extended to (video) calls, both individual and group.

All this will then have to take place while continuing to guarantee the encryption of communications, which ensures that no one can intercept them, a problem that was raised by many organisations at the time of the DMA discussion, which they saw as technically difficult to ensure. In this regard, ‘the gatekeeper is entitled to take measures to ensure that third-party providers […] requesting interoperability do not pose risks to the integrity, security and privacy of its services, provided that such measures are strictly necessary and proportionate and are duly justified by the gatekeeper’. Provided, then, that they are not merely an excuse to circumvent the DMA, the gatekeeper may impose security standards to safeguard the security of its users’ communications.

As reported by Wired, one of the problems in this regard is that not all messaging apps use the same protocol for data encryption, and for instance, even though WhatsApp uses a protocol from Signal, the two apps still do not communicate with each other. For many industry professionals, less strict and therefore less secure protocols will have to be used to ensure interoperability. However, WhatsApp has found a way that messages from other apps will be collected in a special tab, and that this option will have to be activated by the user and will not offer the same standards of security and privacy as messages exchanged between WhatsApp users. Other apps that want to interact with WhatsApp will sign an agreement and be allowed to connect to its servers in order to exchange messages.

It is perhaps still too early to tell whether or not what is written on paper will weaken what is technically possible today, but it will certainly soon be easier for the Davids to defeat the Goliaths in the messaging app war. Hopefully, users will not have to lose out on other fronts.

Read the article, in Italian, on La Repubblica.