Inside the Digital Markets Act and its implications for advertisers
Three years after the introduction of Apple’s App Tracking Transparency framework (ATT) and ahead of Android’s Privacy Sandbox release, another major privacy-driven shift is coming our way.
The European Union’s Digital Markets Act (DMA) is arriving, aiming for equitable competition and a commitment to stringent privacy within the tech industry.
It is a framework designed to promote fair competition, enforcing regulatory rules to large tech companies, or ‘gatekeepers’, ensuring they conduct business transparently and don’t monopolize user data. This act significantly affects how these companies will continue to operate within the EU, with wide-ranging implications for digital advertising and market dynamics.
This post unpacks what the DMA covers, the requirements and expectations from digital ‘gatekeepers’, what advertisers can expect, and how AppsFlyer is helping ease the transition to maintain both legal integrity and marketing performance .
What is the Digital Markets Act?
The European Union’s Digital Markets Act (DMA) is a set of rules created by the EU to ensure large tech companies compete fairly in regards to user data access, privacy protection, shareability, and usage. Its goal is to give smaller businesses and consumers a better shot competing against the digital giants of our era.
The DMA sets out specific requirements for large online platforms, defining them as “gatekeepers” based on user numbers, market impact, and other criteria. These gatekeepers are required to adhere to rules promoting fairness and transparency across their services, advertising, and offerings, including:
- Ensuring third-party businesses have fair access to their services
- Providing advertisers and publishers with the data necessary to gauge the effectiveness of their advertisements
- Prohibiting the use of data collected on their platforms for their own advertising services unless it’s also made available to other advertisers
- Prohibiting user data sharing between a gatekeeper’s own services/platforms without specific user consent
DMA timeline
After undergoing a process of consideration, development, and extensive discussions, the Digital Markets Act (DMA) was put to a vote and subsequently approved by the EU lawmakers. It went through changes, iterations, and approvals until it was poised for enforcement, with gatekeepers required to comply by March 6, 2024.
How is the ecosystem adapting?
Gatekeepers, such as Google, Meta, Apple, and Amazon are at the heart of the DMA’s focus. They must realign their business and technical strategies by March 6, 2024 to comply with the DMA’s stringent requirements, facing hefty penalties for non-compliance.
So at which stage are these giants at when it comes to their readiness for this massive change?
The first gatekeeper to announce its DMA support is Google. Their approach to the DMA involves updating their user consent policy, particularly in the European Economic Area (EEA). This includes enhancing data usage transparency and aligning with local laws.
Advertisers are also required to adapt to these changes, which include requesting and sharing consent signals for advertising and personalization with Google Ads through an authorized MMP.
To further clarify, Google is requiring all advertisers to share 2 new consent related fields with Google for every install, event, or even user info that is uploaded as part of an audience (customer match), when the data originates from a user within the EEA:
- ad_personalization=true/false: Sets consent for personalized advertising.
- ad_user_data=true/false: Sets consent for sending user data to Google for advertising purposes.
These signals inform the search giant whether a user is within the EEA, and if so, whether they consent to data being utilized for advertising and personalization purposes.
Meta
Meta has also recently announced their approach to the DMA’s requirements in the EU, EEA, and Switzerland, offering users a choice of how they would like to share information between their services and whether to keep certain services managed together or separate.
For example, users who have their Facebook and Instagram accounts connected may maintain this connection or manage them separately, which would mean data will not be shared between the two services. It also includes other Facebook services such as Messenger, Marketplace, Gaming, and Ads, which could be managed together, or separated to avoid data being shared between them.
Apple
Apple also publicly announced their adoption, as the DMA requires Apple to recognize iOS, Safari, and the App Store as “core platform services” in the EU, prompting several adaptations.
Developers are also given an option for alternative payment processing and app distribution on iOS, including Notarization for iOS apps to ensure safety and trustworthiness.
With that, Apple says it underscores the risk of these new measures, aiming to mitigate them with various protections whilst adhering to DMA regulations.
A significant change in iOS includes new frameworks and APIs for app distribution through alternative marketplaces and an ability to select alternative browser engines as default, enhancing interoperability. They’ve also introduced new business terms for these new marketplaces as far as fees are concerned.
Despite heightened security efforts, Apple believes the DMA presents persistent concerns such as scams and malware, as well as user experience. Users will be educated on potential risks of alternative payment methods including new labels and disclosure to maintain transparency.
Further reading: The impact of Apple’s EU DMA changes: which path is worth taking?
All in all, the DMA presents a major shift in the industry which gatekeepers cannot avoid. Google was first to announce their updates, Meta and Apple were next, and other gatekeepers are likely to follow suit.
To ensure changes and updates are attended to as required, it’s recommended to work with an MMP that is in close contact with the gatekeepers, understanding all the requirements, processes involved, and who can help with the transition to the best of its clients needs.
What’s the impact on advertisers?
The DMA significantly impacts digital advertisers by imposing increased transparency requirements, such as disclosing how they collect and utilize user data for targeted advertising, communication between services, and even the business model will need to be evaluated.
Advertisers operating in the EU and EEA will need to reassess their business operations across various tech companies, which may include how they advertise and run their businesses as a whole.
Impact on user consent:
With Google for example, advertisers are required to pass user consent status manually or by utilizing a Consent Management Platform (CMP). This also raises the question of how to get the user’s consent, what would be the ramifications for advertising and business, and what’s the approach to those who opt out.
Impact on business model, operations, and promotion:
Apple’s offering actually requires businesses to consider how their apps will operate, where they would be promoted, their actual business model in regards to payments and purchases, and much more.
Impact on separation of services and accounts:
Meta’s changes are provided by granting their users more choice in how their services communicate with one another, whether as completely separate products or together per account holder (user).
And of course there are the additional gatekeepers Amazon, ByteDance, and Microsoft which will adapt in their own ways to the DMA’s requirements.
Having each gatekeeper adapting to the DMA’s requirements in their own ways provides a lot for advertisers to consider and think about. Not only does it complicate with new and different requirements, but it also introduces a lot of uncertainty on how each differs, where your business is impacted, whether any changes will work against one another, and what will the future hold…short and long term.
We can also expect the gatekeepers themselves to continue to update per feedback received, market adoption, as well as if their changes answer the requirements.
What’s AppsFlyer’s role in the DMA?
AppsFlyer is dedicated to giving brands the necessary tools to make insightful, data-driven decisions – this has always been part of our service, our strength, and our advantage.
Our vast experience, our ongoing positive relations with networks and advertisers, and our commitment to an unbiased solution, aiming for the greatest of accuracy and attribution.
Similar to providing practical and compliant solutions for GDPR or iOS 14, we’re completely dedicated in assisting the industry in adapting to the DMA’s regulations, continually in touch with networks to realize the changes and what they mean to advertisers, as well as what is the most appropriate solution to advertisers.
In this case, our key role is to supply precise attribution and remarketing capabilities that support gatekeepers’ adoption to the DMA’s privacy standards, while allowing for a seamless and smooth transition with minimal disruption. For example, CMP support within our SDK, to allow for a seamless way to send consent signals forward.
Acceptance of the DMA’s enforcement
Navigating the DMA requires staying informed about regulatory changes and collaborating with major players like Google, Apple, Meta, and the others who may follow.
Brands should also proactively engage in internal discussions about user consent and consider partnering with Compliance Management Partners to assist with the process.
Moreover, with Google, Apple, and Meta making the move of DMA enforcement, it is also recommended to discuss the impact directly with your account representative.
Despite obvious challenges, AppsFlyer is continually providing knowledge, support, and insights to help businesses transition smoothly within this huge industry shift. While there have been movements for greater privacy regulations, the DMA introduces various directions from different gatekeepers, and obligates compliance while offering a possibility for enhanced transparency.