U.S. Senators Blumenthal, Blackburn and Klobuchar introduced last week the Open App Markets Act bill, a bill aiming to “promote competition and reduce gatekeeper power in the app economy, increase choice, improve quality and reduce costs for consumers.” Targeting Apple and Google, the two companies that have gatekeeper control over the two dominant mobile operating systems (iOS and Android) and their respective app stores (the App Store and the Play Store), this bill’s purpose is to tear down Apple and Google’s ability to dictate the terms of the app market, harming app developers, competition and consumers.
The Open App Markets Act bill, which has been praised by industry actors and stakeholders, addresses App Store and Play Store-related practices that have long raised concerns and been challenged by app developers, such as the mandatory use of the App Store for the distribution of apps in the iOS ecosystem, the mandatory use of Apple’s In-App Payment System by app developers whose apps offer “digital goods or services” (and the related 30% commission), the marketing restrictions imposed by Apple and Google on app developers, preventing them from communicating freely with their users, and the self-preferencing of Apple and Google’s own apps over third-party apps distributed through their app stores.
The bill requires Apple and Google to, inter alia, open up their ecosystems to the sideloading of apps and third-party app stores, to allow app developers to freely engage in in-app and out-of-app communications with their users, to allow app developers to offer different pricing conditions through alternative distribution channels and to use the any in-app payment system of their choice, to give access to the software and hardware features of the device and OS interfaces that are available to Apple and Google’s own apps, and to refrain from leveraging “non-public” information collected through their platforms to create competing apps. It also increases consumer choice and freedom by, e.g., allowing consumers to choose their preferred apps or app stores as defaults and to uninstall any pre-installed apps.
A companion bill was also introduced last week to the U.S. House by Representatives Buck and Johnson.
The Open App Markets Act comes at a time where regulators across the globe are dealing with the regulation of digital gatekeepers. In the EU, the legislators are working on the Digital Markets Act (“DMA”) proposed by the European Commission last December, while in the U.K., a new regulatory regime for firms with “Strategic Market Status” is underway.
If passed into law, the Open App Markets Act will be instrumental in creating an app ecosystem that is fair and competitive and that works best for developers and consumers.
Regulating app stores in the EU: the Digital Markets Act
The European Commission introduced the DMA Proposal on 15 December 2020, an ex ante regulatory regime for digital platforms designated as gatekeepers aiming at ensuring the fairness and contestability of digital markets. The DMA Proposal is currently making its way through the European Parliament and the Council, with amendments being proposed on the Commission’s text.
The DMA will impose a list of obligations (included in Articles 5 and 6 of the Proposal) on designated gatekeepers, i.e., providers of a core platform service (“CPS”) that meet the criteria for designation established in the DMA.
Unlike the Open App Markets Act which focuses on app stores (clearly targeting Apple and Google in their role as operators of the App Store and the Play Store, as “Covered Companies” are defined as operators of an app store “for which users in the United States exceed 50,000,000”), the DMA regulates a broader list of services, with CPSs falling under the scope of the DMA comprising online intermediation services (including marketplaces, app stores, etc.), online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communication services, operating systems, cloud computing services, and advertising services.
The DMA is thus much broader in scope, while the Open App Markets Act is a more targeted piece of legislation, only dealing with the app economy. Advantages of the more targeted U.S. approach are the ability to adopt specific language targeted at app store operators, and the certainty arising from the fact that all obligations included in the Act are to be complied with by “Covered Companies”. This allows the U.S. bill to escape the criticism often advanced with regards to the DMA that, as the obligations it imposes may apply to a variety of services and business models, it is not always clear how these are to be complied with in different contexts.
U.S. Open App Markets Act vis-à-vis EU Digital Markets Act: the obligations imposed
The U.S. bill and its EU counterpart both impose a series of obligations on Apple and Google, the operators of the two dominant app stores. The following table presents the obligations included in Section 3 of the Open App Markets Act bill and explains whether corresponding obligations can be found in the DMA Proposal.
However, the DMA Proposal includes additional obligations imposed on app store operators designated as gatekeepers that have not been included in the Open App Markets Act bill, such as:
- The Article 5(a) obligation to refrain from combining personal data sourced from the CPS of the gatekeeper with personal data from any other services offered by the gatekeeper or from third-party services, as well as from signing in end users to other services of the gatekeeper in order to combine personal data, unless the user has provided consent. A data bundling prohibition and/or a prohibition on automatic sign-in are not included in the Open App Markets Act.
- The Article 5(c) obligation to allow end users to “access and use, through the core platform services of the gatekeeper, content, subscriptions, features or other items by using the software application of a business user, where these items have been acquired by the end users from the relevant business user without using the core platform services of the gatekeeper.” Such an obligation is not included in the U.S. bill.
- The Article 5(d) obligation to refrain from requiring business users to use, offer or interoperate with an identification service of the gatekeeper, a prohibition that is not put forward in the U.S. bill.
- The Article 6(1)(i) obligation which requires gatekeepers to provide business users or third parties authorized by a business user, free of charge, with effective, high-quality, continuous and real-time access and use of aggregated or non-aggregated data generate or provided for in the use of the CPS by those business users and the end users of these business users. Such a data access obligation is not included in the U.S. bill.
It should, however, be noted that neither the Open App Markets Act nor the DMA are finished products yet; they are thus bound to be amended before being enacted into law. The lists of obligations in both initiatives are, therefore, likely to change.
U.S. Open App Markets Act: the privacy defence
Section 4 of the Open App Markets Act bill gives a possible escape route for gatekeepers, as it provides that a gatekeeper shall be deemed not to violate a Section 3 obligation for an action that is (i) necessary to achieve user privacy, security or digital safety, (ii) taken to prevent spam or fraud, or (iii) taken to prevent a violation of, or comply with, Federal or State law. This goes further than the DMA Proposal which only allows designated gatekeepers to obtain an exemption from an Article 5 or 6 obligation for overriding reasons of public interest (that is on grounds of public morality, public health and public security).
A potential concern is that this escape hatch available to “Covered Companies”– and especially user privacy – may be abused by gatekeepers. Apple, in particular, has long invoked privacy to justify anti-competitive conducts, including its App Store-related practices, such as the obligation to use the App Store to distribute or download apps, the mandatory use of IAP, as well as the related 30% commission.
However, Section 4 of the Open App Markets bill lays down strict requirements for when privacy can be invoked to justify an action that goes against a Section 3 obligation. In particular, the gatekeeper shall establish “by clear and convincing evidence” that the action (i) is applied on a demonstrably consistent basis to the gatekeeper’s or its business partners’ apps and to third-party apps, (ii) is not used as a pretext to exclude or impose unnecessary or discriminatory terms on third-party apps, in-app payment systems or app stores, and (iii) is narrowly tailored and could not be achieved through a less discriminatory and technically possible means.
Laying down the specific circumstances under which a privacy defence can be invoked is a smart move by the U.S. legislator, as it balances the laudable goal of protecting user privacy and the need to protect competitors from Apple and Google using privacy as a pretext to harm competition in the app economy. It can, nevertheless, be expected that the Section 4 escape hatch, as well as the circumstances in which it can be used, are to be subject to intense debate – and intense lobbying efforts by app store operators – as the bill moves through the Senate.
Watch out for Korea
Most commentators and companies have their eyes on the U.S. and the EU – however, Korea may in the meantime steal anyone else’s thunder and be the first country in the world to adopt legislation on in-app payments. The ruling party has introduced a new bill known as the Amendment to the Telecommunications Business Act (and informally dubbed as the “Google Power Abuse Prevention Act”), currently debated in Korea’s National Assembly.
The Korean bill, introduced with the aim of promoting fair competition in the app economy, proposes to, among others, prohibit app market business operators (read: app stores) from compelling providers of mobile content (read: apps) to use a specific payment system. In other words, if passed into law, the Korean bill will prohibit Apple and Google from forcing apps selling “digital” goods or services to use IAP and GBP respectively, similar to the U.S. Open App Markets Act. This would be a major milestone and would likely embolden foreign lawmakers in adopting similar legislation.
How soon this may happen, however, only time will tell. Last July, the Korean bill eventually went through the Science, ICT, Broadcasting, and Communications Committee of Korea’s National Assembly and progressed into the Legislation and Judiciary Committee. Google and Apple have already voiced their opposition to the new bill according to mlex, but it is not clear the Korean legislator will be discouraged from moving forward.
While we are still in the beginning of a long process of regulating the harmful conduct of gatekeeping digital platforms, the multitude of regulatory initiatives across the globe is a positive development. The bipartisan Open App Markets Act bill (and its companion bill introduced in the House), targeting Apple and Google as the operators of app stores, is among the most recent efforts to constrain these companies’ power over the app ecosystem – and shows the eagerness of the U.S. Congress to take on the app store battle. This sound document deals with some of the most egregious practices of dominant app store operators and reflects to a large extent – albeit in a more targeted and perhaps clearer form – the obligations contained in the DMA – the legislative instrument aiming to regulate gatekeepers (including app store operators) on the other side of the Atlantic. Meanwhile, however, Korea may set a precedent for other countries, at least on the issue of in-app payments.
[Image source: VistaBuzz]