On 11 July 2019, the Platforms for Business Regulation was published in the Official Journal. The new regulation will impose rules on how search engines and what the EU has described as “online intermediation services” interact with businesses that use them to sell products or services.
The regulation is clearly designed to target marketplace platforms but the definition of “online intermediation services” is very wide and, unfortunately, vague so any online business which allows third parties to use their platform will need to consider whether they are (or are likely to be) within the scope of the regulation. This potentially catches app stores; comparison/review sites; hotel booking platforms; social media platforms; marketplaces and a whole host of other platforms that perform similar functions.
If a business is caught or at least may be caught, it is important to carry out a full legal assessment and impact assessment to understand what compliance means in practice. This needs to be done quickly as the regulation comes into full force on 12 July 2020 and any compliance measures will need to be operational before this date.
Even if businesses have considered this question before with reference to some of the draft versions of the regulation, it is worth reviewing this again as there have been some significant changes as a result of the final draft.
In April 2018, as part of its Digital Single Market strategy, the European Commission announced its intention to regulate how online intermediation services and search engines contract with and otherwise work with the businesses which use them to sell their products to consumers. The purpose of the regulation is to ensure that online intermediation services deal fairly and transparently with the businesses which rely on them.
The draft regulation was approved by the European Parliament in April 2019 and the regulation itself was signed on 20 June 2019 by the European Parliament and the European Council. Tech companies will have 12 months from its publication on the Official Journal before the regulation comes into force, meaning that they will need to ensure compliance by 12 July 2020.
Who will be caught?
The regulation catches “online intermediation services” and search engines that target EU consumers. This will therefore include the world giants as well as smaller start-ups. As mentioned above, the definition of online intermediation service is complex and widely drafted, such that it will likely catch review sites, hotels that use booking platforms and social media platforms as well as the more obvious intermediaries which allow business users to sell to consumers such as marketplaces or app stores.
What are the implications of the regulation?
The regulation applies some of the principles of consumer law to the interactions of intermediaries with business users. In particular, terms and conditions and other specifications will need to be delivered in “plain and intelligible” language; and changes to the terms and conditions must be communicated on a durable medium (such as email) and subject to a set notice period.
The regulation also sets out rules around suspending and terminating business users. Except in certain circumstances, businesses cannot terminate the provision of services to a business user without giving them a specific period of notice and an opportunity to appeal.
Service providers also face wide-ranging transparency obligations. This will include transparency about any ranking of products or search results, and differentiated treatment that service providers may give to particular users. Where online intermediaries decide to restrict or suspend a particular business’s access to their platform, they must also clearly set out the grounds for that decision.
The regulation also requires online intermediation service providers to provide in their terms and conditions information about the data they hold in relation to business users. These obligations apply equally to personal and non-personal data, meaning that a provider’s obligations will in certain respects go beyond those imposed by GDPR.
Where disputes arise between the service providers and the businesses which use the services, the service providers will be obliged to provide an effective redress process, which must include a clear complaints handling system and engage with mediation.
Now that the regulation has been published in the Official Journal, businesses need to determine whether they are (or may be) caught by the regulation. Where a business is caught by the regulation it will need to undertake a comprehensive review of their processes and procedures to ensure they can comply and implement any necessary changes. All of this will need to be achieved before 12 July 2020.