The European Commission, the body responsible for drafting proposals for new European legislation, has fined Apple €500 million and Meta €200 million for breaches of the Digital Markets Act.

They found that Apple had breached its anti-steering obligations, and that Meta had breached its obligation to offer consumers the choice of a service which uses less of their personal data.

For Apple, they are required to allow app developers who distribute their apps through their App Store to inform customers, free of charge, of alternative offers outside the App Store, steer them to those offers, and allow them to make purchases. A number of restrictions imposed by Apple on developers meant that developers were unable to benefit from the advantages of alternative forms of distribution. It was found that Apple prevented app developers from directly informing customers of such offers in a way that was deemed unnecessary and disproportionate.

In addition to the fine, Apple have been required to remove these restrictions and refrain from conducing any more non-compliant activity in the future.

The €500 million fine reflects the serious nature of this form of non-compliance, especially with a service as widely used as the App Store.

For Meta, their fine follows the implementation of a marketing model where users of Facebook or Instagram could pay monthly for an ad-free service. Under the DMA, data subjects who don’t consent to combining personal data between services must be offered a less personalised but similar alternative.

It was found that this model is non-compliant with the DMA, with no option provided for users to choose a service that uses less of their personal data but is still similar to the personalised ads service.

It’s important to note that during exchanges with The European Commission, Meta have introduced a new version of the free personalised ads model, which according to them, has the option to use less personal data for advertising.

The €200 million fine considers both how serious the situation is, and the length of non-compliance in this area.

These two acts of enforcement are especially noteworthy as they are the first non-compliance decisions adopted under the DMA, which only became applicable in May 2023.

What can be learnt from this?

Despite the fact that these two companies are some of the biggest in the world, there are still a few things that you can take away from this:

1. Compliance with regulatory frameworks is non-negotiable: It’s vital that businesses, large and small, stay up to date with evolving regulatory requirements. Failure to do so can be extremely costly, both financially and reputationally.
2. User choice and transparency are vital: Apple’s case shows the importance of allowing developers to advertise alternatives freely, while Meta’s case shows that true user consent means providing a fair balance of choices. The binary “pay or consent” model that they used simply isn’t enough under the DMA.
3. Co-operation with regulators is important: Apple co-operated with regulators from an early point by offering a complaint solution. When contacted by a regulator, the best thing you can do is work with them, not against them. This applies to any regulator (like the ICO), not just The European Commission.