The European Council, Commission and Parliament have reached agreement on a new regulation that will impose rules on how online intermediaries and search engines interact with businesses that use them to sell products or services. The definitions of services which are captured are wide and, unfortunately, vague so businesses should determine whether they are (or are likely to be) within the scope of the regulation and carry out impact assessments to understand the impact on their businesses and processes.

Background

In April last year the European Commission announced its intention to regulate how online intermediaries and search engines contract with and otherwise work with the businesses which use them to sell their products to consumers. The purpose of the regulation is to ensure that online intermediaries deal fairly and transparently with the businesses which rely on them.

Timing

The draft regulation needs to be approved by the European Parliament, which is expected to happen before the Parliament dissolves in advance of elections in May. Assuming the regulation is passed, tech companies will have 12 months before it comes into force. This means we expect the regulation to come into force in H1 2020.

Who will be caught?

The regulation catches “online intermediaries” and search engines that target EU consumers. The definition of online intermediary is complex and widely drafted, such that it potentially catches review sites, social media platforms, app stores as well as the more obvious examples intermediaries which allow business users to sell to consumers such as marketplaces or app stores.

Obligations

The regulation applies some of the principles of consumer law to the interactions of intermediaries with business users. In particular, terms and conditions and other specifications will need to be “plain and intelligible”; changes must be communicated on a durable medium such as email; abd changes can only be made if businesses are given certain amounts of notice.

Rules around suspending and terminating business users are also prescribed – except in certain circumstances businesses cannot terminate a business user without giving them a specific period of notice and an opportunity to appeal.

There will also be wide-reaching transparency obligations. This will include transparency about any ranking of products or search results, and differentiated treatment of different users. Where online intermediaries decide to restrict or suspend a particular business’s access to their platform, they will also need to be transparent about the reasons for this restriction or suspension.

Controversially, the regulation will also require online intermediaries services to be transparent about the data they hold in relation to business users. These obligations apply equally to both personal and non-personal data, which means the obligations will in some ways go beyond those imposed by GDPR.

Where there are disputes between the intermediaries and the businesses which use them, the intermediaries will be obliged to provide an effective redress mechanism including an internal complaint handling system with recourse to external mediation to deal with any disputes with business users.

Implications

Businesses need to determine whether they are (or may be) caught by the regulation. They will then need to undertake a comprehensive review of their processes and procedures to ensure they comply. All of this will likely need to be achieved before the end of H1 2020.