BKartA's final report on messenger and video service sector inquiry
Locations
In the sector enquiry into messenger and video services, the BKartA is particularly concerned with:
- the structure of the industry;
- questions of data security and data protection (as well as possible consumer rights violations in this context); and
- the topic of interoperability.
Main results of investigation
In its final report, the BKartA stated that some services violate consumer law.On the one hand, when synchronising the contact list, data is also collected from people who do not use the respective service. If this is done permanently, this presumably violates the General Data Protection Regulation (GDPR).
In addition, some services do not comply with the rules for the transfer and storage of data, especially if data is stored in the United States, where there is currently no adequate level of data protection. Indeed, German and European consumer's personal data are only allowed to be transferred and stored in countries where a level of data protection comparable to the GDPR applies.
Furthermore, the services must truthfully disclose how they ensure the security of their communication (eg, by encrypting the data). The BKartA believes there is a need for improvement here.
In consultation with the Federal Office for Information Security, the BKartA has prepared a checklist (only available in German) of essential criteria to ensure data security and legal compliance. Examples of the suggested requirements are a two-factor authentication, server locations in the European Union and a transparent source code.
Legal basis of sector inquiries
Pursuant to section 32e of the German Competition Act, the BKartA can conduct investigations in the area of consumer protection and identify def icits. In contrast to its responsibilities under cartel law, however, the BKartA does not have the option to remedy or sanction any violations of the law on the part of the authorities. It is a sector investigation, but not explicitly a procedure against specific companies.The focus of the BKartA's sector enquiries, under consumer law, is matters that affect the digital everyday life of consumers. With these powers, the BKartA can identify problems and make recommendations for action.
Interoperability
The issue of interoperability was also examined. According to the European Digital Markets Act, large internet platforms must enable interoperability with other messenger services in the future. It must be considered that standardisations necessary for interoperability can also have negative effects on innovation and competition. In addition, technical challenges could arise in data security, especially in encryption and data monitoring.Comment
The BKartA demands more transparency, data protection and interoperability in messenger and video services. The investigation shows that many services violate data protection regulations and that there is a considerable need to catch up in terms of data security. Additionally, the BKartA recommends increasing consumers' media competence and the use of data protection-friendly messenger and video services in the public sector.
The sector inquiry into messenger and video services is the fifth inquiry conducted by the BKartA in the area of consumer protection, for which the authority has been responsible since 2017. The other inquiries dealt with:
- comparison websites (2019);
- user reviews (2020);
- smart TVs (2020); and
- mobile apps (2021).