The Federal Cartel Office (Bundeskartellamt) announced, on May 17, 2023, the publication of its final report on the sector inquiry into messenger and video services, launched in November 2020. In particular, the Bundeskartellamt examined the technical and legal framework conditions of messenger and video services, focusing on data protection and security. The resulting report highlights that some services are likely to violate legal provisions regarding functions that are particularly important to users.

Privacy and data security issues

For instance, if the contact list is synchronized, then the data of the contacts that have not yet registered with the relevant service are also collected, a practice that, according to the Bundeskartellamt, may breach the General Data Protection Regulation (GDPR) if it is employed permanently. Similarly, some messenger and video services are not in compliance with the GDPR when transferring and storing data to certain third countries, such as the US.

The Bundeskartellamt also took the view that many service providers should improve their practices and give truthful information on how the security of the consumers' communication is ensured, specifically through data encryption. In this regard, the Bundeskartellamt also compiled, together with the Federal Office for Information Security (BSI), a checklist with essential data security criteria.

Interoperability

Looking at the topic of interoperability, the Bundeskartellamt examined the complexity of the topics, especially in light of the Digital Markets Act (DMA), whereby some large online platforms will be obliged to ensure interoperability with other messenger services. In their progress towards interoperability, the Bundeskartellamt highlighted that services will need to take into account standardization, which, on the one hand, will make it easier for users to switch between different providers, but on the other hand, could hinder innovation and competition. The report concludes that interoperability is also expected to create new risks owing to the technical challenges arising from encryption as well as the monitoring and controlling of data, among other data security practices.

Overall, the Bundeskartellamt emphasized that the level of data security provided by the different services could become less transparent to consumers.

You can read the full report here and the checklist here, only available in German, and the announcement here, and a summary of the report here.