Security, Privacy & Tech Inquiries

The Digital Markets Act is one of the least understood EU technology laws, yet it has tangible impacts—both positive and negative—on the technology landscape. We’ll use the opportunity to study an interesting and real-world case. It concerns the practice of Chrome preloading its web browser extension so that Google’s services may effortlessly and by default, without user choice or knowledge, interact with Google servers and services. The issue is that this bypassing of the core pillar of web security and privacy, the Single-origin policy, is not available to other web browser or extension vendors.

Google Chrome's practice of preloading extensions that bypass the single-origin policy and grant them privileges not available to third-party extensions could breach Article 6(7) of the Digital Markets Act (DMA). This article mandates that gatekeepers must allow free and effective interoperability with, and access to, the same software features available to services provided by the gatekeeper, regardless of whether those features are part of the operating system. By allowing its extensions access to exclusive APIs or functionalities that are not equally accessible to third-party developers, Google may be undermining fair competition. This exclusivity could be viewed as unfairly limiting the interoperability required under DMA, favoring Google's services over competitors.

The DMA regime stipulates fines up to 10% of turnover, but let’s not waste time on estimations of such mundane things and get to the meat/tofu.

Leave a Comment