Microsoft implements DMA compliance measures

an abstract image of a network

Following the designation of Windows and LinkedIn under the European Union’s Digital Markets Act (DMA), we have been diligently working to implement the DMA, engaging with the European Commission, and testing DMA-compliant features with customers and the industry, to ensure that we fulfill our obligations.

Now that the compliance deadline has arrived, we are sharing the steps we’ve taken to comply, as well as our focus on ensuring effective compliance in the months and years ahead.

To that end, we have published our annual DMA Compliance Report. The report, based on the European Commission’s template, is available on our dedicated DMA Compliance Program website. The website also provides contact information for Microsoft’s DMA Compliance Function. We will keep this website updated as our compliance journey continues, and we remain committed to working with the European Commission, National Competition Authorities, European businesses, and consumers to remain compliant with the DMA.

DMA updates to Windows
DMA for Windows

The DMA compliant versions of both Windows 10 and 11 are available to users in the European Economic Area (EEA) at no charge. We have started to roll out these updates for automatic installation to Windows 10 and Windows 11 users and anticipate finishing the roll out for EEA users by early April 2024. Windows users in the EEA who want to use the DMA-compliant versions of Windows 10 or Windows 11 today can get it by turning on the “Get the latest updates as soon as they’re available” feature for Windows Update in their settings menu . More details are available on the Windows Blog.

Because Windows is designed as an open platform for applications and has been for decades, it complied with many of the key provisions of the DMA even before the act was passed.

  • The DMA, for example, requires designated operating systems to enable users to install applications and application stores on the operating system without intermediation by the operating system provider. Windows users have always been able to install applications and application stores onto Windows directly from the internet or other distribution channels without engaging with Microsoft.
  • The DMA also gives application providers the right to control the commercial relationship with their users by, for example, directing their users to lower-cost offerings on other platforms, relying on identity, payment, or other services unrelated to the operating system provider, or enabling users to access content within the application that is acquired outside of the application. Application providers on Windows have always been able to do these things because they are in control of the commercial relationship with their users without interference from Microsoft.

Microsoft did make changes to Windows to comply with other provisions of the DMA and is delivering these changes to Windows PCs in the EEA.

  • The Edge browser and the Bing web search functionality were redesigned so that users can uninstall these applications from Windows using the standard Windows mechanisms that are available for uninstallation if they choose to do so.
  • Microsoft has enabled and provided instructions for third-party web search applications to offer web search services through the search box on the Windows task bar and to rely on any browser of their choice to show a search results page in the same way as the Microsoft Bing web search application. Similarly, Windows enables and has provided information to developers on how to create third-party news feeds in the Windows Widgets panel in the same way as Microsoft Edge.
  • Microsoft also modified the sign-in experience on Windows. Prior to the DMA, Windows automatically signed users into other Microsoft products and services that combined data, including into Edge, Bing, and the Microsoft “Start” service (e.g. news, weather, etc.) when users are first signed into Windows. Windows will no longer automatically sign users into these services.

Finally, Microsoft made a number of changes to how it handles data associated with the use of Windows by users in the EEA.

  • For example, Microsoft has put in place new data handling practices and controls to ensure that any data collected from Windows PCs in the EEA about non-Microsoft applications running on Windows ­­– for example, data collected for the purpose of detecting bugs that impact those applications or Windows – is not used for any competitive purpose against the providers of those applications.
  • Similarly, Microsoft redesigned Windows data consent flows to make clear when Microsoft combines Windows data with data from other Microsoft products and services and it will obtain consent for those data combinations, including issuing new consent screens to existing Windows users where required.

A complete list of the changes Microsoft made to Windows to comply with the DMA is contained in Microsoft’s DMA compliance report available on the DMA Compliance Program website.

DMA updates to LinkedInLinkedIn DMA

As announced in a blog post last month, LinkedIn rolled out the ability for members based in the EEA to choose whether to connect their core LinkedIn professional network experience across LinkedIn’s Jobs, Marketing Solutions, and Learning services. LinkedIn tailors its members’ experiences on LinkedIn based on members’ engagement with the services on the LinkedIn platform, using that information to provide members with recommendations for people, content, jobs, ads, and learning courses that can get members ahead in their careers.

  • At the prompt, members in the EEA can elect to keep their core LinkedIn experience connected with other LinkedIn services they may use, or to disconnect that link.
  • Members who don’t keep these services connected to their core LinkedIn experience will have a less tailored experience, although they will still have access to the same LinkedIn services regardless of what they choose.

As LinkedIn moves forward, it is committed to tracking developments with enforcement of the DMA and other key EU regulations and evaluating our approach accordingly.

LinkedIn also rolled out new ways for members and customers (including through their authorized developers) to access their data on LinkedIn.

  • While LinkedIn members already have the ability to download a copy of their data through their settings, LinkedIn has designed and implemented new APIs for members and their authorized third-party developers to access, on a continuous basis, the data they provided on LinkedIn or generate while engaging on the platform.
  • LinkedIn has also designed and implemented new APIs that allow LinkedIn Page administrators and their authorized third-party developers to access: (1) data they have provided on the LinkedIn platform or generated while using LinkedIn; and (2) data provided or generated by LinkedIn members through their engagement with Pages, subject to those members’ consent.
  • LinkedIn is enabling European business users who purchase LinkedIn Marketing Solutions services to work with independent ad verification partners that meet qualifying criteria to verify their advertisements inventory through our ad verification API.

A complete list of the changes Microsoft made to LinkedIn to comply with the DMA is also contained in Microsoft’s DMA compliance report available on the DMA Compliance Program website.

Tags: , , , ,

Chris Nelson
Head of the DMA Compliance Function