In recent years, websites’ users concern about their personal data privacy was followed by the introduction of privacy laws. Europe was the first to introduce comprehensive privacy laws like the GDPR and the ePrivacy Directive (the EU cookie law), which are among the strictest privacy regulations in the world.
However, until recently, the digital market did not have a specific regulation regarding data privacy. It is the lack of competition in the digital market. This has stimulated the introduction of regulations to ensure greater fairness and encourage competition in the digital market. One such regulation is the Digital Markets Act (DMA), which sets out rules for digital platforms.
Read the article to learn more about the DMA, when it took effect, and how to implement the DMA correctly.
What Is the Digital Markets Act (DMA)?
The Digital Markets Act (DMA) is a data privacy law regulating organizations doing business in the European Union.
The DMA was introduced together with the Digital Services Act (DSA) in the DSA Package. The DMA’s initial version received much attention and underwent a thorough legislative process. It involved consultations and discussions with many parties, including EU member states, the European Parliament, and industry representatives.
The final text of the DMA was published on October 12, 2022, and entered into force on November 1, 2022.
The DMA became applicable in May 2023.
The DMA sets regulations for a variety of tech services, including search engines, cloud services, social networks, video-sharing platforms, online advertising networks, and other services, products, and platforms owned by large digital companies.
The main aim of the DMA is to provide equal opportunities for small organizations in digital marketing and protect user rights and data. For example, the new regulation companies to give the possibility for users to uninstall applications preloaded on their phones, in browsers, and on other platforms.
To Whom the DMA Applies?
The European Commission (EC) identified highly influential organizations and tech giants that strongly impact the digital market and many other businesses by providing platforms and operating between users and businesses. Such organizations are called gatekeepers in the DMA.
On September 6, 2023, the European Commission designated six gatekeepers that need to comply with the DMA:
- Alphabet (owning Google, Android)
- Meta (owning Facebook, Instagram, WhatsApp and others)
- Microsoft
- Amazon
- Apple
- ByteDance (owning TikTok).
Five of these companies are based in the United States, with the exception of ByteDance, which is based in China.
In the future, the number of gatekeepers could increase as the digital market develops.
The EC has also listed 22 critical platforms and services operated by these gatekeepers:
- 1 search engine (Google)
- 1 video-sharing platform (YouTube)
- 2 communication services (Facebook Messenger and WhatsApp)
- 2 web browsers (Chrome and Safari)
- 3 most popular operating systems (Google Android, iOS, Windows PC OS)
- 3 online advertising services (Amazon, Google, and Meta)
- 4 social networks (Facebook, Instagram, LinkedIn, TikTok)
- 6 intermediation platforms (Amazon Marketplace, Google Maps, Google Play, Google Shopping, iOS App Store, Meta Marketplace).
The following companies or services were considered, but not included in the list at the moment: Korean enterprise Samsung, Google’s web-based email service Gmail, and Microsoft’s web-based email service Outlook. The EC excluded those providers and services from the list of gatekeepers since owners of these providers and services provided “sufficiently justified arguments showing that these services do not qualify as gateways for the respective core platform services”. However, the EC could reconsider these exceptions in the future.
The gatekeepers have six months (until March 6, 2024) from the date of the DMA application to comply with the new obligations.
Key DMA Principles
- Interoperability and non-discrimination. DMA restricts the monopolistic behavior of big players in the digital market, giving smaller companies a chance for competition.
- Open competition. Under the DMA, gatekeepers could no longer impose unfair terms and conditions for smaller players operating in the digital market.
- User privacy. The DMA introduces user consent requirements and sets rules, providing users greater control over how their data is collected and processed.
- Transparency and profiling. The DMA sets the regulations for gatekeepers to be open and transparent about how they process user data and create user profiles.
- User choice. Users should have the possibility to choose from a variety of services and could easily switch between service providers.
- Data portability and access. Users should have the possibility to access and get their data in a suitable format.
User Consent Requirements
Gatekeepers must obtain explicit and informed user consent for their data collection and management and provide options to allow users to withdraw or deny consent. Gatekeepers must also ensure user control over their data prior to collecting and processing the data for marketing purposes.
The gatekeepers have the obligation to collect and store user consent for proof of compliance. However, the DMA provides a possibility for gatekeepers to collect consent for online marketing purposes via each third-party service in special cases where it is not possible to collect the consent directly to the gatekeeper’s core platform service.
Digital Markets Act must be in accordance with the GDPR. This means that to reach the compliance, the consent must be freely given, specific, informed, and unambiguous, and it should be easy to withdraw consent at any time. Dark patterns and other techniques forcing users to give consent are not allowed.
The Benefits of the Digital Market Act (DMA)
While the DMA imposes many restrictions on large tech companies, a wide variety of businesses and users benefit from its requirements.
- Users. Access to more services and platforms, more options to switch providers, direct access to services, more competition, and better data protection.
- Businesses. More options for smaller companies that depend on services provided by the gatekeepers, more interoperability, and no discrimination in digital marketing.
- Tech startups and innovators. New opportunities to be competitive on online platforms, no need to accept discriminating third-party terms and conditions.
- Gatekeepers. Greater clarity about allowed business practices, that lets to avoid penalties for non-compliance with the regulations. Allows opportunities for innovation and new products and services.
How to Get Ready for DMA?
To prepare for the DMA, follow these steps:
- Know the data you are holding. Gatekeepers need to know what data they collect, use, store, share, and with whom they share. Review your internal policies related to user data management and getting user consent, and data usage, including any third-party data sharing agreements.
- User privacy. Ensure that your website or app has a privacy policy and collects user consent according to the regulation.
- Consider implementing a CMP. The easiest way to comply with the DMA and other privacy laws is by using a Consent Management Platform (CMP).
CookieScript CMP is a professional tool:
- The CMP collects user consent.
- Privacy Policy Generator helps to write a Privacy Policy.
- Cookie banner Analytics allows to analyze consent preferences.
- The CMP has a geo-targeting functionality, so you could use different cookie banners for your website or app.
Frequently Asked Questions
What is the Digital Markets Act (DMA)?
The Digital Markets Act (DMA) is a data privacy law regulating organizations doing business in the European Union. It applies to six gatekeepers that need to comply with the DMA: Alphabet (owning Google, Android), Meta (owning Facebook, Instagram, WhatsApp and others), Microsoft, Amazon, Apple, and ByteDance (owning TikTok). Use CookieScript CMP to comply with the DMA and other privacy laws.
When did DMA come into force?
The final text of the DMA was published on October 12, 2022, and entered into force on November 1, 2022. The DMA became applicable in May 2023. The DMA sets regulations for a variety of tech services, including search engines, cloud services, social networks, video-sharing platforms, online advertising networks, and other services, products, and platforms owned by large digital companies.
Who is responsible for collecting consent in relation to the DMA?
Highly influential organizations and tech giants, called gatekeepers, must obtain explicit and informed user consent for their data collection and management and provide options to allow users to withdraw or deny consent. CookieScript CMP can help you to collect and manage cookie consent.
What constitutes valid consent in relation to the Digital Markets Act?
DMA must be in accordance with the GDPR. This means that the consent must be freely given, specific, informed, and unambiguous, and it should be easy to withdraw consent at any time. Use CookieScript CMP to comply with the DMA, GDPR, and other privacy laws.
What businesses or platforms are affected by the DMA?
The DMA sets regulations to a variety of tech services, including search engines, cloud services, social networks, video-sharing platforms, online advertising networks, and other services, products, and platforms owned by large digital companies. Use CookieScript CMP to comply with the DMA and other privacy laws.
To whom the DMA Apply?
The European Commission designated six gatekeepers that need to comply with the DMA: Alphabet (owning Google, Android), Meta (owning Facebook, Instagram, WhatsApp and others), Microsoft, Amazon, Apple, and ByteDance (owning TikTok).
What are user consent requirements under the DMA?
Gatekeepers must obtain explicit and informed user consent for their data collection and management and provide options to allow users to withdraw or deny consent. Gatekeepers must also ensure user control over their data prior to collecting and processing the data for marketing purposes. CookieScript CMP can help you to collect and manage cookie consent.
Is the Digital Markets Act related to the GDPR?
Digital Markets Act must be in accordance with the GDPR. This means that the consent must be freely given, specific, informed, and unambiguous, and it should be easy to withdraw consent at any time. CookieScript can help you to comply with the DMA. GDPR, and other privacy laws.