Bridging the DMA and the GDPR – CIPL Comments on the Data Protection Implications of the Draft Digital Markets Act

The EU digital strategy intends to establish a safe and trusted digital space for individuals and a level playing field for businesses that fosters innovation, growth, and competitiveness in the EU. Specifically, the draft Digital Markets Act (DMA) aims to enable open and fair digital and data markets by fostering competition. In particular, it seeks to promote data mobility by imposing obligations on online platforms, falling under the category of “gatekeepers,” to share or to provide access to data.

The draft DMA also intends to strengthen the ability of business and end-users to utilize software applications on gatekeepers’ core platforms without being confronted with technical restrictions. Mandatory data mobility is intended to reduce the risk of lock-in for individuals and organizations, offer business opportunities to a wider spectrum of market players and market entrants and enable individuals to move swiftly to new services and providers. Data mobility involves the sharing of data sets that may include personal data, hence triggering the application of the General Data Protection Regulation (GDPR).

The objective of this paper is to:

• Analyze the relationship between the DMA’s data sharing obligations and the GDPR requirements
• Identify the areas that require further assessment and clarification
• Inform and initiate necessary discussions on more practical aspects of the interplay between these two important legislative and policy pillars of the EU digital and data policy

We expect that there will be a need for more work, constructive engagement and regulatory dialogue to find solutions that enable both competition and the protection of personal data and individuals’ rights in the context of the DMA and the EU digital market.

Download the Paper

Download Now