EU Regulators Move to Clarify How the Digital Markets Act & GDPR Work Together

Key Takeaways

• Consultation Draws Wide Participation: More than 100 stakeholders (including SMEs, civil society groups, trade associations, academics, and major platform companies) submitted feedback on draft guidance addressing the overlap between the DMA and GDPR.
• Bridging Competition And Privacy Rules: The proposed guidelines aim to ensure the EU’s competition framework for digital gatekeepers works coherently with the bloc’s data protection regime.
• Focus On Data-Driven Obligations: Key DMA provisions involving user consent, data portability, interoperability, and access to platform data are examined through the lens of GDPR requirements.
• Regulatory Coordination Emphasized: The guidance highlights the need for cooperation between the European Commission, which enforces the DMA, and national data protection authorities responsible for GDPR enforcement.
• Final Guidance Expected Later In 2026: Regulators are reviewing consultation responses before adopting the final joint guidelines in the fourth quarter of the year.

Deep Dive

The European Commission and the European Data Protection Board (EDPB) have published the responses received during a public consultation on draft guidelines designed to clarify how two cornerstone pieces of EU digital regulation (the Digital Markets Act and the General Data Protection Regulation) should interact in practice.

According to regulators, the responses largely supported the initiative and highlighted the growing need for clear coordination between competition policy and data protection enforcement as digital platforms increasingly rely on large-scale data processing.

The Commission and the EDPB said they are now reviewing the feedback to determine whether revisions to the draft guidance are needed before issuing the final version.

Two Major Rulebooks With Different Missions

While both laws shape the digital economy, the DMA and GDPR pursue different goals.

The GDPR focuses on protecting individuals’ personal data and ensuring that organizations process that data lawfully and transparently. The DMA, meanwhile, targets the market power of dominant technology platforms designated as “gatekeepers,” establishing rules intended to keep digital markets open and fair for business users and consumers.

Regulators say the frameworks should operate in a complementary way. Compliance with the GDPR’s data protection requirements is expected to work alongside the DMA’s efforts to curb the data-driven advantages that gatekeepers may hold in digital markets.

The joint guidance initiative was first announced in September 2024 as part of the EDPB’s strategy to strengthen cooperation with authorities overseeing other areas of EU law, particularly in complex digital regulatory environments.

Where The DMA And GDPR Intersect

The draft guidelines focus on areas where the obligations imposed on gatekeepers under the DMA could intersect with data protection rules.

One example is Article 5(2) of the DMA, which prohibits gatekeepers from combining or processing certain categories of user data without obtaining valid consent under the GDPR. The draft guidance explains how gatekeepers should interpret the requirements for valid and specific consent and outlines situations where alternative legal bases for processing may apply.

Another section addresses Article 6(4), which requires gatekeepers operating mobile operating systems to allow the installation and use of third-party applications and app stores. The guidance stresses that measures taken to meet this obligation must still comply with EU privacy rules, including the GDPR and the ePrivacy Directive.

The guidelines also examine provisions dealing with data portability and access. Under Article 6(9) of the DMA, end users—or third parties authorized by them—can request the transfer of their data. Regulators explain how this right complements the existing portability provisions under the GDPR.

Similarly, Article 6(10) creates a right for business users to access certain data generated by their interactions with customers on a gatekeeper’s platform. The draft guidance highlights the need for appropriate consent mechanisms and transparency when personal data is shared with third parties.

Other provisions covered include requirements around anonymizing search data shared with competing search providers and privacy considerations tied to interoperability obligations for messaging services under the DMA.

Cooperation Between Regulators

The guidelines also address how regulators should coordinate enforcement. The European Commission acts as the sole enforcer of the DMA, while national data protection authorities enforce the GDPR under the coordination of the EDPB. The guidance stresses that cooperation between these authorities will be essential to ensure that the two frameworks are applied consistently and effectively.

Regulators also reference case law from the Court of Justice of the European Union concerning principles such as sincere cooperation and the avoidance of double penalties for the same conduct.

With the consultation phase complete, the Commission and the EDPB are now reviewing the feedback received from stakeholders.

The final joint guidelines are expected to be adopted in the fourth quarter of 2026, with the aim of improving legal certainty for businesses while ensuring that both the DMA and GDPR continue to function effectively in regulating Europe’s digital economy.

For companies operating major digital platforms (and for businesses that depend on them) the outcome could help clarify how competition rules and data protection requirements must be navigated simultaneously as the EU continues to expand its digital regulatory framework.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.