New Guidelines on DMA & GDPR Interplay Enhance Compliance Clarity for Gatekeepers

On September 10, 2024, the European Data Protection Board (EDPB) and the European Commission announced joint guidelines addressing the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR). These guidelines aim to clarify how both regulations can be interpreted and applied in a compatible manner, ensuring that the objectives of each framework are met without compromising data protection rights. The guidelines emphasize that compliance with GDPR is essential for gatekeepers to address the data-driven advantages they may hold under the DMA.

Key provisions include Article 5(2) DMA, which requires gatekeepers to obtain valid consent from end users for certain data processing activities, and Article 6(4) DMA, which mandates the facilitation of third-party software applications while ensuring compliance with GDPR. The guidelines also elaborate on the rights of data portability and access for end users and business users, respectively, under Articles 6(9) and 6(10) DMA. Gatekeepers are advised to implement measures that minimize data processing while ensuring compliance with both the DMA and GDPR.

This initiative aligns with the EDPB's Strategy 2024-2027, promoting consistency and cooperation across regulatory frameworks, and highlights the importance of coordination between the European Commission and data protection authorities to achieve effective enforcement.