DMA: EU legislators resist pressure to change data provisions in the final text

Last-minute changes to the data processing provisions in the Digital Markets Act (DMA) have spurred the reaction of prominent stakeholders. [NicoElNino/Shutterstock]

Despite insistence from stakeholders, the final text of the Digital Markets Act (DMA), containing significant changes to a key data-related measure, will not be revised, according to a note seen by EURACTIV.

The final text of the DMA revealed changes to a measure on the combination of data across several platforms. While competition experts, privacy advocates and publishers asked that it be amended, the text will remain as it is, two leading lawmakers confirmed.

The EU co-legislators reached a political agreement on the DMA on 24 March. The technical details of the text were then fine-tuned in absolute secrecy until a final draft was circulated last Thursday (14 April). The document was not short of last-minute surprises.

A critical change several stakeholders pointed to regards the provisions on the combination of personal data from the different services. Before the last political negotiation, the text for this article had been updated with wording proposed by the Irish Council for Civil Liberties (ICCL).

DMA: significant additions made it into the final text

The long-waited final text for the Digital Markets Act, seen by EURACTIV, contains some unexpected last-minute changes.

For ICCL’s Senior Fellow Johnny Ryan, the original text was flawed as it obliged the gatekeeper platforms to give the user ‘the specific choice’ if its personal data could be combined or not.

The singular wording was considered ambiguous, as it would mean the gatekeeper could only request the consent once for all sorts of data processing activities.

The alternative proposal was to require the platform to request consent for each processing purpose. According to Ryan, that would force the gatekeeper to disclose all its data processing activities, giving the Commission the power to supervise them directly.

By contrast, all these references were removed in the article’s final version. The ICCL reacted by sending a letter to the EU legislators, signed by prominent competition experts like the former Commission’s chief competition economist Tommaso Valletti, academics like Shoshana Zuboff, privacy advocates and representatives of civil society.

“We signatories have interests in upholding competition, the rights to data protection and privacy, and consumer protection. We believe flaws in the 13 April text of Article 5(1)a of the Digital Markets Act may be exploited by Gatekeepers to undermine them,” the letter reads.

The letter points to three problems. The omission of ‘specific processing purposes’ is considered to create a legal ambiguity allowing the gatekeeper to process all data across its business with a single consent button.

That omission would also prevent the Commission from monitoring the gatekeepers’ data combination practices.

Moreover, a new paragraph preventing gatekeepers from using their clients’ customers’ personal data for advertising, was included. However, the letter stressed that this wording suggests advertising is a single data processing purpose, whereas there are plenty of data processing activities behind displaying an ad.

These arguments were echoed by another open letter from Digital Content Next and the European Publishers Council, two organisations representing premium media outlets.

They said the article would create a loophole allowing gatekeepers to combine data across all their services with a single opt-in, while all other economic actors would still be subject to the GDPR without ambiguity.

In addition, the publishers are particularly concerned about the wording on advertising services that would allow a single opt-in option, as they “already suffer from the dominant presence of gatekeepers in the digital advertising market.”

DMA: EU institutions agree on new rules for Big Tech

The new EU regulation targeting tech giants will become fully applicable in 2023, following an agreement reached between the EU co-legislators on Thursday (24 March).

“The DMA creates a real choice for end-users empowering them to decide whether they want to accept gatekeepers tracking them across third-party websites, and requires gatekeepers to provide equivalent services should end users not consent to such practices,” reads the reply letter signed by MEPs Andreas Schwab and René Repasi, seen by EURACTIV.

For the two leading lawmakers, the article builds on the GDPR, the EU data protection law, notably for its concept of consent and purpose limitation principle. As the two legal acts have a different legal basis, the MEPs stressed that the DMA could neither modify nor overrule the GDPR.

“It is, therefore, redundant to reiterate the reference to ‘each processing purpose’ in the DMA as the GDPR already includes the principle that choice and consent have to be presented for each processing purpose,” the reply letter continues.

Finally, the MEPs pushed back on the concerns related to advertising, stressing that the wording in the DMA does not relieve the gatekeepers from providing a list of processing purposes for advertising services.

“The Digital Markets Act both strengthens the principle of consent and sets the bar higher for Gatekeepers’ data usage practices,” the note concludes.

For Ryan of ICCL, the ambiguity remains, and the question is now how far the European Commission will go when implementing the DMA.

DMA: EU lawmakers ready to trade digital governance for tighter obligations

EU lawmakers are preparing to make concessions on the governance of the Digital Markets Act to obtain more ambitious obligations for gatekeepers, according to an internal note seen by EURACTIV.

[Edited by Alice Taylor]

Subscribe to our newsletters