Digital Markets Act Explained – What You Need to Know

Meet the new EU regulation – the Digital Markets Act (or just DMA). It became applicable in May 2023, and it is the regulation pointed at the big players with dominant positions in the digital field. And while it may be true that DMA starts with them, many others should also be following carefully – as this regulation has relevance for all companies using platforms like Meta or Google to advertise their products and services.

What is the Digital Markets Act (DMA)?

Regulation 2022/1925, commonly referred to as the Digital Markets Act, is an EU regulation aiming to make the markets in the digital sector fairer and more open to competition. Introduced in November 2022, this regulation applies to ‘gatekeepers’ – big tech companies dominating search engines, social networks, and more – with specific “do’s” (obligation) and “don’ts” (prohibitions) to promote fair business practices.

Key DMA Principles

  • Fair Business Environment: DMA pushes gatekeepers to play fair. No more monopolistic behavior and hidden algorithms, giving other companies a chance.
  • User Privacy: The DMA tightens data usage rules, providing users greater say and control over how their data is handled by introducing consent requirements pointed at gatekeepers.
  • Transparency: It obliges gatekeepers to be fully open about how they use consumer data and create user profiles.
  • Open Competition: This act gives smaller players a fair shot by making it illegal for gatekeepers to impose unfair terms and conditions.
  • Consumer Choice: Users get to choose from a variety of services and can easily switch between service providers.

Who needs to comply: Identifying the DMA gatekeepers

The so-called ‘gatekeepers’ are large digital players providing important gateways between customers and companies in relation to a core platform service. This could be anything from search engines to app stores and messenger services.

On 6th of September 2023 the EU Commission designated six gatekeepers: Meta (owning Facebook, Instagram, WhatsApp and others), Alphabet (owning Google, Android), Microsoft, Amazon, ByteDance (owning TikTok), and Apple. Nevertheless, the number of gatekeepers could change as the digital market evolves.

The EU Commission also designated 22 Core Platform Services provided by the gatekeepers (e.g., intermediation, social networks, ads, browsers). As a maximum the gatekeepers have until 6 March 2024 (six months after designation) to comply with the “do’s” and “don’ts” under the DMA. They also need to submit a detailed report to the EU Commission outlining how the gatekeepers and their core platform services comply with the obligations in the Digital Markets Act.

What’s important to highlight is that the DMA doesn’t just affect the gatekeepers. All companies using services from these gatekeepers must know the new rules in the DMA.
digital markets act explained

How does DMA restrict the Gatekeepers’ Core Platform Services?

As a main rule the gatekeepers must comply with the obligations in the DMA for each of their Core Platform Services. Going forward the gatekeepers are prohibited from doing the following:

  • Process personal data of customers which uses third party's services using the gatekeepers core platform services for online advertising purposes,
  • Combine personal data from different core platform services or other services from the gatekeeper with personal data from third-party services,
  • Cross-use personal data from core platform services in other services provided separately by the gatekeeper and vice versa,
  • Sign in customers to other services of the services of the gatekeeper with the purpose of combining personal data.

If customers have been presented with a specific choice and have given consent in accordance with the definition and requirements in the GDPR, then the gatekeepers are allowed to do the actions listed above. If a customer rejects or withdraws their consent the gatekeepers are not allowed to request consent for the same purpose more than once within a period of one year.

Who is responsible for collecting consent in relation to the DMA?

The gatekeepers  have the obligation to collect consent. However, the DMA contains an opportunity for gatekeepers to exceptionally collect consent for online marketing purposes via each third-party service in situations where it is not possible to collect the consent directly to the gatekeeper’s core platform service. It is expected that the gatekeeper will use this opportunity.

What constitutes valid consent in relation to the Digital Markets Act?

As mentioned earlier the consents in relation to the Digital Markets Act must be in accordance with the GDPR. This means that the consent must be a freely given, specific, informed and unambiguous indication of the customer’s wishes and that it shall be as easy to withdraw as to give consent. It has also been highlighted in relation to the DMA that dark patterns and nudging users into consenting are not accepted.

The choice of the customers matters and will then be reflected in the experience the customers have on given core platform services – when opting out, the gatekeeper will be providing an alternative, less personalized experience.
digital markets act consent

How does the Digital Markets Act affect your business?

Even if you are not a gatekeeper, the Digital Markets Act will likely have an impact on your business and processes on gatekeepers’ digital platforms. When advertising on platforms like Google, Microsoft or Meta, you will most probably be meet with obligations to collect consents on behalf of gatekeepers, so you might need to revisit how you are asking for user consent in terms of processing personal data via the gatekeeper’s core platform services. In this regard, you will also need to assess how transparent your existing practices are.

The DMA insists on complete transparency in consumer profiling and data usage. It also puts stricter limits on how gatekeepers can use user data. Explicit consent is now a must, and that’s where businesses that use the Core Platform Services will also play an important part – you’ll need to be upfront about your data collection and management and make sure you stay clear of dark patterns or tricking users into giving consent. On the bright side, transparent practices make your business more trustworthy.
Increased competitive advantage through improved insights into the gatekeepers’ algorithms. Now you can finally get more information about how your ads are being ranked, which will then enable you to optimize and improve the performance of your advertising.
Better visibility into the pricing structures of the online advertising realm. Gatekeepers will now have to offer clearer pricing details, down to the level of individual ads. This will give you more control over your budget allocation and planning.

Does the DMA only apply to gatekeepers/core platform services located in the EU?

The Digital Markets Act applies to all core platform services offered by gatekeepers to companies established in the EU or customers established or located in the EU.

Fines for non-compliance

Non-compliance can cost gatekeepers fines up to 10% of their global annual turnover. Repeated offenders could see this increase up to 20%. Even though the Digital Markets Act only applies directly to gatekeepers and core platform services it will with no doubt affect companies and customers using core platform services as an integrated part of their business/daily life.

fines digital markets act

Practical steps for DMA compliance

Final Thoughts: Navigating the DMA for Business Success

Understanding the Digital Markets Act can seem overwhelming, but it doesn’t have to be. It’s the first step towards fair competition, innovation, and growth.

As regulations evolve, so will our consent solution. We’re committed to helping you navigate this changing landscape so you can focus on what really matters – growing your business and building meaningful customer relationships.
Ensure your compliance with a consent management that is DMA ready. Start with a free 30-day trial – no credit card required
Test it out today