Nov 10
Danish DPA Data Protection Digital Markets Act EU-US cooperation EDPB hits Meta, the EU General Court explains the nature

The Digital Markets Act has come into force

The Digital Markets Act has come into force

Konstantin Tiazhelnikov Konstantin Tiazhelnikov
  • November 10, 2022 -

DP News – Week 45. The Digital Markets Act has come into force.

On 01 November, the EU Digital Markets Act (DMA) came into force and will become applicable six months later, on 02 May 2023. DMA affects so-called ‘gatekeepers’ providing ‘core platform services’.

Those ‘core platform services’ generally include (Article 2(2) of the DMA): online intermediation services (e.g., app store, online marketplace), search engines, social media platforms, video-sharing platforms, communications platforms, operating systems, web browsers, virtual assistants, cloud services, online advertising services.

To be covered by DMA, an entity must meet the following cumulative criterions:
– to have annual EU revenue of 7.5 billion euros or market capitalization of 75 billion euros and provide core platform services to at least three EU member states;
– to provide a core platform service with 45 million monthly active end users in the EU and 10’000 yearly active business users established or located in the EU. Those requirements must be met for at least 3 years.

Once those criteria are met, the respective entity has two months to notify the EU Commission, which has to confirm the status of ‘gatekeeper’ within 45 working days. This status will be reviewed at least every three years.

In particular, DMA imposes bans on several digital practices involving, inter alia, personal data. Under the DMA Article 5(2), “the gatekeeper shall not do any of the following:
(a) process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
(b) combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
(c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
(d) sign in end users to other services of the gatekeeper in order to combine personal data, unless the end user has been presented with the specific choice and has given consent within the meaning of [the GDPR]”.

See more related posts »

Related blog posts

DP News – Week 17. EDPB released the 2023 annual report, outlined its 2024-2027 strategy and issued an information note on the EU-US Data Privacy Framework redress mechanism, Finnish DPA has decided on retention periods in the recruitment process.
  • April 25, 2024 -

DP News – Week 16. EDPB opinion: Pay-or-Consent models clash with GDPR consent requirements, EU Commission requested a risk assessment from TikTok, ICO launched a privacy notice generator, Catalan Data Protection Authority fines occupational health center for email confidentiality breach, Dutch chipmaker investigates data breach amidst security concerns.
  • April 18, 2024 -

DP News – Week 15. Norwegian DPA imposed a 20 million NOK fine, Denmark’s DPA updated data transfer guidance for third countries, France’s DPA fined retail chain for unsolicited marketing.
  • April 11, 2024 -