Digital Policy Alert logo

European Union: EU Parliament passes data handling obligations in DMA

Policy overview

Description

EU Parliament passes data handling obligations in DMA

On 5 July 2022, the European Parliament passed the regulation on contestable and fair markets in the digital sector (Digital Markets Act). The adopted text defines as “gatekeepers” the companies providing “a core platform service” (such as browsers…

Scope

Policy Area
Competition
Policy Instrument
Unilateral conduct regulation
Regulated Economic Activity
cross-cutting
Implementation Level
supranational
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2020-12-15
under deliberation

On 15 December 2020, the European Commission submitted the EU Digital Markets Act (DMA) proposal to…

2021-11-25
under deliberation

On 25 November 2021, the Council of the European Union (EU) adopted its general approach on the Dig…

2021-12-15
under deliberation

On 15 December 2021, the European Parliament adopted the text of the Digital Markets Act (DMA). The…

2022-03-24
under deliberation

In a final trilogue on 25 March 2022, the European Parliament and the European Council agreed on a …

2022-07-05
under deliberation

On 5 July 2022, the European Parliament passed the regulation on contestable and fair markets in th…

2022-07-18
adopted

On 18 July 2022, the Council of the European Union adopted the Digital Markets Act (DMA) including …

2022-11-01
in grace period

On 1 November 2022, the Digital Markets Act (DMA), including data transmission and processing obli…

2023-05-02
in force

On 2 May 2023, the Digital Markets Act (DMA), including data transmission and processing obligation…

2024-03-06
in force

On 6 March 2024, the designated gatekeepers are required to comply with the Digital Markets Act (DM…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity platform intermediary: e-commerce,platform intermediary: other,platform intermediary: user-generated content,search service provider,software provider: app stores,online advertising provider,other service provider,streaming service provider,messaging service provider,infrastructure provider: cloud computing, storage and databases,infrastructure provider: other,software provider: other software
Category All
2
Type Private organisation
Economic activity cross-cutting
Category All
3
Type Private organisation
Economic activity cross-cutting
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
personal data (all forms): data processing
Regulatory tool
Purpose/processing limitation
Prohibition of end-user contract limitations
Prohibition of targeted trading partner under-cutting or other discrimination
User consent: Opt-in requirement
Prohibition of supplementary contractual obligations
End user access requirement
Other corporate behavioural requirement
User or public reporting requirement
Redressal mechanism requirement
Complaint mechanism requirement
Prohibition on combining personal data with data obtained from other provided services
Prohibition on combining personal data with data obtained through third parties or business users
Sanctions
Fine
Regulated subjects
1 2 3
advertisement (any targeting): data processing
Regulatory tool
Prohibition of supplementary contractual obligations
End user access requirement
Other corporate behavioural requirement
User or public reporting requirement
Redressal mechanism requirement
Complaint mechanism requirement
Sanctions
Fine
Regulated subjects
1 2 3
advertisement (any targeting): monetisation (any form)
Regulatory tool
Prohibition of supplementary contractual obligations
End user access requirement
Other corporate behavioural requirement
User or public reporting requirement
Redressal mechanism requirement
Complaint mechanism requirement
Sanctions
Fine
Regulated subjects
1 2 3
service (digitally delivered): sale
Regulatory tool
Prohibition of supplementary contractual obligations
End user access requirement
Other corporate behavioural requirement
User or public reporting requirement
Redressal mechanism requirement
Complaint mechanism requirement
Sanctions
Fine
Regulated subjects
1 2 3
corporate data: advertising data: storage (any form)
Regulatory tool
End user access requirement
User or public reporting requirement
Redressal mechanism requirement
Complaint mechanism requirement
Sanctions
Fine
Regulated subjects
1 2 3
consumer data (all forms): storage (any form)
Regulatory tool
End user access requirement
Redressal mechanism requirement
Complaint mechanism requirement
Prohibition on combining personal data with data obtained from other provided services
Prohibition on combining personal data with data obtained through third parties or business users
Sanctions
Fine
Regulated subjects
1 2 3
algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate
Regulatory tool
Prohibition of self-preferencing in algorithms or presentation
Redressal mechanism requirement
Complaint mechanism requirement
Sanctions
Fine
Regulated subjects
1 2 3

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

personal data (all forms): data processing

advertisement (any targeting): data processing

advertisement (any targeting): monetisation (any form)

service (digitally delivered): sale

corporate data: advertising data: storage (any form)

consumer data (all forms): storage (any form)

algorithm: ML/AI optimisation algorithm incl. matching, ranking, sorting: operate