EU: Fix Digital Markets Act flaws to protect competition and users’ rights

EU: Fix Digital Markets Act flaws to protect competition and users’ rights - Digital

Summary

In an emergency letter published today, ARTICLE 19 and other competition and privacy leaders urge EU co-legislators to correct the EU Digital Markets Act. The EU Digital Markets Act (DMA) is intended to rein in Big Tech firms. But there is a severe flaw in Article 5(1)a of the latest DMA text. Unless EU co-legislators take urgent action, this flaw will help Big Tech firms undermine data protection and competition.

19 April 2022

Digital Markets Act Article 5(1)a

Dear colleagues,

1. The signatories have interests in upholding competition, the rights to data protection and privacy, and consumer protection. We believe flaws in the 13 April text of Article 5(1)a of the Digital Markets Act may be exploited by gatekeepers to undermine them.

2. We are concerned about three problems in the 13 April text of Article 5(1)a:

a. The omission of the reference to ‘specific processing purposes’ may be used by gatekeepers to suggest they can combine data with a single opt-in: While the requirements of the GDPR remain unaffected, this omission creates a fatal ambiguity about whether a gatekeeper can combine any and all data across their business once a person is prevailed upon to click a single and all-encompassing ‘okay’ button. The GDPR requires firms to have a legal basis for each ‘processing purpose’ for which they cross-use personal data across their businesses.ii If the DMA Article 5(1)a text is not corrected to dispel this ambiguity, gatekeepers will wrongly rely on this to undermine both EU data protection law and to neutralise the co-legislators’ intended impact of Article 5(1)a.

b. The removal of the reference to ‘processing purposes’ in Article 5(1)a deprives the Commission of the power to monitor gatekeepers’ data combination across processing purposes under DMA Article 10 and Article 11.

c. The addition of the words ‘processing for the purpose of providing advertising services’ will enable gatekeepers to wrongly claim that a single opt-in suffices to legitimise the hundreds of data processing purposes related to their online advertising businesses.

3. We fear that fundamental rights to data protection and privacy will be undermined, and that gatekeepers’ market power and ability to suppress publishers and nascent competitors will be entrenched.

4. We urge you to fix these errors by returning to the Article 5(1)a text of 2 March. Further, gatekeepers should remain obliged to provide an equivalent service without quality degradation if no consent is given, per Recitals 36 and 36a of the 13 April text.

PDF version of letter