Dan Cooper, Anna Oberschelp de Meneses, Paul Maynard, and Diane Valat ofCovington and Burling write:
This post is the first of a series of blog posts about the Digital Markets Act (“DMA”), which was adopted on July 18, 2022, and it deals specifically with those provisions of the DMA that are relevant to organizations’ privacy programs.
The DMA sets out the following obligations and restrictions on gatekeepers that are relevant to compliance with privacy rules:
- it restricts the GDPR legal bases gatekeepers may rely on to process personal data in certain cases;
- it prohibits the processing of certain data generated or received from other businesses or their end users for the purpose of competing with other businesses;
- it requires the sharing of end users’ personal data with businesses operating on a gatekeeper’s platform, and with advertising companies the gatekeeper works with, at their request;
- it requires gatekeepers to port end users’ data at their request; and
- it requires gatekeepers to share independently audited information about profiling techniques with the European Commission.
Below we explain these obligations and prohibitions in more detail.
Read more at InsidePrivacy.