PrivacyTru
PrivacyTru

Digital Markets Act (DMA)

At PrivacyTru Consulting, we provide answers to the most frequently asked questions about the Digital Markets Act (DMA). Gain insights from our experts on the latest regulatory measures and discover how they are shaping the digital landscape and impacting businesses from a total compliance perspective.

What is DMA?

The Digital Markets Act (DMA) is a landmark regulation introduced by the European Commission (EC) to regulate digital markets and ensure fair competition. While often viewed as a competition law, its impact on data handling, consent, and data sharing is profound. 

Whether you’re a business owner, marketer, web manager, or legal professional, understanding the DMA’s requirements is crucial for “in toto” (total) compliance and maintaining access to essential platforms. Data privacy is complex and ever-evolving, which can be challenging for organizations without dedicated resources. By answering these FAQs, our goal at PrivacyTru Consulting is to simplify the compliance process, providing the clarity you need to navigate the legislation’s complexities with confidence.

Contact Us

A PrivacyTru Consulting Guide to the Digital Markets Act (DMA)

At PrivacyTru Consulting, we provide answers to the most frequently asked questions about the Digital Markets Act (DMA). Gain insights from our experts on the latest regulatory measures and discover how they are shaping the digital landscape and impacting businesses from a total compliance perspective.

The Digital Markets Act (DMA) is a landmark regulation introduced by the European Commission (EC) to regulate digital markets and ensure fair competition. While often viewed as a competition law, its impact on data handling, consent, and data sharing is profound.

Whether you’re a business owner, marketer, web manager, or legal professional, understanding the DMA’s requirements is crucial for “in toto” (total) compliance and maintaining access to essential platforms. Data privacy is complex and ever-evolving, which can be challenging for organizations without dedicated resources. By answering these FAQs, our goal at PrivacyTru Consulting is to simplify the compliance process, providing the clarity you need to navigate the legislation’s complexities with confidence.

1. What is the Digital Markets Act (DMA)?

The Digital Markets Act (DMA) is a regulatory framework from the EU designed to regulate digital markets and address the dominance of online tech giants, often called “gatekeepers.”

The law aims to ensure fair competition, enhance consumer protection, and promote innovation. From a data privacy perspective, the DMA has a significant impact on how large online platforms and the smaller third-party businesses that use their services must handle user consent and data. It is designed to regulate large online platforms that have a substantial impact on the market and control key access points for businesses and consumers.

2. Why was the DMA regulation introduced?

The EC introduced the DMA in response to growing concerns about the market power of dominant tech enterprises. These companies have a significant and growing impact on competition, innovation, and consumer welfare.

  1. To Address Market Concentration and “Gatekeeper Power”
  2. To Promote Fair Competition and Innovation
  3. To Increase Consumer Choice and Control
  4. To Ensure Data Fairness and Transparency
  5. To Strengthen the EU’s Digital Sovereignty

In short, the DMA’s role is to regulate the digital market, encourage competition, and protect privacy by ensuring the ecosystem operates fairly. It aims to address the challenges posed by these digital gatekeepers and level the playing field for all participants.

3. What does the DMA aim to achieve?
  • Fostering competition in digital markets.
  • Addressing unfair practices by the tech giants that control large online platforms.
  • Safeguarding the interests of smaller businesses and consumers.

By imposing specific obligations on “gatekeepers,” the law creates a more transparent, competitive, and user-centric digital environment.

4. Who does the Digital Markets Act apply to?
  • Having a significant impact on digital markets.
  • Acting as intermediaries between businesses and users.
  • Enjoying a durable position of market power.

While the DMA directly regulates these gatekeepers, PrivacyTru Consulting advises that its rules create a significant ripple effect. All businesses that use gatekeeper platforms and services (like Google Ads, Amazon Marketplace, or Meta’s platforms) are responsible for complying with the new rules and data-sharing requirements those gatekeepers impose to meet their own DMA obligations.

5. What are the key provisions of the DMA?
  • Refrain from unfair or anti-competitive practices (like self-preferencing).
  • Provide businesses with access to the data they generate on the platform.
  • Ensure interoperability between services (e.g., messaging apps).
  • Obtain explicit consent before combining personal data from their core platform services with data from any other services.

The European Commission acts as the enforcement authority, empowered to impose substantial fines (up to 10–20% of global turnover) and other remedial measures for noncompliance.

6. How does the DMA impact digital platforms?
  • Businesses advertising on gatekeeper platforms get more control over their data but must follow stricter rules regarding personal data use.
  • Gatekeepers must establish new rules for their business users. PrivacyTru Consulting can help you navigate these new terms of service to ensure your data processing activities remain compliant.
  • Users must be able to uninstall preloaded applications from their devices.
  • The DMA introduces new limitations on processing personal data for digital advertising. Gatekeepers, for example, must obtain explicit consent before combining personal data from multiple online services for advertising purposes.
7. What are Google’s privacy requirements for its customers under the DMA?

As one of the designated gatekeepers, Google has updated its EU user consent policy to align with DMA requirements. This now requires any company using its ad products (like Google Ads and Google Analytics) to signal valid, verifiable user consent.

To support compliance, Google has pitched technical solutions like Google Consent Mode (GCM) v2 and certified Consent Management Platforms (CMPs) are part of the implementation, they are not a complete compliance strategy.

PrivacyTru Consulting focuses on the underlying data governance strategy “in toto.” We help you ensure your consent-gathering practices are robust, transparent, and compliant with both DMA and GDPR principles, and that this consent data is correctly managed across your entire data ecosystem, not just on your website’s front end.

8. Does the DMA create a level playing field for all market players?

That is the primary goal. The DMA aims to level the playing field by safeguarding fair access to the market, data, and users for smaller companies.

The DMA significantly improves market fairness by curbing the power of dominant gatekeepers and opening opportunities for smaller competitors. It introduces clear, enforceable rules that enhance transparency, data fairness, and user choice which are key elements of a level playing field.  However, its ultimate success will depend on consistent enforcement, technical compliance by gatekeepers, and the ability of smaller players to capitalize on the new opportunities it creates.

9. How does the Digital Markets Act address unfair practices by dominant platforms?

DMA’s objective is to establish a framework of ex-ante (preemptive) obligations and prohibitions that prevent unfair behavior before it occurs, rather than punishing it after the fact.

Gatekeepers are prohibited from engaging in practices that discourage competition, such as preferential promotion of their own products or services, leveraging user data unfairly, or blocking interoperability.

  • Investigate potential breaches and demand internal data from gatekeepers.
  • Impose fines up to 10% of global annual turnover (or 20% for repeat violations).
  • Impose structural remedies, including divestiture, for systematic non-compliance.
10. What is the role of the Digital Markets Unit (DMU)?

The Digital Markets Unit (DMU) is a specialized regulatory body within the U.K. Competition and Markets Authority (CMA). It was established in 2021 to oversee and promote fair competition in the digital economy, particularly focusing on big tech platforms that hold substantial market power.

DMU’s mission is to simply prevent dominant digital firms (like Google, Apple, Meta, Amazon, and Microsoft) from engaging in anti-competitive or unfair practices, ensuring a level playing field for businesses and better outcomes for consumers.

11. How is the DMA enforced?

The EC enforces the DMA through a combination of investigative powers, monitoring mechanisms, and penalties. It can request information from gatekeepers, respond to complaints, and impose significant fines for noncompliance.

12. Can the DMA force gatekeepers to share data with competitors?

Yes, the DMA requires gatekeepers to provide access to certain types of data to competitors and third-party companies using their platforms, particularly to ensure interoperability. The exact scope and conditions for this data sharing are outlined in the regulation.

13. Has the DMA tightened merger control for digital platforms?

Yes, the DMA introduced stricter rules for mergers and acquisitions. Gatekeepers must now inform the EC of all their intended acquisitions. This allows the EC to examine deals that might harm competition, even if they fall below traditional merger notification thresholds.

14. How does the Digital Markets Act affect online advertising?

The DMA has a significant impact on online advertising. It demands greater transparency from gatekeepers regarding their advertising services and pricing.

Moreover, the DMA’s restrictions on combining personal data without explicit consent and its limits on customer profiling fundamentally alter the targeted advertising ecosystem. PrivacyTru Consulting views this as an accelerator for a strategic shift to first-party data and context-based advertising, moving businesses away from a reliance on gatekeeper-controlled data.

15. Does the DMA increase transparency in online ranking algorithms?

Yes, the DMA requires gatekeepers to provide businesses using their platforms (e.g., in an app store or marketplace) with clear and meaningful information about how their ranking algorithms function.

16. What penalties can be imposed for noncompliance with the DMA?

Gatekeepers that fail to comply can face significant penalties. Fines can reach up to 10% of a company’s total global annual turnover, and up to 20% for repeated infringements. The EC can also impose behavioral or structural remedies, such as forcing the divestiture of parts of the business.

17. How is the DMA implemented across EU member states?

The DMA is an EU Regulation, meaning it applies directly and uniformly across all 27 EU member states, unlike a Directive which requires implementation into national law. This ensures a harmonized set of rules.

18. Does the DMA harmonize digital market regulations across the EU?

Yes. The DMA establishes a single set of rules that apply uniformly to gatekeepers operating in the EU, replacing a potential patchwork of national regulations.

19. How does the Digital Markets Act impact innovation in digital markets?

While the DMA introduces stricter regulations, it also aims to stimulate innovation by fostering competition. By preventing gatekeepers from blocking new entrants, rival app stores and payment systems can emerge. Increased transparency into algorithms and data also enables smaller players to better understand the market and improve their own services.

20. Does the DMA prevent large online platforms from self-preferencing?

Yes, this is one of its core prohibitions. Gatekeepers are forbidden from promoting their own products or services over those of competitors on their platforms.

21. Does the DMA address concerns related to market concentration?

Yes. By imposing obligations and restrictions on gatekeepers and enhancing regulatory scrutiny over mergers, the DMA directly seeks to prevent the abuse of market power and further concentration.

22. How does the DMA impact small and medium-sized enterprises (SMEs)?

While the DMA’s primary focus is on tech giants, SMEs that rely on gatekeeper platforms for sales and marketing are significantly affected.

Smaller companies must now adapt to the new platform-specific rules imposed by gatekeepers. Furthermore, the DMA’s data privacy requirements apply to all personal data collected on these platforms.

There isn’t a one-size-fits-all solution to this new landscape. PrivacyTru Consulting helps businesses, especially SMEs, move beyond just implementing a single tool. We help you develop a holistic, “in toto” compliance strategy that includes robust data mapping, clear privacy notices, and a strategic pivot to first-party data, ensuring you build trust and long-term resilience.

23. Does the DMA apply to large online platforms of non-European companies operating in the EU?

Yes. The DMA applies to any company designated as a “gatekeeper” due to its significant impact on the EU’s internal market, regardless of where the company is headquartered. In fact, most of the initially designated gatekeepers are based outside the EU.

24. Can the DMA be modified or updated in the future?
Yes. The DMA is designed to be a dynamic regulation. The EC can review and update it to adapt to changing market dynamics, emerging technologies, and new business practices to ensure its continued effectiveness.
25. How does the Digital Markets Act differ from other competition laws?

While traditional competition law (like GDPR’s counterparts) often acts after harm has occurred, the DMA is ex-ante-it sets out sector-specific obligations and restrictions in advance to prevent gatekeepers from engaging in unfair practices in the first place.

26. What criticism has the Digital Markets Act received?

Critics of the DMA argue that it could stifle innovation, impose excessive regulatory burdens, or that its broad prohibitions may harm consumers. Some also claim that it makes it more difficult to export digital services to Europe. Gatekeepers like Apple have raised concerns that mandated alternatives (like third-party app stores) could increase privacy and security risks.

27. Has the DMA increased costs for large online platforms?

Yes. Achieving compliance requires gatekeepers to make significant investments in technology, staffing, and legal resources to re-engineer platforms and processes. The costs of maintaining compliance are estimated to be substantial. Gatekeepers pass some of these new compliance responsibilities (and costs) on to the third-party businesses using their platforms.

28. Does the DMA promote a more diverse and competitive digital ecosystem?

This is the central aim. By encouraging startups and smaller businesses to compete with established platforms, the DMA seeks to foster innovation and growth. Measures ensuring data portability and interoperability are key to reducing barriers to entry and broadening consumer choice.

29. How does the DMA work with other regulations?

The DMA is designed to complement existing regulations, most notably the GDPR (General Data Protection Regulation). While the GDPR governs how personal data is processed, the DMA governs how the gatekeepers who control the platforms for that data can operate. PrivacyTru Consulting specializes in navigating the complex interplay between these two powerful regulations.

30. When did the DMA regulation come into effect?

The Digital Markets Act entered into force on 1 November 2022 and became applicable from 2 May 2023. The first compliance deadline for gatekeepers was 7 March 2024.

31. How should businesses adapt to the DMA?

Meeting DMA-driven requirements should be a top priority. A “wait-and-see” approach is risky, as gatekeepers are actively enforcing their new terms of service.

  1.  Conduct an Applicability & Data Flow Audit: First, understand how your business interacts with gatekeeper platforms. Map the flow of data between your assets and their services.
  2. Review and Remediate Vendor Contracts: Analyze your agreements with gatekeepers and other ad-tech partners to understand your new obligations regarding data sharing and consent signaling.
  3. Develop a Holistic Governance Strategy: A CMP is a tool, not a strategy. Your “in toto” compliance program must also include:
    • Data Minimization: Are you collecting only what is necessary?
    • Purpose Limitation: Are you using data only for the explicit purposes you’ve disclosed?
    • Policy Updates: Your privacy policy must be updated to reflect new data sharing practices.
  4. Partner with PrivacyTru Consulting: We help you implement a complete, “in toto” compliance framework. Our services include data governance strategy, policy drafting, vendor risk management, and operationalizing data rights, ensuring you are prepared for the new digital market.

PrivacyTru does not offer legal advice. All information shared is for educational purposes only. We recommend consulting qualified legal counsel or certified privacy professionals for guidance on data protection laws and operational compliance.

Trusted by many

We draw experience from

Need a Custom Solution?

Schedule Your Free Strategic Consultation.

Contact Us
0 +
Assessments Completed
0 +
Consultations
0 +
Projects
0 +
Global Clients
0 +
Specialised Services
0 +
Countries Served

Your global partner for building trust and driving growth.

Service Locations
Say Hello

info@privacytru.com

+91 8979040159
+31 647249698

Socials
Legal

© PrivacyTru Consulting LLP 2026. All Rights Reserved. Designed & Developed by ShortMelon

Submit Your Data Subject Requests

We value your privacy and respect the personal data you’ve shared with us. We are committed to upholding your data rights and take your requests seriously. Use the form below to request access to or deletion of your data.