Digital Markets Act (DMA)
Table of Contents
Chapter I – SUBJECT MATTER, SCOPE AND DEFINITIONS
Chapter II – GATEKEEPERS
Chapter III – PRACTICES OF GATEKEEPERS THAT LIMIT CONTESTABILITY OR ARE UNFAIR
Chapter IV – MARKET INVESTIGATION
Chapter V – INVESTIGATIVE, ENFORCEMENT AND MONITORING POWERS
Chapter VI – FINAL PROVISIONS
Recitals (109)
Annexes
Recital 72
(72) The data protection and privacy interests of end users are relevant to any assessment of potential negative effects of the observed practice of gatekeepers to collect and accumulate large amounts of data from end users. Ensuring an adequate level of transparency of profiling practices employed by gatekeepers, including, but not limited to, profiling within the meaning of Article 4, point (4), of General Data Protection Regulation (GDPR), facilitates contestability of core platform services. Transparency puts external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale. Enhanced transparency should allow other undertakings providing core platform services to differentiate themselves better through the use of superior privacy guarantees. To ensure a minimum level of effectiveness of this transparency obligation, gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed, including whether personal data and data derived from user activity in line with General Data Protection Regulation (GDPR) is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the duration of the profiling, the impact of such profiling on the gatekeeper’s services, and the steps taken to effectively enable end users to be aware of the relevant use of such profiling, as well as steps to seek their consent or provide them with the possibility of denying or withdrawing consent. The Commission should transfer the audited description to the European Data Protection Board to inform the enforcement of Union data protection rules. The Commission should be empowered to develop the methodology and procedure for the audited description, in consultation with the European Data Protection Supervisor, the European Data Protection Board, civil society and experts, in line with Comitology Regulation ( 16 ) and (EU) 2018/1725 ( 17 ) of the European Parliament and of the Council.