European privacy regulators (EDPB) and the European Commission have published new guidelines on the relationship between the Digital Markets Act (DMA) and European privacy rules (the General Data Protection Regulation, AVG). The guidelines clarify how large online platforms can comply with both laws simultaneously.
The DMA contains special rules for large digital platforms with a very strong market position and that offer so-called "core platform services," such as app stores, messaging services and search engines. These "gatekeepers" should enable fair competition, for example by restricting linking services and sharing data with other providers.
Many of these obligations touch directly on the protection of personal data. That is why it is important that the DMA is well aligned with privacy laws. The new guidelines show how the two laws complement each other and how companies can take both rules into account.
Among other things, the guidelines explain when platforms should seek permission to combine data from different services, and how to transparently inform users about the use of their data.
For companies, the guidelines provide guidance on how to carry out their obligations under the DMA without coming into conflict with the AVG. For users, they provide additional assurance that their privacy rights apply even when large platforms must comply with the DMA rules.
The guidelines are still in draft form. Anyone can comment through a public consultation on the EDPB website until Dec. 4, 2025. After that, the final version will be adopted.
