EU seeks public input on how Digital Markets Act and data protection rules work together

The European Commission and the European Data Protection Board have opened a public consultation on draft guidelines that explain how the Digital Markets Act and the General Data Protection Regulation intersect. The aim is to give companies clearer instructions on complying with both sets of rules at the same time.

The draft clarifies areas where Digital Markets Act obligations involve handling personal data and therefore trigger General Data Protection Regulation requirements. Examples include combining user data across services, honouring data portability, and operating or allowing alternative app stores and distribution channels. In those cases, any ‘strictly necessary and proportionate’ measures taken by designated ‘gatekeepers’ must still meet data-protection standards such as lawful basis, transparency, and purpose limitation.

The Commission and the Board began this joint work in September 2024 to improve legal certainty while keeping each institution’s role separate: the Commission enforces the competition-focused platform obligations under the Digital Markets Act, and national data protection authorities enforce the General Data Protection Regulation. The guidance is intended to align the application of both frameworks without changing either law.

Stakeholders can submit feedback until 4 December 2025. After reviewing submissions, the institutions plan to adopt final guidelines in 2026. Once the consultation closes, all contributions will be published on the Digital Markets Act website, with a link from the European Data Protection Board website.