Public Consultation on Joint Guidelines on the Interplay between DMA and GDPR

The European Commission and the European Data Protection Board (EDPB) launched today, 9 October 2025, a public consultation to gather feedback on draft joint guidelines on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR).

The consultation will remain open until 4 December 2025, 11:59 PM (CEST).

Objectives of the Guidelines

The joint guidelines aim to guide gatekeepers on how to interpret and comply with both sets of rules, while ensuring that the distinct competences of the Commission and the EDPB are respected. This initiative aims to improve legal clarity and certainty for businesses in the EU, while ensuring the effectiveness of both regulations.

The DMA and GDPR are independent regulatory frameworks with complementary objectives and several points of intersection. To ensure the coherent and practical application of the two sets of rules, the Commission and the EDPB decided to issue Joint Guidelines on the interplay between the DMA and the GDPR.

A Historic First

These guidelines represent a historic milestone: they are the first joint guidelines prepared by the EDPB and the European Commission. As highlighted by Anu Talus, EDPB Chair:

“These joint guidelines are the result of a fruitful cooperation between the EDPB and the European Commission. This approach maximises usefulness of the guidance by simplifying compliance for businesses and bringing enhanced legal certainty to them.”

This initiative is part of the EDPB’s 2024-2027 Strategy and the recent Helsinki Statement’s objectives to make GDPR compliance easier and strengthen consistency.

The main areas where the two regulations intersect include:

Combination and portability of users’ data: The DMA provisions on these aspects involve processing personal data and therefore require compliance with GDPR.
Alternative app stores and distribution channels: The DMA provides for alternative app stores, for which gatekeepers may put in place strictly necessary and proportionate measures that must also comply with GDPR.

The DMA and the GDPR both protect individuals in the digital landscape, but their goals are complementary as they address interconnected challenges: individual rights and privacy in the case of the GDPR, and fairness and contestability of digital markets under the DMA.

Several activities regulated by the DMA entail the processing of personal data by gatekeepers and, in several provisions, the DMA explicitly refers to definitions and concepts included in the GDPR.

Specific Aspects Covered in the Guidelines

The joint guidelines clarify crucial aspects for practical implementation, including:

Valid consent and specific choice (Art. 5(2) DMA): elements that gatekeepers should consider to comply with the requirements of specific choice and valid consent, in order to lawfully combine or cross-use personal data in core platform services.
Distribution of third-party apps and stores: requirements to ensure that measures implemented by gatekeepers comply with GDPR.
Data portability: methods for implementing portability provisions in line with both regulations.
Data access requests: procedures and requirements for handling access requests.
Interoperability of messaging services: data protection requirements in implementing interoperability.

The Collaboration Journey

This collaboration between the European Commission and the EDPB started in September 2024 to ensure the coherent application of the two regulations, fully respecting the distinct competences of each body. The work has been developed within the framework of the High-Level Group for the DMA.

Who Can Participate

All citizens, companies, and organisations are welcome to contribute to this consultation. Contributions are sought particularly from:

Business users (especially SMEs)
End users of the gatekeepers’ digital services in the scope of the DMA
Associations representing these users

How to Participate

Interested parties have until 4 December 2025, 11:59 PM (CEST) to submit their input through the dedicated online questionnaire.

Answers can be provided in any official EU language.

Publication of Contributions

Submissions will be published on the DMA website (with a link included on the EDPB website), including the name of the organisation and the type of respondent. Exceptionally, it is possible to request anonymous publication of one’s contribution.

Future Developments

Following these first joint guidelines with the Commission, further work is underway to clarify the new cross-regulatory landscape and maintain coherent and consistent safeguards for the protection of personal data. Specifically, the EDPB is working with the Commission, particularly with the AI Office, on joint guidelines on the interplay between the AI Act and EU data protection laws.

Next Steps

Following the closing of the consultation, the Commission and the EDPB will carefully review all submissions before adopting the final Joint Guidelines, which will be published during 2026.

Hashtag correlati

#DMA #GDPR #DigitalMarketsAct #DataProtection #EuropeanCommission #EDPB #PublicConsultation #Gatekeeper #DigitalLaw #Privacy #EU #EURegulation #DigitalRegulation #EULaw #Interoperability #BigTech #DigitalPlatforms #GDPRCompliance #DigitalRights #TechRegulation

Public Consultation on Joint Guidelines on the Interplay between DMA and GDPR#

Objectives of the Guidelines#

A Historic First#

Areas of Intersection between DMA and GDPR#

How DMA and GDPR Interact#

Specific Aspects Covered in the Guidelines#

The Collaboration Journey#

Who Can Participate#

How to Participate#

Publication of Contributions#

Future Developments#

Next Steps#