The DMA's Consent Moment and its Relationship with the GDPR

Abstract

The Digital Markets Act (DMA) is designed to ensure fair and contestable digital markets. With one of the key sources of market power of big tech being data, it is not surprising that it is the subject matter of a number of DMA provisions. Article 5(2) prohibits gatekeepers from engaging in forms of accumulation and cross-use of personal data, unless they receive users' consent, defined by reference to the General Data Protection Regulation (GDPR). Consent as defined by the GDPR suffers from a number of shortcomings, among other things, relating to whether consent can be truly freely given. The DMA tries to address some of the shortcomings by formulating a version of consent that seemingly goes beyond the GDPR. While a new version of consent may ensure greater effectiveness, it raises questions concerning the interaction and compatibility with the GDPR. To shed light on this issue, the paper discusses the role and meaning of consent in the DMA vis-à-vis the GDPR and explores how to interpret consent under both the DMA and GDPR in a manner that is consistent with each other and that accounts for the characteristics of digital markets.