My favourites

Chapter III – Practices of Gatekeepers that limit contestability or are unfair (Art. 5-15)

Art. 5 DMA - Obligations for gatekeepers arrow_right_alt

Art. 6 DMA - Obligations for gatekeepers susceptible of being further specified under Article 8 arrow_right_alt

Art. 7 DMA - Obligation for gatekeepers on interoperability of number-independent interpersonal communications services arrow_right_alt

Art. 8 DMA - Compliance with obligations for gatekeepers arrow_right_alt

Art. 9 DMA - Suspension arrow_right_alt

Art. 10 DMA - Exemption for grounds of public health and public security arrow_right_alt

Art. 11 DMA - Reporting arrow_right_alt

Art. 12 DMA - Updating obligations for gatekeepers arrow_right_alt

Art. 13 DMA - Anti-circumvention arrow_right_alt

Art. 14 DMA - Obligation to inform about concentrations arrow_right_alt

Art. 15 DMA - Obligation of an audit arrow_right_alt

  1. Within 6 months after its designation pursuant to Article 3, a gatekeeper shall submit to the Commission an independently audited description of any techniques for profiling of consumers that the gatekeeper applies to or across its core platform services listed in the designation decision pursuant to Article 3(9). The Commission shall transmit that audited description to the European Data Protection Board.
  2. The Commission may adopt an implementing act referred to in Article 46(1), point (g), to develop the methodology and procedure of the audit.
  3. The gatekeeper shall make publicly available an overview of the audited description referred to in paragraph 1. In doing so, the gatekeeper shall be entitled to take account of the need to respect its business secrets. The gatekeeper shall update that description and that overview at least annually.
Related
Close tabsclose
  • 72

Recital 72

The data protection and privacy interests of end users are relevant to any assessment of potential negative effects of the observed practice of gatekeepers to collect and accumulate large amounts of data from end users. Ensuring an adequate level of transparency of profiling practices employed by gatekeepers, including, but not limited to, profiling within the meaning of Article 4, point (4), of Regulation (EU) 2016/679, facilitates contestability of core platform services. Transparency puts external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale. Enhanced transparency should allow other undertakings providing core platform services to differentiate themselves better through the use of superior privacy guarantees.

To ensure a minimum level of effectiveness of this transparency obligation, gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed, including whether personal data and data derived from user activity in line with Regulation (EU) 2016/679 is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the duration of the profiling, the impact of such profiling on the gatekeeper’s services, and the steps taken to effectively enable end users to be aware of the relevant use of such profiling, as well as steps to seek their consent or provide them with the possibility of denying or withdrawing consent. The Commission should transfer the audited description to the European Data Protection Board to inform the enforcement of Union data protection rules. The Commission should be empowered to develop the methodology and procedure for the audited description, in consultation with the European Data Protection Supervisor, the European Data Protection Board, civil society and experts, in line with Regulations (EU) No 182/2011 (1) and (EU) 2018/1725 (2) of the European Parliament and of the Council.


(1) Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
(2) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).