Pay or consent to have your data used- the complex intersection between the DMA and data protection rules

One of the objectives of the Digital Markets Act (DMA) is to prevent gatekeeper platforms from employing their data advantage to create barriers to new entrants. To achieve that, the DMA uses the concept of GDPR consent in Article 5(2) DMA. While this can be seen as a recognition of the synergy between the GDPR and the regulation of digital markets, it exposes an unavoidable challenge for the DMA enforcer: DMA deals with market power and contestability and the GDPR deals with fundamental rights of individuals concerning their personal data. Therefore, data protection and market regulators depart from different assumptions about freedom of choice and consumers’ preferences. These differences are prone to creating conflicts when enforcing the DMA provisions. The purpose of this article is twofold. It critically examines the conflict between the GDPR and DMA regarding consent. It also reflects on how these conflicts have been dealt with in the DMA investigation on Meta’s ‘Pay or Consent’ model. The article contends that the DMA enforcer has not considered the specific objectives of the DMA when addressing consent in Meta’s model, relying instead only on data protection assumptions to conceptualise it. This outcome led to avoidable DMA overregulation and inefficient remedies.