The Digital Markets Act (DMA) became applicable on 2 May. The regulation imposes a list of dos and don’ts on large online platforms (known as ‘gatekeepers’) in some core platform services, like social networking services. In particular, the DMA prevents gatekeepers from collecting and processing personal data unless online users consent under the General Data Protection Regulation (GDPR). In this context, the DMA complements the GDPR by specifying how gatekeepers can request and collect consent. In short, firms must collect consent without misleading practices that steer users to consent, known as ‘dark patterns’.
The DMA aims to ensure that users consent to data processing effectively. However, the GDPR has tried to provide this for years. Firms still implement dark patterns and users are facing consent fatigue due to encountering repeated consent banners. The DMA might not ensure effectiveness. Indeed, it could increase the number of consent requests and information, leading to more consent fatigue and information overload, which could prevent users from making effective choices.
The European Commission cannot dictate how gatekeepers will comply with this obligation. However, it can order them to show that their compliance measures are effective in their compliance reports. They should request that gatekeepers provide an independent behavioural study that examines the consent banners and users’ choice patterns. In parallel, with the help of other European regulators, the European Commission should study how users perceive and interact with consent banners and how the DMA interacts with other legal regimes, including data protection laws.
The Why Axis is a weekly newsletter distributed by Bruegel, bringing you the latest research on European economic policy.