Il rapporto tra il Regolamento generale sulla protezione dei dati (GDPR) e la Normativa sui mercati digitali (DMA)

The present work aims at introducing the relation between the General Data Protection Regulation (GDPR) and the Digital Markets Act (DMA), the EU regulation entered into force on March 7th, 2024, attempting at improving the ‘fairness’ and ‘contestability’ of digital markets addressing the dominance of large market giants “gatekeepers”, by fostering competition. Specifically, it is paramount to define the points of contact among the above mentioned regulations: to this purpose, the DMA prohibits gatekeepers from combining and cross using the end user’s data collected from different sources within its own framework in the absence of end users provision of consent, in compliance with the GDPR. Accordingly, the DMA is deemed to complement the GDPR, with regard to the scope of data portability and interoperability; in particular, the extension of these DMA’s obligations far exceed the GDPR, ever since the former provides for a deepen coverage of datasets belonging to a remarkable number of data subjects, whilst under the GDPR, data are limited to the single subject for a specific individual’s use. A further reflection concerns the differences in approach between the GDPR, on the one hand, and DMA and competition law, on the other hand, regarding the use and sharing of data, including personal data: specifically because it protects privacy, the GDPR views the use and sharing of personal data as a phenomenon that is generally negative, subjecting it to rules and conditions: the more data are used and shared the greater the privacy prejudice is. Conversely, in terms of the DMA and competition regulations, more data are available to third parties (competitors and/or businesses that require them in order to provide their services), as this prevents data ownership from acting as a kind of barrier to entry. Ultimately, it will be highlighted the interconnectivity resulting from European Commission’s tandem priorities under the von Der Leyen’s presidency: namely, sustainable development in conjunction with the protection of personal data, analyzed from the point of view of the contribution provided by the DMA and the GDPR to the Environmental, Social and Governance (ESG) factors.