Publisher compliance under the Digital Markets Act (DMA)

Pandectes GDPR Compliance for Shopify Stores - Publisher compliance under the Digital Markets Act (DMA) - cover

Table of Contents


The European Digital Markets Act (DMA) is a significant legislative framework that aims to ensure fair competition and openness in digital markets. This act addresses the challenges of the rapidly evolving digital landscape by regulating large online platforms with significant market power. Its goal is to rectify the power difference between large online platforms like online marketplaces, operating systems, cloud services, search engines, and businesses or users by placing specific obligations and restrictions on them. The DMA focuses on several key areas, such as the prevention of unfair practices, the promotion of interoperability, and the facilitation of consumer choice.

Understanding the implications of the DMA is paramount for publishers to navigate the evolving digital landscape. The act seeks to level the playing field and create a fair and transparent environment that benefits all market participants, including publishers. It addresses issues such as the dominance of certain digital platforms, the lack of transparency in advertising, and the use of unfair contractual terms. By encouraging competition and innovation, the DMA aims to create a more diverse and dynamic digital ecosystem that benefits all stakeholders.

The European Digital Markets Act (DMA): the basics

The Digital Markets Act (DMA) sets out a set of strict guidelines to identify the so-called “gatekeeper” platforms that hold a substantial amount of market power. These platforms can act as intermediaries between businesses and consumers, and their actions can significantly impact the market and competition.

The DMA aims to regulate these gatekeepers to ensure they do not abuse their power and maintain a level playing field for all market participants. The regulatory oversight of gatekeepers includes increased scrutiny and a range of measures such as transparency and non-discrimination obligations, data access requirements, and potential sanctions for non-compliance. Ultimately, the DMA seeks to promote fair competition and innovation in the digital economy.

How does DMA affect publishers?

The Digital Markets Act (DMA) has been introduced to promote fair competition within digital ecosystems. DMA presents many opportunities and challenges for publishers operating within these ecosystems. On the one hand, the legislation seeks to create a level playing field for all publishers, which may lead to a more equitable environment. This could increase publishers’ opportunities to reach their target audience and grow their business.

However, compliance with DMA’s requirements may pose significant logistical and operational hurdles for publishers. For instance, DMA’s advertising practices and data management guidelines require publishers to be more transparent about their data collection and usage practices. This could be time-consuming for publishers, who may need to implement new technologies and processes to meet these requirements.

Moreover, DMA’s provisions may also impact publishers’ revenue streams, particularly those that rely heavily on advertising revenue. As the legislation aims to tackle anti-competitive practices within digital ecosystems, publishers may need to pivot their business models to comply with DMA’s requirements. Overall, while DMA offers opportunities for publishers to operate in a more equitable environment, compliance with its provisions may present significant challenges for publishers. Publishers must adapt to these new rules and regulations to remain competitive within the digital ecosystem.

Pandectes GDPR Compliance for Shopify Stores - Publisher compliance under the Digital Markets Act (DMA) - Ads

Rules on targeted advertising: What do the DMA and DSA say?

The DMA (Digital Markets Act) and the DSA (Digital Services Act) represent a significant shift in how online platforms handle personal data for targeted advertising. These regulations have been introduced to protect user privacy and ensure transparency and accountability in advertising practices. The DMA focuses on regulating the behavior of large online platforms that significantly impact the digital market. At the same time, the Digital Services Act aims to regulate all digital services that operate within the European Union. Both regulations require online platforms to comply with strict limitations and obligations when processing personal data for targeted advertising.

This includes the requirement to obtain explicit user consent for processing their personal data and the obligation to provide users with clear and concise information about how their data is being used. The regulations also introduce new requirements for advertising practices, such as the obligation for advertisers to provide clear and concise information about the nature of the advertisements being served. Overall, the DMA and DSA represent a significant step in protecting user privacy in the digital age.

How do gatekeepers comply with the law?

According to the guidelines set forth by the Digital Markets Act (DMA), gatekeepers must follow strict compliance measures. These gatekeepers are identified based on specific criteria outlined in the DMA. Gatekeepers must provide business users with real-time access to data on any core platform service. This includes being transparent about ad pricing and performance metrics. A key requirement of gatekeepers is to provide all users equal access to their core platform services without any discrimination.

Additionally, they must abstain from unfair or anti-competitive practices that could hinder competition in the market. In essence, the DMA aims to create a level playing field for all players in the digital market space, ensuring fair competition and protecting users’ interests.

Obligations for gatekeepers

The gatekeeper must not do any of these things:

  1. Process, for the purpose of providing a core platform service to business users or other users located within the European Union (EU), any personal data that the business users or other users do not themselves make accessible to the gatekeeper or have not themselves provided to the gatekeeper, including for providing online advertising services.

  2. Combine personal data obtained from offering different core platform services without effective consent from the business users or other users located within the EU or use such combined personal data for any purpose other than providing those core platform services.

  3. Prevent business users or other users within the EU from offering goods or services to end users within the EU where those goods or services are offered on the gatekeeper’s relevant core platform service or on another core platform service that competes with the gatekeeper’s core platform services.

  4. Require business users or other users located within the EU to agree to any contractual terms or conditions that have no connection to the provision of the core platform services and to which those business users or other users do not or cannot reasonably object.

  5. Discriminate between business users or other users within the EU unless the gatekeeper can justify the differentiation. The objective justification is proportionate to the difference in treatment and necessary for an objective reason.

  6. Prevent business users or other users within the EU from using software applications and software application stores of their choice to reach end users, where the gatekeeper’s core platform service is accessed through software applications.

  7. Use data obtained from the access to or use of the core platform services by business users or other users located within the EU for advertising services to compete unfairly with those business users or other users in markets that are separate from the core platform services unless this is strictly necessary for the proper functioning of those services.

Reports on consumer profiling techniques

The DMA (Digital Markets Act) has made it mandatory for online platforms to maintain transparency regarding the consumer profiling techniques they employ. Online publishers must ensure complete compliance with the DMA’s reporting requirements. This is a critical step towards fostering trust and accountability in the digital market, marred by concerns over consumer privacy and data security.

Publishers must now disclose the profiling techniques, the data they collect, and the purpose for which this data is used. This transparency will help consumers make more informed decisions while encouraging online platforms to adopt ethical and responsible practices.

Pandectes GDPR Compliance for Shopify Stores - Publisher compliance under the Digital Markets Act (DMA) - Security

DMA compliance requirements for third-party companies using core platform services

The Digital Markets Act (DMA) is a regulatory framework designed to prevent designated online platforms from having an unfair advantage over third-party companies. The act imposes heightened compliance obligations on third-party companies that use core platform services provided by designated gatekeepers. These obligations include measures to promote fair competition and prevent any anticompetitive practices by the gatekeepers.

The primary goal of the DMA is to create a level playing field in the digital market and encourage innovation and growth in the industry. The act recognizes the importance of competition in driving innovation and value creation. It ensures that gatekeepers do not use market power to stifle competition or harm consumers.

To achieve these goals, the DMA imposes a range of obligations on gatekeepers, including requirements to provide access to their platforms and data on fair, reasonable, and non-discriminatory terms. The act also establishes a framework for monitoring and enforcing compliance with these obligations, with penalties for non-compliance, including fines of up to 10% of a company’s global turnover.

What changes have companies made?

In light of the Digital Markets Act (DMA), businesses have been making significant changes to comply with the new regulations. These changes may involve re-evaluating their data management practices, advertising strategies, and partnerships to ensure they align with the regulatory requirements while maintaining operational efficiency. Companies are taking steps to ensure that user data is collected and processed transparently and securely, which complies with the DMA’s guidelines.

Additionally, businesses refine their advertising strategies to avoid engaging in anti-competitive practices. Finally, companies are reviewing their partnerships to ensure that they’re not engaging in anti-competitive behavior or contributing to the digital market’s concentration of power. All these measures aim to create a fairer and more competitive digital market that benefits both consumers and businesses.

Switch to Google Analytics 4

The transition to Google Analytics 4 is a significant move for publishers looking to improve their data privacy and comply with the DMA regulations. This updated analytics platform offers advanced consent management and data protection features, which align with regulatory expectations. The new platform gives publishers more control over their data and helps them gain deeper insights into their audience’s behavior.

Some of Google Analytics 4’s key features include cross-device tracking, machine learning capabilities, and enhanced reporting options. The transition to Google Analytics 4 is a strategic move that can help publishers optimize their website’s performance, improve user experience, and comply with the latest data privacy regulations.

Pandectes GDPR Compliance for Shopify Stores - Publisher compliance under the Digital Markets Act (DMA) - Lock

One key requirement of this act is that publishers obtain explicit user consent for data collection and processing activities. This means that users must be informed about what data is being collected, how it will be used, and who it will be shared with. It also means that users can control their data and revoke consent anytime.

To comply with the Digital Markets Act, publishers must implement mechanisms for granular consent management that enable users to exercise their rights easily and transparently. These mechanisms should be designed with user privacy and security, ensuring user data is processed and stored safely and user preferences are respected. Ultimately, the Digital Markets Act aims to create a more fair and trustworthy digital ecosystem that puts users first.

To ensure compliance with the DMA, companies must adopt comprehensive mechanisms for obtaining and storing valid user consent. This involves implementing clear and transparent consent mechanisms that provide users with a clear understanding of what they are giving their consent for, how their data will be used, and who will have access to it.

Additionally, companies must maintain detailed records of user consent, including the date and time at which consent was given, the specific purpose for which the data is being used, and any third-party entities that will have access to the data. Finally, companies must respect user preferences and allow them to manage their consent settings, including the option to withdraw their consent at any time.

In order to comply with the DMA, publishers need to ensure they have effective consent management in place. Consent management platforms (CMPs) such as the Pandectes GDPR Compliance app, available on Shopify, can be immensely helpful. By leveraging CMPs, publishers can streamline their consent processes and enhance customer transparency. These platforms allow publishers to collect and manage user consent more efficiently, reducing the risk of non-compliance with DMA regulations.

CMPs can also help publishers build customer trust by providing clear and concise information about data collection and processing practices. The Pandectes GDPR Compliance app offers a comprehensive solution for implementing consent management in alignment with DMA requirements so publishers can streamline compliance efforts and build user trust.

Pandectes GDPR Compliance for Shopify Stores - Publisher compliance under the Digital Markets Act (DMA) - EU flags

Next Steps for Publishers

With the increasing focus on data privacy and security, publishers must keep themselves updated about the latest changes in DMA enforcement. To ensure compliance with the regulations, publishers must be vigilant and proactive in monitoring regulatory developments. This involves regularly assessing their practices and policies to align with the evolving regulations.

Additionally, publishers may need to update their privacy policies and procedures to ensure compliance with the latest rules and regulations. Furthermore, publishers must seek legal counsel and collaborate with experts to navigate the complex regulatory landscape. By staying informed and taking necessary actions, publishers can protect their users’ privacy and maintain their trust in the long run.


In today’s digital age, the European digital ecosystem is becoming increasingly complex and challenging for publishers to navigate. The Digital Markets Act (DMA) has been introduced to address these challenges and ensure fair competition and transparency in digital markets. Consequently, compliance with the DMA is essential for publishers looking to succeed in this ecosystem. By complying with the DMA, publishers can avoid penalties and legal action while fostering trust and transparency in digital markets. However, compliance is not a simple task, and publishers must first understand the implications of the DMA for their business practices.

Once publishers understand the DMA, they can adapt their business practices accordingly. This may involve changes to their data collection and use policies as well as their marketing and advertising strategies. Additionally, publishers may need to leverage appropriate tools and technologies to ensure compliance and transparency in their operations. By understanding the implications of the DMA, adapting business practices, and leveraging appropriate tools and strategies, such as the Pandectes GDPR Compliance app, publishers can navigate regulatory challenges while fostering trust and transparency in digital markets.

Make your Shopify Store GDPR/CCPA compliant today
Pandectes GDPR Compliance App for Shopify
Subscribe to learn more

You Might Also Like

Scroll to Top