How important is consent management under the Digital Markets Act (DMA)?
Home Resources Articles How important is consent management under the Digital Markets Act (DMA)?

How important is consent management under the Digital Markets Act (DMA)?

User privacy, consent management and consent banners under the Digital Markets Act (DMA). What role does consent play in the DMA? And what are the requirements for DMA privacy compliance?
by Usercentrics
Oct 30, 2023
How important is consent management under the Digital Markets Act (DMA)?
Table of contents
Show more Show less
Book a demo
Learn how our consent management solution can improve privacy and user experience for your users.
Get your free data privacy audit now!

Consent management is important for digital marketing. The Digital Markets Act (DMA) is making it even more crucial for brands and organizations.

 

Under the General Data Protection Regulation (GDPR), the website owner or business operator is responsible for how they collect and process users’ personal data. However, the DMA transfers these responsibilities to big tech companies—designated as gatekeepers by the European Commission—to promote fair competition and safeguard user privacy.

 

Gatekeepers subject to the Digital Markets Act must obtain explicit consent for collection and usage of European citizens’ personal data on their core platform services (CPS), for operations such as advertising, search, etc.

 

Noncompliance with the obligations of the DMA can result in enormous fines of up to 10% of the company’s total worldwide annual turnover for gatekeepers, or up to 20% for repeated infringement.

 

To avoid these penalties, these companies may impose additional requirements on their customers and partners (consumers and third-party businesses) for consent-based data in order to continue using their services. Many companies rely on gatekeepers platforms for access to enormous audiences and customer bases, data, and, by extension, to generate revenue.

 

In this article, we explore why compliant consent management is vital under the DMA.

First things first, it’s important to answer the basic question: what is consent management?

 

Consent management is the cornerstone of data protection and privacy compliance. It encompasses everything that happens from when a company requests a user’s consent to collect and use their data, to when that consent information is stored or used to signal receipt of consent to the company’s marketing tools, partners (like the gatekeepers) or data protection authorities.

 

Consent management enables businesses to obtain, store, and manage user consent in a secure and compliant manner, ideally in a way that is flexible for any and all data privacy regulations applicable to the company’s operations.

 

With the Digital Markets Act in place, having a robust consent management platform is essential for businesses to demonstrate DMA compliance to gatekeepers and avoid penalties and loss of brand reputation.

1. Compliance with prescribed data use practices

 

The Digital Markets Act emphasizes fair and transparent data use practices. These require businesses to obtain explicit opt-in consent from users before collecting or using their personal data.

 

Consent management helps to ensure that your business complies with privacy regulations like the GDPR and DMA and avoid penalties and loss of user trust – for businesses, in the case of GDPR, and for the gatekeepers, in regards to DMA.

2. User rights and data privacy

 

The Digital Markets Act aims to further protect consumers’ data privacy and provide greater user rights and choice.

 

Consent management enables users to have control over their personal data so they can choose which cookies and other tracking technologies they accept, as well as change their privacy settings in the future.

3. Leveling the playing competitive field

 

The Digital Markets Act works to level the business playing field for smaller organizations by regulating large online platforms or “gatekeepers”. The law aims to foster more fair business practices, greater transparency in operations, and foster innovation and competition.

 

Consent management helps smaller organizations meet the required obligations and so they can continue to compete in digital markets.

4. Credibility and trust

 

Consent management platforms provide detailed information to users about how companies handle user data; how users’ online behavior is tracked; the purposes for tracking; and what data is collected from it. Users have consent choices based on being informed.

 

By prioritizing compliance and transparency, you can establish credibility and trust with your audiences.

Usercentrics is the leading Website Consent Management Platform (CMP) and Mobile App Consent solution, trusted around the world and across industries. We have a customer retention rate over 99%, and more than 900,000 websites in 180+ countries use Usercentrics every day. 61,000,000+ daily consents are processed through our platform.

 

Usercentrics web and app consent solutions streamline the consent collection process, helping to ensure DMA compliance as well as with other data protection laws.

 

With Usercentrics, you get the highest level of data protection and can easily:

  • customize consent banners to your branding
  • tailor consent requests to specific regulations and data processing activities
  • create an audit trail in case of an data protection audit or complaint
  • deliver more control over personal data and consent to your web and app usersMaintain a transparent and user-centric approach to data privacy

Achieving Digital Markets Act privacy compliance to build user trust

By implementing Usercentrics CMP to get ready for the DMA, you can demonstrate your organization’s commitment to data protection and privacy. Usercentrics provides comprehensive documentation that helps you navigate DMA privacy requirements and also the obligations of other regulations.

 

This not only helps to achieve and maintain privacy compliance, but also helps to build trust among your users, who feel more confident in sharing their data with a brand that prioritizes their privacy, knowing their consent is respected through the digital ecosystem.

Conclusion and next steps with the Digital Markets Act

We’re well into the era of data privacy regulations. Laws like the DMA can even be seen as a second generation of thought and regulation to protect and manage personal data and consent while enabling the digital ecosystem to grow and innovate.

 

“The ability to prioritize privacy compliance and transparency will determine winners and losers in the global online marketplace. You either protect and bolster your reputation and build trust with your customers by achieving compliance and pursuing privacy best practices, or risk being overshadowed by early privacy adopters in your niche that will wield their competitive advantage.”
Celestine Bahr, International data privacy expert and Director Legal, Compliance & Data Privacy at Usercentrics

 

With Usercentrics as your consent management platform, you can simplify the process, achieve compliance, and create your user-centric approach to data privacy.

Stay ahead of the regulatory curve and unlock the power of consent management with Usercentrics today.

Sign up for your 30-day free trial today

Frequently Asked Questions

What is the Digital Markets Act (DMA)?

The Digital Markets Act (DMA) is a regulatory framework that specifically targets prominent tech companies operating within the European Union. Its primary goals are to promote fairness, encourage innovation, and foster healthy competition within the digital market. To achieve these objectives, the DMA places emphasis on transparency, data sharing, and platform interoperability. Additionally, it seeks to enhance user choice and safeguard data privacy.

Who does the Digital Markets Act apply to?

The Digital Markets Act (DMA) applies to companies that operate large online platforms meeting specific criteria set out by the European Commission (EC) in the DMA. These include having a significant impact on digital markets, acting as intermediaries between businesses and users, and enjoying a durable position of market power with significant influence over innovation. These platforms have been designated by the EC as the “gatekeepers”: Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft. They will be subject to enhanced regulatory obligations and scrutiny under the DMA.

While the DMA primarily targets gatekeepers, it’s crucial for smaller enterprises to familiarize themselves with the regulation. This is because these businesses heavily rely on the online platforms and services owned by gatekeepers. Consequently, business owners will need to adhere to compliance guidelines set by major digital service providers like Google and Amazon to maintain access to critical infrastructure, customers and data.

When does the Digital Markets Act come into force?

The DMA officially came into force 1 November 2022. Most of its rules were active by May 2023, and the European Commission designated the gatekeepers on 6 September 2023. The gatekeepers have until 6 March 2024 to comply with the DMA.

What is consent management?

Consent management is the process of obtaining, managing, and documenting user consent for data processing activities, commonly on websites, apps and other digital platforms. It involves implementing consent mechanisms, such as consent banners, to ensure compliance with data protection regulations and protect user privacy.

What is a consent banner?

A consent banner is a pop-up or notification displayed on a website or app that informs users about the collection and processing of their personal data. It seeks their consent to proceed with such activities, with the goal of compliance with data privacy laws. Consent banners play a crucial role in obtaining and managing user consent for data processing activities.

Does the Digital Markets Act enforce consent management?

Yes, the DMA does help to enforce consent management. The DMA requires gatekeepers in the digital market, including the ad tech industry, to be accountable for the user data they collect by obtaining valid consent and using personal data only within the parameters of the user’s consent choices.

This means that tech platforms and other large digital enterprises, especially the gatekeepers under the Digital Markets Act, must ensure that they have the necessary consent from users before collecting and processing their personal data. This is also a requirement of many other data privacy laws, though some, for example those in the United States, use a different consent model.

By enforcing consent management, the DMA aims to strengthen data protection and privacy rights for individuals, promote fair competition by leveling the playing field and preventing abuse of power by tech gatekeepers. Additionally, the DMA encourages the use of privacy-enhancing technologies like consent management platforms (CMPs).

Why do I need a consent management solution under the Digital Markets Act?

Consent management is a crucial aspect of the DMA. It emphasizes the importance of obtaining prior consent for collecting and processing user data, and the ability to signal consent to those with whom data is shared, like the gatekeepers. This requirement applies to both designated gatekeeper companies and third-party organizations utilizing their platforms and services.

To maintain access to these platforms, third parties must effectively communicate the consent signal to gatekeeper companies. A reliable consent management solution enables companies to securely store, obtain, and transmit user consent, helping to ensure compliance with regulations such as the DMA.

How does using a consent management platform help achieve Digital Markets Act compliance?

When third parties use the services provided by gatekeepers, they will likely need to ensure that they obtain proper consent from users and communicate this to the gatekeepers. For instance, Google Consent Mode can be used to signal user consent on Google’s platforms.

Usercentrics web and app consent management platforms and CookiebotTM consent solution by Usercentrics have supported Google Consent Mode since its launch in 2020. As certified Google CMP Program Partner, we’ve also automated the process of enabling Google Consent Mode for clients and websites using our CMPs. This means advertisers can indicate if the user has given consent for cookie usage related to ads and/or advertising. In practical terms, the supported Google tags will respect this signal and adjust their behaviour accordingly only utilizing cookies if consent was granted for the specific purposes.

A consent management platform enables companies to acquire consent from users before allowing the use of cookies and trackers on websites and apps. A CMP also securely stores this information and can share it with gatekeepers. Data protection authorities can also access this data for auditing purposes

Watch our webinar to learn more: Privacy-driven ROI: Unlocking the power of Google Consent Mode and consent management platforms.

Can I implement the Usercentrics consent management solution into my mobile application?

Yes, the Usercentrics app CMP can be implemented into Android and iOS applications by directly implementing the JavaScript.

Related Articles

California Privacy Rights Act (CPRA) and the future of privacy law

California Privacy Rights Act (CPRA) enforcement is starting: what you need to know

The California Privacy Rights Act (CPRA) has been in effect since January 1, 2023. CPRA enforcement was delayed due...

DMA Marketer

Implementing consent for Google ads personalization: A comprehensive guide to the Google Ads compliance alert

Google Ads’ notification to "implement consent for ads personalization" isn't just a policy change.