ICCL is working with European Parliament Members to fix a new EU law intended to constrain Big Tech's power.
Big Tech firms combine and reuse people's data in violation of the right to data protection. This deprives individuals of control, and creates a fatalism about privacy infringements. It undermines personal autonomy, and allows Big Tech firms to consolidate so much power as to potentially undermine accountability and good governance. Their power in the market is so great that all publishers rely on them for income.
A new EU law is being introduced to address Big Tech's power. The Digital Markets Act (DMA) introduces new constraints for a new class of "gatekeeper" firms.
However, a flaw in the proposed law would have the opposite effect to the Commission’s intended limiting of gatekeeper data combining. Article 5(1)a of the proposed law requires that a gatekeeper firm must give a person “the specific choice” before combining the data it has about them across its business.
Existing law requires that a firm must have a lawful basis for each processing purpose that it uses personal data for. In other words, not a single consent, but many, and probably other lawful bases, too.
The proposed text of Article 5(1)a will allow a gatekeeper firm to claim they can combine and use all data that they have collected about a person from across their business with just one single consent (Note that combination is itself a “processing purpose”, too).
The proposed text of the DMA therefore undermines data protection, and happens to also undermine the legislator's objective of creating a contestable and fair digital market, too. This must be fixed.
ICCL is working with European Parliament Members to fix this. ICCL is also proposing an amendment to Article 6(1)(aa) in the European Parliament IMCO Committee's text, and the addition of a new paragraph, Article 5(1)(aa), to prevent gatekeepers from harassing people with consent spam.
Below is ICCL's four column document for legislators.