Privacy and competition leaders sign emergency ICCL letter to fix the EU Digital Markets Act

19 April 2022

ICCL drew together competition & privacy leaders to urge EU co-legislators to correct the EU Digital Markets Act in an emergency letter this morning.

The EU Digital Markets Act (DMA) is intended to rein in Big Tech firms. But there is a severe flaw in Article 5(1)a of the latest DMA text. Unless EU co-legislators take urgent action, this flaw will help Big Tech firms undermine data protection and competition.

Download the PDF of the letter, or read the text below.

For comment:
Dr Johnny Ryan, ICCL
johnny.ryan@iccl.ie

Image

19 April 2022

Digital Markets Act Article 5(1)a

Dear colleagues,

  1. We signatories have interests in upholding competition, the rights to data protection and privacy, and consumer protection. We believe flaws in the 13 April text of Article 5(1)a of the Digital Markets Act[i] may be exploited by Gatekeepers to undermine them.
  1. We are concerned about three problems in the 13 April text of Article 5(1)a:

    a. The omission of the reference to “specific processing purposes” may be used by Gatekeepers to suggest they can combine data with a single opt-in: While the requirements of the GDPR remain unaffected, this omission creates a fatal ambiguity about whether a Gatekeeper can combine any and all data across their business once a person is prevailed upon to click a single and all-encompassing “OK” button. The GDPR requires firms to have a legal basis for each “processing purpose” for which they cross-use personal data across their businesses.[ii] If the DMA Article 5(1)a text is not corrected to dispel this ambiguity, Gatekeepers will wrongly rely on this to undermine both EU data protection law and to neutralise the co-legislators’ intended impact of Article 5(1)a.

    b. The removal of the reference to “processing purposes” in Article 5(1)a deprives the Commission of the power to monitor Gatekeepers’ data combination across processing purposes under DMA Article 10 and Article 11.

    c. The addition of the words “processing for the purpose of providing advertising services” will enable Gatekeepers to wrongly claim that a single opt-in suffices to legitimise the hundreds of data processing purposes related to their online advertising businesses.

  2. We fear that fundamental rights to data protection and privacy will be undermined, and that Gatekeepers’ market power and ability to suppress publishers and nascent competitors will be entrenched.

  3. We urge you to fix these errors by returning to the Article 5(1)a text of 2 March.[iii] Further, Gatekeepers should remain obliged to provide an equivalent service without quality degradation if no consent is given, per Recitals 36 and 36a of the 13 April text.

Signed

  • Dr Johnny Ryan, Senior Fellow at the Irish Council for Civil Liberties
  • Dr Cristina Caffarra, Senior Consultant to Charles River Associates
  • Professor Tommaso Valletti, Professor of Economics at Imperial College Business School, former Chief Competition Economist of the European Commission
  • Professor Shoshana Zuboff, author of The Age of Surveillance Capitalism
  • Ursula Pachl, Deputy Director General of BEUC, the European Consumer Organisation
  • Barry Lynn, Executive Director of Open Markets Institute
  • Alastair Mactaggart, Chair of Californians for Consumer Privacy
  • Professor Dr Monika Schnitzer, Chair for Comparative Economics, Ludwig-Maximilians-University Munich
  • Roger McNamee, Co-Founder of Elevation Partners and author of Zucked: Waking Up to the Facebook Catastrophe
  • Professor Lilian Edwards, Professor of Law, Innovation and Society, Newcastle University
  • Professor Philip Marsden, Deputy Chair, Bank of England, Enforcement
  • Professor Ian Brown, Visiting CyberBRICS Professor at Fundação Getulio, Vargas Law School
  • Professor Gianclaudio Malgieri, Co-Director of the Brussels Privacy Hub; Associate Professor of Law and Technology EDHEC Business School.
  • Matt Stoller, Research Director, American Economic Liberties Project
  • Professor Gregory S. Crawford, Professor of Economics, University of Zurich
  • Professor Jon Crowcroft, Marconi Professor of Communications Systems, University of Cambridge
  • Professor Mireille Hildebrandt, Research Professor, Vrije Universiteit Brussels
  • Wolfie Christl, CEO, Cracked Labs
  • Tanya O’Carroll, independent expert
  • Dr Cristiana Santos, Assistant Professor, School of Law, Utrecht University
  • Professor Paul De Hert, Professor of Law, Vrije Universiteit Brussels
  • Professor Tomaso Duso, Professor of Economics, Technical University Berlin and DIW Berlin
  • Dr Vitor Jesus, Lecturer, Aston Business School
  • Dr Victor Morel, Co-founder of Force d'Émancipation Locale pour l'Indépendance et la Neutralité du Net
  • Dr TJ McIntyre, Chair of Digital Rights Ireland, and Associate Professor of Law, University College Dublin
  • Jim Killock, Executive Director of Open Rights Group
  • Alice Stollmeyer, Executive Director of Defend Democracy
  • Professor Gijs van Dijck, Professor of Law, Maastricht Law and Tech Lab, Maastricht University
  • Dr Jef Ausloos, Institute for information law, University of Amsterdam
  • Dr Irene Kamara, Assistant Professor, Tilburg Institute for Law, Technology and Society, Tilburg Law School
  • Dr Alessia S. D’Amico, Assistant Professor, Utrecht University
  • Dr Harshvardhan J. Pandit, Chair of the W3C Consent Community Group
  • Dr Paulina Jo Pesch, Centre for Applied Legal Studies, Karlsruhe Institute of Technology
  • Dr Mark Leiser, Assistant Professor in Law and Digital Technologies, Leiden University
  • Dr Lorenzo Dalla Corte, Assistant Professor, Tilburg Institute for Law, Technology and Society, Tilburg Law School
  • Aurelie Pols, Board member, European Centre for Privacy and Cybersecurity; Member of the EU Observatory on the Online Platform Economy
  • Dr Hannes Ullrich, Associate Professor of Economics, DIW Berlin
  • Professor Jaap-Henk Hoepman, Guest Professor, Karlstad University
  • Pat Walshe, Privacy Matters
  • Dr Midas Nouwens, Assistant Professor, Aarhus University
  • Dr Kristina Irion, Associate Professor, Institute for Information Law, University of Amsterdam
  • Maria Luisa Stasi, Head of Law and Policy for digital markets, ARTICLE 19
  • Dina Hilal Srinivasan, Fellow of the Thurman Arnold Project at Yale University
  • Finn Lützow-Holm Myrstad, Director of Digital Policy at the Norwegian Consumer Council
  • Soheil Human, Director of the Sustainable Computing Lab, Vienna University of Economics and Business
  • Professor Carissa Véliz, Associate Professor, Institute for Ethics in AI, University of Oxford
  • Calli Schroeder, Global Privacy Counsel at The Electronic Privacy Information Center (EPIC)

Notes

[i] Working document WK 5540/2022 INIT of 13 April 2022 from the General Secretariat of the Council.

[ii] GDPR Article 5(1)b, Article 6(1)a, and Article 7.  Article 6(1)a of the GDPR requires that consent be sought for specific purposes.

[iii] Working paper WK 3135/2022 INIT of 2 March 2022 from the General Secretariat of the Council.