Navigating the Digital Markets Act: How advertisers can ensure privacy and compliance

For advertisers relying on big tech companies, the playing field has often felt uneven. The Digital Markets Act (DMA), a regulatory framework crafted by the European Commission (EC), aims to rectify that.
 
This regulation imposes restrictions and obligations on large tech companies — designated by the EC as “gatekeepers” — to increase transparency, improve competitive conditions, and offer better data protections to users. The DMA affects consumers online in the European Union (EU) and/or European Economic Area (EEA), as well as companies with users in those regions and use gatekeepers’ platforms and services.

Advertisers need to understand how the Digital Markets Act affects them to effectively continue to reach their target audience while complying with privacy laws. This article covers the DMA’s impact on advertising and offers practical tips for digital advertisers to comply with privacy regulations.

Data privacy and regulatory compliance have become key requirements in digital advertising, shaping the way customers see brands. In a world of ever-increasing amounts of personal data being generated and heightened consumer awareness, following these principles is more important than ever to safeguard trust and ensure responsible data collection and usage.
 
Adopting privacy-compliant advertising practices helps ensure adherence to legal requirements and helps build consumer trust. Advertisers can show consumers their commitment to privacy by protecting user data and respecting preferences, ultimately contributing to the longevity and success of their brand.

The DMA rules imposed on gatekeepers serve a dual purpose. They aim to keep large platforms and their influence in check, and create fair opportunities for all advertisers, big or small. At the same time, the requirements that the Digital Markets Act brings work to further protect consumer data, making sure that both advertisers and platforms maintain high standards of data privacy.

 
Gatekeepers are required to openly disclose what data they collect, as well as how they use, share or profit from data collected on their platforms. They must obtain explicit user consent before collecting and processing personal data. They must provide clear information to advertisers about the rules governing ad placements and the metrics that influence these decisions.

 
Gatekeepers are obligated to conduct business with all advertisers on an equal footing. They can’t prioritize their own services and products in search rankings, ad placements or similar scenarios. This aims to foster a more competitive and vibrant advertising ecosystem.

 
Advertisers must be given the tools and information needed for independent verification of their ads’ performance. This means providing detailed data about ad displays, frequency and audience reach, so advertisers can gauge return on investment.

 
Gatekeepers are prohibited from unfairly restricting advertisers from using their platforms or services. Advertisers should have equal opportunities to engage with potential customers, regardless of their size or industry sector. The gatekeepers can remove third parties that fail to meet data privacy standards from their platforms, however.

 
Gatekeepers are encouraged to design their services so they can function seamlessly with other platforms. This is aimed at making it easier for advertisers to run cross-platform campaigns and analyze data without being tied to a single ecosystem.

 
Gatekeepers must adhere to stringent data protection obligations under the DMA law and other laws, like the EU’s General Data Protection Regulation (GDPR), which by extension affects how advertisers can use these platforms. This includes obtaining and signaling compliant consent and safeguarding user data so that advertisers themselves comply with privacy laws — and don’t risk exposing the gatekeepers to violations — while using the gatekeepers’ platforms.

With the introduction of the DMA, advertisers are entering a new era of regulations that demand their attention. The DMA influences how and how much data is gathered, user profiling practices and the principles of transparency and fair treatment. Advertisers now face the task of adapting to these changes to maintain their competitiveness in the industry while complying with privacy laws.

“The DMA will be a big wake up call for a lot of companies. It basically means: no consent, no revenue. It’s not just an additional regulation requiring companies with business in the EU and EEA to obtain explicit consent from users before processing their personal data. On top of it, gatekeepers will likely require companies using their services for advertising, ecommerce, analytics and more to adopt compliant consent management processes”, explains Donna Dror, CEO of Usercentrics.

 
Gatekeepers’ obligation to obtain explicit user consent for data collection extends to third-party advertisers’ practices if they use the gatekeepers’ platforms. This means that advertisers must secure user consent per both the regulations’ and the platform’s rules. Noncompliance not only exposes advertisers to the risk of ad removal but also raises the possibility of legal consequences. Fines and penalties under the DMA may be targeted at the gatekeepers, but third parties risk violating other laws like the GDPR, and incurring penalties from them.

 
The DMA imposes tighter restrictions on user profiling in advertising. Explicit user consent is mandatory to collect their personal data, and gatekeepers and advertisers cannot combine user data from different platforms or services to create profiles. As a result, advertisers must shift towards privacy-focused practices, which could mean a move away from personalized ads.

 
Gatekeepers’ obligation to treat all advertisers equally changes the dynamics of ad placements and search rankings. It eliminates preferential treatment that benefits larger advertisers and makes it easier for businesses with smaller budgets to compete. This heightened level of competition makes it more important than ever for advertisers to optimize their campaigns to stand out. Fortunately, transparency requirements under the DMA will help provide critical operational data to enable faster, smarter optimization.

 
With the Digital Markets Act’s requirements in place, advertisers have greater control over assessing their ad campaign performance. However, they must also take proactive steps to ensure user privacy and data security while accessing this data to analyze the performance of their ads. This shift could increase operational costs and require a greater focus on data management, potentially impacting the overall efficiency and effectiveness of their advertising strategies. At the same time, this could spur innovations in digital advertising.

 
The push towards interoperability among platforms with the Digital Markets Act means that advertisers must now manage data analytics that span multiple platforms. This brings its own set of challenges regarding user privacy. The varying terms and conditions of each platform can make it complicated to keep track of what can be done with each piece of data. This can be tricky for advertisers, as mishandling user information from any platform can lead to penalties, not just from that specific service but also under broader data protection laws.
 

Additionally, marketing operations today tend to involve an ecosystem of connected tools, activities and data. So ensuring, for example, that user data is kept siloed per regulatory requirements can become even more challenging.

 
Gatekeepers’ obligations to adhere to strict data protection laws impacts how advertisers interact with these platforms. Advertisers need to fortify their data protection measures to avoid contravening existing laws, which could lead to severe penalties, including loss of audience, data, and revenue, and erode customer trust.

The Digital Markets Act focuses on the gatekeepers where fines and other penalties for noncompliance are concerned. But that doesn’t mean that advertisers are off the hook. Gatekeepers aren’t going to risk their regulatory compliance, and they have very strong leverage to ensure third parties are compliant as well.
 
Advertisers need to signal proof of compliant consent for personal data collection and use. If they can’t or won’t, gatekeepers can cut off their access to their platforms and services. No ads, no data, no revenue. And there just aren’t many other platforms with the size and reach that the gatekeepers have.

 
Noncompliance with the DMA and gatekeepers’ requirements also carries the potential to severely damage an advertiser’s reputation, leading to an erosion of consumer trust. In the long term, such reputational harm can have far-reaching effects, damaging growth.

While the new rules introduced by the DMA may present challenges, advertisers can proactively take steps to achieve compliance and maintain good operational relationships with gatekeepers with confidence.

 
Advertisers must obtain clear, informed and unambiguous consent from users for data collection and processing before any data is collected. This involves having a clear privacy policy that explains to users what data will be collected, how their data will be used, and who may have access to it. Advertisers can use a consent management platform (CMP) like Usercentrics CMP to obtain valid user consent for personal data use.

 
With the DMA’s stricter regulations on user profiling, advertisers should shift their approach toward privacy-focused practices and embrace consent-based marketing, even if it means moving away from highly targeted advertising. This includes refraining from combining user data from different services to create profiles, as this practice is prohibited.

 
As cross-platform data management becomes necessary, advertisers should develop robust data management strategies. These strategies must encompass data analytics spanning multiple platforms, while meticulously ensuring user privacy and compliance with varying regulatory and business requirements. Advertisers should pay close attention to how data is collected, stored and used across different platforms to avoid mishandling user information and resulting potential penalties.

 
Continuous diligence is crucial to stay compliant with ever-changing technology and privacy laws that are updated over time. Advertisers should conduct periodic data privacy audits to ensure that their data policies and processes are in line with the Digital Markets Act and take corrective steps if necessary.

 
Qualified legal professionals and privacy experts, like a Data Protection Officer, can offer tailored guidance, conduct risk assessments and help businesses align with privacy laws. Advertisers must seek expert counsel to ensure compliance, protect user data, and operate within the bounds of privacy regulations.