APIs, CMS integration, and CMPs for DMA compliance

The European Union’s Digital Markets Act (DMA) is a regulatory framework that aims to promote fair competition, protect user data, increase transparency and promote equity in the digital marketplace. At its core, the DMA seeks to address the challenges posed by the market power of large online platforms, designated as ”gatekeepers” by the European Commission.

One of the DMA law’s key objectives is to ensure greater interoperability, making collaboration and data exchange between different platforms and services easier and ultimately creating a more open and competitive digital ecosystem. But it’s not without its challenges. Interoperability requires an exchange of data and an accompanying responsibility to protect user data.

Content management systems (CMS) integrations and consent management platforms (CMP) can work together effectively to help comply with the DMA and with requirements from gatekeepers like Alphabet (Google) using APIs.

We look at how these elements come together to pave the way for a more competitive, innovative, and user-centric digital market, and why platforms like Usercentrics and Cookiebot™ are at the forefront of this transformation.

Interoperability enables different platforms to ‘talk’ to each other, sharing information and functionalities that enrich the user experience and foster competitive markets. The DMA required gatekeeper companies to open their digital doors and ensure that their core platform services were compatible and interoperable with third-party services by March 2024.

What does interoperability mean for the market at large?

• Promote competition by providing an environment where smaller platforms can compete more fairly with the giants.
• Foster innovation by enabling services and features to plug into a more extensive ecosystem.
• Enhance user choice by providing consumers with a wider array of services and a more seamless digital experience.

Application Programming Interfaces (APIs) serve as the conduits through which different platforms exchange data, functionalities, and services. They enable disparate systems to understand each other and work together to create a seamless user experience, whether they’re switching between apps on their phone or services online.

But how are APIs relevant to the DMA? Below we provide a brief overview of how APIs are relevant for each specific requirement of the DMA.

What is this about?
Large tech companies designated as “gatekeepers” are required to make their messaging apps compatible with rivals.

How are APIs relevant?
APIs enable seamless integration between messaging apps, allowing users to communicate across different platforms.

What is this about?
The DMA covers interoperability requirements for various types of platforms such as intermediary platforms, social networks, online advertising platforms, etc.

How are APIs relevant?
APIs facilitate the exchange of data and services between different platforms, enabling them to work together and share information effectively.

What is this about?
The DMA aims to break down barriers between platforms (tech companies of all sizes) and promote competition and innovation.

How are APIs relevant?
APIs provide a standardized way for platforms to interact and share functionality, making it easier for new players to enter the market and compete with established platforms.

What is this about?
The DMA seeks to promote seamless integration between different platforms.

How are APIs relevant?
APIs allow different platforms to communicate and share data, enabling users to access services and information across multiple platforms without any disruptions.

What is this about?
Smaller platforms have the opportunity to request interoperability from dominant platforms.

How are APIs relevant?
APIs allow smaller platforms to connect with and leverage the services and functionalities of dominant platforms, enhancing their own offerings and expanding their user base.

APIs are essential for realizing the DMA’s vision, playing a pivotal role in facilitating data exchanges within the digital marketplace. But their role is not without complexities. APIs must be designed to enable interoperability while maintaining the security of connected systems and the privacy of personal data handled. This means robust, well-documented APIs are the cornerstone of a competitive and innovative digital market.

Data privacy is a large component of the DMA, and gatekeepers must ensure user data is protected when implementing various changes mandated by the regulation. Alphabet, Google’s parent company and one of the designated gatekeepers under the DMA, has implemented various measures to comply with the DMA’s requirements. Some of these measures are related to interoperability and data protection and impact both consumers and businesses.

Web browsing: Users in the European Union (EU) and European Economic Area (EEA) will see a choice screen enabling them to choose their default browser and default search engine on Android. Non-Android users will receive only the default search engine choice screen.

Third-party apps and app stores: Google made it easier for users to understand how third-party apps and app stores collect, handle, and share their personal data. Developers have a more transparent way to share this information, including adding a clear link to the app’s privacy policy, helping users make informed choices about granting access to permissions.

Data portability: Users in the EU, EEA and United Kingdom (UK) can share a copy of their data from Chrome, Google Maps, Play Store, Google Search, Google Shopping and YouTube with third-party apps and services.

Data sharing and additional consents: Users in the EU and EEA can select which Google services they’d like to link which can share data between them.

Third-party apps and app stores: Google introduced several improvements for third-party apps and app stores in Android 14, including app updates that trigger only when the app is not in use.

Billing options: Businesses can offer their own billing system for users to complete in-app purchases alongside, or instead of, purchases made through the Play Store.

Communication outside the app: Developers of apps distributed on the Play Store can lead users in the EU and EEA away from their app to promote offers.

Google-certified CMP for advertising: Publishers and advertisers must use a Google-certified consent management platform (CMP) to continue serving ads to users in the EU, EEA and/or UK to enable GDPR compliance. This step aids in compliance with data privacy laws and promotes the DMA’s transparency and data protection objectives.

CMS platforms, serving as the foundation for many websites, provide the structure and content management capabilities that businesses depend on for their online presence. Integrating APIs into these platforms enables businesses to be flexible and quickly adapt to new regulations and their compliance requirements.

It also enables businesses to add new features and functionalities to their websites without having to build these elements from the ground up, which can lead to significant savings in both time and development costs.

For example, compliance with the General Data Protection Regulation (GDPR) or the DMA often requires changes in how personal data is handled or presented. APIs can assist in adapting to changing requirements by allowing for swift updates to website and app functionalities or data processing methods without the need for extensive redevelopment.

Consent management platforms (CMP) offer a transparent way for websites and apps to manage user consent across platforms and build trust with users. But how do they work in practice? Through APIs or direct integration with CMSs, CMPs can automate the consent process, ensuring consistency and legal compliance across various touchpoints.

CMPs play a crucial role in ensuring compliance with the Digital Markets Act (DMA) for several reasons.

• provide an organized way to obtain, manage and document user consent across digital platforms
• designed to quickly adapt to regulatory changes. As the DMA evolves or as additional guidelines are introduced, CMPs can be updated to reflect these changes, enabling ongoing compliance and minimizing the risk of non-compliance for businesses
• contribute to the transparency and accountability of data processing activities by recording consents and providing clear reports on how user data is being managed
• CMPs like Usercentrics CMP that support for Google Consent Mode v2 enable websites to adjust the operation of Google services based on user consent, thus respecting privacy choices without compromising on the collection of essential data analytics
• Google-certified CMPs like Usercentrics CMP enable websites and apps to meet the requirements of the Interactive Advertising Bureau Europe’s Transparency & Consent Framework (IAB TCF v2.2), which offers a standardized approach for collecting and managing user consent across the advertising ecosystem

Usercentrics and Cookiebot™ are leading consent management platforms (CMPs) that are easily integrated with the most popular CMS platforms.

The Usercentrics Consent Management API enables you to build-in data privacy compliance and consent management into your platform, expanding your portfolio with a new revenue stream. By combining access to all of Usercentrics CMP advanced features with a familiar UX and native experience to your users, you’re helping your customers to comply with data privacy regulations across regions, while expanding your own revenue opportunities.

We need your consent to load the YouTube Video service!

We use a third party service to embed video content that may collect data about your activity. Please review the details and accept the service to watch this video.

More InformationAccept

powered by Usercentrics Consent Management Platform

You’re demonstrating your commitment to privacy by promoting compliant and transparent user data protection measures — a true opportunity to be perceived as a privacy-first company and stand out from competitor platforms. We also offer the flexibility to customize solutions to fit any business model, backed by a team of experts who can guide you through every step of the compliance process.

We need your consent to load the YouTube Video service!

We use a third party service to embed video content that may collect data about your activity. Please review the details and accept the service to watch this video.

More InformationAccept

powered by Usercentrics Consent Management Platform

Here are just some of the product features you can integrate using the Consent Management API.

• Automated website scan of cookies and trackers, with classification website owners can control
• Automated cookie declaration, widget and legal text setup and maintenance
• Customizable banner template that applicable to all customers, including banner text customization with auto-translation into 46 languages

Platforms that use the Consent Management API have a competitive advantage by making it easy for customers to achieve compliance.

• Our robust APIs and documentation make it easy to integrate with your platform/CMS.
• You can offer pre-built, customizable consent banner templates and popups that website owners can easily add to their sites without coding.
• You can use the API to display banners based on user location, language, or website content to obtain compliant consent according to applicable data privacy laws.
• Our API’s infrastructure can be implemented at scale, accommodating tens of thousands of websites and handling large numbers of consent banners efficiently and securely.
• With competitive pricing that’s designed to scale with your business, you can increase your average order value, upsell to existing customers, and activate legacy customers.
• You can increase customer loyalty and reduce churn with a more comprehensive solution that includes data privacy compliance.
• By building a privacy first-reputation, you can differentiate yourself from competitors and stand out as a platform that is committed to privacy.

For website owners, using a transparent and user-friendly CMP demonstrates a commitment to user privacy and regulatory compliance.

• Sleep soundly knowing your website complies with global data privacy laws including the GDPR, the California Consumer Privacy Act (CCPA), and now, the DMA.
• Our close work with CMS partners ensures that our CMP is correctly implemented to collect compliant data no matter where your users are or what platform you’re using.
• Securely document consent that enables you to comply with global data privacy law requirements, audits, controls, or data subject access request.
• Our pre-configured and customizable consent banner enables the collection, modification and easy withdrawal of user consent, helping you achieve compliance.