(AGENPARL) - Roma, 9 Ottobre 2025(AGENPARL) – Thu 09 October 2025 DMA and GDPR: EDPB and European Commission endorse joint guidelines to clarify common touchpoints
Brussels, 09 October – The European Data Protection Board (EDPB) and the European Commission endorsed joint guidelines on the interplay between the Digital Markets Act (DMA) and the General Data Protection Regulation (GDPR). These are the first joint guidelines by the Board and the European Commission.
In line with its 2024-2027 Strategy and the recent Helsinki Statement’s objectives to make GDPR compliance easier and strengthen consistency, the EDPB has cooperated with the European Commission, each within their respective mandates, to facilitate the coherent application of the DMA* and GDPR and to increase legal certainty for gatekeepers, business users, beneficiaries and individuals.
EDPB Chair Anu Talus said:
“These joint guidelines are the result of a fruitful cooperation between the EDPB and the European Commission. This is the first time that the EDPB and the European Commission prepare guidelines jointly. This approach maximises usefulness of the guidance by simplifying compliance for businesses and bringing enhanced legal certainty to them.
The guidelines will help gatekeepers, business users and individuals to better understand their obligations and rights under the DMA, and ensure a consistent, effective and complementary application of the DMA and EU data protection law.”
How the DMA and the GDPR interact
The DMA and the GDPR both protect individuals in the digital landscape, but their goals are complementary as they address interconnected challenges: individual rights and privacy in case of the GDPR and fairness and contestability of digital markets under the DMA.
Several activities regulated by the DMA entail the processing of personal data by gatekeepers and, in several provisions, the DMA explicitly refers to definitions and concepts included in the GDPR. The joint guidelines clarify how gatekeepers can implement these DMA provisions in accordance with EU data protection law. For example, the EDPB and the Commission specify which elements gatekeepers should consider in order to comply with the requirements of specific choice and valid consent under Art. 5(2) DMA and the GDPR, and thus to lawfully combine or cross-use personal data in core platform services.
The EDPB and the Commission also address other provisions including those related to the distribution of third party apps and stores, data portability, data access requests and interoperability of messaging services.
Next steps
The Board and the Commission have just launched a joint public consultation on the first version of the guidelines which will be open until 4 December 2025. This will be an opportunity for stakeholders to comment and provide feedback.
All submissions will be published on the DMA website to which a link will be included on the EDPB website, after the consultation period has closed.
The final text, incorporating input received during the consultation, will be prepared jointly by the Board and the Commission, and will be adopted by the EDPB and European Commission.
More guidelines on the way
Following these first joint guidelines with the Commission, further work is underway to clarify the new cross-regulatory landscape and maintain coherent and consistent safeguards for the protection of personal data. In this regard, the EDPB is working with the Commission, specifically with the AI Office, on joint guidelines on the interplay between the AI Act and EU data protection laws.
Note to editors:
The Digital Markets Act is one of the first regulatory tools that aims to tackle unfair practices of gatekeepers in digital markets. Gatekeepers are large digital platforms providing core platform services, such as online search engines, app stores, and messenger services. The main objective of the DMA is to make the markets in the digital sector fairer and more contestable.
