The Data Market Act aims to combat the anti-competitive practices of the Internet giants in order to correct the imbalances caused by their domination of the European digital market.
The European Commission has designated 6 companies - Apple, Amazon, Alphabet, Byte Dance, Meta and Microsoft - for a list of so-called essential platform services.
It accuses them of erecting barriers to entry by accumulating personal data from third parties who use their online advertising services solely for their own benefit.
The objective is competition, not data protection. The regulation therefore prohibits designated Access Controllers from :
- process the personal information it receives via their various services & platforms for the purposes of providing online advertising services.
- combine or cross-reference personal data held by it via its various services and platforms, or via third-party services.
The aim is to prevent the Internet giants from using the data accumulated via a first service to benefit from a leverage effect on a second service, to the detriment of potential competitors on this second service. For example, Google will no longer be able to process the data it collects via Google Analytics to provide its Google Ads services, nor will it be able to combine or cross-reference data between Google Analytics and Google Ads, unless it has obtained the consent of the end user.
Designated access controllers have until 6 March 2024 to comply.
The boomerang effect of this regulation is that many marketing departments are using Google Analytics 4 and Google Ads services in combination, in order to link the data acquired via GA4 with Google Ads advertising campaigns.
However, the Data Market Act prohibits the sharing or cross-referencing of personal data acquired via Google Analytics with Google Ads services without the specific consent of the end user.
This specific consent requirement is in addition to the consent already required for analytical or advertising cookies, and could also apply to data that Google's B2B customers have hashed before sending it to Google.
The DMA is disrupting the work of many marketing departments, caught between the risk of losing audiences due to the requirement for new consents and the risk of having their Google tools cut off.
But we must not lose sight of the fact that the DMA's aim is not to protect privacy but to combat the anti-competitive practices of the Internet giants, including Google, and to limit the leverage obtained by accumulating data via GA services in order to gain a competitive advantage in the online advertising market.
Data hashed by a Google B2B customer before being transferred to Google is anonymous only from Google's point of view, but not from the customer's, who holds the hash key. As such, even the sharing of hashed data could fall under the requirement of specific consent.
Google's B2B customers have already received communications to this effect.