Over the past years, the EU has been bold enough to globally lead regulation of digital markets and ecosystems. One of the key legal provisions is the Digital Markets Act (DMA). Now, the tricky part for policy makers, most notably the European Commission’s DG CNCT and DG Competitition, is to enforce the laws in a way that their purpose is fulfilled. For the DMA, that goal is to (re)establish contestable markets: “real competition,” you could say, where today we see very dominant big tech firms in most digital sectors, including search engines, social media and other platform markets.

Enforcement gets even more complicated because a row of other regulations already exists, including the General Data Protection Regulation (GDPR). Now the European Data Protection Board and the European Commission have jointly called for consulation responses about how to enforce both regulations in the best way.

My contribution is here.

There I argue that the draft Guidelines provide a valuable and largely convincing framework for a coherent application of the DMA and the GDPR, in particular by clarifying the role of consent under Article 5(2) DMA, the relationship between the DMA’s data portability and access rights and Article 20 GDPR, and the standard of anonymization required under Article 6(11) DMA (EC/EDPB, 2025). At the same time, both the theoretical and empirical literature on data-driven markets and search quality, and the policy experience that motivated the DMA, suggest that the Guidelines should go further in two directions.

First, they should more clearly acknowledge the centrality of user-generated data for search quality and market contestability and therefore treat the DMA’s data-sharing obligations as a structural remedy to data-driven incumbency advantages, rather than as a narrow access right.

Second, they should clarify that the anonymization and safeguard standards under Article 6(11) DMA must be interpreted in a way that preserves the utility of the data necessary for effective competition, avoids over-reliance on techniques such as differential privacy that can unduly degrade data quality, and prevents dominant gatekeepers from using over-cautious interpretations of privacy to frustrate the DMA’s objectives.