Data & Privacy
AI & Trust
Cybersecurity
Digital Services & Media
CHAPTER I
SUBJECT MATTER, SCOPE AND DEFINITIONSArticles 1 — 2
CHAPTER II
GATEKEEPERSArticles 3 — 4
CHAPTER III
PRACTICES OF GATEKEEPERS THAT LIMIT CONTESTABILITY OR ARE UNFAIRArticles 5 — 15
CHAPTER IV
MARKET INVESTIGATIONArticles 16 — 19
CHAPTER V
INVESTIGATIVE, ENFORCEMENT AND MONITORING POWERSArticles 20 — 43
CHAPTER VI
FINAL PROVISIONSArticles 44 — 54
ANNEXES
The data protection and privacy interests of end users are relevant to any assessment of potential negative effects of the observed practice of gatekeepers to collect and accumulate large amounts of data from end users. Ensuring an adequate level of transparency of profiling practices employed by gatekeepers, including, but not limited to, profiling within the meaning of Article 4, point (4), of Regulation (EU) 2016/679, facilitates contestability of core platform services. Transparency puts external pressure on gatekeepers not to make deep consumer profiling the industry standard, given that potential entrants or start-ups cannot access data to the same extent and depth, and at a similar scale. Enhanced transparency should allow other undertakings providing core platform services to differentiate themselves better through the use of superior privacy guarantees.
To ensure a minimum level of effectiveness of this transparency obligation, gatekeepers should at least provide an independently audited description of the basis upon which profiling is performed, including whether personal data and data derived from user activity in line with Regulation (EU) 2016/679 is relied on, the processing applied, the purpose for which the profile is prepared and eventually used, the duration of the profiling, the impact of such profiling on the gatekeeper’s services, and the steps taken to effectively enable end users to be aware of the relevant use of such profiling, as well as steps to seek their consent or provide them with the possibility of denying or withdrawing consent. The Commission should transfer the audited description to the European Data Protection Board to inform the enforcement of Union data protection rules. The Commission should be empowered to develop the methodology and procedure for the audited description, in consultation with the European Data Protection Supervisor, the European Data Protection Board, civil society and experts, in line with Regulations (EU) No 182/2011 and (EU) 2018/1725 of the European Parliament and of the Council.