Summary statistics
Overlaps: 4 · Conflicts: 1 · Gaps: 2
7 article-level crossrefs catalogued between DMA and GDPR from the Fontvera EU regulatory corpus. Article numbers are verbatim from the underlying obligation_crossrefs table; descriptions are extracted, not paraphrased.
All crossrefs between these regulations
| Article (A) | Article (B) | Type | Severity | Description |
|---|---|---|---|---|
| DMA Art 13 | GDPR Art 6 | overlap | high | [entity affected: gatekeeper] Both regulations require gatekeepers to ensure that consent for data processing is obtained lawfully and is not made more burdensome than for their own services, aligning |
| DMA Art 15 | GDPR Art 12 | overlap | medium | [entity affected: gatekeeper] DMA requires gatekeepers to publish an overview of profiling techniques, while GDPR requires controllers to provide transparent information about processing logic and sig |
| DMA Art 13 | GDPR Art 5 | overlap | high | [entity affected: gatekeeper] DMA prohibits degrading service quality for users exercising data rights, supporting GDPR's principle of fair and transparent processing and the right to withdraw consent |
| DMA Art 1 | GDPR Art 6 | conflict | medium | [entity affected: Member States] DMA prohibits Member States from imposing further obligations on gatekeepers to ensure contestable markets, which may conflict with GDPR's allowance for Member States |
| DMA Art ? | GDPR Art 22 | gap | high | [entity affected: gatekeeper] While DMA requires transparency on profiling techniques, it does not explicitly mandate the specific safeguards for automated individual decision-making (like human inter |
| DMA Art ? | GDPR Art 35 | gap | medium | [entity affected: gatekeeper] Neither the provided DMA excerpts nor the GDPR excerpts explicitly detail the Data Protection Impact Assessment (DPIA) requirements for high-risk processing, leaving a ga |
| DMA Art 11 | GDPR Art 24 | overlap | medium | [entity affected: gatekeeper] DMA requires gatekeepers to report on compliance measures, while GDPR requires controllers to implement and demonstrate appropriate technical and organizational measures, |
Conflicts explained
The 1 article-level conflicts between DMA and GDPR mean a control that satisfies one can pull the wrong way on the other:
- DMA Art 1 vs GDPR Art 6 — [entity affected: Member States] DMA prohibits Member States from imposing further obligations on gatekeepers to ensure contestable markets, which may conflict with GDPR's allowance for Member States to introduce specific provisions for lawful processing under public interest or legal obligations.
Which regulation takes precedence
EU law does not lay down a universal precedence rule between DMA and GDPR. In practice three resolution approaches apply: lex specialis (the more specific provision wins when both purport to govern the same conduct); regulator guidance (EDPB, EBA, ESMA and the AI Office have all issued joint readings on overlapping articles — check the most recent applicable opinion); and document the choice (when the regulations leave the call to the controller, the audit defence is your written reasoning, not the regulator's silence). Where the corpus surfaces a conflict rather than an overlap, treat that as an escalation path to legal — not a control-design question.
What this means for your compliance team
Treat the 4 overlaps as design opportunities — one control, two regulatory anchors. Treat the 1 conflicts as escalation paths to legal: the regulations themselves don't resolve them, you do, and you document the reasoning. The 2 gaps point at scenarios where one regulation is silent while the other speaks — assume the regulator who has the explicit rule will win.
Related Fontvera pages
- dma obligations digital sector
- dma obligations electronic communications
- dma obligations online advertising
- dma vs dora comparison
Check your full compliance exposure with the 5-minute Fontvera diagnostic →