Mediating the Tension between Data Sharing and Privacy: The Case of DMA and GDPR

Weigl, L., Barbereau, T., Sedlmeir, J. & Zavolokina, L.
ECIS 2023 Research-in-Progress Papers, 2023

Abstract

The Digital Markets Act (DMA) constitutes a crucial part of the European legislative framework addressing the dominance of ‘Big Tech’. It intends to foster fairness and competition in Europe’s digital platform economy by imposing obligations on ‘gatekeepers’ to share end-user-related information with business users. Yet, this may involve the processing of personal data subject to the General Data Protection Regulation (GDPR). The obligation to provide access to personal data in a GDPR-compliant manner poses a regulatory and technical challenge and can serve as a justification for gatekeepers to refrain from data sharing. In this research-in-progress paper, we analyze key tensions between the DMA and the GDPR through the paradox perspective. We argue through a task-technology fit approach how privacyenhancing technologies–particularly anonymization techniques–and portability could help mediate tensions between data sharing and privacy. Our contribution provides theoretical and practical insights to facilitate legal compliance.

Bibtex

Conference paper{nokey, title = {Mediating the Tension between Data Sharing and Privacy: The Case of DMA and GDPR}, author = {Weigl, L. and Barbereau, T. and Sedlmeir, J. and Zavolokina, L.}, url = {https://aisel.aisnet.org/ecis2023_rip/49/}, year = {2023}, date = {2023-05-02}, journal = {ECIS 2023 Research-in-Progress Papers}, abstract = {The Digital Markets Act (DMA) constitutes a crucial part of the European legislative framework addressing the dominance of ‘Big Tech’. It intends to foster fairness and competition in Europe’s digital platform economy by imposing obligations on ‘gatekeepers’ to share end-user-related information with business users. Yet, this may involve the processing of personal data subject to the General Data Protection Regulation (GDPR). The obligation to provide access to personal data in a GDPR-compliant manner poses a regulatory and technical challenge and can serve as a justification for gatekeepers to refrain from data sharing. In this research-in-progress paper, we analyze key tensions between the DMA and the GDPR through the paradox perspective. We argue through a task-technology fit approach how privacyenhancing technologies–particularly anonymization techniques–and portability could help mediate tensions between data sharing and privacy. Our contribution provides theoretical and practical insights to facilitate legal compliance.}, }