Navigating the Toughest Privacy Regulations: A Guide for Developers (Part II) | GDPR & DMA Unpacked

2026-01-22 globalmarket

You've likely been frequently notified by giants like Google and Facebook about GDPR regulations and the DMA Act—but what exactly are these, and why are leading global digital networks issuing such serious announcements? How are they connected to the products and services in our industry?

This article takes an in-depth look at the essence of the General Data Protection Regulation (GDPR), known as the " the toughest personal data protection regulation in history," and the European Union's Digital Markets Act (DMA).

 

Focusing on the compliance challenges faced by Chinese mobile apps entering the EU market, we will explain key GDPR provisions and detail what Chinese developers must consider when processing personal data in the EU. Our goal is to provide valuable compliance guidance for businesses looking to expand into the European Union.

 

 

01.

General Data Protection Regulation

GDPR

 

  • What Exactly Is GDPR?

GDPR grants EU citizens strong control over their personal data, including the rights to erase, modify, and transfer their data, while placing the responsibility of protecting user personal information on businesses. Approved in 2016 with a two-year preparation period, GDPR officially came into effect on May 25, 2018. This means users have the right to request tech giants like Google and Apple to completely delete their personal information or transfer their data to other service platforms.

 

  • Who Needs to Follow GDPR?

GDPR applies broadly—any organization meeting one of the following conditions must comply:

 

  • Serving EU-based clients
  • Employing EU citizens
  • Partnering with EU suppliers
  • Applies not only to businesses but also to non-profits and government agencies

 

In short, if your company or website interacts with EU users, has an EU branch, or engages in business with EU enterprises, GDPR is a regulation you must follow.

 

  • How Can App Developers Comply with GDPR?

With the widespread use of smartphones and growing user demand for personalized services, the app market continues to thrive. However, this also intensifies challenges related to personal information collection and utilization, making GDPR compliance especially critical for app developers. Key compliance areas include lawfulness of data processing, collection, storage, processing, cross-border transfers, and response mechanisms.

 

 

  • Core Principles of GDPR

GDPR primarily regulates how companies and organizations handle the personal data of EU citizens. Below are some of its core principles:

 

  1. Data Minimization:Businesses may only collect the minimum amount of data necessary for specific purposes, avoiding excessive data collection.
  2. Transparency and Consent:Businesses must clearly and concisely inform users about the purposes of data collection, and may only process data with users' explicit consent.
  3. Access and Erasure Rights:Users have the right to access their personal data at any time and request its deletion, unless legal grounds prevent it.
  4. Data Portability:Users have the right to transfer their personal data from one platform to another.
  5. Privacy by Design and by Default:Businesses must ensure user privacy is protected when designing and developing products or services, applying the strictest privacy settings by default.
  6. Data Breach Notification:Businesses must notify relevant authorities within 72 hours of discovering a data breach and take necessary remedial actions.
  7. Cross-Border Data Transfers:Strict data protection standards must be followed when transferring personal data outside the EU.

 

Through this article, we aim to help Chinese businesses better understand GDPR and lay a solid compliance foundation for successful expansion into the EU.

 

 

02.

Digital Markets Act

DMA

 

The Digital Markets Act (DMA) is a key regulation proposed by the EU in December 2020 and passed in 2022, designed to regulate the market conduct of large tech companies and ensure fair competition in Europe's digital market. DMA primarily targets "gatekeepers"—large tech companies with significant market influence operating across multiple countries, such as Google, Apple, Meta (parent company of Facebook), and Amazon.

 

  • Primary Goals of DMA

Ensure Fair Competition: DMA aims to restrict gatekeepers from abusing their dominant market position, protecting small and medium-sized enterprises as well as innovative companies from being pushed out of the market.

Promote Openness in Digital Markets: DMA seeks to provide users and developers with more choices when engaging with large platforms through stricter rules.

Protect Consumer Rights: DMA ensures consumers can access more innovative products and services, with greater transparency and choice.

 

 

  • Core Contents of DMA

DMA imposes strict rules on companies designated as "gatekeepers," including but not limited to:

 

- Prohibition of Self-Preferencing: Platforms must not give preferential treatment to their own apps or services; they must treat all competitors'  products fairly.

- Ensuring Interoperability: Large platforms must allow third-party developers and services to interoperate with their systems. For example, app developers can use core platform functions—such as payment or messaging—without being forced to use the platform's proprietary payment system.

- Open Data and Interfaces: Platforms must provide third-party providers with necessary data and interfaces to allow their products to function on the platform. User data cannot be exclusively held by the platform.

- Ban on Forced Bundling: Platforms cannot force users to accept bundled services or apps when using certain features.

 

 

  • Impact of DMA on the Mobile App Industry

The DMA significantly affects the mobile app market, particularly dominant platforms like Apple's App Store and Google's Play Store, in the following ways:

 

1. Freedom in App Distribution

Traditionally, Apple and Google have maintained strict control over app distribution on their platforms—for example, the App Store is the only legitimate source for iOS app downloads. DMA requires these platforms to allow users to download apps from third-party app stores or other sources, breaking the platforms' monopoly and increasing choice for users and developers.

 

 

2. Choice of Payment Systems

Currently, Apple and Google require developers to use their built-in payment systems and charge high commission fees on in-app purchases. DMA requires gatekeepers to allow developers to use third-party payment systems. For app developers, this means they can avoid high commission fees, potentially increasing revenue. This could lead to more flexible monetization models for mobile apps and possibly lower costs for in-app purchases, benefiting consumers.

3. Transparency in App Review Processes

Mobile app review processes are often criticized by developers as opaque and unfair. DMA requires platforms to provide greater transparency—such as clearer criteria for app approval and handling of violations. A more transparent review process can reduce disputes between developers and platforms and encourage more innovation.

4. Data Interoperability

For developer, DMA's mandate for platforms to open data and interfaces means they can leverage more user data to improve their products without being restricted by platform data exclusivity. For example, messaging apps could interoperate with messaging services on large platforms, enabling richer functionality and greater user convenience.

5. User Choice and Privacy Protection

Through DMA, end-users gain more choice, particularly regarding data usage and ad targeting. Users can more clearly choose whether to allow platforms to access their data and can more easily switch between apps and services across different platforms. This enhances user privacy protection and helps build greater trust in platforms.

 

 

The DMA aims to break the monopoly of large tech companies in the digital market, promoting fair competition and innovation. In the mobile app industry, DMA will reshape the relationship between platforms and developers, giving developers greater independence and choice. This not only fosters industry innovation but may also reduce app development and operational costs—ultimately benefiting consumers with more app choices, lower costs, and stronger privacy protection.

Popular

1

PremiumAds is now an Official Mediation Partner of TopOn

2025.9.29

2

TopOn Partners with Micro Drama to Achieve Over 50% Growth in Both eCPM and ARPU

2025.8.22

3

TopOn × Tencent Cloud: Building a Cloud Accelerator to Forge a New Engine for Ad Monetization

2025.10.20

4

As an App Developer, How to Choose the Most Suitable Ad Network?

2025.12.12

5

Navigating the Toughest Privacy Regulations: A Guide for Developers (Part II) | GDPR & DMA Unpacked

2026.1.22

6

TopOn × GeoEdge: Form Strategic Partnership to Build a New Ecosystem for Mobile Ad Data Security!

2025.10.29

7

Is App Commercialization Becoming More Difficult? You Need to Choose the Right Ad Network

2025.12.19

8

TopOn’s Shared Ad Placement Feature: Maximize Revenue from Every Ad Impression

2025.11.13

9

Product Information | TopOn officially integrates Columbus, an advertising network of Xiaomi International Internet Business, and becomes bidding partner

2024.8.29

10

Why Turkey Should Be Your Next Gaming Market?

2025.7.1

By clicking "Agree", you consent to our use of tracking tools to record your browsing behavior and analyze your interaction with our website. For more details, please check "Custom Settings".
Agree
Custom
Custom
Description
We use cookies to ensure that necessary functions such as appropriate language switching are provided on the website. For details, please refer to our Cookies Policy. In addition, if you click "Confirm", you consent to the use of the following enabled tracking tools to analyze your interaction with our website and analyze the source regions of traffic ("Analysis Purposes"); If you do not agree to our use of the following analytical tools, you can turn off the consent button through the customize settings below.
Settings
Please set whether you allow us to use the following tracking tools:
Google Analytics
Cancel
Confirm