The Digital Fairness Act (DFA) is a defining opportunity to modernise Europe’s consumer protection framework for the digital age. Mozilla welcomes the European Commission’s ambition to ensure that digital environments are fair, open, and respecting of user autonomy.
As online environments are increasingly shaped by manipulative design, pervasive personalization, and emerging AI systems, traditional transparency and consent mechanisms are no longer sufficient. The DFA must therefore address how digital systems are designed and operated – from interface choices to system-level defaults and AI-mediated decision-making.
Mozilla believes the DFA, if designed in a smart way, will complement existing legislation (such as GDPR, DSA, DMA, AI Act) by closing long-recognized legal and enforcement gaps. When properly scoped, the DFA can simplify the regulatory landscape, reduce fragmentation, and enhance legal certainty for innovators, while also enabling consumers to exercise their choices online and bolster overall consumer protection. Ensuring effective consumer choice is at the heart of contestable markets, encouraging innovation and new entry.
Policy recommendations
1. Recognize and outlaw harmful design practices at the interface and system levels.
- Update existing rules to ensure that manipulative and deceptive patterns at both interface and system architecture levels are explicitly banned.
- Extend protection beyond “dark patterns” to include AI-driven and agentic systems that steer users toward outcomes they did not freely choose.
- Introduce anti-circumvention and burden-shifting provisions requiring platforms to demonstrate the fairness of their design and user-interaction systems.
- Harmonize key definitions and obligations across the different legislative instruments within consumer, competition, and data protection law.
2. Establish substantive fairness standards for personalization and online advertising.
- Prohibit exploitative or manipulative personalization based on sensitive data or vulnerabilities.
- Guarantee simple, meaningful opt-outs that do not degrade service quality.
- Require the use of privacy-preserving technologies (PETs) and data minimisation by design in all personalization systems.
- Mandate regular audits to assess fairness and detect systemic bias or manipulation across the ad-tech chain.
3. Strengthen centralized enforcement and cooperation across regulators.
- Adopt the DFA as a Regulation and introduce centralized enforcement to ensure consistent application across Member States.
- Create formal mechanisms for cross-regulator coordination among consumer, data protection, and competition authorities.
- Update the “average consumer” standard to reflect real behavioral dynamics online, ensuring protection for all users, not just the hypothetical rational actor.
A strong, harmonized DFA would modernize Europe’s consumer protection architecture, strengthen trust, and promote a fairer, more competitive digital economy. By closing long-recognized legal gaps, it would reinforce genuine user choice, simplify compliance, enhance legal certainty, and support responsible innovation.
You can read our position in more detail here.