Jun 12021

UK Moves to Reconcile Antitrust and Data Protection Enforcement in Digital Sectors

Ken Daly, Monika Zdzieborska, Stefan Ciubotaru and Francesca Blythe
, , , , , ,

Last year, to address the increasing overlaps between data protection and antitrust enforcement, the UK launched the Digital Regulatory Cooperation Forum (DRCF). The DRCF brings together the four UK regulators most involved in digital matters (i.e., the Competition and Markets Authority (CMA), the Information Commissioner’s Office (ICO), the Office of Communications (Ofcom) and the Financial Conduct Authority (FCA)). Its main objective is to enable coherent and informed regulation of the UK digital economy.

DRCF’s Recommendations

Earlier this month, at the request of the UK’s Government, the DRCF published a series of recommendations to improve cooperation between the DRCF members. These include recommendations on:

  1. information sharing – given that all four regulators are subject to similar procedures for handling confidential information, the DRCF is of the view that they should be able to easily and quickly share such information between them when necessary to effectively exercise their powers in the digital sector; and
  2. regulatory coherence and cooperation – in order to ensure coherent regulatory outcomes, the DRCF recommends that the four regulators should look beyond their own duties and consider the wider regulatory ecosystem (including the objectives of their fellow regulators). To that end, the DRCF suggests solutions which range from a formal duty to consult to more general duties of co-operation (which would allow, but not require, each regulator to take others’ views into account).

Joint statement by ICO and CMA

Following the DRCF’s recommendations, on 19 May, the CMA and the ICO issued a further joint statement setting out their views on the relationship between antitrust and data protection in digital regulatory matters. In particular, in line with the DRCF’s recommendations, the joint statement emphasized the importance of coherent outcomes, i.e., data-related antitrust regulation should be in line with data protection regulation and vice-versa.

There have been tensions and overlaps between data protection and antitrust enforcement for several years, and much debate on how their sometimes competing demands can be reconciled. For example, this was a key question in a case recently referred to, and awaiting preliminary judgment from, the EU’s highest court. The DRCF’s recommendations, and the joint statement by the ICO and CMA, are notable as they represent one of the first known examples of regulatory bodies themselves committing to cooperate and to seek to align on outcomes where necessary.

What’s next?

The DRCF is working with the UK Government on necessary next steps and the implementation plan. In the meantime, DRCF is encouraging comments and discussions on its plan of work and priorities for the year ahead.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

Ken Daly

Brussels

kdaly@sidley.com

Monika Zdzieborska

London

mzdzieborska@sidley.com

Stefan Ciubotaru

Francesca Blythe

London

fblythe@sidley.com

You might also like
Top 10 Questions on the EU AI Act

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

EU Formally Adopts Cyber Law for Connected Products

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding.