While data protection and competition policy are often viewed as creating tension between their respective policy objectives, a recently-published joint statement by the UK’s Competition and Markets Authority and the Information Commissioner’s Office shows some progress in considering how to deal with those tensions. For the first time, the two regulators have signaled their intent to focus on policy synergies and work through areas of possible friction to deliver for consumers.
According to the CMA and ICO, more competitive markets will address issues that consumers care about most, and what consumers increasingly care about is having greater control over personal data and protecting their privacy. They consider a relationship of cooperation to be mutually reinforcing – successful data protection regulation can give consumers more control and promote competition. Competition in turn can incentivise innovation to protect and support users.
A roadmap to coherence
The debate on the interplay between competition policy and data protection is well-trodden ground globally, including antitrust investigations by several regulators into GAFA companies (read more).
The joint statement provides a roadmap for the CMA and ICO to work together to increase coherence in their approach, drawing on lessons learned from two recent ongoing projects relating to personal data in digital advertising markets (the Google privacy sandbox investigation and investigation into real time bidding and the adtech industry).
Their work is underlined by an updated Memorandum of Understanding governing their collaboration and information exchange published on the same day. More broadly, it supports the objectives of the Digital Regulation Cooperation Forum (a body for collaboration between the CMA, ICO, FCA and Ofcom) for greater inter-agency cooperation.
Can digital policy be pro-competitive and pro-privacy?
Data protection law is interested in protecting personal privacy. This suggests limiting access to data which could conflict with the tendency in the digital economy to gather and use more data, sometimes for pro-competitive purposes.
Competition policy is less concerned with how much data players are accessing, so long as outcomes are efficient – the key is to ensure there is a level playing field. Where competitors have significantly different access to data, competition can be undermined.
However, the CMA and ICO have pointed out that they have complementary aims in respect of achieving efficient market outcomes that involve processing personal data. They have identified some clear synergies, including in relation to user choice and control, the role of clear standards and regulations to protect privacy and ensure effective competition, and data-related interventions to promote competition.
While tensions also arise (e.g. between data-related interventions to limit barriers to competition by providing access to data; and interpreting data protection rights in a way that risks distorting competition), the regulators consider that these can be overcome – through careful consideration on a case-by-case basis and consistent application of competition and data protection law.
The two regulators set out to achieve several pro-competition and pro-privacy outcomes for users:
- clear information on what data is collected and how it is used – with a view to enabling informed decision-making on terms offered by platforms in a way that protects personal preferences on data;
- choice architecture and default settings designed to reflect users’ interests;
- more control over personal data and meaningful decisions over withholding or sharing access to data;
- real choices over platform and service providers, as well as easier switching depending on content, functionality, or approach to data protection;
- establishing the degree of privacy platforms are willing to offer as a parameter of competition, either as an aspect of quality, or by offering greater benefits to users who agree to more collection and use of their data; and
- incentivising platforms to innovate to develop new ways to deliver advertising that balance the needs of advertisers while at the same time using less personal data and protecting privacy.
Will it work?
Insights from existing projects provide some guidance on how the collaboration will work in practice: the CMA’s market study into online platforms and digital advertising already found privacy to be a key metric of quality, highlighting concerns about how adtech providers use (and hide their use of) data.
In turn, the ICO’s real-time bidding investigation shows that it is alive to the potentially significant market disruption any remedial action it takes can cause, and any competition issues this may cause. The updated MOU provides the basis for the regulators exchanging information relevant to their respective functions.
Regulators are not always quick to react to new developments, but the complexity and dynamic nature of digital markets will demand that the CMA and ICO keep pace. We’ll be keeping a keen eye how the collaboration develops.
“The statement from the UK regulators for competition and data protection – the first of its kind globally – highlights the strong overlap between promoting and protecting competition in digital markets and safeguarding people’s data. Coherent and clear regulation is vital for creating the conditions that allow new innovative services to flourish and for people to have confidence in digital services.”