EU merger control laws should be updated to better account for privacy issues, says watchdog

Out-Law News | 26 Sep 2016 | 3:00 pm | 1 min. read

Rights to privacy and data protection should be given greater consideration by competition regulators when assessing whether or not to approve proposed mergers between companies, an EU watchdog has said.

In a newly issued opinion (22-page / 1.10MB PDF), the European data protection supervisor (EDPS) Giovanni Buttarelli said EU merger control rules should "better reflect" consumer interests when it comes to planned mergers between data-rich companies.

Buttarelli said: "EU merger control has until now focused on companies which meet certain turnover thresholds, unless cases are referred by the national authorities. There are now indications of greater scrutiny of proposed acquisitions of less established digital companies, which may have accumulated significant quantities of personal data that have yet to be monetised. We support this and would offer the expertise of independent data authorities in advising on how to assess the significance for consumer welfare in such proposed acquisitions."

"Furthermore, the Merger Regulation should be interpreted, and at the next opportunity amended, to protect the rights under the EU Charter to privacy, data protection and freedom of expression online, just as it currently provides for protection of media plurality. Member states should be permitted also to protect these rights as ‘legitimate interests compatible with the general principles and other provisions of the Community Law’," he said.

Buttarelli also recommended that a new 'digital clearing house' be set up to help address the "urgent need for coherent enforcement of digital rights in all domains of law regulating online markets".

The clearing house would consist of a voluntary network of "regulatory authorities at national and EU level who are responsible for regulation of the digital sector". This might include competition authorities, data protection watchdogs and bodies that enforce consumer rights, as well as telecoms regulators involved in overseeing compliance with rules on confidentiality of communications, the EDPS said.

The clearing house could carry out a range of activities, including "discussing (but not allocating) the most appropriate legal regime for pursuing specific cases or complaints related to services online … and identifying potential coordinated actions or awareness initiatives at European level which could stop or deter harmful practices", Buttarelli said.

It might also allow the cooperating regulators to use "data protection and consumer protection standards to determine ‘theories of harm’ relevant to merger control cases and to cases of exploitative abuse … with a view to developing guidance similar to what already exists for abusive exclusionary conduct", he said.

The clearing house could also allow authorities to look at possible "regulatory solutions for certain markets where personal data is a key input as an efficient alternative to legislation on digital markets which might stifle innovation", Buttarelli said.