The ICO and the Proposed Competition Duty

Written By

saskia king Module
Dr. Saskia King

Partner
UK

I am a partner in our Competition & EU Law team in London with over 18 years' experience at the cutting edge of UK and EU competition law and policy having worked at regulators, competition authorities, in academia and private practice, with a particular focus on regulated sectors such as payment systems as well as sport, retail, consumer, financial, technology and communications markets more widely.

We previously reported (see here) on the UK’s Department for Digital, Culture, Media & Sport (DCMS) Consultation paper, launched in September, setting out its proposals on the future of data protection law in the UK (Consultation). The Consultation remains open to comments until the 19 November. As part of its proposals, the government wishes to establish a data protection regime that will “support vibrant competition and innovation to drive economic growth”.[1] In particular, the government foresees “the Information Commissioner and the Competition and Markets Authority working together to promote digital markets which are competitive, empower consumers and safeguard individuals’ data protection rights”.[2] The proposals therefore build upon the now firmly established collaboration between the ICO and CMA through the Digital Regulation Cooperation Forum (DRCF).

The DRCF was set up in July 2020 to support regulatory coordination in online services and cooperation on areas of mutual importance (members also include Ofcom and the FCA). The interactions between regulators and their regimes is therefore central to this objective (see also the ICO and CMA’s joint statement on competition and data protection in digital markets and our briefing note here).

This note focuses more closely on the role of the ICO in terms of the proposed introduction of a duty to have regard to competition and its implementation.

New Competition duty

The drive for the ICO and CMA to work together and to align the promotion of competition and data protection, especially where tensions may arise (such as increasing access to personal data in pursuit of better competition outcomes) means close cooperation will be vital to managing those tensions. As such, it is perhaps no surprise that the government is keen to “provide a stronger statutory underpinning to this collaboration in order to reinforce cooperation across the digital regulatory landscape and … ensure more transparency on how the ICO considers competition issues”.[3]  To this end, it is proposed that: 

  • A new duty on the ICO to “have regard to competition when discharging its functions” is introduced.[4]  
  • Such a duty would not supersede the ICO’s overarching objective[5] (which the government is also consulting on).[6] 
  • The duty would, however, ensure the ICO is equipped to factor in interactions with competition when discharging its core functions.
Compliance with the new Competition duty

Under the Consultation, the ICO would also be required to set out in its regulatory approach how it intends to comply with the duty and report against how due regard was given to competition when discharging its functions.[7] 

Collaboration and enhanced information sharing gateways

The Consultation sagely notes that new digital services or products, and disruptive business models are increasingly cutting across traditional regulatory boundaries. It will therefore become more important for digital regulators to take into account how their regulatory activities and interventions interact with one another and draw on their respective expertise where relevant.

The proposal is to introduce a new duty on the ICO to cooperate and consult with other regulators, in particular those in the DRCF.[8] Building upon this, the Consultation wants to examine ways to improve information sharing between the ICO and other regulators by, for instance, reducing duplicative information requests.

Establishing a new information sharing gateway to enable regulators, particularly those within the DRCF, to share information in support of cooperation across a broad range of issues is somewhat contentious. This would include sharing confidential information if deemed necessary for the delivery of functions set out in the gateway and to enable joint working.[9]

New reporting requirements

The government is considering whether the ICO should provide a mandatory report against its competition duty and its duty to cooperate and consult with other regulators.[10]  This would help ensure that the ICO takes a robust approach to discharging its functions and its thought process is transparent.

Commentary

The concept of introducing a statutory duty linked to competition is perhaps no surprise, especially given there were increasing signs over the past few years that the ICO was collaborating closely with the CMA, in particular in the digital space. This was highlighted by the ICO in its joint statement with the CMA in May 2021.[11]

A number of regulators have a statutory objective linked to competition considerations. For instance, the FCA has the objective of ‘promoting effective competition in the interests of consumers’ in relation to, for instance, financial services[12]; Ofcom has a statutory objective to encourage ‘further growth, competition and innovation’ in relation to communications;[13] and the PSR has a statutory objective to ‘promote effective competition in the markets for payment systems and services’.[14] Unlike these regulators, it is not proposed that the ICO have concurrent competition law powers to enforce competition law breaches. Yet, there will need to be an element of consistency in how the ICO approaches such a competition duty so that businesses have a degree of certainty and predictability. As the proposals are developed, more clarity on how such a duty is defined and its scope would be welcomed. This is so that businesses know how to refer to competition considerations in their dealings with the ICO and how it will be accounted for.

The proposals highlight the government’s view that the ICO plays a vital role within the DCRF and in protecting and promoting competition in the UK, especially in the digital space. It is therefore important that further clarity on the extent of information sharing and joint working is provided going forwards. The drive for close collaboration through the DRCF has also been noted by the FCA. In a speech, Nikhil Rathi stated that the FCA would achieve its objectives more effectively by deeper cooperation and developing common capability, including in artificial intelligence and data ethics through the DRCF. 

The proposals anticipate increasing interactions between the fields of data protection, new digital services, new digital products, and/or disruptive business models cutting across competition. A reciprocal and continuous form of information sharing could be concerning for businesses who cooperate with one regulator, on the basis it could be shared with up to three other regulators who could then rely on that information. It would also potentially mean more requests made under the Freedom of Information Act: therefore, businesses will need to continue to carefully consider confidentiality when replying to authorities and be on notice that their information would likely be shared and used for different purposes.

The ICO commented on the Consultation in October and, overall, welcomed many of the proposals. However, it did raise a number of concerns. Regarding the new competition duty, the ICO also warned about the need for appropriate protections. Regarding regulatory cooperation, the ICO considered that the duty would formalise its current approach to ensuring close working relationships with other regulators (such as the CMA) and recognised the need for regulators to be joined-up. The increasing focus on collaborative regulators is clearly here to stay.

[1] ‘Data: A new direction’ - Page 7, Paragraph 7

[2] As above, Page 77, Paragraph 205

[3] As above, page 118, Paragraph 334

[4] As above, Page 119, Paragraph 335

[5] As above, Page 119, Paragraph 335

[6] The proposed overarching objective is made up of two elements: (i) upholding data rights, and (ii) encouraging trustworthy and responsible data use. See Page 116, Paragraph 325

[7] As above, Page 119, Paragraph 336

[8] As above, Page 119, Paragraph 338

[9] As above, Page 120, Paragraph 339 and Footnote 93

[10] As above, Page 127, Paragraph 368

[11] Competition and data protection in digital markets joint statement (publishing.service.gov.uk), Page 118, Paragraph 332

[12] Part 18 of FSMA (section 1E(1))

[13] What is Ofcom? - Ofcom

[14] The PSR purpose | Payment Systems Regulator, Our Objectives 

Latest insights

More Insights
featured image

Bird & Bird marks World Children’s Day by announcing its forthcoming Global Comparative Guide to Children in the Digital World

7 minutes Nov 20 2024

Read More
Carabiner

Update: Reform of product liability adopted - New liability and litigation risks for companies!

Nov 19 2024

Read More
The European Commission Modern office buildings in Brussels, Belgium.

VAT in the Digital Age (“ViDA”): prepare your business with Bird & Bird – 10 key insights for success

Nov 15 2024

Read More