EU data governance regulation – A wave of digital, regulatory and antitrust reform begins - Part Three
On 25 November 2020, the European Commission (EC) published its proposed Data Governance Regulation (the DGR), which will create a new legal framework to encourage the development of a European single market for data.
This is part three of a series of three blog posts. In this blog post, we consider the DGR’s relationship to competition law rules.
The DGR’s relationship to competition law rules
The DGR specifies that:
- It does not affect the application of EU competition rules - in particular rules on the exchange of competitively sensitive information between actual or potential competitors through data sharing services.
- Public sector bodies must comply with competition rules in their principles for re-use of data they hold and avoid exclusive agreements.
- Data sharing service providers will have to establish competition law compliance programs.
Data sharing and competitively sensitive information
The activities of data sharing service providers may lead to the sharing of competitively sensitive information, such as information on prices, production costs, quantities, turnovers, sales or capacities. Information sharing may distort competition by enabling businesses to become aware of market strategies of their actual or potential competitors.
The DGR provides that data sharing service providers must modify competitively sensitive information to ensure that it is not confidential, but it does not say how.
The EC’s current guidance on information sharing among competitors may discourage even pro-competitive information sharing. Revised guidance, scheduled for 2022, is expected to provide more clarity on pro-competitive information sharing and allow companies to seek guidance from the EC.
Digital sector and reform agenda
The DGR should be seen as part of a broader antitrust and regulatory reform agenda targeting the digital sector, in particular online platforms that collect large amounts of data.
The data sharing service providers and data altruism organizations contemplated by the DGR are designed to encourage (predominantly) European alternatives sources of data in competition with large “gatekeeper” platforms. In 2020 the EC will propose a new regulatory framework for gatekeeper platforms in the DMA. The DMA will include an extensive list of prohibited practices, such as self-preferencing, and give the EC new powers to investigate market distortions and order remedies, potentially including access to data held by large platforms.
The EC’s future data-related initiatives, including the Data Act 2021 and potential measures to promote European data spaces, will also need to take account of EU competition rules, and in particular the risk of exchanging competitively sensitive information. The full relationship between the EC’s regulatory and antitrust reform agendas will only emerge in the coming years.
Promoting competition and European “sovereignty” in digital markets are twin goals of the Von der Leyen Commission. The EC is melding antitrust and regulatory tools to an unprecedented extent in an effort to achieve its goals. The DGR is the first legislative proposal to flow from the EU’s Digital Strategy. It is intended to promote the formation of the nine common European data spaces, but the DGR’s new legal regimes are largely permissive, encouraging sharing of information already held by public sector bodies and facilitating the formation of new market actors. Perhaps surprisingly in light of its name, the DGR says remarkably little about the actual governance of those actors or the future common European data spaces.
The EC’s plans for the DGR have given rise to concerns about the potential to create a “fortress Europe” for data. Indeed, a draft of the DGR leaked in October 2020 provided that data shared by public sector bodies could only be processed in the EU. The final DGR regime allows the transfer of data held by public sector bodies outside the EU, but only subject to strict conditions.
Experience under the GDPR and other EU regulatory regimes requiring the EC to identify “equivalent” legal regimes suggests that these conditions may be difficult to satisfy. While rightholders may consent to the disclosure of their data, they may also prohibit the data’s export outside the EU. If such data are co-mingled with other data, export of the entire dataset may become impracticable. It should also be noted that the DGR does not override the GDPR in any way, so the GDPR restrictions on international transfer will continue to inhibit transfers of personal data as a result of the Schrems 2 decision.
In the case of the United Kingdom, as the end of the Brexit transition period occurs before the DGR would take effect, the DGR would not form part of U.K. domestic law.
The relatively modest scope of the DGR, and steps taken to pre-empt criticism that it is protectionist, may smooth the DGR’s path through the EU legislative process. However, the practical effect of the DGR will likely depend on how it relates to other proposed EU legislation, including the DMA, the Data Act, and specific measures proposed to create European data spaces.
The DGR’s potential will also depend on EC antitrust reform efforts, including in relation to information sharing and data access requirements.