Let’s not have regulatory overlaps on data compliance

Source: The post is based on the article “Let’s not have regulatory overlaps on data compliance” published in Live Mint on 12th July, 2023.

Syllabus: GS 2- Government policies and interventions for development in various sectors and issues arising out of their design and implementation.

News: According to recent judgement of Court of Justice of the EU (CJEU), in Europe, it’s now legally established that if a company violates data protection laws through abuse of market dominance, competition authorities can assess data protection compliance to determine any breach of competition laws.

How is data protection affecting other regulatory frameworks?

As businesses transition to digital platforms, data protection laws are increasingly superimposed on other legislative frameworks. Traditional regulators are engaging with data protection issues, blurring boundaries and forcing businesses to adjust internal processes to meet multiple, sometimes conflicting, regulatory demands.

What is the conflict between data protection and competition regulation?

The conflict between data protection and competition regulation arises in the digital economy where dominant tech companies collect vast amounts of user data. This gives them a competitive advantage, raising questions about fair competition. Concurrently, it blurs the boundaries of traditional regulatory scopes, as competition regulators now have to consider data protection issues in their assessments.

How did European authorities respond to these concerns?

European competition authorities have started investigating Big Tech companies’ data advantages for potential anti-competitive implications.

One example was the German Federal Cartel Office’s 2019 investigation into the merged user data of social media platforms, where it found the company violated the EU’s data protection law by bundling consent with standard terms and conditions.

The Court of Justice of the EU (CJEU) upheld this decision, setting a precedent that allows competition authorities to consider GDPR compliance when determining market dominance abuse.

In anticipation of this, European legislators introduced a provision in the Digital Markets Act to prevent large “gatekeeper” online companies from combining user data without explicit consent, further emphasizing the interconnected nature of competition regulation and data protection.

What are the compliance challenges for businesses?

For businesses, regulatory compliance can be a burden, demanding clarity on what actions are required and which regulator to satisfy. With overlapping regulations, organizations face the potential of increased compliance responsibilities, especially when the requirements of different regulators diverge.

What lessons can India learn as it develops a new data protection regime?

As India prepares to enact a new data protection law, the case study of Europe suggests the importance of avoiding regulatory overlaps. Clear boundaries between different regulatory mandates can provide clarity for companies on compliance expectations. In instances of unavoidable overlap, a system is needed to reconcile conflicting regulatory demands.