On 16 January 2025, the European Data Protection Board (“EDPB”) published a position paper, as it had announced last year, on the “interplay between data protection and competition law” (“Position Paper”).

In this blogpost, we outline the EDPB’s position on cooperation between EU data protection authorities (“DPAs”) and competition authorities (“CAs”) in the context of certain key issues at the intersection of data protection and competition law.

Key takeaways

  1. In the interest of coherent regulatory outcomes, the EDPB advocates for increased cooperation between DPAs and CAs.
  2. The Position Paper offers practical suggestions to that end, such as fostering closer personal relationships, mutual understanding, and a shared sense of purpose, as well as more structured mechanisms for regulatory cooperation.
  3. The EDPB is mindful of the Digital Markets Act’s (“DMA”) significance in addressing data protection and competition law risks.

Summary of the Position Paper

The EDPB first outlines certain overlaps between data protection and competition law (e.g., data serving as a parameter of competition). The EDPB argues that as both legal regimes seek to protect individuals and their choices, albeit in different ways, “strengthening the link” between data protection and competition law can “contribute to the protection of individuals and the well-being of consumers”.

The EDPB takes the view that closer cooperation between DPAs and CAs would therefore benefit individuals (and businesses) by improving the consistency and effectiveness of regulatory actions. Moreover, the EDPB emphasises that, based on the EU principle of “sincere cooperation” between regulatory authorities and pursuant to the European Court of Justice’s ruling in Meta v Bundeskartellamt (2023), cooperation between DPAs and CAs would be “in some cases, mandatory and not optional”.

The EDPB also refers to its prior “Statement on privacy implications of mergers”, published in 2020 in relation to Google/Fitbit (2020), to illustrate where increased cooperation between DPAs and CAs could help inform regulators about “potential personal data issues” during merger assessments.

The EDPB notes that there are currently varying degrees of cooperation between authorities in the EU Member States, and no EU law harmonisation in this respect. It recommends that DPAs and CAs could improve cooperation in several ways, including:

  • adopting formal cooperation frameworks (agreements, joint declarations, cooperation protocols);
  • ensuring national legislatures and governments are aware of the need for—and remove barriers to—cooperation;
  • creating dedicated teams within authorities to serve as the single points of contact for inter-agency cooperation;
  • providing authorities with basic knowledge on the regulatory framework of their counterparts (e.g., educating DPAs as to the concept of a “relevant market”);
  • establishing formal cooperation protocols under the duty of sincere cooperation (which may help to avoid parallel investigations by DPAs and CAs into the same underlying conduct); and
  • conducting joint sector inquiries and investigations.

Conclusions

The EDPB sees a need for increased cooperation between DPAs and CAs

The EDPB sees an important overlap between data protection and competition law. This is especially true for the digital economy where data is a key input to many companies’ operations. Large datasets can be considered as valuable assets and are often important to commercial strategies, including mergers and acquisitions. As such, data is often key for competition law assessments in the tech sector. At the same time, data protection legislation focuses on placing safeguards around the processing of personal data.

Commentators have opined that there are synergies and potential tensions between the two areas of law. Examples of synergies can be found in the Competition and Markets Authority and Information Commissioner’s Office’s joint statement and the French authorities’ joint declaration. At the same time, a real world example of potential tensions emerged in Google Privacy Sandbox (2022) (where Google’s conduct was purportedly privacy-enhancing but also caused competition concerns). Thus, the EDPB believes that greater cooperation between the DPAs and CAs could enable better balancing of the goals of these different regimes in the interest of more coherent regulatory outcomes.

The Position Paper aims to offer practical suggestions to improve cooperation between DPAs and CAs

CAs and DPAs have already worked closely across different matters over the years. However, in the EDPB’s view there is scope for improvement. This is unsurprising given the occasional friction between certain DPAs and CAs in the past. The Position Paper suggests a practical way forward based on personal relationships, enhancing mutual understanding, and adopting formal cooperation mechanisms. Although the EDPB is a supranational body, its membership comprises the national DPAs, meaning we could see efforts to increase cooperation between authorities at both the EU and the Member State level.

Crystal ball: Future collaboration of DPAs and CAs under the DMA and DMCC Act

The legal texts of the DMA and Digital Markets, Competition and Consumers Act (“DMCC Act”) require inter-agency collaboration. However, the underlying dynamics and characteristics of this cooperation broadly remain to be seen. The shift to a longer-term working relationship under these regimes as opposed to more ad hoc cooperation could foster closer ties between the authorities, or could create tensions between the two legal regimes, and their respective authorities.

Photo of Claudia Berg Claudia Berg

Claudia advises on all aspects of antitrust law, digital regulation and related litigation. Drawing on her considerable experience at the CMA and the ICO, her practice covers the full range of behavioural issues, merger control, government investigations and litigation, and the intersection of…

Claudia advises on all aspects of antitrust law, digital regulation and related litigation. Drawing on her considerable experience at the CMA and the ICO, her practice covers the full range of behavioural issues, merger control, government investigations and litigation, and the intersection of antitrust and privacy law. Claudia has strong experience in the technology and life sciences sectors.

As General Counsel of the ICO from 2021-2024, Claudia headed up the ICO Legal Service, oversaw the ICO’s litigation portfolio, and advised the Information Commissioner and the Board. During her time, she oversaw high-profile investigations into issues ranging from children’s privacy to AI. At the CMA, from its inception in 2014, she led a large team of antitrust attorneys working on the largest and most complex antitrust matters at the CMA, including successfully defending its decisions in the Courts. During Claudia’s tenure, the CMA’s strategic focus was on antitrust issues in the life sciences and tech sectors such as excessive pricing, pay for delay, information exchange, market sharing, multi-party concerted practices, parental liability, and most favoured nation clauses. Claudia worked closely with antitrust authorities in Europe, the US and throughout the world to co-ordinate investigations. She also regularly represented the CMA and the ICO at key international organisations, such as the International Competition Network and the Global Privacy Assembly.

Claudia advises on the critical intersection between antitrust and privacy, counselling clients on digital regulation in Europe (including the EU Digital Markets Act (DMA) and the UK’s Digital Markets, Competition and Consumers Act (DMCC)), data protection, and AI.

Prior to the CMA, Claudia worked at a leading global law firm advising clients on all aspects of EU and UK merger control and conduct issues.

Read more about Claudia Berg
Show more Show less
Photo of Kristof Van Quathem Kristof Van Quathem

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty…

Kristof Van Quathem advises clients on information technology matters and policy, with a focus on data protection, cybercrime and various EU data-related initiatives, such as the Data Act, the AI Act and EHDS.

Kristof has been specializing in this area for over twenty years and developed particular experience in the life science and information technology sectors. He counsels clients on government affairs strategies concerning EU lawmaking and their compliance with applicable regulatory frameworks, and has represented clients in non-contentious and contentious matters before data protection authorities, national courts and the Court of the Justice of the EU.

Kristof is admitted to practice in Belgium.

Read more about Kristof Van Quathem
Show more Show less
Photo of Dan Cooper Dan Cooper

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing…

Daniel Cooper is co-chair of Covington’s Data Privacy and Cyber Security Practice, and advises clients on information technology regulatory and policy issues, particularly data protection, consumer protection, AI, and data security matters. He has over 20 years of experience in the field, representing clients in regulatory proceedings before privacy authorities in Europe and counseling them on their global compliance and government affairs strategies. Dan regularly lectures on the topic, and was instrumental in drafting the privacy standards applied in professional sport.

According to Chambers UK, his “level of expertise is second to none, but it’s also equally paired with a keen understanding of our business and direction.” It was noted that “he is very good at calibrating and helping to gauge risk.”

Dan is qualified to practice law in the United States, the United Kingdom, Ireland and Belgium. He has also been appointed to the advisory and expert boards of privacy NGOs and agencies, such as the IAPP’s European Advisory Board, Privacy International and the European security agency, ENISA.

Read more about Dan Cooper
Show more Show less
Photo of Eirini Marnera Eirini Marnera

Eirini Marnera is an associate in Covington’s competition team. She advices on various aspects of EU competition law, including multijurisdictional merger control, cartels, antitrust and regulatory investigations.

Read more about Eirini Marnera
Photo of Tomos Griffiths Tomos Griffiths

Tomos is an associate working across the firm’s technology regulatory and competition teams, based in the London office. His practice covers technology and digital markets regulation, competition law, and issues that span the two.

His recent experience includes providing regulatory advice on data…

Tomos is an associate working across the firm’s technology regulatory and competition teams, based in the London office. His practice covers technology and digital markets regulation, competition law, and issues that span the two.

His recent experience includes providing regulatory advice on data protection compliance, technology regulatory investigations, and transactional merger control and foreign direct investment screening matters, primarily in the technology and life sciences sectors.

Read more about Tomos Griffiths
Show more Show less