Short Reads

Walking the tightrope between data protection and EU investigations

Walking the tightrope between data protection and EU investigations

Walking the tightrope between data protection and EU investigations

04.01.2019 NL law

Two recent publications confirm that it is possible for companies to cooperate with a European Commission investigation and still comply with the data protection rules. It is also possible for the Commission to deviate from certain data protection obligations in the interest of a competition law investigation. The tightrope between data protection and Commission investigations may not be as rigid as initially feared.

However, companies should still remain vigilant when dealing with information requests during investigations.

Several EU institutions, including the European Commission's Directorate-General for Competition, voiced concerns to the European Data Protection Supervisor (EDPS) about companies claiming the General Data Protection Regulation (GDPR) prevents them from cooperating with EU investigations. In response to these concerns, the EDPS clarified that the GDPR does not prevent companies from submitting information containing personal data to EU institutions, either voluntarily or in response to a legal obligation, as long as the EU institutions act within their powers. In addition, the EDPS stated that companies do not have a legal obligation to inform people about the disclosure of their personal data to EU institutions if this data is submitted with a view to carrying out a particular inquiry within the powers of the EU institutions. In the context of EU antitrust investigations, companies can therefore still be GDPR compliant while submitting information - either voluntarily or under a legal obligation - to the European Commission that may include personal data, as long as they double-check whether:

  • the request for information falls with the scope of the Commission's investigative powers;
  • the disclosure of the information is necessary to comply with the legal obligation;
  • the requested information is provided within the framework of a particular inquiry, or
  • the information is provided in order for the Commission to carry out a particular inquiry.

Similar to the GDPR not preventing companies from cooperating with EU investigations, Regulation 2018/1725 - the EU institutions' version of the GDPR – does not prevent EU institutions from conducting investigations under certain specified conditions. In regard of antitrust investigations, this is further explained in a recent Decision which states that the Commission may restrict certain rights of data subjects if the full application of these rights would jeopardise the purpose of its investigation. For the same reason, the Commission may also restrict data subjects' rights in relation to personal data obtained from other EU institutions, Member State authorities, third countries or international organisations. When doing so, the Commission will have to record and register its reasons for restricting the data subjects' rights. The Commission will also need to assess whether these restrictions are indeed proportionate and necessary for the purpose of the Commission's investigation. The Data Protection Officer will have to be informed whenever data subjects' rights are restricted and can carry out an independent review of the application of the restrictions to check whether they are in line with the Decision.

Team

Related news

02.07.2020 NL law
European Commission to pull the strings of foreign subsidies

Short Reads - The European Commission is adding powers to its toolbox to ensure a level playing field between European and foreign(-backed) companies active on the EU market. On top of merger control and Foreign Direct Investment screening obligations, companies may also need to account for future rules allowing scrutiny of subsidies granted by non-EU governments if those subsidies might distort the EU Single Market.

Read more

04.06.2020 NL law
Please share – ACM conditionally clears shared mobility platform merger

Short Reads - There may soon be a new competition tool available to tackle structural competition concerns in dynamic tech and platform markets. Until then, competition authorities resort to existing tools to deal with these markets. The Dutch competition authority (ACM) recently subjected the merger of two emerging platforms – without significant market footprint – to behavioural remedies. On 20 May 2020, the ACM cleared the merger between the travel apps of Dutch rail operator NS and transport company Pon.

Read more

02.07.2020 NL law
New competition tool: something old, something new, something borrowed

Short Reads - Large online platforms may face more regulatory obligations, whilst non-dominant companies’ unilateral conduct may soon be curbed. The European Commission intends to tool up its kit by adding a new regulation to keep digital gatekeepers in check, as well as providing more clarity on how to define digital markets in its new Market Definition Notice.

Read more

04.06.2020 NL law
No proof of competitive disadvantage? No abusive favouritism

Short Reads - Companies claiming abuse of dominance in civil proceedings have their work cut out for them, as demonstrated by a ruling of the Amsterdam Court of Appeal. Real estate association VBO had accused dominant online platform Funda of favouritism. However, in line with the District Court’s earlier ruling, the Appeal Court dismissed the claim for insufficient evidence of negative effects on competition. The ruling confirms that the effect-based approach also applies in civil abuse claims, and that the standard of proof is high.    

Read more