Data and Competition Law: Regulators enhance collaboration efforts as data licensing agreements come under increased scrutiny

• United Kingdom

• Competition, EU and Trade
• Privacy, data protection and cybersecurity

21-07-2021

This is the fourth article in our Data & Competition law Series. To access and read other articles in the Series, please click here.

With the UK government providing ever more rhetoric on the importance of data to the UK economic rebound, its various regulators are taking steps to ensure a more consistent, joined up approach so that potential conflicts between their respective objectives are considered.

On 19 May 2021, the Competition and Markets Authority (CMA) and the Information Commissioner’s Office (ICO) released an updated Memorandum of Understanding (MoU), intended to “establish a framework for cooperation and information sharing” between the two regulators. The MoU, which replaces the 2015 edition, takes into account developments such as the coming into force of the GDPR (now part of UK law as ‘UK GDPR’ since the UK’s formal withdrawal from the EU). It sets out how the two regulators will collaborate further in future, for example, through information sharing in the context of identifying and addressing regulatory issues, solutions, enforcement themes and trends, and the potential for joint projects.

The MoU was launched alongside a “Joint Statement” on competition and data protection in digital markets between the ICO and CMA. The Joint Statement sets out how the two regulators can approach the often complex relationship between data protection and competition by working together and considering new strategic approaches.

While the objectives of competition law and data protection are often seen as being in direct opposition (as data protection law is considered an attempt to limit and close access to data, while the pro-competitive approach would be to open up access to data), the reality is more subtle. Indeed, the Joint Statement highlights a number of synergies between the CMA’s and ICO’s objectives. Both are strongly in favour of enhanced user choice and control of data. Both consider that well defined standards and regulations to protect privacy can also improve competition. Finally, the CMA and ICO are keen to work together in digital markets using data-related interventions to promote competition, by ensuring companies with access to significantly more data than their rivals are unable to distort the market.

The Joint Statement goes on to review areas of potential conflict between the CMA’s and ICO’s objectives. There is the issue of data access interventions – a remedy the CMA has considered in recent years, of forcing companies with access to large amounts of data to share it with smaller rivals (this reflects the concept of ‘data portability’), a core tenet of GDPR to liberate data flows. This presents on its face clear data protection concerns over the sharing of personal data with an even wider network of controllers. However, the Joint Statement concludes that data access interventions can be an appropriate remedy if they are implemented carefully. In particular, by bearing in mind data protection principles contained, for example, in the ICO’s recent code of practice on data sharing.

The Joint Statement also considers the potential issue of data protection legislation being interpreted in a way that inadvertently favours large, multinational data controllers at the expense of smaller rivals – for example by favouring intra-group transfers, which might encourage companies to integrate and monopolise data at others’ expense. The regulators acknowledge that there are barriers to entry for small businesses in digital markets, but stress that there is no ‘rule of thumb’ approach in data protection or competition law to such issues, and each case should be reviewed on its merits.

The collaborative approach between regulators in the UK mirrors developments internationally. In the EU, the European Commission’s Digital Single Market initiative continues with the Digital Services Act and Digital Markets Act proposals, building on initiatives such as the EU Platform to Business Regulation to regulate conduct with regard to online platform transparency and self-referencing activities.

In the US, new antitrust cases reflect a shift in approach to putting fair competition at the focus of their attempt to regulate digital companies. In Australia, the Australian Competition and Consumer Commission has sought to manage bargaining power imbalances between news media businesses and large internet platforms. With 74 offices in 35 countries and multi-national, expertly qualified data protection and competition law teams, Eversheds Sutherland is able to guide clients through this changing regulatory landscape and offers creative and efficient solutions to any issues its clients face in this area.

Data licensing audit required

While regulators both in the UK and internationally focus on their response to data and competition law issues, we consider it likely that they will further review agreements that involve commercial data licensing and sharing agreements.

Data licensing commonly arises in software, digital content (e.g. music, images and film) and technology goods and services agreements. It is relatively easy for data licensing agreements to be drafted in a way that can appear anti-competitive; for instance, by including provisions which restrict access to datasets or which impose obligations on other licensees and industry stakeholders which may distort markets and create unfair advantages for the companies that control those datasets. Equally, sharing data sets, which share or disclose market industry data, may inadvertently unlawfully be classified as ‘insider trading’ (especially in the context of publicly listed or similarly industry regulated entities).

Examples of such clauses which may be unlawful are provisions which may:

• require a licensee, as a condition of access or licence, to provide and grant a reciprocal licence to its own (and other’s) data sets (e.g. for the purposes of ensuring that the licensor is able to achieve a monopoly over a particular category or sector data set (or to ‘feed’ an algorithm with a particularly voracious appetite);
• rely on a ‘more favoured nations clause’ whereby a licensor (or a licensee) is required to offer the same or materially no less favourable terms to a counter-party (where it subsequently or otherwise has offered better terms to another commercial partner);
• terms which seek to require a distributor of data to ‘fix’ the price at which data is sold or licensed;
• arrangements whereby one or more organisations agree to share industry data with one another so as to enable an algorithm to set unfair or higher pricing for a specific type of customer or consumer; and
• terms which allow the sharing of sales or performance data between a regulated entity and an investment fund, providing an unfair commercial advantage over other buyers of stock in a public listed market.

Accordingly, we recommend that firms review their standard licensing and data sharing arrangements (as well as those agreements and licences that they are being required to enter into) to identify if any such terms exist. It may not always be that the originator or proposer of the clause is liable (if two or more parties enter into such an arrangement they may equally be liable for breaching applicable regulations). As such, any unlawful clauses are a form of strict liability, where intent is not necessary to be in breach of the applicable legislation. Please ask a member of the team if you would like us to review any such agreements and/or carry out a wider audit of such terms.

Regulators are closely reviewing these issues. As our Competition and Data Protection Teams work closely together, we are able to provide expert advice to any company considering entering into such agreements.

Return to the article series>

For more information, please get in touch