Introduction

Following recent proposals for regulatory reform (see articles here and here) in relation to competition in digital markets, the CMA published its new Digital Markets Strategy on 3 July 2019, which sets out the agency’s approach to “protecting consumers in the digital economy while ensuring robust, competitive digital markets”. The strategy outlines five strategic aims and seven priority focus areas across antitrust law and merger control, as well as consumer law.

Objectives

The first strategic aim is for the CMA to use its existing tools effectively and efficiently. Andrea Coscelli, Chief Executive of the CMA recently calmed calls for any dramatic overhaul of the UK merger control regime, stating that it was largely fit for the purpose of regulating digital markets.

In other areas, the document seems to suggest that both new tools and remedies may be required. As part of the strategy, the CMA launched a market study into online platforms and digital advertising. The scope of the study is limited to online platforms that derive income from digital advertising, and it will assess three potential sources of harm to consumers:

  • The extent online platforms have market power in user-facing markets, and what impact this has on consumers;
  • Whether online consumers are able and willing to control how data about them is used and collected by online platforms; and
  • Whether competition in the digital advertising market may be distorted by any market power held by platforms.

The relation to the second focus point, it can be mentioned that the publication of the study coincides with the UK’s data protection regulator, the Information Commissioner’s Office (ICO), recently updating the results of its own probe into the adtech.  The CMA’s scope of study states that “Customers expect privacy, but the recently introduced rules of GDPR may not be as effective as they could be because they are limited to certain data types, are expensive to implement and oversee, or are difficult to enforce.” At the present, it is unclear if the CMA envisions a data protection regime that goes beyond GDPR or beyond the ICO, and whether the CMA would use its antitrust and/or consumer powers to impose such protection.

Under consumer protection legislation, the ICO and the CMA have concurrent powers. However, their memorandum of understanding has not been updated since the entry into force of the General Data Protection Regulation (GDPR) and the Data Protection Act of 2018, which gives the ICO new strengthened powers to impose significant civil monetary penalties. Furthermore, when an alleged breach of the GDPR involves cross-border data processing, the investigation should, according to the GDPR, be led by the data regulator in the country in which the controller or processor has its “main establishment” for data processing purposes. The competition and data protection authorities will undoubtedly need to work out demarcation lines in order to avoid double jeopardy and fragmentation of the enforcement effort.

Next steps

Stakeholders are invited to comment on the CMA’s market study by 30 July 2019.