On 16 January 2025, the European Data Protection Board (“EDPB”) published a position paper, as it had announced last year, on the “interplay between data protection and competition law” (“Position Paper”).

In this blogpost, we outline the EDPB’s position on cooperation between EU data protection authorities (“DPAs”) and competition authorities (“CAs”) in the context of certain key issues at the intersection of data protection and competition law.

Key takeaways

1. In the interest of coherent regulatory outcomes, the EDPB advocates for increased cooperation between DPAs and CAs.
2. The Position Paper offers practical suggestions to that end, such as fostering closer personal relationships, mutual understanding, and a shared sense of purpose, as well as more structured mechanisms for regulatory cooperation.
3. The EDPB is mindful of the Digital Markets Act’s (“DMA”) significance in addressing data protection and competition law risks.

Summary of the Position Paper

The EDPB first outlines certain overlaps between data protection and competition law (e.g., data serving as a parameter of competition). The EDPB argues that as both legal regimes seek to protect individuals and their choices, albeit in different ways, “strengthening the link” between data protection and competition law can “contribute to the protection of individuals and the well-being of consumers”.

The EDPB takes the view that closer cooperation between DPAs and CAs would therefore benefit individuals (and businesses) by improving the consistency and effectiveness of regulatory actions. Moreover, the EDPB emphasises that, based on the EU principle of “sincere cooperation” between regulatory authorities and pursuant to the European Court of Justice’s ruling in Meta v Bundeskartellamt (2023), cooperation between DPAs and CAs would be “in some cases, mandatory and not optional”.

The EDPB also refers to its prior “Statement on privacy implications of mergers”, published in 2020 in relation to Google/Fitbit (2020), to illustrate where increased cooperation between DPAs and CAs could help inform regulators about “potential personal data issues” during merger assessments.

The EDPB notes that there are currently varying degrees of cooperation between authorities in the EU Member States, and no EU law harmonisation in this respect. It recommends that DPAs and CAs could improve cooperation in several ways, including:

• adopting formal cooperation frameworks (agreements, joint declarations, cooperation protocols);
• ensuring national legislatures and governments are aware of the need for—and remove barriers to—cooperation;
• creating dedicated teams within authorities to serve as the single points of contact for inter-agency cooperation;
• providing authorities with basic knowledge on the regulatory framework of their counterparts (e.g., educating DPAs as to the concept of a “relevant market”);
• establishing formal cooperation protocols under the duty of sincere cooperation (which may help to avoid parallel investigations by DPAs and CAs into the same underlying conduct); and
• conducting joint sector inquiries and investigations.

Conclusions

The EDPB sees a need for increased cooperation between DPAs and CAs

The EDPB sees an important overlap between data protection and competition law. This is especially true for the digital economy where data is a key input to many companies’ operations. Large datasets can be considered as valuable assets and are often important to commercial strategies, including mergers and acquisitions. As such, data is often key for competition law assessments in the tech sector. At the same time, data protection legislation focuses on placing safeguards around the processing of personal data.

Commentators have opined that there are synergies and potential tensions between the two areas of law. Examples of synergies can be found in the Competition and Markets Authority and Information Commissioner’s Office’s joint statement and the French authorities’ joint declaration. At the same time, a real world example of potential tensions emerged in Google Privacy Sandbox (2022) (where Google’s conduct was purportedly privacy-enhancing but also caused competition concerns). Thus, the EDPB believes that greater cooperation between the DPAs and CAs could enable better balancing of the goals of these different regimes in the interest of more coherent regulatory outcomes.

The Position Paper aims to offer practical suggestions to improve cooperation between DPAs and CAs

CAs and DPAs have already worked closely across different matters over the years. However, in the EDPB’s view there is scope for improvement. This is unsurprising given the occasional friction between certain DPAs and CAs in the past. The Position Paper suggests a practical way forward based on personal relationships, enhancing mutual understanding, and adopting formal cooperation mechanisms. Although the EDPB is a supranational body, its membership comprises the national DPAs, meaning we could see efforts to increase cooperation between authorities at both the EU and the Member State level.

Crystal ball: Future collaboration of DPAs and CAs under the DMA and DMCC Act

The legal texts of the DMA and Digital Markets, Competition and Consumers Act (“DMCC Act”) require inter-agency collaboration. However, the underlying dynamics and characteristics of this cooperation broadly remain to be seen. The shift to a longer-term working relationship under these regimes as opposed to more ad hoc cooperation could foster closer ties between the authorities, or could create tensions between the two legal regimes, and their respective authorities.