Digital Markets, Competition and Consumers Bill

Written evidence submitted by the Information Commissioner (DMCCB37)

About ICO

1. The Information Commissioner has responsibility for promoting and enforcing the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA), the Freedom of Information Act 2000 (FOIA), the Environmental Information Regulations 2004 (EIR) and the Privacy and Electronic Communications Regulations 2003 (PECR). He is independent from the Government and upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner does this by providing guidance to individuals and organisations, solving problems where he can, and taking appropriate action where the law is broken.

Introduction

2. The ICO welcomes the Digital Markets, Competition and Consumers Bill (the Bill) and the new pro-competition regime for digital markets that it will introduce. We have engaged with government as the draft legislation has developed, in line with the requirements of Article 36(4) of the UK GDPR. Pro-competition regulation of firms designated with ‘strategic market status’ (SMS) will complement the ICO’s role in monitoring and enforcing data protection law in digital markets, as well as drive better consumer outcomes and responsible innovation.

3. The ICO is committed to ensuring effective coordination with the Competition and Markets Authority (CMA) on issues where data protection and competition regulation intersect. The ICO and CMA are already progressing an ambitious programme of work through the Digital Regulation Cooperation Forum (DRCF). [1] We will continue developing our approach to cooperation to reflect proposed legislative reforms, both in this Bill and the Data Protection and Digital Information (No.2) Bill. This work builds on the ambition and intent for cooperation set out in our 2021 Joint Statement [2] and the existing Memorandum of Understanding (MoU) [3] between our organisations.

4. While the ICO has been able to achieve much through our existing bilateral partnership with the CMA and under the auspices of the DRCF, the substantial interactions between data protection and a new pro-competition digital markets regime [4] necessitates a formal mechanism for cooperation. We consider a consultation duty should create a statutory basis for cooperation that is future proofed and able to withstand any changes in personnel or priorities at either the ICO or the CMA. [5]

Views on the consultation duty in the Bill

5. Drafting in clause 106(3) states that the CMA must consult the ICO where its proposal to exercise a regulatory digital markets function [6] ‘is likely to have a material adverse effect on the ability of the Information Commissioner to exercise functions’ under relevant legislation overseen by the Commissioner. [7]

6. This ‘material adverse effect’ condition complicates the application of a consultation duty between the CMA and ICO. A ‘material adverse effect’ on the Information Commissioner’s ability to exercise functions may be challenging for the CMA (as a non-data protection regulator) to assess without consulting the ICO. It is important to ensure that the Information Commissioner is, where appropriate, able to provide his own views on the impact of a regulatory measure under the Bill on his own functions.

7. We do not consider the ‘material adverse effect’ condition is necessary, and consider that clause 106(3) should instead require the CMA to consult the ICO when it ‘considers there is likely to be an effect on the ability of the Information Commissioner to exercise functions…’. This would remove the uncertainty created by the current drafting’s use of an undefined, and potentially high, threshold for consultation. Clause 106(6) ensures the requirement for the CMA to consult the Information Commissioner is proportionate because the CMA will still be able to consider whether compliance with the consultation duty imposes ‘a burden on it that outweighs the benefits of compliance’.

Conclusion

8. The Bill introduces reforms that will help support positive data protection and competition outcomes for the public. The ICO is committed to continuing to cooperate with and support the CMA on the implementation of the pro-competition regime, including through the DRCF. The technical change we have suggested on clause 106(3) will, in our view, support future cooperation. The ICO will continue to engage with government and parliament as the Bill progresses.

June 2023


[1] The  DRCF brings together four UK regulators with responsibilities for digital regulation – the Competition and Markets Authority (CMA), the Financial Conduct Authority (FCA), the ICO and Ofcom. These regulators set up the DRCF in 2020 to make it easier to collaborate on digital regulatory matters. See: DRCF | DRCF

[2] Competition and data protection in digital markets joint statement (ico.org.uk)

[3] ico-cma-mou-20210430.pdf

[4] The ICO’s response to government’s 2021 consultation on a Pro-Competition Regime for Digital Markets sets out instances where data protection regulation and a new digital markets regulatory regime would interact. See: Response of the Information Commissioner’s Office to the Consultation on a New Pro-Competition Regime for Digital Markets (ico.org.uk)

[5] Where it applies, Article 36(4) of the UK GDPR will also require consultation with the ICO.

[6] These functions include the discretionary opening of an SMS investigation, SMS designation, the imposition of a conduct requirement and the making of a PCI.

[7] Digital Markets, Competition and Consumers Bill (parliament.uk), pp. 82-83.

 

Prepared 27th June 2023