corporate law
Anti-competitive practices in the digital landscape have become increasingly prevalent. The current Competition Law has been updated to incorporate technology and data variables, allowing for a thorough assessment of a digital company's market share in suspected anti-competitive matters. Such assessments are essential for proceeding with investigations.
On April 8, 2022, the Competition Commission of India (CCI) revised the confidentiality framework under Regulation 35 of the General Regulations. This revision connects two pressing issues—CCI’s new confidentiality regulations and the data privacy concerns present within digital markets. As global incidents raise data privacy awareness, it is crucial to examine how these issues intersect with anti-competitive cases.
Exploring this relationship may redefine CCI's role in the digital space, holding it accountable for ensuring both natural justice and the protection of data privacy within Digital Markets. Digital companies face similar dilemmas as consumers who care about their privacy yet engage in the “Privacy Paradox,” where they fail to take action to protect their information. Concurrently, digital companies often find themselves compelled to share data critical for investigations, raising concerns about their position.
CCI's newly established Confidentiality Ring (CR) aims to resolve disputes involving “confidential” data. This blog explores potential solutions regarding data security by referring to the provisions of CCI’s revised confidentiality rules.
Consumer data is a crucial asset for digital companies, enhancing their market presence and operational effectiveness. Major tech companies such as Google and Facebook excel by amassing vast amounts of consumer data, which supports their competitive advantage. Although these companies do not charge for services, they generate revenue through shared data. Consent from consumers is necessary for data sharing, often causing them to confront the Privacy Paradox.
Most cases of abuse of dominance involve large tech companies. While acquiring a dominant market position is permissible under the Competition Act, the abuse of that position is not. Established companies frequently hinder new entrants from gaining a foothold in the digital arena due to their substantial consumer bases and data resources, leaving many digital companies at a disadvantage.
If sensitive consumer data is disclosed to competitors or the public, it could undermine the competitive advantage of digital companies. The obligation to share such data for CCI investigations might render these firms ineffectual. When data security is compromised, it affects both the Digital Market and consumers. The responsibility for maintaining a level of data protection throughout CCI’s investigation lies squarely with CCI.
As previously stated, the data derived from consumers constitutes valuable assets for Digital Markets; therefore, protecting this data is essential for consumer privacy. To establish the connection between CCI’s Confidentiality Ring and data privacy within the Digital Market, an understanding of the CR’s function in data protection during CCI investigations is vital.
CCI’s New Confidentiality Rule, effective beginning on April 8, 2022, introduces significant amendments to the competition law relating to the acceptance of “confidential information” in proceedings. This amendment emerges from public comments solicited by CCI concerning changes to the confidentiality regime.
Among the amendments is the introduction of self-certification, whereby parties must submit an undertaking that validates their confidentiality claims and provides substantial reasons justifying their need for confidentiality. Such undertakings are bound by specific conditions, and any invalid self-certification—such as a false statement—could result in penalties under Section 45 of the Competition Act. While personal information is automatically protected under the amended rule, clarity on what constitutes personal information remains ambiguous. The definition of personal information is provided in the Information Technology Rules, 2011.
Another significant aspect is the CR itself. It was created to balance both CCI’s procedural integrity and the interests of the parties involved, ensuring access to essential confidential information for a fair defense. This access includes confidential segments of the Director General's report and full CCI orders.
A critical point of this provision is that both parties must undertake not to disclose shared information beyond the CR limits. Breaching this commitment can lead to penalties imposed by the competent authority. This provision assures complainants that their sensitive information will remain confidential, known only to authorized individuals involved in the proceedings. The CCI will determine what information can be shared and which members may participate in the CR.
The role of CCI and the stipulations outlined in the amended regulation play a crucial part in data sharing, offering considerable assurance regarding data privacy for digital companies.
During CCI scrutiny, it can be asserted that sensitive data from digital companies will be utilized solely for just procedures, mitigating risks of misuse by other parties. This framework harmonizes the interests of both the Digital Markets and their consumers, maintaining data security throughout the investigation process. As long as firms abstain from publicizing sensitive data, consumer information will remain protected. It is unjustifiable to prohibit companies from collecting data, as their business models depend on it. A balanced approach permits data sharing without jeopardizing privacy; consent from consumers is already secured prior to data collection, facilitating fair transactions between companies and customers.
The new rule aligns with established antitrust confidentiality regulations in various mature jurisdictions, including the EU's Confidentiality Regime, which also seeks to protect provided information, sharing many similar guidelines with the amended rule.
To prevent exacerbating data privacy issues during CCI investigations, it is essential to leverage the Confidentiality Ring, which ensures that consumers are not unduly harmed by the due process followed by CCI.
This article highlights the shared interest in data privacy between Digital Markets and consumers. It connects the relevance of this mutual interest with the purpose of CCI’s new Confidentiality Ring legislation.
Amidst rising reports of digital companies misusing user data, emphasis on solutions rather than further scrutiny is essential. CCI’s new Confidentiality Rule has the potential to safeguard the rights and interests of both stakeholders.
While acknowledging the value of data protection during CCI investigations, it is important to recognize that the new CR presents opportunities for data safeguarding. However, as the rule has yet to be tested adequately, ambiguities remain that could hinder its intended function. Clarifying the circumstances under which the CR may be established and specifying penalties for breaches of confidentiality are critical concerns. A comprehensive amendment outlining these aspects could improve the data privacy landscape in the digital market.