Commission competition officials and the European Data Protection Board will begin work on guidance covering the interaction between EU competition law and data-protection rules, in a move intended to clarify how regulators should approach digital markets where market power and personal data are closely connected.
The European Commission’s competition services and the European Data Protection Board are to prepare joint guidance on the relationship between EU competition law and data-protection rules, after agreeing to begin work on the issue on 28 April.
The initiative was announced in a Commission competition-policy update, which said the guidance would address the interplay between EU competition law and the General Data Protection Regulation. The announcement follows increasing regulatory attention to digital markets, where the collection, control and use of personal data can affect both consumer protection and competition enforcement.
The guidance is expected to help competition authorities and data-protection regulators assess cases where market conduct and personal-data practices overlap. These may include situations involving dominant platforms, access to user data, data portability, online advertising, targeted services, digital ecosystems and contractual conditions linked to data use.
The move reflects a broader problem in EU digital regulation. Competition law and data-protection law have different legal bases, enforcement tools and policy objectives. Competition rules are concerned with market power, abuse of dominance, mergers and anti-competitive agreements. Data-protection law, in particular the GDPR, is concerned with the lawful processing of personal data, individual rights and obligations placed on controllers and processors.
In digital markets, however, the two areas often meet. A company’s ability to collect and combine large volumes of personal data may strengthen its market position. At the same time, restrictions imposed in the name of privacy may affect competitors’ access to data or limit how services can interoperate. Regulators therefore need to distinguish between genuine privacy compliance and conduct that may have competition consequences.
The issue has become more important since the adoption of the EU’s wider digital rulebook. The Digital Markets Act imposes obligations on designated gatekeepers, including rules on combining personal data across services and restrictions on self-preferencing. Those obligations sit alongside GDPR requirements, creating areas where competition, privacy and platform regulation may need to be read together.
The Court of Justice of the European Union has already addressed the connection between competition enforcement and data protection. In its Meta Platforms judgment, the Court held that a competition authority may examine whether conduct complies with the GDPR when that assessment is necessary to establish an abuse of dominance, while making clear that data-protection authorities remain responsible for enforcing the GDPR itself.
That judgment increased the need for practical coordination. Competition authorities may need to consider data-protection issues when assessing market behaviour, but they cannot replace the role of privacy regulators. Equally, data-protection authorities may encounter business practices with competition implications but will not necessarily be responsible for market enforcement.
The planned guidance could therefore affect both regulators and companies. For regulators, it may help define how information should be shared, how parallel proceedings should be handled, and how to avoid inconsistent decisions. For companies, it may give clearer expectations on compliance where data practices are relevant to market conduct.
The initiative is also relevant to mergers and acquisitions in technology sectors. Access to personal data can be a competitive asset, and transactions involving digital services may raise questions about whether a merged entity could combine datasets, reduce user choice or restrict competitors’ ability to compete. At the same time, remedies designed to preserve competition must remain compatible with data-protection obligations.
There is also a consumer dimension. In many digital services, users do not pay with money but provide data or attention. That has made it harder for traditional competition analysis, which often relies on price effects, to capture the full impact of market power. Data-protection standards can therefore become relevant to the quality of a service, the degree of user choice and the fairness of commercial terms.
The Commission and the EDPB have not yet published the content of the planned guidance or set out a timetable for completion. The announcement nevertheless indicates a move towards closer regulatory alignment in an area where separate legal regimes increasingly apply to the same business models.
For Brussels, the initiative is part of a wider attempt to make EU digital enforcement more coherent. The EU has adopted major legislation covering data protection, gatekeepers, online platforms, artificial intelligence and data sharing. The next stage is less about creating new rules than ensuring that existing rules can operate together without gaps, duplication or conflicting interpretations.
For companies operating in digital markets, the message is that privacy compliance and competition compliance cannot be treated as entirely separate issues. Where the use of personal data affects market access, consumer choice or the position of rivals, regulators are likely to examine both dimensions.
