Presently, we find several episodes of Anti-Competitive practices in the digital space. The existing Competition Law has been empowered to put technology and data induced variables for the assessment purpose to basically ascertain the market share of the alleged digital company. Such an Assessment is required to proceed further with the investigation of an anti-competitive matter.
On 8th April, 2022, CCI revised the confidentiality regime under Regulation 35 of the General Regulations. The idea of connecting the two hot topics, which are CCI’s new confidentiality rule and data privacy concern of digital markets, comes from the very objective of the new confidentiality rule and nature of data security issue. The data privacy concern is growing with each passing national or global incident but the question as to how this is related to any anti-competitive case is something imperative to look at.
The relationship between these two would certainly design a new role for CCI in the digital space. This may very well put CCI accountable for ensuring natural justice and at the same time, for preserving the interest of the Digital Markets in maintaining data privacy. The position of a digital company in an anti-competitive matter is not any different from that of their consumer who desires his data privacy but subsequently finds himself in the “Privacy Paradox”, which is basically a situation wherein consumers contend to care about their privacy but in reality, they do not take any action for it. Similarly, a digital company might not be in a position to refuse data sharing, which is essential for the investigation purpose.
CCI’s Confidentiality Ring (CR), the new rule, has come up with the purpose to effectively settle any dispute which has “confidential” data of the parties to deal with. The article aims to bring out a solution to come out of this imbroglio of data security, by referring to the provisions of CCI’s New Rule of Confidentiality.
Mutual Interest of Digital Companies & The Consumers:
Data of consumers are invaluable assets for any digital company because they strengthen their market position by giving more teeth to their functioning in the market sphere. Tech giants like Google, Facebook are called so because they carry the ability to gather data of as many consumers as they wish to and that bolsters their position and helps them in standing out. For them to sustain and to come out as an innovative company, requirements for the data of the consumers remain inevitable. These digital companies do not charge fees from their consumers for providing services but their revenue is generated from the shared data. Consumers have to give their consent for data sharing to receive the services from these companies. They are often found in the Privacy Paradox.
It can be observed that most of the matters relating to abuse of dominance are found with big tech companies. While acquiring a dominant position is permitted by the Competition Act, abuse of such position is forbidden. Dominant in the sense that the new entrants find it difficult to carve out a space for themselves in the digital sphere because these well-established companies already have a large base of consumers and their data. This ultimately put more than a half of the digital companies into an undesirable position.
Companies might lose out on an advantageous position, if the data came out to the competitors or to the public at large. This action of sharing precious data of the consumers to follow the due process of CCI might turn the big digital companies into toothless tigers. When the security of data is in question, it engulfs both the Digital Market and the consumers. The onus of ensuring some level of data protection and no harm to the digital companies during CCI’s investigation lies with no one but CCI.
Data Protection & Role of CR & CCI:
As inferred earlier, the data of Digital Markets are the assets derived from their consumers and hence protection of the data of the Digital Markets would consequently ensure the data privacy of the consumers. To find the nexus between the New CCI’s Rule of Confidentiality Ring and Data Privacy of the Digital Market, it is relevant to understand the concept of CR and how it may strive to achieve data protection in CCI’s investigation.
In order to act fairly and in the best interest of both the public and one of the contesting parties, CCI’s New Confidentiality Rule comes into the picture. As mentioned before, CCI on 8th April, 2022, declared certain important amendments in the Competition Law which specifically deal with the admission of “confidential information” at the time of the proceedings. The Amendment finds its roots from the public comments on changes within the ambit of Confidentiality Regime, that CCI had invited.
Of those proposed suggestions, one is self-certification, wherein presently, the parties are obligated to give in an undertaking which certifies their claims in relation to confidentiality and also entails strong reasons for them to seek for it. Their reasons must be strong enough for claiming prevention of their data getting public. Such undertakings are subject to a few conditions and in case of an invalid self -certification (for e.g., false statement), the parties are liable to be punished with a monetary penalty under section 45 of the Competition Act. On the other hand, we have personal information automatically safeguarded under the provisions of the Amended Rule. What makes it less effective is the fact there is no clarity as to what constitutes personal information. However, the definition of personal information is provided under the “Information Technology Rules, 2011”.
The second one is the CR. In order to come to an agreement, wherein both due process of CCI’s proceedings and interests of the parties (digital companies) are to be taken care of, the concept of CR has been developed to strike a balance between the two. This is basically important to ensure that the other party can get access to some confidential information of another contested party for them to effectively defend themselves on note of that information. It includes information like the confidential part of the Director General’s report, CCI’s orders in full and complete part.
But, the most important thing to note in this provision is that both the parties have to submit an undertaking that such information would not be disclosed to anyone falling outside the purview of the Ring. Any breach of such an undertaking will lead the party to face imposition of penalty by the competent authority. This, in particular, will give the complainant party an assurance that their sensitive information would not, by any chance, be shared to an unauthorized person, but would be well within the knowledge of the relevant persons to the matter only. Information that could be shared and members that could be a part of this ring are to be decided by CCI.
CCI and certain rules prescribed in the amended regulation have a lot of say in the process of data sharing, which could be a great assurance towards the data privacy of the digital companies.
In the scrutiny of CCI, it is safe to claim that the sensitive or confidential data of the digital companies would be used only for the purpose of a fair proceeding and that no data would be misused by the other party. This plays equitably and in consonance with the two broad interests. This shall not intensify the issue of data protection by changing the status quo of their data but will keep it constant till a just order is passed. Nevertheless, the data of consumers is not in danger until the company chooses to share them publicly. It is not justifiable to direct these companies to not collect data because their business runs through them. The balanced solution could be by allowing data-sharing without any harm. Consent is already taken by the digital companies as a prerequisite before any such data is taken, which results in a fair transaction between the company and the consumer.
The New Rule is also in agreement with the anti-trust confidentiality regulation of several matured jurisdictions and even with the EU’s Confidentiality Regime which seeks protection of the information provided by the party and the rules that are prescribed there, are mostly the same in the Amended Rule.
Hence, for not aggravating the issue of data privacy in the investigation process of CCI, it is vital to appreciate the usage of CRs. Its usage will ensure that the unfairness to the consumers by the digital companies does not rise from the due process of CCI.
This article intends to draw attention towards the mutual interest that both the Digital Market and its consumers share, which is data privacy. Along with the indirect relationship of the interests of both the Digital Market and its consumers, the author also establishes a connection between the data privacy issue and the purpose of the new law- Confidentiality Ring.
No doubt, news on misuse of the user’s data by various Digital Companies is soaring to greater heights. Nonetheless, what the author believes is in finding a solution rather than to delve more into the issue, and hence discussed CCI’s new Confidentiality Rule, which has the potential to preserve the rights and interests of both the stakeholders.
The author attempts to emphasize more on data protection during the CCI’s probe on the Digital Companies. It is found that CCI’s New CR has something to offer to the protection of data. However, considering that it is a new rule and that it is yet to be executed a couple of times to believe in its efficacy, we must note that there are certain ambiguities in the rule itself, which might not serve its purpose. The scope for setting up the Ring i.e., under which circumstances does the rule allow for the same is something not explicitly stated. The Amended Rule is also not very clear on the provision that would be invoked to penalize the malicious breach of confidentiality, which is a grave concern for us. However, an amendment with a comprehensive guide to the terms could revamp the distress position of the market.
Author Soujanya Boxy is a third year student at National Law University, Odisha.