Skip to main content

10 key themes

Digital antitrust - managing the wave of new rules and regulators

As governments and enforcers around the world continue to focus on bolstering the efficacy of the tools at their disposal to regulate digital and innovation-heavy businesses, 2022 looks set to expand the antitrust and regulatory “toolkit.”

With the complexity and scale of antitrust enforcement growing, the current antitrust rule book is being stretched and cross-disciplinary mission creep is becoming more pronounced, including competition law touching on areas such as data privacy and consumer protection. In parallel, governments around the world are aligned in their desire to go further.

With extensive reforms proposed in the US, EU, UK and Korea, and with changes already having been enacted in Germany, China and Japan, a key challenge for companies will be to keep abreast of the relevant changes and understand the areas of expansion, convergence and divergence for their businesses. We summarize a few examples below.

4_Expansive digital antitrust.jpg

Privacy “plus”?

The introduction, in recent years, of extensive privacy-enhancing legislation such as the California Consumer Privacy Act (CCPA) and the EU General Data Protection Regulation (GDPR) have required businesses around the world to invest in making significant changes to the way in which they manage their collection, use, and sharing of personal data. Yet despite this, there are further new proposals and interventions on the horizon. 

The proposed EU Digital Markets Act (DMA) includes, for example, further granular consent requirements which prohibit designated digital “gatekeepers” from combining personal data obtained from their “core platform services with personal data from any other services offered by the gatekeeper or with personal data from third-party services … unless the end user has been presented with the specific choice and provided consent." It also proposes mandating regulated platforms to provide “continuous and real-time access and use of aggregated and non-aggregated data” to third-party businesses, “when the end user opts into such sharing with a consent.

More privacy laws around the world are giving individuals the right to choose whether a company can share their personal data for use by third parties, whether by requiring the company to obtain opt-in consent (as under the GDPR) or by requiring the company to allow individuals to opt out of the sale of their personal information (as under the CCPA). These regulatory trends are requiring companies to reassess and refine their approaches to data sharing.

Christine Lyon
Global Transactions Partner,
Silicon Valley

In parallel, the UK government’s proposed powers for the newly established Digital Markets Unit (DMU) include, for example, a focus on open choices, fair trading, and trust and transparency for consumers, with an ability for the DMU to impose, if required, measures on businesses requiring enhanced consumer choice. The UK government has also proposed to empower the CMA with strengthened consumer law enforcement powers equivalent to those currently available to it under the competition law regime, including the ability to enforce consumer law directly (rather than through the civil courts), with powers to impose fines of up to 10 percent of worldwide turnover directly on businesses.

Many of the global proposals to reform antitrust laws and to introduce new regulation have, at their core, not only a focus on whether consumers have been presented with a choice, but also on how and when those choices have been offered. The effect is a growing convergence between the current antitrust, privacy and consumer protection legal frameworks, as more businesses will be required to focus more closely on adopting a ‘privacy-first’ approach.

Sharon Malhi
Antitrust Partner,

The burden of navigating the multiplicity and complexity of the various proposals currently on the table in several jurisdictions around the world — and particularly their application to global products and services — is likely to sit firmly with businesses.

Requirements to ensure compliance within a certain number of months and/or that, in some instances, go to the heart of companies’ business models (e.g., in relation to subscription contracts and/or where they are likely to impact service design and future innovation) throw up many questions as to the practicability of harmonizing the different (and sometimes conflicting) legal frameworks. 

It is also unclear whether the flexibility that businesses currently enjoy to design their processes in a compliant manner, while also ensuring the continued competitiveness and attractiveness of their products and services, can continue.

Proposals to introduce granular consent requirements, particularly when understood in the context of current regulatory developments worldwide, all point towards a need to adopt a more holistic approach towards assessing individual processing activities and compliance with data privacy laws more broadly. This brings new challenges for businesses and calls for a cross-disciplinary approach to meeting data protection requirements in an increasingly complex global regulatory landscape.

Christoph Werkmeister
Dispute Resolution Partner,

Convergence or divergence?

There is no doubt that governments and agencies around the world are united in their desire to introduce additional powers and safeguards to strengthen enforcement against “digital markets."

In the US, the Biden Administration has urged antitrust agencies to increase their focus on “killer” acquisitions, as well as aggressively addressing consolidation and conduct in markets occupied by allegedly dominant companies. Additionally, several pending bipartisan legislative initiatives propose a litany of varying measures designed to address perceived gaps in US antitrust laws. As is being proposed in Europe, several of these initiatives specifically target technology companies such as prohibiting a “dominant online platform” from owning another line of business that presents an “irreconcilable conflict of interest,” and requiring data interoperability and portability. While it remains to be seen whether any of these measures will be enacted into law or if their diverse objectives can ultimately be rationalized into a coherent policy approach, the US FTC and DOJ are flexing their muscles with enhanced scrutiny and enforcement actions across the board, modifying long-standing practices, and - at the FTC - considering administrative rulemaking initiatives that could have a material impact on markets even without legislative action. 

The ever-increasing and proliferating focus on merger control as a tool needed to address perceived prior failures of antitrust as well as current and forward-looking competition issues presents a challenge for businesses considering M&A in today’s environment. This challenge is exacerbated by the somewhat unpredictable nature of actions taken by certain authorities in practical implementation of investigatory review. Firms contemplating M&A should consider antitrust review across jurisdictions, including the US, UK, EU, and Asia, as one of the critical workstreams to be assessed and developed as part of the commercial process, and to ensure appropriate contingency strategies to achieve merger control clearance in an efficient and effective manner.

Justin Stewart-Teitelbaum
Antitrust Partner,
Washington, DC

The recent meeting of the competition authorities of the G7, together with the EC and invitees from Australia, India, South Africa and South Korea, only emphasized that “joint action across international jurisdictions is needed” and that a global coordinated response “provides valuable insights into common concerns and approaches and serves as a starting point for developing a consensus view”.  And in the UK, for example, the CMA, communications regulator (Ofcom) and data privacy regulator (ICO) have come together to form the Digital Regulation Cooperation Forum to ensure greater cross-disciplinary cooperation on matters concerning online regulation. 

While common themes are emerging, so is the potential for conflict. In Europe, despite Executive Vice-President Vestager having confirmed that ongoing antitrust investigations will continue, the practical impact of the DMA on these investigations - particularly given the overlap in the types of conduct that are reportedly being investigated - is uncertain. In particular, the impact on companies’ rights of defense and appeal and on incentives for companies to invest in innovation and development of new products and services remains to be seen.

While in many Asian jurisdictions the power to challenge large platforms remains in the hands of antitrust authorities, Japan has chosen a unique approach in that the new Transparency Act and the “Monitoring System” of large platforms is under the jurisdiction of the Ministry of Economy, Trade and Industry (METI). This creates a situation in which the METI could effectively function as the industry regulator, akin to a financial or energy authority. Although the METI is saying that very serious infringements will still be challenged by the JFTC, the demarcation between the two bodies is increasingly unclear.

While many competition authorities are carefully assessing the evolving landscape and seeking to coordinate their efforts with other regulators, others are striking out on their own and introducing divergent or novel regimes, often designed to pre-emptively address what are regarded as local issues. This can result in unpredictable outcomes. It is no longer sufficient for firms to limit their legal strategy and deal preparation to the traditional major authorities. In-house and external teams must work seamlessly to be able to quickly spot, and react to, unexpected local actions by certain national regulators.

Kaori Yamada
Antitrust Partner,

With thanks to Ahmad Al Dajani, Alessandra Galea and Daniel Wylde for their contributions to this theme.

Looking ahead in 2022:

The wide variety of proposed reforms to existing competition law regimes, alongside proposals to introduce new regulation, means that business will want to focus on at least the following in 2022.

  • Globally converging and conflicting regulatory agendas - as multiple agencies (within the same jurisdiction and across jurisdictions) continue to try to make an impact on behavioral conduct in this space. Equally relevant will be the expansion of, and growing interplay between, applicable antitrust, data privacy and consumer protection regimes across the globe. In the absence of any settled approach, companies will be challenged to keep themselves abreast of multiple moving parts, to understand their impact on ensuring compliance for current and future products and services, and on the potential for divergent outcomes.

A key challenge for businesses is staying on top of all of the existing regimes and the proposals for further changes and new regulation. This is made more complex by the varying stages of evolution and differing approaches to reform across jurisdictions in the EU, UK, Japan and the US. The expectation (or indeed hope) is that 2022 will start to provide further clarity on what the proposals and new regimes may mean from a practical perspective.

Ermelinda Spinelli
Antitrust Counsel,

  • A worldwide desire to expand merger control - whether via proposals: to lower (and in some cases, to reverse) the burden of proof on antitrust authorities; to lower the applicable jurisdictional thresholds; and, in some cases, to introduce a separate merger control regime/notification obligation on certain digital platform businesses.
  • Adopting a joined-up compliance and engagement strategy - not only will cross-disciplinary and cross-jurisdictional collaboration be key to navigating the rapidly evolving legal and regulatory landscape, it will also be important to all aspects of companies’ communications, compliance and engagement strategies. As the spotlight on digital and innovation-heavy businesses continues to intensify, companies will need to focus on ensuring a joined-up approach also among broader policy and communications teams.

Key contacts

View contacts