European Data Protection Supervisor
European Data Protection Supervisor



Competition law aims to ensure fair and undistorted competition through, for instance, the protection against abuse of market power. Many services, particularly those online, are marketed as free but in effect require payment in the form of personal information from customers. Collaboration between policy-makers in data protection, competition and consumer protection could help to ensure the efficiency of the internal market as well as the welfare and choice available to consumers.



Big Data

EDPS Opinion on coherent enforcement of fundamental rights in the age of Big Data


Consumers shaping the digital economy

Keynote speech by Giovanni Buttarelli given at BEUC Digiforum 2016, Brussels


Les données et la concurrence dans l'économie numérique

Opening statement by Giovanni Buttarelli at the Roundtable on data and competition hosted by l’Autorité de la Concurrence, Paris, France


Competition Rebooted: Enforcement and personal data in digital markets

Keynote speech of Giovanni Buttarelli given at Joint ERA-EDPS seminar


Antitrust, Privacy and Big Data

Speaking points of Giovanni Buttarelli, Brussels


Privacy and Competition in the Digital Economy

Speech of Giovanni Buttarelli given at the European Parliament's Privacy Platform, Brussels


Privacy and competitiveness in the age of big data

Preliminary Opinion on "Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy"


Data Protection and Competition: interfaces and interaction

Speech delivered by Peter Hustinx at the Seminar Covington & Burling LLP entitled "Data Protection Law in the Context of Competition Law Investigations", Brussels.


Energy market integrity and transparency

Opinion on the Proposal for a Regulation of the European Parliament and of the Council on energy market integrity and transparency, OJ C 279/03, 23.09.2011, p.20

The main aim of the Proposal is to prevent market manipulation and insider trading on wholesale energy (gas and electricity) markets. The Proposal contains several provisions relevant to the protection of personal data, including those on market monitoring and reporting and investigation and enforcement. The EDPS recommendations included the following:

The Proposal should clarify whether any personal data may be processed in the context of market monitoring and reporting and which safeguards will apply. If, in contrast, no processing of personal data is expected (or such processing would only be exceptional and would be restricted to rare cases, where a wholesale energy trader might be an individual rather than a legal entity), this should be clearly set forth in the Proposal, at least in a recital.

Provisions on data protection, data security and accountability should be clarified and further strengthened, especially if the processing of personal data would play a more structural role. The Commission should ensure that adequate controls are in place to ensure data protection compliance and provide evidence thereof ("accountability").

The Proposal should clarify whether on-site inspections would be limited to a business property (premises and vehicles) of a market participant or also apply to private properties (premises or vehicles) of individuals. In the latter case, the necessity and proportionality of this power should be clearly justified and a judicial warrant and additional safeguards should be required. This should be clearly foreseen in the proposed Regulation.

The scope of the powers to require "existing telephone and existing data traffic records" should be clarified. The Proposal should unambiguously specify what records can be required and from whom. The fact that no data can be required from providers of publicly available electronic communications services should be explicitly mentioned in the text of the proposed Regulation, at least in a recital. The Proposal should also clarify whether the authorities may also require private records of individuals, such as employees or executives of the market participant under investigation (e.g. text messages sent from personal mobile devices or browsing history of home internet use). If this would be the case, the necessity and proportionality of this power should be clearly justified and the Proposal should also require a warrant from a judicial authority.

With regard to reporting of suspected market abuse, the Proposal should explicitly provide that any personal data contained in these reports should only be used for purposes of investigating the suspected market abuse reported. Unless a suspected market abuse has led to a specific investigation and the investigation is still on-going (or a suspicion has proved to be well-founded and has led to a successful investigation), all personal data related to the reported suspected market abuse should be deleted from the records of all recipients after the lapse of a specified period (unless otherwise justified, at the latest two years following the date of report). In addition, parties to an information exchange should also send each other an update in case a suspicion proves to be unfounded and/or an investigation has been closed without taking further action.