Privacy Considerations in European Merger Control: A Square Peg for a Round Hole

This article is part of a Chronicle. See more from this Chronicle

Richard Pepper, Paul Gilbert, May 29, 2015

It is now trite to observe the amount of data generated by modern society. Statistics abound about the data-rich environment created by technological advances and the digital economy:

  • every couple of days, humanity now generates 5 exabytes of data; this roughly corresponds to the volume of data produced in the entire period between the dawn of time and 2003;
  • every day, we create 2.5 quintillion bytes of data—so much that 90% of the data in the world today has been created in the last two years alone.

These data may be personal: social media content, eMail addresses, employment histories, financial information, shopping habits, and so on. Commercial enterprises (online and offline) proactively collect these types of data to improve their services, design and target marketing, and sell to third parties. This raises real questions about how to protect personal data against unauthorized or inappropriate use. The European institutions have recognized this challenge and are progressing towards a more stringent, harmonized data protection regime through the proposed General Data Protection Regulation.

Several observers have also called for privacy to play a greater role in merger control, including under the European Merger Regulation. Notably, in a 2014 preliminary opinion, the European Data Protection Supervisor criticized the European Commission for not as…


Please sign in or join us
to access premium content!