News / Legal Brief

Competition Commission and Information Regulator sign a Memorandum of Agreement

Feb 2,2022

Ahmore Burger-Smidt - Head of Regulatory and Dale Adams - Senior Associate

Competition Commission and Information Regulator sign an MoU

by Ahmore Burger-Smidt, Director and Head of Data Privacy and Cybercrime Practice and member of the Competition Law Practice; and Dale Adams, Associate

Without doubt there is an existing paradox between data protection laws and competition law. In terms of competition law, personal information or then data, should be freely available in order to enhance competition, while data protection law aims to keep personal data contained and protected. We have noted over the past few years that the UK Data Protection Authority otherwise known as the Information Commissioner’s Office and the Competition and Markets Authority has developed a close working relationship.

This is without question required as competition and data protection issues overlap in the digital economy. In this regard, the two authorities acknowledged that they could work together to address regulatory issues in an economic environment that is increasingly relying on data as an ‘essential input’.[1]

What is important to prevent is that differing outcomes could result if cases are assessed by the respective regulators under different laws.[2] Alignment in law and regulation is without doubt important. For this reason, and to avoid so-called “turf wars”, it is important for the Competition Commission (“Commission“) and Information Regulator to engage with each other, align and decide on the way forward on matters which may present mutual interest.

Competition Act 89 of 1998

The Competition Act 89 of 1998 (“Competition Act“) provides that where a sector regulator is empowered with jurisdiction in relation to prohibited practices and merger control concurrent jurisdiction is established.[3] The Commission can conclude a memorandum of agreement in instances of concurrent jurisdiction with that sector authority in order to facilitate cooperation between the sector regulator and competition authorities.[4]

In line with this mandate, a memorandum of agreement (“MOA“) was signed by the Commission and Information Regulator, a copy of which was published in the government gazette on 17 December 2021.[5] The MOA establishes the way the Commission and Information Regulator interact with each other to, inter alia, encourage the optimal utilisation of their respective functions.

Before concluding the MOA, the Commission in its Competition in the Digital Economy Paper,[6] recognised the need for “increased dialogue and coherence” with the Information Regulator. This is because of the “cross-sectoral nature and adequacy of technical expertise, in regulating digital technologies“.

However, all of the above begs the question as to how the cooperation between the Commission and Information Regulator will be practically achieved?

This question is important given that personal information has become the object of trade in the digital economy, where companies compete to acquire and process massive amounts of personal information. Of course, this rivalry is subject to competition law (i.e. Competition Act). However, personal information possesses an additional dimension to it in that it is protected through data protection law (i.e. the Protection of Personal Information Act 4 of 2013 (“POPIA“)).

In the context of merger control, the MOA provides that even though the Commission and Information Regulator are each entitled to make independent determinations on the basis of their respective mandates, they may however consult with each other insofar as competition matters are concerned.[7]

Competition law perspective

From a competition law perspective, the acquisition of huge amounts of personal information could bring about anti-competitive outcomes. Competition authorities fear that “big data” may create barriers to entry and market power, especially where companies hold unique datasets that cannot be replicated by competitors.[8] This results in entry barriers when new entrants or smaller companies are unable to collect or buy access to the same kind of information as established companies.

In addition, a concern commonly raised is that the collection and processing of data involves low variable costs and high fixed costs, generating substantial economies of scale and scope.[9] This results in a small number of firms dominating markets.[10] The existence of high switching costs and intellectual property rights may further reduce competition in digital markets.

The decision of the Germany Federal Cartel Office (“FCC“) represents an apposite example of an abuse of dominance by means of access to vast amounts of personal information. The FCC qualified Facebook’s current practice of collecting and matching data of its users from third party services/websites, including on WhatsApp and Instagram, without explicit consent, as an abuse of dominance.[11]

The FCC accordingly prohibited the data processing and implementation provided for in Facebook’s terms of use. In addition, the FCC held that there was an obstructive effect to the detriment of other competitors in the same market in which Facebook operates.[12]

From a European Union (“EU“) perspective, competition authorities have started to consider the implications of data privacy concerns in merger decisions. These merger decisions include those of Facebook/WhatsApp,[13] Google/DoubleClick[14] and Microsoft/LinkedIn.[15] In these decisions, the European Commission, held that data privacy constitutes a key parameter of non-price competition in the market for consumer communications and professional social networks. Furthermore, it has been recognised that personal information, as a non-price factor, ought to be considered in the merger analysis of transactions involving data driven industries.

As digitalisation continues to surge and data privacy takes centre stage, it remains to be seen how the cooperation between the Commission and Information Regulator will be practically achieved.

[1]     Competition and data protection in digital markets: a joint statement between the CMA and the ICO, 19 May 2021 available at  accessed on 25 January 2022

[2]       Ibid.

[3]       See section 21(1)(h) read with sections 3(1A)(b) and 82(1) and (2) of the Competition Act.

[4]       Ibid. See also J Marais and N Gungubele “The new Memorandum of Agreement between Competition Commission and ICASA explained” available at, accessed on 12 January 2022.

[5]     Competition Act (89/1998) as amended: Memorandum of Agreement entered into between The Competition Commission of South Africa (and the Information Regular of South Africa. Government Gazzette No. 45649. The MOA was signed on 21 October 2021.

[6]     Competition in the Digital Economy, available at, accessed on 12 January 2022.

[7]     See clause 7 of the MOA.

[8]     See J Cannataci et al Legal challenges of big data” Edward Elgar Publishing: 2020 at page 51.

[9]       Ibid.

[10]     Ibid.

[11]     See Facebook, Exploitative business terms pursuant to Section 19(1) GWB for inadequate data processing Ref: B6-22/16.

[12]     Ibid.

[13]     Case No: COMP/M.7217 Facebook/WhatsApp.

[14]     Case No: COMP/M.4731 Google/DoubleClick.

[15]     Case No COMP/M.8124 – Microsoft/LinkedIn.