According to the case law of the ECJ, national competition authorities may also check for violations of the GDPR as part of their competition law review.
Opinion of the Court
In this regard, the ECJ states in a press release on the judgment in case C-252/21 days:
“In its judgment delivered today, the Court states that, in the context of the examination of whether an undertaking is abusing a dominant position, it may prove necessary for the competition authority of the Member State concerned also to examine whether the conduct of that undertaking is compatible with provisions other than those of competition law, such as those of the GDPR.”
Complementing this, the ECJ states with regard to the scope of the examination:
“The examination as to whether the GDPR is complied with is carried out … exclusively in order to establish the abuse of a dominant position and to impose measures to remedy that abuse in accordance with the competition law provisions.”
The ECJ thus expands the review competence of national competition authorities. However, this decision represents a positive decision for many companies on the second level, because the ECJ thus rejects the legal view, which is sometimes held, that the GDPR is a competition standard.
Clear allocation of tasks for public authorities
Furthermore, the ECJ clearly outlined the competence of the national competition authorities in the decision, and in this respect strengthened the examination jurisdiction of the data protection supervisory authorities.
“However, if the NCA finds a breach of the GDPR, it does not take the place of the supervisory authorities established by that Regulation.”
With regard to the question of how to prevent antitrust authorities from assessing the facts differently than supervisory authorities, resulting in conflicting decisions, the ECJ also made a per-company finding:
“In order to ensure a coherent application of the GDPR, NCAs are required to coordinate and cooperate loyally with the authorities supervising compliance with that regulation.”
Conclusion
Overall, it can be stated that while the ECJ’s decision grants competition authorities a right of review with regard to potential GDPR violations on the one hand, the restrictions for companies mentioned in the judgment contribute to legal certainty on the other hand.