Photo of Tomos Griffiths

Tomos Griffiths

Tomos is an associate working across the firm’s technology regulatory and competition teams, based in the London office. His practice covers technology and digital markets regulation, competition law, and issues that span the two.

His recent experience includes providing regulatory advice on data protection compliance, technology regulatory investigations, and transactional merger control and foreign direct investment screening matters, primarily in the technology and life sciences sectors.

On 16 January 2025, the European Data Protection Board (“EDPB”) published a position paper, as it had announced last year, on the “interplay between data protection and competition law” (“Position Paper”).

In this blogpost, we outline the EDPB’s position on cooperation between EU data protection authorities (“DPAs”) and competition authorities (“CAs”) in the context of certain key issues at the intersection of data protection and competition law.

Key takeaways

  1. In the interest of coherent regulatory outcomes, the EDPB advocates for increased cooperation between DPAs and CAs.
  2. The Position Paper offers practical suggestions to that end, such as fostering closer personal relationships, mutual understanding, and a shared sense of purpose, as well as more structured mechanisms for regulatory cooperation.
  3. The EDPB is mindful of the Digital Markets Act’s (“DMA”) significance in addressing data protection and competition law risks.

Summary of the Position Paper

The EDPB first outlines certain overlaps between data protection and competition law (e.g., data serving as a parameter of competition). The EDPB argues that as both legal regimes seek to protect individuals and their choices, albeit in different ways, “strengthening the link” between data protection and competition law can “contribute to the protection of individuals and the well-being of consumers”.

The EDPB takes the view that closer cooperation between DPAs and CAs would therefore benefit individuals (and businesses) by improving the consistency and effectiveness of regulatory actions. Moreover, the EDPB emphasises that, based on the EU principle of “sincere cooperation” between regulatory authorities and pursuant to the European Court of Justice’s ruling in Meta v Bundeskartellamt (2023), cooperation between DPAs and CAs would be “in some cases, mandatory and not optional”.Continue Reading EDPB highlights the importance of cooperation between data protection and competition authorities

In case you missed it before the holidays: on 17 December 2024, the UK Government published a consultation on “Copyright and Artificial Intelligence” in which it examines proposals to change the UK’s copyright framework in light of the growth of the artificial intelligence (“AI”) sector.   

The Government sets out the following core objectives for a new copyright and AI framework:

  • Support right holders’ control of their content and, specifically, their ability to be remunerated when AI developers use that content, such as via licensing regimes;
  • Support the development of world-leading AI models in the UK, including by facilitating AI developers’ ability to access and use large volumes of online content to train their models; and
  • Promote greater trust between the creative and AI sectors (and among consumers) by introducing transparency requirements on AI developers about the works they are using to train AI models, and potentially requiring AI-generated outputs to be labelled.

In this post, we consider some of the most noteworthy aspects of the Government’s proposal.

  • The proposed regime would include a new text and data mining (TDM) exception

First and foremost, the Government is contemplating the introduction of a new TDM exception that would apply to TDM conducted for any purpose, including commercial purposes. The Government does not set out how it would define TDM, but refers to data mining as “the use of automated techniques to analyse large amounts of information (for AI training or other purposes)”. This new exception would apply where:Continue Reading UK Government Proposes Copyright & AI Reform 

The UK Government has announced that it intends to introduce the Cyber Security and Resilience Bill (the “Bill”) to Parliament in 2025. Formally proposed as part of the King’s Speech in July, this Bill is intended to strengthen the UK’s cross-sectoral cyber security legislation to better protect the

Continue Reading What to expect from the UK’s Cyber Security and Resilience Bill (and when)

What do you need to know?

Following a call for information earlier this year, the UK’s Competition and Markets Authority (CMA) has now announced the changes it intends to make to its merger review process. The majority of the changes are to the Phase 2 process, which is only encountered in a minority of formal reviews, namely those where the CMA believes the merger could lead to a substantial lessening of competition – at the time of writing, of the 76 merger reviews opened by the CMA since 1 January 2022, only nine (12%) had been referred to Phase 2 (whereas around 10% of non-simplified merger review procedures lead to a Phase 2 review in the EU). These changes largely seek to make the Phase 2 process more interactive, with a view to arriving at acceptable remedies proposals sooner in the process. The proposed changes follow a period of criticism of the CMA’s approach to merger enforcement and reflect a desire to improve the effectiveness of the UK merger review process. The proposed changes are being consulted on until 8 January 2024. 

Why is the CMA revising its Phase 2 procedures?

The amendments are being introduced against the backdrop of the UK’s exit from the EU. Post-Brexit, global deals that could affect competition in the UK and would previously have been the reviewed by the European Commission under its “one-stop-shop” principle are now often reviewed by the CMA in parallel, giving rise to divergent outcomes on clearance or acceptable remedies with surprising frequency. As the CMA’s responsibility has increased, so too has the brightness of the spotlight on its approach to merger enforcement which has also exposed the fact that the EU and UK merger processes are often not in sync. As explained below, some of the CMA’s proposals bring the UK process closer to that of the European Commission, suggesting that limiting (procedural) divergence could be a key driver behind these changes.Continue Reading Towards a More Interactive Merger Review Process: UK CMA Proposes Amendments

The Digital Markets Act (“DMA”) will apply from 2 May 2023. In anticipation of this, the European Commission (“Commission”) has sought feedback via a public consultation on the draft DMA Implementing Regulation (“IR”) between early December and 9 January 2023.

The draft IR addresses a range of procedural aspects concerning the DMA, including gatekeeper designation and core platform service notifications, opening of proceedings, the right to be heard, and access to the file. By contrast, the draft IR so far is silent on the Commission’s investigative powers during the gatekeeper designation process and the process of further specifying the obligations set out in Article 6 DMA (both of which gatekeepers will undoubtedly be eager to learn more about).

The Commission is aiming to publish the final IR before Spring, and it will apply from the same date as the DMA. Whilst the draft IR may still be subject to changes before the final version is adopted, it already provides valuable insights into the Commission’s thinking.  How stakeholder feedback might affect these issues in the final IR remains to be seen.

Two themes in the draft IR – each further outlined below – are particularly noteworthy:

  • First, it touches upon the potential delineations of core platform service under the DMA, an issue which can have important ramifications for future enforcement: delineating one core platform service from other services in the context of digital ecosystems which are often designed to be seamless could prove rather complex.
  • Second, the draft IR displays a certain tension between achieving a “rapid and effective investigatory and enforcement process” (Recital 3 IR) while also ensuring that rights of the defence of the parties to the proceedings are effectively protected. The Commission’s emphasis on speed in DMA enforcement may require some notable departures from the traditional procedural framework for antitrust.

Continue Reading Countdown to Compliance: the DMA Implementing Regulation

In the early hours of Friday, 13 May, the European Parliament and the Council of the EU reached provisional political agreement on a new framework EU cybersecurity law, known as “NIS2”. This new law, which will replace the existing NIS Directive (which was agreed around the same time as GDPR, see here) aims to strengthen EU-wide cybersecurity protection across a broader range of sectors, including the pharmaceutical sector, medical device manufacturing, and the food sector.

We set out background on NIS2 in prior blog posts (e.g., in relation to the original proposal in late 2020, see here, and more recently when the Council of the EU adopted an updated version in December 2021). Whilst we are still waiting for the provisionally agreed text to be released, a few points are worth mentioning from this latest agreement:

  • Clearer delineation of scope. NIS2 will only apply to entities that meet certain size thresholds in the prescribed sectors, namely
    • “essential entities” meaning those operating in the following sectors: energy; transport; banking; financial market infrastructures; health (including the manufacture of pharmaceutical products); drinking water; waste water; digital infrastructure (internet exchange points; DNS providers; TLD name registries; cloud computing service providers; data centre service providers; content delivery networks; trust service providers; and public electronic communications networks and electronic communications services); public administration; and space; and
    • “important entities”, meaning those operating in the following sectors: postal and courier services; waste management; chemicals; food; manufacturing of medical devices, computers and electronics, machinery equipment, motor vehicles; and digital providers (online market places, online search engines, and social networking service platforms).

Continue Reading Political Agreement Reached on New EU Horizontal Cybersecurity Directive

On May 10, 2022, Prince Charles announced in the Queen’s Speech that the UK Government’s proposed Online Safety Bill (the “OSB”) will proceed through Parliament. The OSB is currently at committee stage in the House of Commons. Since it was first announced in December 2020, the OSB has been the subject of intense debate and scrutiny on the balance it seeks to strike between online safety and protecting children on the one hand, and freedom of expression and privacy on the other.

To what services does the OSB apply?

The OSB applies to “user-to-user” (“U2U”) services—essentially, services through which users can share content online, such as social media and online messaging services—and “search” services. The OSB specifically excludes  email services, SMS, “internal business services,” and services where the communications functionality is limited (e.g., to posting comments relating to content produced by the provider of the service). The OSB also excludes “one-to-one live aural communications”—suggesting that one-to-one over-the-top (“OTT”) calls are excluded, but that one-to-many OTT calls, or video calls, may fall within scope.Continue Reading Online Safety Bill to Proceed Through Parliament

The UK is not alone in feeling the effects of the Russia-Ukraine crisis which compounded an already tight energy market, in which the post-Covid economic recovery caused demand to outstrip supply. But the UK does appear to have been perhaps more heavily affected by this combination of factors, which has led to a steep rise in energy costs. With an average UK family’s energy bill increasing by 54% so far this year and inflation nudging the double-digit mark, the ONS declared earlier this month that the squeeze on living standards was the worst since the 1950s.

The EU has belatedly realized the dangers of its over-reliance on Russian hydrocarbons and is urgently seeking to source gas and oil supply elsewhere. In the short to medium term, this will force global gas prices higher as the EU competes on global gas markets for a constrained resource. In the longer term, countries view the war in Ukraine as a clear indication that reliable, clean, domestically-produced renewable energy bolsters national security by removing dependence on volatile international hydrocarbon markets. The PM’s comments in the foreword – “We need a power supply that’s made in Britain, for Britain” – underline how that sentiment also applies in the UK, whilst at the same time hint, perhaps worryingly, at a less globalized future energy market.

It is against this backdrop that on 7 April, almost unnoticed, the UK Government published its long-awaited Energy Security Strategy (ESS). The ESS was supplemented by the announcement in this week’s Queen Speech of the proposal for an Energy Security Bill, building on last year’s COP26 Summit in Glasgow and designed to deliver the transition to cheaper, cleaner, and more secure energy in the UK.

UK Energy Security Strategy

Immediate Support on Energy Bills

The ESS sets out a new Energy Bills Support Scheme that will see a £200 reduction in energy bills from October 2022, to be offset against a Government levy on domestic energy bills over 5 years from FY23. To mitigate the high cost of industrial electricity, the Government will extend the Energy Intensive Industries Compensation Scheme for a further three years, and increase the intensity of the aid to up to 100 per cent, representing 1.5 per cent of Gross Value Added. It will also consider increasing the renewable obligation exemption to 100 per cent. These measures will enable businesses to apply for greater relief for part of their electricity costs. The Government has since announced that the total level of compensation under the Scheme will increase from roughly £130 million to up to £280 million.

Energy Efficiency

Building on existing efforts to promote the energy efficiency of UK homes, the Government will make the installation of energy-saving materials zero-rated for VAT purposes for the next five years. A new £450 million Boiler Upgrade Scheme will facilitate the uptake of heat pumps, alongside a Heat Pump Investment Accelerator Competition being run in 2022, worth up to £30 million. Later this year, the Government will aim to publish proposals incentivising electrification, which aims to ensure that heat pumps are comparatively cheap to run. The Government will increase innovation funding for the development and piloting of new green finance products for consumers from £10 million to £20 million. Early 2023 will see a formal consultation on new minimum standards and labelling requirements for a range of energy-using products.

Oil and Gas

The ESS sets out the Government’s vision for the North Sea, noting that in order to reduce reliance on imported fossil fuels, the UK must fully utilise North Sea reserves; use empty caverns for CO2 storage; and encourage the use of hydrogen as a natural gas alternative, alongside using North Sea offshore expertise to support the offshore wind sector. The ESS argues that there is no contradiction between the UK’s net zero commitment and its commitment to a strong and evolving North Sea industry, but rather that one depends on the other.
Continue Reading The UK’s New Energy Security Strategy

As many readers will be aware, a key enforcement trend in the privacy sphere is the increasing scrutiny by regulators and activists of cookie banners and the use of cookies. This is a topic that we have been tracking on the Inside Privacy blog for some timeItalian and 
Continue Reading Regulators and Activists Increase Scrutiny on Use of Cookies and Cookie Banner Design

I.  Introduction: the Scottish Government’s Draft Hydrogen Action Plan

On the 10th of November 2021, the Scottish Government published its Draft Hydrogen Action Plan (the “Plan”), as a companion document to its December 2020 Hydrogen Policy Statement.

The Plan sets out the Scottish Government’s detailed proposals for
Continue Reading Introduction: the Scottish Government’s Draft Hydrogen Action Plan