This paper discusses the interface between data protection law and competition rules in the context of dawnraids and internal investigations. It seeks to identify the limits that may be placed by data protection law on competition authorities, on the one hand, and undertakings, on the other hand, with respect to the collection and further processing of personal data in the context of competition law investigations. The paper sets out and compares the different legal frameworks to which the competition authorities and undertakings respectively are subject. The article explains in particular how key data protection principles, such as the lawfulness of data processing, data quality, information requirements and rights of individuals as well as international data transfers, apply in this context and sets out the consequences of non-compliance and the possibilities of judicial remedy. The paper concludes that there is a double standard, which arguably leads to an information asymmetry and inequality of arms between regulators and undertakings. The authors also give some practical suggestions for undertakings to prepare for and address potential data protection implications in advance.
World Competition