Use of information provided to the CMA
Updated 18 June 2021
This document sets out how the CMA may use information provided to inform our Analysing Algorithms Programme. In particular, please note that we may choose to refer to comments or evidence that you provide in a published report or publish non-confidential information on the CMA’s website. This may include identifying the contributor.
The CMA may disclose any information provided by you for the purposes set out in section 7, section 170 and sections 240 to 243 of the Enterprise Act 2002, where it considers such disclosure to be appropriate. In particular, for the purpose of facilitating our work, the CMA may choose to put information provided by you to third parties, such as other government departments, enforcement authorities, regulators and other parties providing information to the CMA. We may share your information with another enforcement authority or with another regulator for them to consider whether any action is necessary, or to assist them in carrying out their functions. We may use information you provide to take enforcement action using our competition or consumer powers or in further mergers or markets work.
In all situations, we may only publish or share specified information in specific circumstances set out in legislation (principally Part 9 of the Enterprise Act 2002).
We will redact, summarise or aggregate information in published reports where this is appropriate to ensure transparency whilst protecting legitimate consumer or business interests. If you wish to submit information that you consider to be confidential, this should be indicated to us clearly at the time it is provided and an explanation given as to why you consider it to be confidential. In the event that the CMA proposes to include any sensitive commercial or personal information in a document that will be published it will, to the extent practicable, contact the relevant persons prior to publication to give them the opportunity to explain why disclosure would cause significant harm and to request excision (or aggregation or generalisation) of any such information.
The CMA is also bound by the Freedom of Information Act 2000 (the FoIA). Under the FoIA, where a person makes a request in accordance with the requirements of the FoIA, the CMA may have to disclose whether it holds the information sought and may be under a duty to disclose it, unless an exemption applies. If you consider that any information you provide may be exempt from such disclosure you should say so and explain why.
Personal information
When we process personal data, we follow data protection law, as set out in the UKGDPR and in the Data Protection Act 2018[footnote 1], and other law designed to protect sensitive information. We will be the controller under data protection law. For more information about how and why we process personal data at the CMA for our work and for information about your rights, including your right to complain, read more in the CMA Privacy Notice.
We will only process (use or disclose) personal data where it is necessary, in order to exercise our statutory functions.
-
The EU GDPR ((EU) 2016/679) has been adopted into UK law by the EU Withdrawal Act 2018 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 as amended). ↩