Balancing Transparency and Confidentiality: Critique with Comparative Analysis on the Confidentiality Regime in India – Part I

Pragyan Sucheta Panda & Aryan Rawat

Introduction

Confidentiality has been a prominent issue while dealing with cases of competition laws. In the current ethos, with the emergence of excessive reliance on data and information by businesses, the domain of safeguarding sensitive information remains an open challenge. This calls for the competition regulators to strike a balance between securing transparency in proceedings and ensuring fair competition. The Competition Act, 2002 (hereinafter ‘the Act’) and allied regulations equip the parties and the authority with a framework to safeguard confidential information. India has made active steps to resurrect a confidentiality framework in alignment with best global practices. However, there are still unexplored terrains when dealing with confidential information which has high credence in cases of competition law. The authors have analysed the ICN’s Guidelines and Reports on Confidentiality which provides research and policy framework for competition advocacy, to emerging jurisdictions in the domain of competition law. The authors have further delved into the interpretations, rulings and legal framework existing in the European Union (EU) and United States of America (USA) and the lessons learnt. The legitimate ask for access to confidential files and the overarching concept of the right to defence, which forms the background for access to files has also been analysed. Through tools of comparative analysis and considering best practices, the authors have suggested policy changes to further strengthen the enforcement of the CCI (General) Regulations.  The author aims to guide a way forward towards a comprehensive and effective confidentiality regime in India.

Overhauling of Confidentiality Regime with Legislative Changes

The Indian Competition Regulator followed the trend of adopting the global best practices by enforcing two most recent amendments to the Competition Commission of India (General) Regulations, 2009 (hereinafter ‘CCI General Regulations’) in the year 2022 and 2024. The amendment in 2022 established a system of self-certification, a process of submitting a declaration in the form of an undertaking to protect confidentiality and formation of confidentiality rings during the proceedings before the CCI. Glancing at the provision, as per Regulation 35(2) of General Regulations, the information must meet the criteria of (i) being unpublished, inaccessible to the general public; (ii) known only to a limited few individual directly involved in the business or transaction; (iii) having adequate measures in place to maintain the confidentiality of the information; (iv) non-accessible or duplicated by external parties. Also, penalty has been imposed for furnishing a false undertaking as Section 45 of the Act. Evidentially, CCI levied a penalty of Rupees. 2,00,00,000/- on Amazon which was further upheld by National Company Law Tribunal (NCLAT) and is pending in Supreme Court (SC). The enforcement of such strict rules has proved to deter parties from disclosing sensitive data without authorisation. The effort to streamline the process of submitting confidential information with standard timelines would garner more confidence in the parties and reduce the risk of public disclosure or misuse.  

In the spree of aligning the Indian competition law with global regulatory authorises, through the amendment in General Regulations, 2022, the concept of confidentiality rings was adopted in India. It is a group formed to access confidential information with authorised representatives of all parties involved. Back in 2012, confidentiality club was formed as per the direction of the Delhi High Court in the case MVF 3 APS v M. Sivasam (2012), while dealing with a civil commercial suit alleging the stealing of sensitive business information. Finding legislative backing, presently, parties can seek disclosure of confidential information and CCI has the discretion to reject or accept the formation of confidentiality rings. Through amendment in 2022, Regulation 35 was enhanced with the addition of confidentiality rings and twin versions of reports under General Regulations. Following this change, in October 2022, in the case of Make My Trip India, CCI directed for creation of two versions of its order, one being a non-confidential version which shall also serve as a publicly redacted version, and the other being a completely confidential version accessible to parties only from members of their respective confidentiality ring.

The National Restaurant Association of India (NRAI) filed a complaint against Zomato and Swiggy for entering into anti-competitive agreements and abuse of dominance. Parties filed the confidential and non-confidential version of the information before CCI and upon the request of Swiggy, a confidential ring was formed wherein the confidential data submitted by Zomato and Swiggy was shared with representatives of NRAI. CCI, after hearing both the parties, noted that there exists a prima facie case with respect to conduct of Zomato and Swiggy in contravention of Section 3(1) r/w Section 3(4) that requires investigation by DG.[8] The CCI then shared the finding of DG with limited persons but by an order vide dated April 24, 2024, CCI allowed formation of confidential ring so that representatives of NRAI can have access to the investigative report. Swiggy then filed a writ petition against CCI’s order allowing formation of confidentiality ring, arguing that the anti-trust watchdog has failed to preserve confidentiality under Section 57 of the Act. The Karnataka High Court set aside the impugned order and remit the matter back to CCI for reconsideration.

Revamping with Affidavits

Unlike the confidentiality clubs formed under the intellectual property rights (‘IPR’), the competition policy in India has provided the protective cover to not only trade secrets of a business under scrutiny but any information that is (a) not accessible by the public, (b) known to limited persons, (c) adequately protected and (d) one that cannot be duplicated or acquired by others. The latest amendment by the CCI was notified on May 10, 2024, which further amended the General Regulations. Through this notification, the confidentiality regime under the aegis of CCI was further enhanced by introducing notable changes in Regulation 35, 37 and Regulation 50. The process of filing an undertaking (as per General Regulations Amendment, 2022) was strengthened by incorporating mandatory filing of undertaking ‘in the form of an affidavit by the parties involved.

With the trend of greater dependence on data, especially while dealing with digital markets, the amendment mandating an undertaking, in the form of an affidavit, which is duly notarised has the potential to reinforce trust in the procedure and encourage parties to share information during the investigation for fair adjudication. However, in this extant framework, the requirement of an affidavit with an undertaking still doesn’t encompass a situation where one of the parties refuses to share information in the confidentiality ring.

To further streamline the regulations about confidentiality, the regulatory authority has adopted a time-restricted model to access information and to request the establishment of confidentiality rings. This endeavour is a welcome move as it will ensure quicker and more efficient completion of investigations and proceedings before CCI.

CCI’s Observation related to Confidentiality

From time to time, while safeguarding confidentiality, the issue of differences in the treatment of information under various rules and regulations related to competition law has arisen. Before delving into global practices, it would be instrumental to glance at observations made by CCI regarding confidentiality while dealing with the provisions under the Act read with allied regulations. CCI has promulgated regulations dealing with specific scenarios like leniency regime, combinations, settlement mechanisms etc. Out of all, two of the regulations that specifically cater to the confidentiality of information are:

i) Confidentiality interpreted under Lesser Penalty Regulations

In 2024, to establish a prima facie view for the existence of a cartel and subsequent scrutiny of cartelisation, CCI introduced a leniency plus regulation which provides an enhanced reduction for disclosure about primary and subsequent instances of cartelisation vide CCI (Lesser Penalty) Regulations, 2024 (‘Lesser Penalty Regulations’).The pre-existing Lesser Penalty Regulations of 2009 (currently repleaded) addressed the concerns of confidentiality through Regulation 6 and inspection of certified copies through Regulation 6A. This extant regulation incentivises market players to disclose information, documents and evidence, in exchange for reducing the penalty levied on them during matters of cartelization and merger control. The sharing of data creates an obligation on regulators to protect the confidentiality of information provided while securing a rebate in the penalty imposed during cartel investigations.

The CCI has dealt with issues regarding the protection of information disclosed in the applications filed under the Lesser Penalty Regulations. In the case, Nagrik Chetna Manch v. Fortified Security Solutions, the issue of confidentiality breach of information in an application filed under Lesser Penalty Regulations was redressed. By creating a clear demarcation, it was observed by CCI that information in the application of the Lesser Penalty is a different piece of evidence as compared to information collected during the investigation conducted by Director General (‘DG’) for granting a lesser penalty. The allegations of breach of confidentiality by omission of DG were held as misplaced and unfound. Similarly, in the cartelization case of Pune Municipal Corporation (2016), the submissions by the parties to DG were termed as ‘independent evidence’ and the application of Regulation 35 as per General Regulation was said to be the governing regulation. In India, the protections for confidentiality have been determined based on a case-to-case analysis and by clear application of allied and operative regulations in the subject matter. The observations by CCI showcase that the competition regulator has strived to find a middle ground between interest of business in protecting confidential information and the public interest to protect fair competition.

ii) CCI Combination Regulation on Confidentiality

Catering to the sector-specific need for regulating combinations under Sections 5 and 6 of the Act and significant reliance on data sharing between the combining parties, there arises an increased relevance for protecting confidentiality. On September 10, 2024, the competition watchdog notified the CCI (Combinations) Regulations, 2024 overhauling the CCI (Procedure in regard to the transaction of Business relating to Combinations) Regulations, 2011. The earlier regulation mentions regulation 42 and 35 of CCI General Regulation for the request of confidentiality. By harmonizing the frameworks and changes introduced in the realm of Indian competition law, the new Combinations Regulation once again redirects to follow the procedure laid down in the General Regulations, 2024.

European Union, A Guiding Light for CCI

In corollary with the recognition of the importance of confidentiality in antitrust proceedings, the European Union (EU) has ensured the confidentiality of information, instilling the trust of parties through its comprehensive confidentiality regime. As enshrined in Article 339 of the Treaty on the Functioning of the European Union (TFEU), the European Commission (EC) has a general obligation to protect confidential information. Confidentiality rings are operated based on negotiated disclosure agreements (NDA) between the investigated enterprise (SO addressee) and the informant of confidential data. It aims to safeguard the confidentiality of sensitive information furnished by the parties involved, erstwhile, also protecting the information collected by DG Competition during the investigation.

Spotting Similarities: EU’s Right to Defence vis-à-vis CCI’s Observation

The concept of creating a robust confidentiality regime to access files finds its genesis in the concept of ‘right to defence’ as interpreted by the EU’s General Courts. As India has adopted the confidentiality regime from EU’s DG Competition, delving into the nuances of the ‘right to defence’ in the context of safeguarding confidential information becomes crucial. The right to defence doesn’t constitute an absolute right, thereby, it is limited by the right to protect business secrets, the right to data protection and safeguarding confidential information. The precedents in the EU have been strict in granting the right to access confidential data collected by the DG of Competition during the investigation. Furthermore, there have been different interpretations and various satisfactory thresholds set by the EU for inculpatory and exculpatory evidence in matters of competition law.

In 2011, through the case of FMC Foret, SA v European Commission, the General Court ruled that, with regards to incriminating (inculpatory) evidence, the undertaking must construe a violation of the right to defence by proving that (i) the Commission relied upon the confidential draft to prove violation and (ii) the objection to guilt could be proved only by furnishing the document. Parallelly, for an exculpatory document which has not been conveyed, the undertaking must establish that the exculpatory evidence could be instrumental in creating a defence, by proving that evidence is contrary to the Commission’s initial findings and, if accessed, would change the decision of the commission. Similarly, in Knauf Gips KG v European Commission, the confidential nature of the evidence (both inculpatory and exculpatory) created an exception during inspection of documents by undertakings involved. Notably, in EU, the onus strictly lies upon the applicant to prove the ‘objective necessity’ for availing disclosure of information during investigations. The EU Court concluded that not providing access to information to other parties’ submissions does not always cause contravention of right to defence.

Comparing it with the practice followed in India, the authorities have given due regard to the ‘right to defence’ in the context of protecting confidentiality. As noted by Delhi HC in Forech India Ltd. v. CCI (2016), the court has interpreted the right to defence with a caveat of excluding information which has been claimed as confidential by the concerned party. Additionally, giving importance to the rule of exception while interpreting right to defence, under Regulation 20 of CCI General Regulations, DG is obligated to submit report of investigation in two versions. In cases where confidentiality is claimed by parties, one version will comprise of non-confidential pieces of evidence which will be widely accessible and another version will be confidential with partial and restricted access.  With this similarity and finding common parlance in the concept of the right to defence and exception granted to confidential information, some comparisons lie in tools used by EU’s confidentiality regime and extant framework in India.

Difference between EU’s and India’s approach 

To govern confidentiality in competition law-related matters, the EU and United Kingdom (UK) have adopted the setting up of confidentiality rings where information is restricted to a group of persons representing parties involved based on a case-specific negotiated agreement. With the aim to alleviate the risk of leaks of confidential information, the membership of the confidentiality ring has been limited. The external counsels of the SO addressee and informant form part of the confidentiality rings by signing an undertaking for maintaining the enclosure through NDA agreed by the parties. The DG Competition acts as the facilitator in the process and he aids the process by proposing a party-specific draft negotiated disclosure agreement between SO addressee and informant. The text of the negotiated agreement is tailor-made based on (a) the confidential information in question, (b) proposal suggested by EC and (c) the perusal of parties. Essentially, the negotiated disclosure agreements are party-specific contractual agreements and the discretion for the formation of confidentiality rings lies with the Commission. Interestingly, in India, the learning and comparative analysis with the EU confidentiality framework is relevant as the concept of confidentiality rings and the discretionary power of the regulator has also been adopted from EU competition law. In Europe, this agreement acts as a legally enforceable arrangement which binds the parties involved to allow access to confidential files. Recently in 2024, while dealing with the cartel case in the automobile industry, the Competition Appellate Tribunal (CAT) in the UK ordered the creation of a confidentiality ring.

By agreeing to enter into an NDA, parties can commit to transparency and legally binding obligations. The enclosure by the agreement, facilitated by the regulatory authority, can lead to streamlined procedure and limits the party’s autonomy to refuse the sharing of data, during the proceedings. The genesis of confidentiality rings lies in the EU and risk is mitigated through negotiated disclosure agreements. At present, the framework in India doesn’t explicitly impose specific penalties or a legally backed obligation on any entity that refuses to share confidential data in the confidentiality rings. A negotiated disclosure mechanism with an agreement can additionally address the issue that has been untapped by the extant framework in India. There is lack of any remedy for refusal of information in confidentiality rings, thereby defeating the whole purpose of creating it in the first instance. As reflected by Section 36(2) of the Act, CCI has the power to discharge its function as a Civil Court under the Code of Civil Procedure, 1908. Eventually, a contractual liability that would arise from a breach of NDA during the confidentiality ring can create a civil liability and consequently, CCI will have jurisdiction to assess the impact of breach so caused. India’s confidentiality framework has a lot to gain from using the NDAs system as it would lead to a contractual liability upon the parties who fail to adhere to agreed terms while operating in confidentiality rings.

This blog is the first part of a two – part blog series. The authors are both fourth – years students at National Law University, Odisha.