As a follow-up to its White Paper on foreign subsidies (June 2020), the European Commission, on 5 May 2021, published a Draft Regulation on non-EU (foreign) subsidies1. This is a 65-page document which raises as many questions as it answers. The Chinese Chamber of Commerce to the EU has already expressed concerns about its "rationality" and "necessity" in view of the existing EU and national FDI screening and antitrust tools.

Merger filings within the EU may be required at EU or national level. EU filings, for large-scale deals having a "Community dimension," must be submitted to the EU Commission (thereby pre-empting the need to file with the Member States' authorities). If the deal fails to meet the thresholds of the EU Merger Regulation (EUMR), the parties may be subject to any number of national filings in the 27 Member States (due to Brexit, the UK is now a separate jurisdiction which is no longer part of the EU merger review structure).

Today, the Commission published a White Paper addressing the distortions caused by foreign subsidies to the EU Internal Market. As a White Paper, this is a purely consultative document. The Commission will be welcoming comments until 23 September 2020. When this process has been concluded, the Commission will likely draft new legislation that is in line with the White Paper. This White Paper doesn't single out China as such, but the press during the run-up to this White Paper has clearly identified China as the obvious focus.

The data protection authorities of the EU Member States (DPAs) are imposing ever high fines for violations of the GDPR. In June and July 2019, the UK DPA imposed large fines on Marriott (€111 million) and British Airways (€204 million) for data breaches that breached the GDPR. But it is clear that increasingly larger fines are not the only problem facing companies worried about their exposure to the GDPR. Non-EU companies in particular face a risk of parallel GDPR investigations for the same conduct, and in each such case, the investigating DPR is authorized by GDPR to impose fines up to the maximums provided for the GDPR, which can be 2% or 4% of the company’s global group turnover, depending on the nature of the infringement. How can this be possible?

On 21 January 2019, the French data protection authority, CNIL, imposed a fine on Google of €50 million for various breaches of the GDPR, and the first fine imposed by CNIL.This was to biggest fine to-date by far imposed by any DPA pursuant to the GDPR.

On 24 October 2018, the UK data protection enforcement body, the Information Commissioner's Office (ICO), issued an Enforcement Notice against Canadian data services firm, AggregateIQ (AIQ). This was the first Enforcement Notice issued by the ICO under the General Data Protection Regulation (GDPR). The Notice specifies several breaches of the GDPR and gives AIQ 30 days to put itself into compliance or face a fine of €20 million or 4% of global group turnover, whichever is greater.