CNMC guidelines on processing confidential information in unfair competition proceedings


The Spanish National Markets and Competition Commission (“CNMC”) has published its “Guidelines on processing confidential information and personal data in unfair competition proceedings” (the “Guidelines”). Our colleagues in the Competition Law Area have published a brief but very useful analysis, available here:

CNMC guidelines on processing confidential information in unfair competition proceedings
July 2, 2020

The Spanish National Markets and Competition Commission (“CNMC”) has published its “Guidelines on processing confidential information and personal data in unfair competition proceedings” (the “Guidelines”). Our colleagues in the Competition Law Area have published a brief but very useful analysis, available here:

The Intellectual Property and Technology Area will approach the Guidelines differently: from the perspective of the civil rights afforded to the owner of a business secret.

Aim and content of the Guidelines

The Guidelines are based on the recognition that disclosing “confidential” information, a “business secret”, or a “trade secret” (the Guidelines use these terms interchangeably and we will simply refer to them as “secrets”) can cause serious harm. They define a trade secret as “any information related to the company’s economic activity that, if disclosed, could cause it serious harm”, in line with the “Commission Notice on the rules for access to the Commission file in cases pursuant to Articles 81 and 82 of the EC Treaty, Articles 53, 54 and 57 of the EEA Agreement and Council Regulation (EC) No 139/2004” and the National Court judgment of December 2, 2011 (ES:AN:2011:5383).

The former Competition Council (CDC) and the current CNMC have ruled many times on the scope and interpretation of the specific provisions on protecting secrets in unfair competition cases. These Guidelines are an attempt to structure those rulings. That may explain why the Guidelines do not mention the fairly recent Spanish Act 1/2019, of February 20, on Protecting Business Secrets (Ley 1/2019, de 20 de febrero, de Protección de los Secretos Empresariales, “LSE“), nor do they address how to combine both approaches. This is regrettable, because the Business Secrets Protection Act regulates a subjective financial right that public administrations must recognize in performing their public function. In any case, although the substantive provisions of the Guidelines follow a different systematic approach to the Business Secrets Protection Act, the protection they provide complies with it.

Under the Business Secrets Protection Act, a business secret is any information or knowledge that meets the following conditions: (a) be a secret, in the sense that, overall or in the specific configuration and combination of its components, it is not generally known by or easily accessible to people in the circles in which the type of information or knowledge in question is normally used; (b) have business value, whether actual or potential, precisely because it is a secret; and (c) has been subject to reasonable measures by its owner to keep it secret. Comparing this definition with the Guidelines’ definition of a trade secret, we see that the Guidelines focus on only one of these conditions, the economic value. However, in practice, the CNC and the CNMC also consider the other two conditions, albeit from a different approach to the Business Secrets Protection Act.

The focus of the Guidelines is that the system for general stakeholders to access public information is strongly influenced by the specific provisions of Spanish Act 15/2007, of July 3, on Unfair Competition (Ley 15/2007, de 3 de julio, de Defensa de la Competencia) and the Unfair Competition Regulation, approved by Royal Decree 261/2008, of February 22. From this perspective, to provide greater legal certainty to stakeholders in competition proceedings, the Guidelines contain substantive and procedural recommendations on: declaring the confidentiality of documents in different proceedings; the manner and the time for accessing case files; analyzing the weighting of the parties’ rights and interests that the CNMC must consider; and some issues related to personal data processing.

Declaring confidentiality: weighting of rights and interests

The Guidelines state that declaring confidentiality is a decision taken based on assessing the principles at stake and the circumstances of the case, which requires secrets to be duly protected, as well as considering other principles and interests. These include protecting the parties’ right to defense in sanction proceedings, or not causing irreparable harm or a loss of defense to third parties, whether they are involved in the proceedings (e.g. customers and competitors) or not.

The Guidelines set out a three step analysis:

i. Determine whether the document in question contains data or knowledge that may be considered a secret and whose disclosure could cause harm to its owner.

The Guidelines list a series of cumulative criteria to be taken into account for information to be considered a secret: (i) it is only known by a small group of people; (ii) its disclosure could cause serious harm; and (iii) the potentially affected interests objectively merit protection.

ii. If the latter condition is met, examine whether these documents have been disclosed between the parties and third parties, which would make it difficult to consider them secret, sensitive, or reserved information.

For information or knowledge to be confidential, as well as being secret in the sense of being unknown, the Guidelines state the owner must want to preserve its reserved character.

iii. Determine whether the data or information, even when confidential or secret, is necessary to establish the facts and assess the proceedings.

In this section, the Guidelines refer to the knowledge or information that, despite being reserved or confidential, loses this status because it is necessary to establish the scope, content, or effects of the proceedings. Therefore, declaring confidentiality will not be possible when it may cause a loss of defense, infringe third parties’ legitimate rights, or be necessary to understand the investigating court’s analysis.

Points i and ii are more reminiscent of the Business Secrets Act’s business secret conditions, which combine both systems better. Even so, a standardized model would have been preferable to avoid possible friction.

Declaring confidentiality: procedural aspects

Finally, the Guidelines reflect the procedural aspects to be considered by the party requesting confidentiality, which must: (i) adequately identify and specify the information; (ii) justify the possible harm to its interests from disclosing the information; and (iii) provide a public, non-confidential version of the documentation for which confidentiality is requested.


Clearly, the prospect of a business secret being revealed during proceedings is a significant risk to its owners. Neither the legislator nor the courts are indifferent to this issue, and their concern for it is reflected in: (i) the rules listed in the Business Secrets Act to preserve the confidentiality of information provided during proceedings or that may constitute a business secret; and (ii) the Business Secret Protection Protocol of the Commercial Courts of Barcelona, adopted to establish a series of uniform procedural practices in processing information in proceedings under the Spanish Civil Procedure Act (Ley de Enjuiciamiento Civil). Neither of these is reflected in the Guidelines either, although there is nothing to prevent them being used as principles for processing secrets in proceedings before the CNMC.

Authors: Álvaro Bourkaib and Marta Zaballos

July 2, 2020