Companies within the internal market can build their market power by abstracting value from its client’s personal information. When entering into an unfamiliar market, a company should always bear in mind the balance between the levels of protection that it should provide to its consumers and the degree of competitiveness that it holds from controlling and processing big data in order to avoid risks and receive gains in the long run.
The first step of data analysis is to acquire data. Issuing loyalty cards is a frequently used method to acquire customer information. On the internet, companies can also set cookies to collect customer data.
Then, attention should be given to the processing and transferring of data to EU and non-EU countries. Operators need to take reasonable measures to ensure protection of data in accordance with the fundamental principles of the ECHR and art. 6 of the Data Protection Directive. Transfers to non-EU countries require specific safeguards by using the Safe Harbor principles, standard contractual clauses or binding corporate rules. Sometimes, guidelines published by international organizations like OECD or APEC also need to be taken into account, which depends on the specific provision of the targeted country.
The digital economy is partly driven by the degree to which a given undertaking can actually, potentially or hypothetically collect and diffuse personal information. Therefore attention should be given to regulation on competition when holding personal data. Difficulties in interoperability and data portability can lead to customer lock-in, by primarily technological means, resulting in customer dependency on the services of a specific company. It is feasible for companies like supermarkets to implement data portability by enabling users to withdraw their personal information and to port it to another company.
It is reasonable to assume that, when expanding online, a company should always bear in mind the important role of data and the balance between data protection and competitiveness.
 ‘A cookie is the term given to describe a type of message that is given to a Web browser by a Web server. The main purpose of a cookie is to identify users and possibly prepare customized Web pages or to save site loin information for you’, by Vangie Beal, What are Cookies and What Do Cookies Do? September 04, 2008 (http://www.webopedia.com/DidYouKnow/Internet/all_about_cookies.asp ).
 European Convention on Human Rights, art.8‘right to private and family life’. The right to data protection developed out of the right to respect for private life.
 Directive 95/46/EC of the European Parliament and of the Council, art.6.
 Namely, the ‘Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data’.
 ‘APEC Cross-Border Privacy Rules’
 Preliminary Opinion of the European Data Protection Supervisor (2014), Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy, p 28.