On 2 March 2026, the CMA announced it has launched an investigation into the suspected sharing of competitively sensitive information (CSI) between competing hotel chains.

In this article, we explore:

• What the CMA is currently investigating
• What kinds of conduct may amount to illegal information exchange
• Which parties may be at risk of CMA scrutiny
• The practical steps you should take to ensure compliance

What is the CMA investigating?

The CMA is investigating allegations that competing hotel chains, Hilton, IHG Hotels and Marriott, have used STR, a hotel data benchmarking and analytics tool owned by CoStar, to exchange CSI.

While it’s becoming increasingly common for businesses to use data analytics tools to help them make commercial decisions, such conduct can fall foul of competition law rules if it allows competitors to gain access to each other’s CSI. The sharing of any information which could reduce competitive uncertainty within a market, or influence a business’s strategy, is prohibited, as this behaviour could lead to coordination between competitors, and weaken competition within a market.

What kinds of conduct may amount to illegal information exchange?

Illegal information exchange can involve direct or indirect exchanges of CSI between competitors. In this case, CSI is suspected to have been shared by the hotel chains via STR. According to its website, STR collects data from hotels globally to provide the industry with insights into different metrics, such as occupancy and average pricing.

This allows the hotels to identify when demand is high or low, and thereby better analyse their performance, forecast future demand, make decisions regarding staffing and inventory, and maximise their revenue by implementing ‘dynamic pricing’ based on demand. If the CMA finds that this has led to the hotels accessing CSI gathered from competitors, this conduct could constitute illegal information sharing and breach competition law rules.

Which parties may be at risk of CMA scrutiny?

In line with the approach taken in previous cases and outlined in CMA guidance, in this case the CMA is investigating all four businesses, including CoStar, as the owner of STR. This shows that not only can the competitors themselves be held liable for an illegal information exchange, but so can companies providing the tools for them to do so.

Third parties that facilitate, coordinate or enforce illegal information exchange, even where this is done passively through a third-party platform or algorithm, may find themselves also facing CMA enforcement action for their role in enabling the competitors’ conduct.

Practical advice for businesses

Using market data collected by third parties for efficient, data-driven decision-making carries a risk of accidental illegal information sharing.

To avoid indirectly sharing CSI, and to mitigate the risk of CMA scrutiny when using market data to inform decision-making, you should:

• Review any arrangements in place with market data providers: to understand what (if any) CSI your business provides to, or receives from, them. Information which is most likely to include CSI includes non-public specific information on actual or future prices and discount levels, business costs and margins, capacity and consumer demand, and market shares. Information which is historic such that it no longer reflects current market conditions is not likely to be considered CSI.
• Ensure that where CSI is provided to or received from market data providers, there are appropriate safeguards in place: Any CSI provided to such organisations should be aggregated or anonymised before it is shared with the business’ competitors. Similarly, any market data received by the business from such organisations should not contain competitors’ CSI. Seek assurances that there are measures in place to ensure that CSI is not shared between competitors – for example, via the use of data firewalls between customers or restrictions on data outputs to prevent them from incorporating CSI.
• Maintain independent decision-making: It isn’t clear from the CMA’s press release whether STR used the data it collected to made recommendations to the hotel chains in relation to their pricing or other commercial decisions and, if so, the extent to which such recommendations were implemented. However, you should consider very carefully the risks that may be posed by using pricing algorithms or other technology which is also used by your competitors, or which relies on CSI provided by your competitors to make recommendations about commercial decisions. Where such algorithms or other technology are used, avoid using systems which automatically implement recommendations, and instead ensure that any suggestions are subject to human review and can be manually overridden.

Competition law compliance: How we can support you

Our team of experts can bring their specialist knowledge and experience in advising businesses on competition law compliance to help you stay ahead and mitigate CMA enforcement risk.

If you would like to know more, please get in touch with Sarah Ward, Hamza Khan or Alicia Moyo to discuss how we can support you.