Competition Law Enforcement And Data Protection Laws
Nowadays, a growing number of companies merge with the aim to collect more information and gain a competitive advantage. Due to the network effects, caused by the accumulation of data, these data-driven markets are highly monopolised. The Supervisor of Data Protection at European level, Giovanni Buttarelli, stated that competition authorities should consider the increasing significance of data and begin assessing acquisitions of online platforms. Even though in the last two decades competition law has not incorporated any policy goals into its agenda apart from economic efficiency, the rise of big data in our digital era may be a reason for changing the practice.
The Connection between Competition and Data Protection Laws
Competition law enforcement aims to promote consumer welfare by providing consumers with ‘lower prices, better quality products and a wider choice of goods and services’. Antitrust authorities have stated in previous decisions that competition law cannot resolve data protection issues and such problems should be reviewed by the EU Data Protection Directive. Therefore, competition law cannot be enforced solely due to deteriorated privacy policies. Privacy concerns are not believed to be within the competence of competition law, as illustrated in Asnef-Equifax’s decision, which was later confirmed in Google/DoubleClick and Facebook/WhatsApp, too. However, the Court of Justice has adopted a pluralistic approach in some cases by approving the significance of other competition goals. For example, in Allianz Hungaria, the ECJ held that the violation of another set of national rules could be taken into account in their competition analysis. Moreover, in VBL-Gegenwert, the German Federal Court of Justice supported the argument that terms, incompatible with contract law could constitute an abuse of a dominant position. Therefore, it can be argued that competition law can consider data protection concerns when assessing anticompetitive activities, too.
The main objective of data protection law is the protection of both consumers and the free flow of data within the EU. Article 8(1) of the Charter states that ‘everyone has a right to the protection of personal data concerning him or her’. Furthermore, Article 8(2) lists the requirements for personal data processing, including that the need for consent and fairly processing. Importantly, privacy in the EU is not an absolute right. Therefore, competition authorities are not obliged to consider such concerns in their reasoning.
Competition law’s perspective on the consumer welfare standard focuses on the prevention of undertakings from raising consumer prices. However, there are other aims evaluated by the standard, including product quality, product selection and innovativeness. Consequently, both competition and data protection laws aim to protect consumer welfare and the internal markets within these fields. Therefore, competition law can scrutinise data-driven mergers by analysing the anticompetitive effects when these companies widen their scope of data collection and at the same time take into account privacy concerns, which might point to the decreasing quality of the service for consumers.
Competition Authorities need to Consider Non-price Parameters
With the rapid development of technology, it is of utmost significance that antitrust authorities consider privacy issues because the collection and use of personal information can impact competition on the market.
In the context of merger control, data protection issues can play a crucial role. For example, if an undertaking acquires significant market power through a merger, it may have the opportunity to establish an even more powerful position by obtaining more personal information and further diminishing consumers’ privacy. With regards to Article 102 TFEU, data protection could become problematic, if a powerful undertaking intentionally disregards data protection rules in order to improve its market position, which could justify the consideration of privacy policies in competition proceedings.
In 2012, a former Competition Commissioner, Almunia, stated in his speech that ‘a single dominant company could of course think to infringe privacy laws to gain an advantage over its competitors’. Some scholars support the idea that there is a link between data protection and competition laws. Lynskey argued that if we assume that data protection rules constitute a competitive non-price parameter, industry collusion or reduced privacy quality by a dominant company, which infringes data protection principles, would result respectively in a breach of Article 101 or Article 102 of the TFEU.
Furthermore, while competition law uses both behavioural and structural remedies to regulate market conduct, data protection law relies only on behavioural remedies. Therefore, the European Commission is the only body that has the ability to block mergers and prevent market conditions from arising which might harm consumers and monopolise the market.
Nowadays, big data is referred to as the ‘currency of the digital economy’. However, the accumulation of data might lead to privacy issues, which might also decrease the quality of services. Even though, recently, there has been significant data protection initiatives, antitrust law could also be used to limit the collection of data by online providers.
The Role of Data in the Competitive Analysis
Competition authorities begin to pay more attention to the impact of data due to the growing amount, collected by companies. As a result, the control of data can lead to multiple competition concerns, including monopolisation, high entry barriers and decreasing consumer welfare. There are several theories of harm relating to big data. When analysing data-driven mergers, the Commission has focused on whether the combined data set might be unique and whether access to this data is in any way essential for competitors to be able to compete on an even playing field.
Data as a Source of Market Power, Exclusivity Agreements and Market Transparency
The possession and control of a large volume and variety of data provides companies with a competitive advantage, which may lead to entry barriers for new entrants or companies which cannot collect the same amount. Some sectors, such as search engines and social networks, are often highly concentrated. It is argued that data is non-rivalrous because access to data from a particular provider does not in itself prevent other companies, including competitors from using this dataset, too. The Commission stated in its Telefonica UK/Vodafone UK/Everything Everywhere decision that ‘customers generally tend to give their personal data to many market players which gather and market it. Therefore, this type of data is generally understood to be a commodity’. Nevertheless, the fact that data is non-rivalrous does not in itself mean that it is accessible to all providers. Competition authorities have found in several antitrust cases that the collection or access to data in some sectors can be particularly costly and thus providing a competitive advantage to those companies who had access to it. Companies may experience different hurdled when collecting data. Sometimes smaller companies may be prevented from collecting vast amounts of data due to the high costs of investment. Moreover, data are often collected from customers as they use a product or service, particularly in multi-sided markets. Therefore, in order to compete in these multi-sided markets, an entrant needs to create a platform which provides similar services to a sufficiently large number of users. However, this is a complicated process since the quality of the service provided usually depends on the size of the customer base and thus small companies do not have the chance to grow because they cannot create a competitive platform.
Another anticompetitive data-driven strategy may be the prevention of competitors from accessing data by implementing exclusive contracts with third-party providers or foreclosing opportunities for rivals to collect similar data by installing their own platforms on certain technologies. For example, Android phones have preinstalled Google Maps, which decreases the chance of customers installing another application for GPS navigation. Thus, these exclusive agreements have the ability to preclude competitors from challenging the company.
Moreover, the increasing collection of data often leads to greater market transparency. From an economic point of view, such transparency has ambiguous effects on the functioning of markets. On the one hand, consumers may benefit from greater market transparency if it allows them to compare more easily prices or characteristics of competing goods or services.
On the other hand, the greater market transparency might allow undertakings to monitor and control price, thus leading to collusion.
How is a Relevant Market Defined?
The relevant market incorporates two elements, the product market and the geographic market. The prior consists of all goods or services which are substitutable while the latter is identified by the areas in which the undertakings in question are active in the supply of products or services. After these markets have been defined, the Commission conducts a more detailed analysis on substitutability. In regard to substitutability there are two factors, demand substitution, defined by the ability of customers to choose between products and supply substitution, regarded as the ability of suppliers to supply products on a given market. When analysing the demand-side, the Commission applies the SSNIP test, analysing whether customers for the product in question can switch to a similar product in response to a small but permanent price increase. In the second case, the question is whether other suppliers can readily switch production to the relevant products and sell them on the relevant market.
Is there a Relevant Market for Data?
The traditional approach of merger control, however, is not effective in the context of our digital economy. The first obstacle for competition authorities when analysing data-driven mergers is to define the relevant market. It has been argued that by the present principles of merger control data cannot be found to create a relevant product market, when it comes to online platforms, because it is not directly traded, which is one of the requirements of substitutability. However, it is important that the merger control mechanisms reflect the present market since data is becoming one of the most important assets in our digital era.
Variety of Data
Regulators experience difficulties when analysing data-driven mergers because the volume and variety of data has been constantly increasing. The Commission must not disregard the importance of data collected from different sources because it ‘may uncover new meanings’. Similarly, the Information Commissioner’s Office opined that according to some practitioners, ‘variety is the most important characteristic of data’. Therefore, undertakings which have access to a wider scope of data, may be quite different from one market to another. Consequently, such mergers need to be analysed on a case-by-case basis.
The different types of data cannot be regarded as substitutable. The Commission asserted in several merger cases that the information available to the joint venture was also available to other players, including Google, Apple, card issuers, etc. Therefore, the reasoning applied in these cases implies that the Commission regards the data, collected by different companies, as substitutable. However, important differences can be identified between the nature of the data gathered and used by, for example, search engines, social networks and e-commerce platforms. While a social media network provider may control more personal information, search engines would own data related to users’ interests. As a result, each of these online platforms needs a specific type of data to deliver good quality services to users, thereby, diminishing the substitutability of different kinds of data. Consequently, the most appropriate way to view these markets is to separate them, but still consider the connection between them.
Weakness of the Current Approach
The current approach of competition authorities has good mechanisms for assessing the effect of mergers or anticompetitive behaviour on prices. The problem is that most of the markets for data do not involve prices. Thus, competition authorities find difficulties when evaluating non-price factors such as product quality or privacy concerns.
Therefore, in order to measure the substitutability between various free services, the SSNIP test is not accurate because it relies on a price increase. Thus, in order to solve this problem, some have suggested that competition authorities may consider applying an ‘adapted SNNIP test’, simulating the effect of a degradation of quality, and in particular of data privacy policies. If, as a result, users switch to other services, then these services will belong to the same product market.
Nevertheless, proponents of the current approach argue that undertakings which provide free services should not be considered in a relevant market in accordance to their actual use, such as social network market or search market, but rather be regarded as functioning in an advertising market. However, data plays a crucial role for online advertisement. It can be used to better target users and thus display individualized advertising, services and products. Thus, online platforms can reduce their advertising costs by addressing only their actual target audience. Moreover, they may even impose individual prices based on consumers’ spending capacities, which will result in price discrimination. Thus, competition authorities face difficulties when defining relevant markets in multi-sided markets because undertaking can be active towards more than one group of customers and also because usually services and products are provided for free. However, regulators can still consider other aspects than price, such as the quality or even the data collected on each individual user. As the CMA’s acting Chief Executive Officer observed, the current competition rules may not be appropriate when presented with Big Data and ‘might need to apply the rules in new contexts, but that doesn’t mean the CMA need a completely new set of rules’.
Therefore, competition authorities need to either reform their current framework when analysing data-driven mergers or create a novel approach, specifically tailored for the analysis of these markets.
Case law
Google/DoubleClick
In 2008, when analysing the Google/DoubleClick merger, the Commission stated that the concentration was not likely to significantly impede effective competition. However, the merger raised concerns since both undertakings were active in the online advertising industry. The Commission did not identify data as a relevant market, but only recognised markets in which monetary payment was exchanged such as the provision of online advertising space. When this merger was evaluated in the US, the FTC came to the same conclusion as the Commission. However, one FTC Commissioner Pamela Jones Harbour dissented and argued that the acquisition could significantly impede effective competition. She opined that the parties are potential competitors in third party ad serving tools, and the acquisition raises user privacy concerns. She also argued that a relevant market consisting of data could have been possibly defined.
The Commission emphasised that even if Google’s and DoubleClick’s data collections were available as input for DoubleClick, Google’s competitors already had various means of combining data on searches with data about users’ web surfing behaviour. Still, the Commission’s assessment might differ if conducted today, considering the rapid nature of the markets concerned, are often described as dynamic and rapidly evolving.
Facebook/WhatsApp
In the Facebook/WhatsApp merger decision, the European Commission stated that any privacy related concerns do not fall within the competence of EU Competition law. It concluded that even if Facebook starts collecting information from WhatsApp, there would still be a sufficient number of competitors, able to compete with Facebook in the targeted advertising business. Moreover, the Commission specified that users would likely switch to another communication app if WhatsApp would change its privacy policies. However, it is not a common practice for consumers to change to another service provider in such instances because many of their family members or friends may continue to use the relevant app.
With regards to big data, the Commission focused its analysis on the market for online advertising services, on which only Facebook was active. On its side, at the time of the Commission’s review, WhatsApp sold no form of advertising and did not store or collect data about its users that would be valuable for advertising purposes. Moreover, the Commission concluded that even if Facebook was to introduce advertising on WhatsApp, there were still other competitors in this area. However, the authorities did not take into account the fact that the information collected from WhatsApp might not be substitutable with data collected from other providers. Therefore, it seems that the Commission conducted a superfluous merger control analysis of this merger and did not assess significant points which could result in anticompetitive effects.
Authorities Recognise the Impact of Data
With the rapid development of technology and the growing number of data-driven mergers, big data does not stay unnoticed by authorities. Margrethe Vestager, the Commissioner for Competition, noted in her speech that she takes people’s privacy concerns in regard to the collection of data by companies very seriously. Moreover, she asserted that most of the internet tools are free because users pay for them with their data. However, she stated that competition cannot intervene simply due to privacy concerns, but rather it should act only if these concerns and the accumulations of data distort competition in the digital market.
Furthermore, the EU Commissioner for Competition opined that big data is the new currency of the Internet. Likewise, the president of the Italian competition authority, Giovanni Pitruzzella, stated that ‘big data are the resources of our economy’ and argued that big data can lead to the foreclosure of competition.
Alex Chisholm, CMA Chief Executive, said in his speech that data can bring competition issues and provide companies with competitive advantage. Moreover, he stated that due to the variety of data available, there is no space for generalisation and the collection and potential use of such data should be analysed individually. However, he continued by saying that even though the broader range of concerns, including privacy, security and data protection, are not within the remit of competition law, the latter can try to promote these non-economic aims.
A New Approach
In 2016, Bundeskartellamt, the German Competition Authority brought proceedings against Facebook for abuse of dominant position by infringing data protection rules Before this action, competition authorities were reluctant to take into account privacy issues, as displayed by the statements in Google/DoubleClick and Facebook/WhatsApp mergers. The Bundeskartellamt’s investigation demonstrates that competition law and data protection interests are interrelated, which calls for their cooperation in assessing companies, active in digital markets. The German Competition Authority stated that ‘privacy policies could be considered from a competition standpoint whenever these policies are liable to affect competition’. Andreas Mundt, president of Bundeskartellamt declared that he was ‘deeply convinced privacy is a competition issue’.
Similarly, the Italian Competition Authority fined Facebook €3 million in regard to WhatsApp’s behaviour in breach of the Consumer Code. After the merger, WhatsApp forced its users to consent to new ‘Terms and Conditions’. Moreover, the Commission also fined Facebook €110 million because Facebook denied the possibility to use data collected through WhatsApp users’ accounts.
These cases demonstrate that competition authorities are beginning to recognise the significance of data for companies. Moreover, they acknowledge the fact that infringements of data protection rules can result in a breach of competition law, too.
Conclusion
The reason behind most of the data-related mergers is for the acquirer to get a better access to data by acquiring large datasets. Even though in most markets a merger between an establish company and a new entrant into the sector does not have a significant impact on the market due to the newcomer’s low market shares, in data-related markets, such a merger may provide the established undertaking with a large set of differentiated data access and thus increase the concentration in the data-related market. Therefore, when analysing such mergers, competition authorities need to scrutinise the impact on the market of the new entity’s accumulation of a variety of data, especially if it is a unique data set, which rivals cannot access. Despite the efficiency gains which such mergers can yield, regulators need to compare them to the risks they entail for competition. Therefore, competition authorities should not only promote innovation in these sectors, but also regulate and control the effective competition in them.