Session
Institute for Internet & the Just Society
Petar Pešić, Institute for Internet & the Just Society, Civil Society, WEOG Sahil Tharia, Institute for Internet & the Just Society, Civil Society, WEOG Marco Schmidt, Institute for Internet & the Just Society, Civil Society, WEOG Juliana Novaes, Institute for Internet & the Just Society, Civil Society, WEOG. Jalaj Jain, Institute for Internet & the Just Society, Civil Society, WEOG. Miljana Todorović, Institute for Internet & the Just Society, Civil Society, WEOG.
Mario Tavares Moyron, AXA (Technology Practice, Financial Industries), Private Sector, WEOG Nidhi Singh, Panel Counsel, Delhi High Court & Supreme Court of India, New Delhi, Government, Asia-Pacific Group
Jalaj Jain, Institute for Internet & the Just Society, Civil Society, WEOG.
Marco Schmidt, Institute for Internet & the Just Society, Civil Society, WEOG
Presentation with Q&A.
English
The purpose of our presentation is to contribute to the debate on whether or not privacy and data protection concerns should be a part of antitrust policy and particularly of merger analysis, and what would be the appropriate manner for it to be addressed by competition authorities. Traditionally, privacy does not constitute an antitrust concern and falls outside the scope of competition law, nor do the competition watchdogs address data as an essential facility of relevance for the cases of merit. It is repeatedly held that data privacy and personal data protection concerns are irrelevant for competition assessments and are adequately protected under their specific regulation. This is expressed in the ‘privacy fallacy’, which assumes that a decrease in the level of privacy measures automatically constitutes a breach of data protection rules. However, some merger submissions should provide clear inputs on the privacy perspective whenever the entities under scrutiny belong to heavy data-driven industries. This is when data should be considered as a critical component of the business model and thereby it would impact the domain of consumer protection laws as well. In such regard, our intention by holding this dialogue, is to lay out some of the possible means for competition authorities to analyze data for data-driven industries, and in view of the nature of it, potentially drawing some minimum guidelines for the ethics of privacy and data governance to be embedded as a consumer concern within the competition law test. In addition, our objective is to explain that privacy could be considered a measure for consumer welfare but on a case-by-case basis, as not all data-driven businesses may enter by default into the scope of personal data protection regulation. The above, in light of current challenged approaches whereby data protection becomes a burden, notably for giants of the technology industry.
Complementary resources: https://www.internetjustsociety.org/propensity-of-data-accumulation-to-raise-barriers-to-entry; https://www.internetjustsociety.org/privacy-as-an-element-of-product-quality-in-assessment-of-data-driven-mergers; https://www.internetjustsociety.org/sensitive-data-mergers-and-consumer-welfare; https://www.internetjustsociety.org/one-way-ticket-to-luxembourg-facebook-v-bundeskartellamt-at-the-ecj.
Related policy questions: How to enable equitable access to data, marketplaces or infrastructures for fostering competition and innovation on the Internet? What regulatory approaches are/could be effective in upholding consumer rights, offering adequate remedies for rights violations, and eliminating unfair and deceptive practices from the part of Internet companies?
Participation from the audience will be strongly encouraged. To help listeners participate and to collect their feedback easily, we are planning to use Wooclap, a user-friendly platform that helps to attract the attention of the audience. It is not our purpose to overload the audience with information, rather we aim to keep them engaged. We plan to do this also by showing a PowerPoint presentation, as visual support to our narrative, to improve the audience's focus. This shall help us in holding the attention span of the attendees and in simplifying the technical and legal elements of privacy, data protection and competition law that are essential to the dialogue. After the presentation, the audience will have time to interact with the presenters during the Q&A part of the session, by debating the issues pointed out and providing regional and local insights to the discussion.
Report
Data privacy law has become its own domain of law in the last two decades but it should nowdayas be seen in conjunction with antitrust laws, especially in merger proceedings in markets that are highly data-driven.
Privacy is a part of consumer welfare and data becomes more and more a factor in competition, be it in the shape of a competitive advantage (non-price competition) or as a barrier to entry. At the same time, companies compete on privacy which inherently causes friction. A conduct that might be found anti-competitive could at the same time protect consumer’s data which underlines the need for more stream-lined data protection and antitrust regimes
Competition and Data Protection Authorities need to be enabled by legislators to cooperate more closely in order to implement data privacy into competition policy
Data and privacy matters need to be introduced into competition legislation to account for the new ways in which companies compete today
The Big Data & Antitrust Cycle of the Institute for Internet & the Just Society hosted “Lightning Talk #60 The role of privacy in antitrust policy in highly data-driven markets” during the 2021 IGF. Two speakers were invited:
- Ms. Nidhi Singh, who is a Panel Counsel at Delhi High Court & Supreme Court of India in New Delhi and Deputy Director at the Centre for Competition Law & Policy at GLA University
- Mr. Mario Tavares Moyrón, Senior Legal Counsel at AXA Group Operations in Paris, France.
Mr. Moyrón started off by introducing the topic by outlining his thoughts on the relationship between privacy and antitrust. He stated that competition authorities have sometimes faced backlash after taking questions of data privacy into account during, for example, merger proceedings. While many jurisdictions recognize the right to privacy, sometimes even in the respective constitutional texts, some commentators seem to not follow the notion that privacy is part of the consumer welfare that prevails in many antitrust regimes worldwide. This is already contradicting the fact that often there are data (and consumer) protection agencies that act to the benefit of consumer welfare. Problems do arise now when competition authorities need to assess behaviors or planned mergers in markets that rely heavily on data. Within the last decade, through rapid technological progress, data has become an essential facility that grants huge competitive advantages.
While some argue now that data should not be considered to form part of consumer welfare as many give up their privacy in exchange for services, this view neglects that data is an important asset in the competitive process. In his view, it is then only consequent to have competition authorities consider questions of data protection as well. At the moment though, competition policy does usually not allow for this, so the approach as to how to solve this issue is subject to debate. One could of course consider an expansion of the mandate but it seems more likely that every authority or regulatory body should stick with its own special expertise. This would make processes for cooperation between data protection and competition authorities necessary which are not in place yet (a so-called “dialogical regulatory function” in order to avoid confusion over competencies). It is therefore up to legislators to clear the way for this evolution of competition law. He illustrates these points by making reference to the case the German Federal Cartel Office brought against Facebook, in which provisions of the European General Data Protection Regulation (GDPR) were used to actually constitute an infringement of competition law. In that case, the Competition Authority also cooperated with the competent Irish Data Protection Commissioner. The efforts that are being made in Europe, one notable example is the introduction of § 19a in the German Act against Restrictions of Competition, will eventually need to be scaled up on a more global level as data-driven markets usually have an international dimension and the same questions will therefore arise.
Subsequently, Ms. Nidhi Singh took over and underlined that the digital environment has brought drastic changes to our regulatory landscape that need to be addressed. Just like IP and consumer protection law have had their fair share of influence on competition regimes, data privacy law as a separate domain of law will more and more do so. She argues that data is particularly important in the competition since most services of big platforms are offered for free. Firms cannot compete on price, so only non-price competition remains and there are instances in which tighter or more transparent privacy policies have been considered positively by consumers. Data has proven to be crucial in merger cases as well, even though the merging parties might not operate in the same market, the acquisition of one firm’s data set can be extremely valuable to the business model of the acquiring party.
Ms. Singh continues to cite Erika A. Doughlous who outlined two areas of tension between data privacy and competition law regimes. Firstly, companies often invoke privacy as a justification against allegations of anti-competitive behavior. Secondly, granting access to data that a firm holds has become an increasingly popular remedy to mitigate competition concerns. It seems that courts however neglect the data implications competition law cases have (“competition first approach”). As an example, HiQ v. LinkedIn is explained, a case in which The U.S. Court of Appeals for the Ninth Circuit has rendered LinkedIn’s termination of HiQ’s access to user profile data unlawful as unfair competition, even though HiQ had violated user privacy settings. This also contradicts the FTC’s enforcement policy and shows how contentious the relationship between those two areas of law is. Margrethe Vestager, the European Commissioner for Competition, has also pointed out that data has become an increasingly important factor in the competition which makes granting access to data an effective behavioral remedy in order to maintain/restore competition. Problems are posed by the mandate that competition authorities are being given which limits them with regards to the scope they conduct their investigations and assessments in. Ms. Singh suggests, in conclusion, to view competition and data protection law as complementary disciplines that should not be considered exclusively in order to do justice to the new digital economy.
One question from the audience is directed to Mr. Moyrón and concerns the implications the GDPR has in an antitrust context. Mr. Moyrón explains that often consumers do not know how their data is used and the GDPR has provided useful information in order to create more transparency for consumers. This should eventually foster competition as consumers are enabled to make better-informed decisions. Another question is directed to Ms. Singh, she’s asked whether she thinks that there is a trade-off between profits and privacy or if firms that respect privacy will be the ones that are more successful in the long run. She explains that there seems to be a conflict between respecting privacy and gathering data. While privacy might be valued by customers, big amounts of data might be a competitive advantage a firm needs over its rivals. At the same time, she observes a development that more privacy is increasingly an argument for consumers to choose a specific firm, so the balance might be shifting.