In the wake of the recent hearing of the CJEU in the German Facebook case, this post assesses two common views on the integration of competition law and privacy policy, providing a general overview of the debate we are currently facing and reflecting on its apparent future.
How privacy is relevant for competition law?
Separatist view
The academic literature recognises two opposing views on the intersection between competition law and privacy. The first theory considers that data protection law and competition law are supposed to be viewed seperately. Arguably, this separatist view originates from the Asnef-Equifax case,[1] where the court rejected the intersection between competition law and privacy. Essentially, the separatist theory views competition law and privacy as complementary, but not overlapping. The central argument remains that incorporation of privacy concerns in competition law assessment would create confusion, especially in application to consumer welfare standard.
Integrationist view
The integrationist approach accepts incorporation of privacy arguments into the competition law framework. Based on that, both price and non-price factors improve consumer welfare. There is evidence to suggest that privacy and competition law could be integrated together or acknowledged as complimentary. For example, in 2014, EDPS argued that “privacy and the protection of personal data should be considered not as peripheral concerns but rather as central factors in the appraisal of companies’ activities and their impact on competitiveness, market efficiency and consumer welfare.”[2] This is given that “consumers are also data subjects, whose welfare may be at risk where freedom of choice and control over one’s personal information is restricted by a dominant undertaking.”[3] For that reason, the EDPS argued for necessity to develop concepts of consumer harm, articulating the violations of data protection rights. Essentially, when there is evidence that companies compete to offer privacy protection to consumers, the integrationist approach considers if privacy-based competition might be impacted.
The German Facebook case[4] remains the example of a competition authority diminishing the boundaries between competition and data protection law. Germany has been the most active in integrating privacy into competition law. Its unique perspective has provided the most innovative approach to acknowledge privacy concerns into the exploitative competition law. The exploitative theory of abuse concentrates on the extraction of excessive rents from businesses or consumers. In other words, they have related to fairness rather than the efficiency based competition law violations.
To picture the integrationist theory effectively, let us consider a hypothetical merger of two internet-based companies. If before this merger, these companies compete to offer different levels of privacy, the merger assessment could consider any reduction in privacy post-merger. If there was no privacy-as-quality competition between merging parties, then the integrationist approach acknowledges any privacy-related concerns to be beyond the competition law assessment. The integrationist theory remains the most developed and accepted view on the relationship between competition law and privacy.
A fine line between the concepts
The central disagreement between these existing theories is whether privacy is a factor of the competition law analysis. It remains unclear if privacy amounts to a quality factor or a differently oriented factor. From a data privacy perspective, enforcers, courts, and digital platforms are left with opposing legal pressures on personal data treatment. The advent of Big Data fuelled innovation, leading to the emergence of new products, services, and business models. In this respect, consumer welfare has increased. Equally, data protection aims at safeguarding users fundamental rights and freedoms, without restricting the free movement of personal data. Data is valuable on the market and confers to a competitive advantage. Hence, the increased appetite for data inevitably leads to the collecting and processing of more data. In turn, this would lead to enhanced profiling and insight about consumers’ preferences, and less online privacy. These tensions could encourage the innovation brought about by data-driven competition. More competition should enhance consumer welfare. Yet, there are several unanswered questions, mainly what, and to what extent, should competition be traded at the margins for data privacy? This fluctuates around understanding privacy harms as competition law harm. However, companies, courts, and enforcers, preoccupied with analysing the complementarity between competition law and data privacy, are left with little understanding on addressing the exact nature.
The prevailing view remains that both areas of law could become complementary. Even if these two regimes demonstrate a different scope of applicability, it is accepted that privacy could act be acknowledged as a part of the quality-based competition. The prevailing narrative of complementarity between competition law and privacy will be discussed in the next section. If it holds true, then it will be incredibly convenient tool, creating a cohesive legal system. The system could pursue its respective enforcement goals. Competition could be driven by different factors other than data in a particular market. Essentially, the cases of tensions, not complementarity, are the most complex for the courts and agencies. Those cases will demand new analytical tradeoffs and methodologies. Further, such cases are likely to involve complex digital platform businesses, which operate on a new nexus. Based on that consideration, at present, the CJEU and the Commission have rejected an interlinked application of data protection and competition law in the assessment of antitrust cases.
Reflections: Competition law should intervene in conducts involving privacy-related theories of harm only if privacy-related harm relates to the market failure, not to the privacy rights itself
Essentially, the goal of Article 102 TFEU is to protect consumers. When a market is sufficiently competitive, consumers are benefited from access to goods/services of lower prices, a wide range of choices and a high quality. In a healthy functioning competitive market, high-quality products and services are offered are likely to attract consumers, with informed choices.
The current EU-level approach to privacy infringements, as per the case of Asnef-Equifax, indicates that: “any possible issues relating to the sensitivity of personal data are not, as such, a matter for competition law.”[5] I agree with this reasoning, on the basis that the mere breach of data protection provisions should not be seen as a competitive matter. While privacy standards are relevant to competition analysis as a qualitative parameter and can play a part in competition assessment, it is important to keep competition law and data protection distinct. This should not constitute an expansion of competition legal order to that of other areas of law, such as data protection, for the simple reason that competition law relates to tacking harms caused by the market failures, and remedy competitive harm. Competition law should continue to support the prevailing approach and assesses decisions involving personal data through the spectrum of protecting a competitive equilibrium in hypothetical markets.
There could be two ways in which privacy could intersect or influence competitive theory of harm: increased and decreased privacy protection strategy by Big Tech firms. The element of increased privacy protection deals with requiring users to consent to data collection (Apple). This reasoning has been noted in the BKA’s Facebook case. Consumers might be well exploited by being offered “zero price” in terms of monetary transactions. Such zero price-reasoning could be arbitrary and underline market failure in the acquisition of private personal data. Current privacy regulations ignore this market failure as they are based on consumers “rights” and ignored that something might be wrong with this market, which is framed by these rights.
This theory of harm should only be a concern if it results from some form of market failure, demonstrating a lack of competition in this market. The debate could demonstrate an important counterfactual. Recently, Google opted to phrase out third-party cookies on a browser. It is still in its infancy, following antitrust investigations in Germany,[6] Poland,[7] the UK,[8] and the EU.[9]
On the fundamental level, competition and data protection laws achieve different sets of modalities. Competition law aims to ensure undistorted competition within the internal market. Competition is conceived as the best means to ensure allocation of resources and increase consumer welfare. Privacy distortion effects could arguably both distort fairness and efficiency-based theories. Yet, we are only at the beginnings to categorise this approach. If it holds true, then it will be incredibly convenient tool, creating a cohesive legal system. The system could pursue its respective enforcement goals.
____________________________
[1] Case C-235/08 Asnef-Equifax v Asociación de Usuarios de Servicios Bancarios ECR I-11125. [2006]
[2] EDPS, ‘Preliminary Opinion of the European Data Protection Supervisor. Privacy and Competitiveness in the Age of Big Data: The Interplay between Data Protection, Competition Law and Consumer Protection in the Digital Economy’ (2014) 26
[3] EDPS, ‘Preliminary Opinion of the European Data Protection Supervisor. Privacy and Competitiveness in the Age of Big Data: The Interplay between Data Protection, Competition Law and Consumer Protection in the Digital Economy’ (2014) 33
[4] Case B6-22/16 Facebook, Exploitative business terms pursuant to Section 19(1) GWB for inadequate data processing. <https://www.bundeskartellamt.de/SharedDocs/ Entscheidung/EN/Fallberichte/Missbrauchsaufsicht/2019/B6-22-16.html?nn=3600108>
[5] Case C-235/08 Asnef-Equifax v Asociación de Usuarios de Servicios Bancarios ECR I-11125. [2006]
[6] the Bundeskartellamt (BKartA) also investigates the Apple ATT feature. BkartA, press release, Proceeding Against Apple Based on New Rules for Large Digital Companies (Section 19a(1) GWB)— Bundeskartellamt Examines Apple’s Significance for Competition Across Markets, June 21, 2021. https://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2021/21_06_2021_Apple.html ;jsessionid=2906AB1F1A71C240E89AC659BCA5A31C.1_cid387
[7] Office of Competition and Consumer protection, press release, Apple: The President of UOKiK Initiates an Investigation, December 13, 2021. https://www.uokik.gov.pl/news.php?news_id=18092
[8] In the UK, the Competition and Markets Authority (CMA) investigates Google’s Privacy Sandbox. CMA, press release, CMA to Have Key Oversight Role over Google’s Planned Removal of Third-Party Cookies, June 11, 2021. https://www.gov.uk/government/news/cma-to-have-key-oversight-role-over-google-s-planned-removal-of- third-party-cookies
[9] EC, press release, Antitrust: Commission Opens Investigation into Possible Anticompetitive Conduct by Google in the Online Advertising Technology Sector, June 22, 2021. https://ec.europa.eu/commission/presscorner/detail/en/ip_21_3143
________________________
To make sure you do not miss out on regular updates from the Kluwer Competition Law Blog, please subscribe here.