The EU’s data watchdog, the European Data Protection Supervisor (EDPS), recently published his views in a report on “the interplay between data protection, competition law and consumer protection in the digital economy”. His basic thesis is something that has been self-evident, and much commented upon, big data is an issue EU regulators need to work on together to manage and to deal with its impact on consumers. He said:
The evolution of big data has exposed gaps in EU competition, consumer protection and data protection policies that do not seem to have kept up with this development. Smarter interaction across these partially overlapping policy areas will support growth and innovation and minimise the potential harm to consumers. The EDPS is pleased to be facilitating discussions between regulators and experts in these fields.
It’s not clear what if anything is happening between regulators, but what is clear is that competition lawyers are still in the early stages of grappling with big data’s implications. The EU’s lead competition enforcer, EU Commissioner Almunia of the European Commission (EC), recognized in November 2012 that big data raises simultaneous competition, consumer protection and data protection issues. In a Brussels speech (“competition and personal data protection”) he said:
Companies evidently try to use their access to personal data to gain commercial advantage vis à vis users. It is necessary to strike the right balance between regulation and competition policy enforcement. In my view, this sort of commercial abuses should be tackled first by a strong and effective consumer policy. …. When unfair or manipulative commercial practices become pervasive in a market to the detriment of consumers and users the matter is best resolved with regulation.
Accordingly, competition law should not be the first port of call. This is sensible because personal data is ultimately an input just like any other used by businesses. The application of competition law is fact and case-specific, and will not solve all the problems around big data and its consumer impact.
So far the EC has not handled cases where the accumulation or manipulation of personal data was alleged to have hampered competition.
The leading case in which personal data has been looked at was in the context of a business transaction– the 2008 merger between Google and DoubleClick.. The EC considered a deal between a company that could collect a lot of personal data (DoubleClick) and another with the technology to target ads and monitor their performance (Google). Following an in-depth investigation, the EC eventually cleared the transaction.
However, the EC considered the effect of the increase in the amount of personal information obtained by the merged entity (i.e. Google). The EC found that the combination of information on search behaviour and web-browsing behaviour would not give a competitive advantage in the advertisement business that could not be replicated by other players that have access to similar web-usage data. Nevertheless, the decision stated it was clearing the merger “without prejudice to the obligations under EU legislation in relation to the protection of individuals and privacy with regard to the processing of personal data” (this did not say much because companies have to comply with all other laws anyway).
This does not mean that another merger could not raise big data issues; for example, if a company has exclusive access to personal data in a given market, there could be concentration concerns. Concerns could also be dealt with using other tools of competition enforcement, such as control of the abuse of dominance. An allegation of abuse of dominance could be used to deal with, for example, the acquisition of data using anti-competitive means, attempting to impede access to data (by competitors) using anti-competitive means, or refusing access to data.. Indeed, Commissioner Almunia recognized this in his Brussels speech:
The fact that we have not encountered such a case [in which the accumulation or the manipulation of personal data was or could be used to hamper competition] does not mean that we can rule out the practice altogether”. Indeed, he further said that the line between the sensible use of big data and its abuse “is very thin”.
Turning back to regulation, there is, of course, a link between how an industry or activity is regulated and how competition law applies to it. In the data protection field, an example of a regulatory issue directly affecting the competition law analysis is the “right of portability”. As Commission Almunia commented, “The portability of data is important for those markets where effective competition requires that customers can switch by taking their own data with them”. If customers are prevented from switching from one company to another because they cannot bring their data along, a competition issue may arise.
It is not yet clear how this debate will resolve, but one thing is clear; competition law and data protection issues will begin to encroach and intersect with each other more and more. Competition law in this area is a danger to companies with market power who amass data but is also an opportunity for companies that are trying to access data. Lawyers and businesses involved in these areas should be aware of these issues; regulators certainly are.
For those who are interested, the EDPS is running a workshop to follow up his report on 2 June 2014 in Brussels.