On February 7, 2019, German’s antitrust authority, the German Federal Cartel Office (“FCO”), issued a decision about the abuse-of-dominance rules, to ban Facebook from combining user information collected from non-Facebook platforms – including Facebook-owned services like WhatsApp and Instagram, and other third-party websites and mobile apps – and associating the information to user’s Facebook account, unless the company has obtained that user’s voluntary consent. The FCO reasoned that Facebook has a dominant position in the social network market, and it abused that dominance when imposing “exploitative business terms” without users’ awareness to collect and use their data from off-Facebook channels. The company “gained a competitive edge over its competitors in an unlawful way and increased market entry barriers, which in turn secures Facebook’s market power towards end customers,” said the regulator.
While the German decision is the first of its kind examining a violation of privacy law under the abuse of dominance rules, it is not the first time when data protection meets competition issues. Confluences can be found in some high-profile merger review decisions where technology companies are the parties, like the Microsoft and LinkedIn case reviewed by the European Commission, or the Google and DoubleClick case by the US Federal Trade Commission’s (“FTC”). In the end of 2018, Australian Competition & Consumer Commission issued a report about online platform’s impact on competition, addressing consumers’ bargaining power related to competition law principles from the angle of platforms’ data practices. Also in recent China, Tencent sued ByteDance against unauthorized collection of user data, claiming unfair competition.
Is using competition law to restrict data practices becoming a global trend?
The European Commissioner for Competition, Margrethe Vestager, is vocal about the significant role data is playing in the arena of competition law, concerning that merging datasets may become a barrier preventing new market entrants. But when asked for comments on the FCO’s recent decision about Facebook, she said that the case was partly based on German law and should not serve as a template for the future EU action.
Indeed. The European Commission has been reluctant to find data practices threatening market competition, as the precedents showed. In the 2014 Facebook/WhatsApp merger review, the Commission concluded that “[a]ny privacy-related concerns flowing from the increased concentration of data within the control of Facebook as a result of the transaction do not fall within the scope of EU competition law.” Two years later, the Commission seemed to soften their policy in the Microsoft/LinkedIn merger review in 2016, recognizing the possibility that a merger may eliminate competition due to the post-merger combination of data. However, it ultimately decided that the combination of datasets of Microsoft and LinkedIn “does not appear to result in raising the barriers to entry/expansion for other players in this space, as there will continue to be a large amount of internet user data that are valuable for advertising purposes and that are not within Microsoft’s exclusive control.”
The benchmark probably only becomes higher when coming to the United States that deeply believes in free market, asking for proof of concrete harm to the welfare of consumers in antitrust cases. In the AT&T/Time Warner case, the court said the merger would help form up a stronger database to compete with other market players like Netflix and Hulu. In the Google/DoubleClick one, the FTC majority concluded that the integration of these two companies’ datasets would not constitute “an essential input to a successful online advertising product” when some competitors have their own unique data sources and can collect data from other channels.
In China, the trial court of the Tencent v. ByteDance case decided that data is a valuable asset for business. And China government is taking great efforts to push its domestic companies to become global leaders in the AI and big data industries, both data-intensive, further indicating that China government would tend to favor business and not to impose strict restrictions on data merging under the market competition context.
Should the competition law be used to restrict companies’ data practices?
The major reason supporting yes is that a company may achieve a monopoly on data that its competitors also need and cannot get a competing set from other sources. For example, in the Facebook case, considering the significant scale and impact of the platforms of Facebook, Instagram, and WhatsApp that then get combined with other third-party websites and apps, there exists a solid argument that the data collected and integrated across these channels can constitute a barrier preventing other businesses in the same market to efficiently compete with Facebook.
The former FTC acting head Maureen Ohlhausen argued in a paper that the values of competition law and privacy law are conflictive – to prevent an entry barrier keeping out competitors, competition law encourages sharing in areas where data are difficult or expensive to obtain, but privacy law concerns individual control over data that effectively limits data sharing. Accordingly, Ohlhausen concluded that “[u]sing competition law to force sharing of consumer data as an essential facility, perhaps to mitigate this effect, would undercut the fundamental purpose of the privacy law.”
I doubt that the essential purpose of competition law is to encourage sharing. The fundamental concern of competition law is to protect consumers’ rights and freedom to make meaningful choices and to ensure market innovation through maintaining a fairly competitive market. Neither do I agree that the ultimate purpose of privacy law is to limit data sharing. Rather, I think privacy law is to regulate and restrict unfair data sharing that disrespect people’s privacy rights. As the German Facebook decision showed, what the regulator really cared about is whether the company would achieve an unassailable market dominance via unfair data practices – the key is how the data has been collected, used, and shared, in a fair and privacy-respecting manner.
A bigger challenge I think comes from the problem of “harm.” As mentioned above, at least in the United States, concrete consumer harm is still a prevailing requirement in competition cases. The current competition law centers on consumer welfare, which traditionally has been narrowly focused on price effects resulted from market dominance. There is a growing voice urging to include non-price effects. But even so, how to prove privacy harm is still a thorny question for now.
The FCO did not give a clear explanation in its Facebook decision on what exact consumer harm was caused in respect of competition law. It said the damage was from two aspects, one that users lost control over their data, and the other that the competition was diminished as Facebook would become increasingly indispensable for advertising customers with the merging data. But neither presents a competition law-satisfied consumer harm beyond the GDPR violations.
A last thought is, does extending competition law to data practices mean that companies may be exposed to double risks of violating competition law and privacy law? The FCO said in the Facebook case that the task of monitoring data practice of dominant companies cannot be fulfilled by a data protection authority, but it would work closely with data protection authorities in assessing whether the data practice is unfair. How to divide the authority jurisdictions could be another challenging issue.