Data protection and antitrust law
Regretably I couldn’t attend Concurrence’s New Frontiers of Antitrust conference held last Friday in Paris in spite of Nicolas Charbit’s kind invitation. I hear that the conference was once again most interesting, so congrats again to Nicolas and the rest of the team at Concurrences.
Perhaps the most prominent topic in this year’s program related to the interface between data protection and antitrust law. I’m sorry to have missed the discussions over this issue, for perhaps they would have enabled me to see where’s the substantive beef that justifies all the recent noise. Whereas I understand the practical reasons why this issue has conveniently become a hot one in certain academic circles, I confess my inability to see the specific features that make this debate so deserving of special attention.
The way I see it, personal data are increasingly a necessary input to provide certain online services, notably in two-sided markets. So far so good. But this means that personal data are an input, like any other one in any other industry, with the only additional element that the recompilationa and use of such input is subject to an ad hoc legal regime -data protection rules-.
In my view, competition rules apply to the acquisition and use of personal data exactly in the same way that they apply to any other input, and then there’s a specific layer of protection. I therefore understand that data protection experts have an interest in finding out about the basics of antitrust law to realize about how it may affect their discipline, but I fail to see the reasons why competition law experts and academics should devote their time to an issue which, in my personal view, raises no particularly significant challenges. [The only specificity may be that data protection practices may constitute a relevant non-priceparameter of competition, for companies may compete on how they protect consumer data]. I would argue that this is a serious matter, but one for consumer protection laws to deal with, and in which competition policy may at most play a marginal role (I understand this was also the view expressed by Commissioner Almunia in a recent speech).
To compensate for my absence at Concurrence’s conference, on Saturday morning I read some interesting “preliminary thoughts” published last week by Damien Geradin and Monika Kuschewsky: Competition Law and Personal Data: Preliminary Thoughts on a Complex Issue. The piece provides a contrarian view to the one I just expressed. Since I might very well be wrong (that’s at least what my girlfriend’s default assumption in practically all situations…) I would suggest that you take the time to read it in order to make up your own mind. It won’t take you long, but since behavioral economics (and the clickthrough rates to the links we show) tells us that many of you are of the lazy type, in the interest of a balanced debate here’s a brief account of its content; my comments appear in brackets:
(Click here if you’re interested in reading more)
The paper argues that competition law might apply when a dominant company “(i) acquires data through anti-competitive means and/or (ii) seeks to prevent other competitors from acquiring data through anti-competitive means“. The authors use one example to support this idea, namely that of the ongoing Google investigation concerning alleged exclusivity arrangements and impediments to data portability. [In footnote 24 the authors duly disclose that their firm represents several complainants in the Google case. I don't know the terms of Google's contracts; they may be legal or not, but, again, I don't see how the nature of the input affects the standard analysis for exclusivity arrangements].
Second, the paper also refers to the Google/DoubleClick decision to highlight the relevance of merger control in this regard, pointing out that the decision “did not consider that the accumulation of very substantial amounts of personal data would foreclose actual or potential competitors“.
Finally, the paper considers one abstract question, “whether the rivals of a form owning a large trove of personal data, which we refer to as BigBrother, could use EU competition rules to gain access to that trove of data” [here I would argue that the name give to the company may not be neutral as it may perhaps predispose the reader to a give conclusion; see in this regard Boudin’s “Antitrust and the Sway of Metaphor“]. The paper then goes through a standard essential facilities analysis – noting that this would require to (a) define a releant market for personal data of the type collected by online service providers on their user; (b) prove that “access to BigBrother’s data would have to be ‘indispensable’ or ‘essential’”; and (c) prove that the refusal of access is likely to prevent any competition on the downstream market in question. With regard to the first question, the authors argue that ‘[w]hile there may or may not be a market for such data, in the IMS case, the Court of Justice of the European Union considered that for the application of its Bronner case-law “it is sufficient that a potential market or even a hypothetical market can be identified”. The paper acknowledges that the question would remain of whether the data collected by search engines and social networks belong to the same relevant market [this example assumes that BigBrother is a search engine or a social network; similar questions could arise regarding price comparison sites, auction sites, sites offering users'reviews, vertical engines, etc.]. On indispensabilty, the paper refers to Google/DoubleClick and concludes that “the access seeker will thus hold the burden that the data owned by BigBrother is truly unique and that there is no possibility whatsoever for it to obtain the data that it needs to perform its services”. Thirdly, the access seeker should prove that ‘refusal to access would be likely to prevent any competition at all” on a downstream market. [I've nothing to object to this analytical framework (the same three-pronged test that applies to the assessment of refusals to provide access to any other physical or virtual input), but it confirms my suspicion that the fact that we're dealing with personal data does raise subject-specific issues].
For a comprehensive analysis of all positions concerning the interface between data protection and competition law, take a look at the last chapter of Kevin Coates’ book (second time I quote it here this week; Kevin you owe me a beer..)