Facebook, Privacy and Article 102- a first comment on the Bundeskartellamt’s investigation
The German Competition Authority announced this morning that it has opened an abuse of dominance investigation on Facebook “on suspicion of having abused its market power by infringing data protection rules”.
According to its Press Release, the theory of harm is that Facebook may have exploited its arguable dominant position in “the market for social networks” by adopting terms of service on the use of user data “in violation of data protection provisions”.
In order for users to access the social network, users must accept Facebook’s terms of service. To me, this sounds perfectly normal, but the press release underlines that “there is considerable doubt as to the admissibility of this procedure, in particular under applicable national data protection law”. But the authority’s preliminary reasoning seems to be that users would not accept those terms of service should the company enjoy a lesser degree of market power.
The President of the Bundeskartellamt has stated that “Dominant companies are subject to special obligations. These include the use of adequate terms of service as far as these are relevant to the market (….) it is essential to also examine under the aspect of abuse of market power whether the consumers are sufficiently informed about the type and extent of data collected.”
This is a first, and it is a relevant one. A few comments off the top of my head:
-Wasn’t this clear already? This development fits, as you know, within a trend to try to squeeze privacy considerations into the realm of competition law. This is something that we have discussed abundantly (see e.g. here or here) and that I, for one, think has been appropriately settled by both the ECJ (Asnef Equifax, para 63 “any possible issues relating to the sensitivity of personal data are not, as such, a matter for competition law, they may be resolved on the basis of the relevant provisions governing data protection”) and the Commission decisions in Google/DoubleClick or Facebook/Whatsapp (para. 164: “privacy-related concerns flowing from the increased concentration of data within the control of Facebook as a result of the Transaction do not fall within the scope of the EU competition law rules but within the scope of the EU data protection rules.”)
-The ever growing responsibility of the dominant firm. It also is part of another tendency, that of extending the “special responsibility” of the dominant firm in order to comply with the law, and not just with competition law, with literally any legal provision. We have discussed this in the past too, in relation to the ECJ’s Judgment in Astra Zeneca (see here) as well as with the “scraping” allegations levied against Google (see here).
-Isn’t the imposition of “unfair trading conditions” expressly mentioned in Article 102. a)? It is. And it is also widely acknowledged that privacy can be one parameter of competition. So, admittedly, and theoretically, the Bundeskartellamt could build an exploitative case alleging that Facebook sets infra-competitive privacy terms and conditions. However, this does not seem to the reasoning underlying the investigation. Perhaps this has to do with the difficulties in determining which is the “competitive” level of privacy. If it is difficult to determine when a price is ‘excessive’, imagine when it comes to this question. This line of analysis does not sound to be a particularly promising one (without having spent a fortune in expert analysis I suspect that plenty of services with much less market power than Facebook have much lower privacy standards….). Possibly in the light of these difficulties the authority is prepared to take a shortcut, automatically equating an alleged “violation of data protection provisions” by a dominant company with an abuse of dominance.
-Omniscient and omnipotent competition authorities. So essentially, this investigation sends the message that competition authorities can now police any breach of the law by dominant companies. Competition authorities should therefore be not only experts in competition, but in any other branch of the law? Good luck with that. This may give the Commission equally absurd ideas; it could, for instance, now challenge tax advantages alleging that those were only received because of the economic pre-eminence of some companies….
-If the conduct already breaches other rules, why bother with competition law? Competition authorities have scarce resources. If it is already a given that a conduct breaches other provisions (this seems to be the premise to the investigation), then why bother doing through the hurdles of a 102 case?
–The challenges of establishing dominance in the face of unhelpful precedents. Leaving wider issues aside, and moving on to dominance, the case seems to be premised on the arguable dominance of Facebook. But, in the light, among others, of the General Court’s Judgment in Case T-79/12 and of the Commission’s decision in Facebook/Whatsapp, the German authority seems poised to have a tough time. Those precedents make it clear that dominance in these markets may be very hard to establish, particularly since social networks are very dynamic, services are provided for free, the role of network effects is mitigated, there are no economic or technical barriers for users to switch, etc. (for my comment on Case T-79/12, see here). [It would also be interesting to see the assessment of the competitive constraints posed by others in these markets (e.g. Google was considered to exert strong pressures in MSFT/Skype despite its 0-5% market share -decision, paras 124 et seq, and para 70 of the Judgment.- )].
-On the connection (or lack thereof) between dominance and the abuse. The Press Release does actually say –or suggest- something which is arguably sensible (albeit contrary to Continental Can and Astra Zeneca) when explaining that it needs to check whether there is “a connection between such an infringement and market dominance”.
–Wrongly paternalistic competition law? When commenting on the debate on digital platforms (the video of my intervention at the European Parliament is now available here) and on the antitrust/privacy interface, I have always said that in the face of privacy-related concerns what public authorities should do is make sure consumers are in a position to make informed choices. Competition law is there to preserve choices, and here consumers have it. Facebook is not an unavoidable trading partner and consumers are not locked in to it; if consumers don’t think it’s worth giving data in exchange for the service, they won’t join. There may be a market failure, but one that has to do with asymmetries of information, not market power. In other words, whether consumers know or not what terms and conditions they are accepting may be a public policy issue, but one that, in my humble view, is not for competition law to address.
P.S. I was supposed to be discussing this precise topic on Saturday at this AIJA conference on media and technology, but I have had to ask my colleague Sam Villiers to replace me. Chillin’Competiiton will nonetheless be represented by Pablo.
Chillin'Competition 
Ah, some sense being spoken, thanks!
Also of concern, in my view, is the issue of asserting that a conduct vis-à-vis consumers can be an exploitative abuse without as much as an (indirect) competitive foreclosure or harm to the competitive process that could, in turn, lead to an increase in prices.
Not sure how the BKA can put forward a valid theory that makes legal and economic sense in these circumstances. As you rightly point out, there may be a privacy and/or consumer law case to be made, but not a competition one,not with these facts.
Miguel
3 March 2016 at 1:03 am
Could not agree more with you on this.
Another illustration that the doctrine of abuse of a dominant position is abused (pun intended) by some competition authorities to try and tackle problems that are not theirs to deal with.
And it is also a good example of the possible flaw in the doctrine in general: why should a company be punished for merely being successful? I appreciate it’s not as black-and-white as that, but this case left me wondering once more.
Bram Nijhof
3 March 2016 at 10:01 am
Alfonso, thanks – thought-provoking as always. I think the BKA is locating the harm in the advertising deal, not in the data protection infringement per se. In other words BKA is saying that if FB had clearer privacy T&Cs, fewer people would sign up and as a result FB would win less advertising revenue.
Andrew Fielding
3 March 2016 at 11:15 am
Data is the currency with which we pay for access to Facebook. In that light it makes sense to have an ‘excessive pricing’ test for services where data – and not cash – is the consideration. The idea is new but not that far fetched although I agree its very difficult to estimate what the competitive level of privacy is.
Sam
3 March 2016 at 6:18 pm
Sorry, Sam, but, with respect, no, the use of data isn’t new nor has it suddenly become a currency with which to pay for services.
For starters, users of a service in dual markets don’t pay, not in a traditional or in any other sense, and that is settled case law and standard economics. Advertisers pay, just like with countless other services and products that are far from new, like TV & radio (where users pay nothing, but have to watch commercials), and printed media (where the nominal price of a magazine issue is heavily subsidised, sometimes fully, by the ads inside it). So it isn’t a new phenomenon: how many decades have we been watching TV without paying for it, except by watching commercials tailored to the people most likely to be tuning in to a given show at a given time of day?
The one thing online display ads and search ads are better at is offering advertisers a really good metric of ROI, and better opportunities at more granular viewership segmentation.
In addition, and unlike currency, data doesn’t run out, doesn’t lend itself to monopolization (like other inputs do), it is replicable, and is reusable countless times by the same user. In other words, it isn’t a scarce resource, and, as a result, it doesn’t follow demand-supply patterns associated with the expenditure of actual money.
Finally, and related to my first point, that companies are better able to read into consumer behaviour and data patterns today doesn’t mean this has suddenly become a novel way of paying for goods. Focus groups and consumer panels have existed for even longer than Nielsen TV ratings, but somehow only when the same activity (understanding your customer and speaking to them through marketing efforts) is done online do people throw their arms in the air and panic about unspecified wider implications. (May I remind you that, for big data to work, an individual’s data is meaningless, it’s the aggregation of heaps of anonimized information that is useful to any company, whether an insurer trying to determine the right level of premiums and payouts for its products, or a supermarket using its loyalty scheme to determine when is the best time to offer a 3-for-2 promo on powder detergent.)
That is why price is still the relevant competitive parameter in which to analyse consumer harm from a pure antitrust perspective. Give me a market with a price (advertising, for instance) and potential abuses of dominance in it (or in adjacent markets), together with a credible theory of harm (hopefully including negative effects on the competitive process, and causation between the dominant firm’s conduct and the negative effect), and then we’ll be talking business.
Until then, it all just looks like competition enforcement agencies once again trying to regulate a reality they don’t fully understand.
Miguel
4 March 2016 at 6:27 pm
Hi Miguel.
I wasn’t claiming that use of data is new by any means; but rather that the idea of policing privacy terms under competition law is new (as far as I know). So far I agree with you.
I do think, however, that data can be considered a comodity of value, and that data therefore can be viewed as consideration for a service (for example the service of access to a social network). As I understand it, the BKA’s theory of harm is not exclusionary (foreclosure) but rather exploitative. If one accepts that data can be a commodity, then I don’t see why it – as a matter of principle – should fall outside the scope of competition law (including the notion of ‘excessive pricing’/unreasonable terms).
I think the BKA would probably argue that it is just applying competition law to the realities of how the market works. But I completely agree that it raises all sorts of difficulties and complexities if this case is successfully pursued.
Interesting case and debate 🙂
/Sam
Sam
4 March 2016 at 7:27 pm
Hey Sam,
The temptation of using antitrust rules to tackle strictly privacy concerns might seem new, but it isn’t: Alfonso has cited Google/Doubleclick, FB/Whatsapp and Msft/Skype, and has pointed to just a couple of his own blogposts where he explains why mixing the two isn’t generally a good idea. Despite the Commission’s clear indication that privacy and data protection aspects play no role in competition investigations (yes, that bluntly), it hasn’t stopped Commissioner Vestager from echoing the (more-political-than-legal) sentiment that “data is the new currency”.
The question is: what is it *really* about data that warrants likening it to money/price in terms of competition enforcement? And, why stop there? Why not also analyse other parameters in the same vein? If we must accept that there is such a thing as data / privacy competition (not as an input or as a concurrent circumstance but in and of itself, i.e. as a turf where competition between undertakings happens for the contract goods and is a result of demand and supply dynamics at play), then why not lead-time competition, or customer-service-availability competition, or forum-and-law-shopping competition, or passage-of-risk competition? They are all contractually set, and surely economists could assign “values” to the different ways in which companies offer and consumers demand these…
The problem with this would be: no unilateral conduct in any of these parameters would negatively affect the competitive process for the contract goods, nor would they ultimately harm consumer welfare, in the antitrust sense of it.
Besides, if, as you rightly claim, the use of consumer data by companies isn’t new, what new is there to regulate from a competition perspective?
Of course the BKA is trying to pass this off as an exploitative and not an exclusionary abuse – because it’s the only category that the conduct of an allegedly dominant firm directly impacting a consumer can fall into. And even then, the literature limits these types of abuse to excessive pricing or other commercial conditions (with regards to the contract goods, though) where the dominant firm may reap in profits it would not obtain in the absence of dominance. So, what is the supra-competitive profit here?
I object to the notion that data is payment in kind for a service because of the dual nature of the market Facebook (and many others) operates in: the fact that it does so in the online realm doesn’t change the fact that an advertiser is paying (real money) for the ability to more efficiently target a specific viewership. Nothing more, and nothing less. That’s where the money flow is, and that’s the side of the market where dominance can be abused (or the negative effects appear), if at all. On the consumer / “free” side, you may encounter other legal problems (privacy, data protection, misleading advertising, fraud, identity theft, etc.), but certainly not an abuse of dominance one, not even exploitative.
Even if I were to play along and accept data as “consideration for a service”, two very basic hurdles that the BKA would have to face are, firstly, in what actual product/service market is Facebook dominant and in which is it abusing its dominance? And, secondly, what is Facebook doing that’s different or worse than other online players in terms of its privacy T&Cs?
Bottom line: if the data isn’t the object of a commercial trade and gain (which is what happens when a database – of pharmaceutical sales, for instance – is being licensed or sold), then competition law should have little to say about its collection.
Anyway, I guess what I’m trying to say is neither us nor the BKA should overcomplicate things this much! 🙂
Best,
Miguel
Miguel
4 March 2016 at 10:45 pm
Hi! First many thanks to Alfonso for coming up with this post, and to Sam and Miguel for creating this interesting debate I’m picking up late, but on which I’d like, at least, to share some quick thoughts!
I think all of us agree that data protection law infringements must be dealt with data protection law, which, in turn, must be enforced by DPAs and not competition authorities. However, this does not mean that the collection and processing of personal data carried out by Facebook (or other companies) may not raise competition law issues.
Miguel, I think that by “dual markets” you refer to “two-sided markets”. If yes, I disagree with your affirmation that users of those markets do not pay for the goods or services they receive. Most of the revenues made by platform operators might not come from the “fee” paid by users, but, at least in most of the examples that come to my mind, they do pay, even though this “fee” might not cover even the marginal cost of the product. Think on computers, video-game consoles, operating systems, smartphones, newspapers, paid-TV channels…
When it comes to Facebook, the services that a user receives are not for free, but are given in exchange of something: the sharing of a significant amount of personal data, which is processed, inter alia, for targeted advertisement purposes. As long as this exchange takes place I think Sam is right pointing towards “excessive pricing / unreasonable terms”. I don’t see any reason either to exclude, in principle, data/service (or content) exchanges from competition law.
In that regard, the German NCA might consider that the information that Facebook is providing on the amount of user data collected and on how (and for which purposes) this data is processed is not clear enough, or missleading. That could be considered as an infringement of both data protection and competition law.
The same goes, by the way, for all the parameters mentioned in Miguel’s answer (“lead-time competition, or customer-service-availability competition, or forum-and-law-shopping competition, or passage-of-risk competition”). If one considers, as the General Court did (DSD, T-151/01), that a company in a dominant position abuses that position “where it charges fees which are disproportionate to the economic value of the service provided”, a unilateral conduct significantly modifying those parameters, but maintaining the price, could be caught by 102A, as long as those parameters can be included in the “economic value” of the service provided.
Diego
11 March 2016 at 6:23 pm
Those who are more engaged on Facebook are more likely to modify their privacy settings more frequently. Table 5c breaks down the frequency of changing Facebook privacy settings by how frequently respondents check people s status updates, post their own status updates and comment on their friends updates. Whether posting a status update or commenting on a friend s update, those who are regularly engaged in content contributing activities on Facebook are more likely to modify their settings than those who share on the site less frequently. This makes sense given that those who regularly post content may be more conscious of their audience,
Darwin Halford
12 March 2016 at 3:32 am
On data as currency I have the same hunch as you Miguel, but I do not think however that the ideal is more “political” than “legal”. For instance, the draft directive on contracts for the supply of digit. content applies to instances where “the supplier supplies digital content to the consumer […] and, in exchange, a price is to be paid or the consumer provides counter performance other than money in the form of personal data or any other data”
Jorge
16 March 2016 at 12:58 pm
I think that the BKA takes a very German approach if I may call it like that. They combine (unfair) general contract terms provisions and the competition law provisions concerning exploitative abuses. And if I understand it correctly, then basically data protection becomes a violation of unfair contract terms which qualifies as an abuse of dominance a la Art.102 (a) TFEU but then German Article 19 GWB.
“Konkret erfolgt die Erhebung von Nutzerdaten vielfach dadurch, dass Nutzer den Allgemeinen Geschäftsbedingungen (AGB) der Internetplattform zustimmen. Insoweit sind parallel Gesichtspunkte des Verbraucherschutzes relevant, etwa bei der Form der Einbeziehung von AGB und den Möglichkeiten, alternative Anbieter mit anderen, datensparsameren AGB zu nutzen.
In den AGB ist dann zumeist eine Klausel enthalten, mit der Nutzer einer Erhebung (und ggf. Weiterverwendung) personenbezogener Daten zustimmen. Ein solches Verhalten könnte als Konditionenmissbrauch gemäß § 19 Abs. 2 Nr. 2 GWB angesehen werden, wenn Geschäftsbedingungen gefordert werden, die von denjenigen bei wirksamem Wettbewerb abweichen. Die Verwendung unzulässiger AGB durch marktbeherrschende Unternehmen kann grundsätzlich einen Missbrauch im Sinne des § 19 GWB darstellen, insbesondere, wenn die Vereinbarung der unwirksamen Klausel Ausfluss der Marktmacht oder einer großen Machtüberlegenheit ist.56 Denkbar ist auch ein Missbrauch unter dem Gesichtspunkt des Behinderungsmissbrauchs, soweit unzulässigerweise erhobene Daten die bestehende Marktmacht verstärken.”
Kati Cseres
7 June 2016 at 2:03 pm
Dear Kati,
dear colleagues,
the BKartA does not say that an infringement of data protection law is automatically an abuse of dominance as well. You may see the actual press release concerning the opening of the investigations. You did quote a working paper of the year 2015, which certainly provides some insight, but does not tell the full story of what the BKartA’s theory of harm may look like. There the BKartA makes it very clear, that an infringement of data protection law does in no way lead automatically to an abuse of dominance as well, where dominance is established. Rather, the BKartA is exploring the possibility of an abuse by facebook’s way of making the user’s acceptance of their way of collecting and using the user’s data a precondition to access the social network, especially in,BUT NOT LIMITED TO to the case where data protection laws are infringed: “…here is considerable doubt as to the admissibility of this procedure, in particular under applicable national data protection law. If there is a CONNECTION BETWEEN SUCH AN INFRINGEMENT AND DOMINANCE, this could ALSO (added by me) constitute an abusive practice under competition law…”
As to the debate whether data is to be regarded as currency or whether this is a new territory for competition law (enforcement), I agree that data could be viewed as currency, but that is immaterial to our debate. Under German ( and EU) competition law for a “market” which could be “dominated” by an undertaking to exist, it is not a precondition that a consideration is provided for a good or service. Instead, it is sufficient if the good or service provided without remuneration can be or is connected to another good or service provided to another side of the market (the users on the other side of the market). The question whether data has to be seen as a for of remuneration does therefore not have to be decided insofar as establishing a “market” is concerned.
It is true however, that there are new questions arising in the framework of the abuse of dominance. But thats what the law is for, providing answers to new challlenges. I do not see a reason why competition law could not be applicable in principle to facebooks’s aforementioned practice. If a certain behaviour infringes competition and data protection law alike, policy should monitor those two areas of law, their enforcement, the cooperation of the enforcers and the enforcement’s effect on competiton and innovation. If it turns out to be over-enforcement, reforms of the legal framework would be appropriate. Until then, I do not see a reason to limit this type of behaviour to data protection enforcement alone. The argument could also be made to see it as competition law infringement alone. It is understandable that the BKartA makes use of their powers to tackle aforementioned practices under a competition law aspect, since its effectivity suprpasses that of the data protection authorities by far. I cannot identify a “misuse” of the BKartA’s power. Rather, it is an important step toward clarifying the application of competitiion law to platform markets and on questions such as market definiton, dominance, exploitative abuse (“hypothetical competitive data collection level”?), connection between market power and abuse, standard of proof, interface between data protection and competition law, effective cooperation of the relevant authorities and so on. Nothing especially “German” to make out there in my opinion.
Best,
Lukas Kienzle
Lukas Kienzle
4 July 2016 at 7:48 pm
I forgot to add the obvious: I should clarify that a market that could be dominated does exist if agood or service provided without remuneration can be or is connected to another good or service provided to another side of the market, then of course for a remuneration.
Lukas Kienzle
4 July 2016 at 11:54 pm
[…] Texto completo disponible en: https://chillingcompetition.com/2016/03/02/facebook-privacy-and-article-102-a-first-comment-on-the-b… […]
Facebook, privacidad y artículo 102: Un primer comentario sobre la investigación del Bundeskartellamt - Corporación Innovarte
1 February 2018 at 2:46 pm
[…] [8] https://chillingcompetition.com/2016/03/02/facebook-privacy-and-article-102-a-first-comment-on-the-b… […]
Market Concerned – Social Networks – Law and Creativity
22 August 2019 at 3:50 pm