This is the seventh issue of WilmerHale's 8-in-8 Recent Trends in European Law and Policy Alert Series. Our attorneys will share insights on current and emerging issues affecting companies doing business in Europe and across the Atlantic. Attorneys from across various practice groups at the firm will offer their take on issues ranging from Brexit to Big Data to EU energy market regulation. WilmerHale has offices in key European capitals, including Brussels, Berlin, Frankfurt and London, as well as lawyers qualified in a range of European countries. With one of the leading European law and policy practices in the world, we follow and work on a broad range of EU legal and policy issues, including data protection and privacy, competition, trade, technology, intellectual property, financial services, and a range of other EU and transatlantic regulatory and policy challenges that our clients face. Read all issues in this series and our other recent publications.

The highly dynamic innovations in digital technologies within the past two decades and the exponential growth of computing power have led to the expansion of the digital economy and to the emergence of business models based on the collection and use of “big data.” The term refers to increasingly large sets of different types of data, produced at a high speed from multiple sources and whose handling and analysis require new and more powerful processors and algorithms.1 The ability to exploit such data can lead to important innovation and efficiency gains that are often passed on to consumers.2 However, big data may also pose competition law challenges, which have recently been a point of focus for antitrust authorities in a number of jurisdictions. This update considers some of the key competition law issues related to the use of big data, especially in the European Union (EU). Both policy and competition law enforcement developments will be discussed.

Recent policy developments

EU Commissioner for Competition M. Vestager has made a number of recent statements highlighting the importance of big data for competition law3 and will host an open conference on this topic in January 2019.4 In addition, a panel of three experts was appointed in March 2018, to serve as special advisors to the Commissioner for the period of 1 April 2018–31 March 2019. They are to work on a report focusing on the implications of the key upcoming digital changes for competition policy, markets and consumers. This report is intended to complement the input the Commissioner receives on the subject.5

Similar developments are expected in the United States. Only a month ago, the Federal Trade Commission (FTC) announced that it will hold a series of public hearings on “Competition and Consumer Protection in the 21st Century.” The hearings, which will take place September 2018–January 2019, will focus on whether broad-based changes in the economy, evolving business practices, new technologies or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy. The main objective is to evaluate the FTC’s near- and long-term law enforcement and policy agenda.6

Various other policy developments have taken place recently:

In October 2016, a public consultation on a potential reform of the EU merger control rules was launched by the European Commission (the Commission). This consultation lasted until January 2017, and the results have been published online.7 One of the objectives of the consultation was to assess the effectiveness of the current turnover-based jurisdictional thresholds of the EU Merger Regulation, particularly with regard to acquisitions in the digital and pharmaceutical sectors. One of the questions discussed was whether/how to capture mergers between established companies and entrants with no or a smaller turnover, which are, nevertheless, data-driven innovators or have access to a large or valuable database.8

At EU Member State level, Germany and Austria introduced additional, value-based thresholds in 2017.9 It is not yet clear whether this will be followed by a reform of the EU Merger Regulation along similar lines. In addition:

  • The Competition and Markets Authority in the UK (CMA) published the report The commercial use of consumer data in June 2015. This document highlighted various competition law issues potentially arising in connection with the collection and use of consumer data by firms; it also discussed related consumer protection law and regulation questions.10
  • The publication of the joint report Competition Law and Data (the Joint Report) by the French Competition Authority (FCA) and the German Federal Cartel Office (Bundeskartellamt or BKartA) followed in May 2016.11
  • The FCA subsequently opened a sector-specific inquiry into the online advertising market,12 while the BKartA followed up on the Joint Report with investigations into the social media sector.
  • The Italian Competition Authority, Data Protection Authority and Communications Authority launched a joint fact-finding survey on big data in May 2018. This is intended to help the Competition Authority gain a better understanding of the implications of big data in the exercise of its duties in terms of both protection of competition and consumer protection. An interim report was published on 8 June 2018; the survey is expected to be completed by the end of this year.13

At the international level, in November 2016 the 126th meeting of the Competition Committee of the OECD held a hearing to discuss big data and the challenges of adapting competition policy to the digital economy, with presentations by experts from academia, the private sector and public agencies.14 This was followed by a similar roundtable on algorithms and collusion in June 2017.15

Recent developments in competition law enforcement

There have been significant big data-related developments in the main areas of competition law enforcement, i.e., merger control, abuse of dominance and anti-competitive agreements.

a) Merger control

(Big) data as an input

In certain markets, access to data can be a key asset or input for the success of a company. This is especially the case in the digital sector. Consequently, many firms choose to acquire or merge with other companies that own large datasets. This is an increasingly common phenomenon, with OECD data showing that these transactions almost tripled over the 2008–2012 period.16 High-tech deals represented almost 30% of the total $2.5 trillion of completed M&A transactions in 2016.17

Depending on the facts, competition authorities will review whether such mergers raise the following competition issues:

  • Mergers in data-driven markets between established companies and smaller entrants may affect the market structure by increasing the concentration of related data, if the smaller entrant is a data-driven innovator or has access to a large or valuable database.
  • Another factor in the analysis of the transaction may be a potential advantage of the new merged entity due to the ability to combine different datasets. This would be assessed as a possible restraint of competition resulting from the merger. In such situations, antitrust authorities may also accept data-related commitments to address competition problems.
  • Foreclosure issues may also arise in mergers of data-driven companies that already hold strong market positions in separate upstream or downstream markets.
  • Finally, the parties themselves sometimes raise data-related efficiency defenses as an argument in favor of the transaction.18

All these (big) data-related considerations are already being taken into account by the Commission in its assessment of mergers and acquisitions. In the cases it has examined so far, the Commission found that the data advantage enjoyed by the new entity did not give any cause for concern:19

  • In the Google/DoubleClick decision, the Commission held that the possible combination of Google’s and DoubleClick’s databases by the new entity could lead to a better-targeted advertisement service. This combination was not likely to lead to a competitive advantage that would restrain competition, since competitors were able to access similar data, either by purchase or by targeting third-party services.20
  • Similarly, in the Facebook/WhatsApp decision, the Commission found that increased data collection from WhatsApp users by the new entity may prompt some users to switch to different consumer communication apps that they perceive as less intrusive. This may reduce the incentive of the merged entity to proceed to such a collection. The Commission also considered the presence of a significant number of other market participants that collect user data. This meant that even after the merger, there would continue to be a large amount of internet user data valuable for advertising purposes that would remain outside Facebook’s exclusive control.21
  • In the Microsoft/Yahoo! Search Business decision, the Commission found that the data advantage enjoyed by the new entity, i.e., the ability to offer more personalized and better-targeted search results due to its access to a larger data index, was likely to have a positive impact on competition in the market, by exercising competitive pressure on Google.22
  • In the Sanofi/Google/DMI JV decision, the Commission assessed a proposed joint venture between two wholly owned subsidiaries of Sanofi, a global pharmaceutical group, and Google. The joint venture, which would function as an autonomous economic entity, would offer services using an integrated digital e-medicine platform for the management and treatment of diabetes, as well as undertake various related economic activities. The Commission held that any risk of the joint venture locking in customers to its services by limiting or preventing the portability of their data toward alternative platforms appeared “unlikely to materialise in the foreseeable future.” It stressed that the right to data portability is guaranteed by the EU General Data Protection Regulation (GDPR), and also took into account the potential existence of alternative providers that could establish themselves before the joint venture entered the market. The Commission repeated that any privacy-related concerns flowing from the use of data within the control of the joint venture parties fall not within the scope of the EU competition law rules but under the EU data protection rules. Based on these considerations, it approved the transaction.23
  • The Commission has also accepted data-related commitments in several mergers, such as in Microsoft/LinkedIn,24 Thomson Reuters,25 etc.

The data protection/privacy dimension

The collection and use of big data often raise data protection/privacy concerns. An important question is whether these concerns should be taken into account in competition law analysis, or whether they should be best left to other disciplines such as data protection or consumer protection law. The subject has generated significant debate. In its only decision on the subject so far, the Court of Justice of the European Union ruled that issues “relating to the sensitivity of personal data” are not a matter for competition law “as such,” but “may be resolved on the basis of the relevant provisions governing data protection.”26

This ruling does not mean, however, that data protection/privacy considerations are always irrelevant to EU competition law. Under the current approach of the Commission and of national antitrust authorities,27 if consumers value data protection/privacy as important for the quality of the offered products, and competition takes place based on that dimension, then data protection/privacy can be factored into a competition law analysis of a transaction, as an element of nonprice quality competition. It is also generally accepted in economic theory. Many economists, however, are quick to point out that even as a parameter of competition, data protection/privacy is not always easy to measure against other effects.28

A review of the decisional practice of antitrust authorities shows that the data protection/privacy dimension was raised in some mergers. The first case was probably the Google/DoubleClick merger in 2007, where Commissioner Pamela Jones Harbour of the FTC explained, in a dissenting statement, that the proposed transaction would “reduce the incentives of search firms to compete based on privacy protections or related non-price dimensions.”29 The merger was ultimately cleared by the FTC. Similar comments by public officials have also been made in relation to other mergers in the European Union and the United States.30 Despite these concerns, however, privacy/data protection has not yet emerged as a significant parameter of competition in the decisions of antitrust authorities.31 It remains to be seen how this area of the law will develop.

b) Abuse of dominance

The contribution of big data to market power has been described by the German BKartA as the competition law question that is “most likely to arise” in practice.32

It is important to clarify that access to and use of big data in itself may not be enough to conclude that a company has market power or is dominant in the relevant market. Antitrust authorities have referred to it as an element that must be analyzed together with several other factors, such as the size of the company, existing and potential competitive constraints, any countervailing power exercised by the buyers, the type of the data in question and the way the market operates.33

There are various aspects that relate to data in particular. Possible factors to be taken into consideration in such an analysis are the availability, replicability and substitutability of data; the cost structure of the complementary assets required for their effective processing; the existence of direct and indirect network effects on the market; the prevalence of multi-homing, i.e., the use of several providers for the same service; the presence of potential disruptors; etc.34

A new competition law issue that relates specifically to big data is the blurring of the distinction between the supply and the demand sides of the market, with users of online services acting simultaneously as consumers and producers of data. The real-time use of user-generated data by online firms to improve the quality of their services results in a “feedback loop” (self-reinforcing process) that may strengthen incumbents over potential entrants.35

In any case, even if an examination of the above criteria shows that a company is in fact dominant in the relevant market, it is still entitled to compete on the merits just like any other company, under EU competition law. It has, however, a special responsibility to ensure that its conduct does not distort competition.

Exclusionary conduct

A number of exclusionary theories of harm have been discussed in relation to big data. Early on, these theories focused on access to large datasets as a barrier to entry. However, this may be harder to formulate as a competition problem. Data is “non-rivalrous” (in the sense that access by a company does not in itself preclude access to the same data by competitors) and, especially in digital markets, quite easy to acquire.36 Often, it is not the data itself but the company’s advanced analytics that may lead to a commercial advantage.

For these reasons, antitrust authorities and academic experts have stressed that it is necessary to consider whether the data in question can be replicated, its availability on the market and, in particular, whether or not it was acquired by anti-competitive conduct, before treating it as a barrier-to-entry problem.37

Other theories of harm rely on a dominant company restricting access to big data. This can occur with vertically integrated companies. An example would be a marketplace operator that is also active as an online retailer and that uses its access to big data in the upstream market to obtain an unfair advantage over other retailers.38 Even in the absence of vertical links, dominant companies may restrict access to data by discriminating against other firms in order to exclude a viable competitor.39

Other anti-competitive strategies may involve the conclusion of exclusive agreements with third-party data providers in order to prevent competitors from acquiring the data in question or, more generally, the “foreclosure of opportunities” for competitors from accessing such data by “making it more difficult for consumers to adopt their platforms or technologies.”40 A tying scenario, whereby a dominant company owning a valuable dataset ties access to it to the use of its own data analytics services, was discussed in the CMA report.41

A final consideration is whether big data should be treated as an “essential facility,” i.e., as an input without which companies cannot compete. This means that dominant companies having such datasets would be required to permit reasonable access to and use of the data in question by competitors.

The Court of Justice of the European Union has set out a number of strict requirements for this doctrine to apply. Essentially, a competitor would have to show a) that the dataset in question is truly unique, without possibility of replication, and b) that there is no other possibility for the competitor to obtain the data it needs to perform its services, for which there is consumer demand. In other words, the refusal to grant access must lead to the elimination of effective competition in the downstream market. Only then would a dominant company be required to allow access.42

Exploitative conduct

EU competition authorities tend to focus on exclusionary rather than exploitative conduct, although, when exploitative cases are brought, they usually involve excessive pricing. In a big data context, this has mostly been discussed on the basis of an analogy between data and prices: To the extent that consumers “pay” for the provision of free online services with the input of their data, the allegation is that an increase in the collection of such data by a service provider can, in some ways, be compared to a price increase.

This appears to be the main point of the BKartA’s preliminary assessment in the Facebook case. The BKartA appears to lean toward a position that Facebook abuses its dominant position on the German market for social networks by making the use of its social network conditional on its being allowed to amass large amounts of data generated by using third-party websites and merge it with the user’s Facebook account.

This is the first time that a competition authority in Europe has investigated the collection and use of personal data as an abuse of a dominant position. Facebook has been invited to submit comments and to offer possible solutions, and it remains to be seen how the case will develop. The BKartA had noted that any decision was unlikely to come out before early summer 2018; no such decision has been issued yet.43

Price discrimination

Finally, the collection of and access to big data may facilitate price discrimination: The more information a dominant company has about the buying habits of its customers, the more easily it can differentiate the prices its sets for each of them, based on an assessment of their willingness to pay for a product or service. There are different categories of price discrimination under EU competition law, with various tests being applied. The important point is that price discrimination can also strengthen competition. Therefore, it is necessary to show anti-competitive effects for the conduct in question to be sanctioned.44

c) Anti-competitive agreements

A common type of agreement that might raise competition law concerns would be exclusionary agreements with third-party providers in order to prevent competitors from accessing valuable datasets, as mentioned above. Whether such agreements are anti-competitive or not would depend on the circumstances of each case; a particularly relevant consideration would be whether the dataset in question can be easily replicated or not.45

Big data can also be the subject of cartel-type behavior. In 2015, the US Department of Justice prosecuted a cartel operating on the basis of a pricing algorithm. The charged executive had developed the algorithm in relation to consumer preferences and then shared it with other companies. It was then implemented in parallel by all cartel participants with the purpose of coordinating prices.46

The use of big data to facilitate collusion in novel ways has been the subject of much discussion recently. This may take many different forms, such as relying on big data-based real-time analysis to monitor compliance with a cartel agreement, or using big data to improve market transparency, or employing artificial intelligence tools for the design of sophisticated algorithms that might facilitate tacit collusion, even where the programmer did not foresee such an outcome. Many of these developments present important challenges for modern competition law, as their illegality is not a given. Antitrust authorities may need to adjust their existing enforcement tools, and future legislative interventions in this area are probably to be expected.47

Conclusion

Data-related considerations have long been a part of competition law; however, the development of “big data” and its increasing use by companies has created a number of new challenges. These have been a point of focus for competition authorities in the European Union, and more legislative, policy and enforcement developments are to be expected in this area. Data protection/privacy considerations have already been raised in various cases. It is likely that this trend will increase with the entry into force of the GDPR. For now, dominant companies should be careful when entering into agreements for exclusive access/use of valuable datasets and also pay particular attention to new theories of harm being tested by competition authorities.