The French and German competition authorities have jointly published a paper on big data and competition law. The paper gives an overview of the issues and analyses the implications and challenges that the regulators face because of data collection and the subsequent use of that data in the digital economy and various other industries. The French Autorité de la concurrence started a sector inquiry into digital-market data on May 23, 2016, while the German Bundeskartellamt opened an investigation into Facebook over its contract terms for using consumer data. The Bundeskartellamt said that it suspects Facebook of breaching data protection rules by imposing unclear and unfair terms of service.
This raises questions on whether competition authorities will solely look into big data as it might lead to harm to competition, or whether competition authorities will also use competition law enforcement to prevent violations of data protection laws. Are there possible synergies in the enforcement of competition law and data protection laws? Further, one could ask whether competition authorities are competent and best placed to decide on potential violations of data protection laws.
THE IMPACT ON COMPETITION LAW ENFORCEMENT
The collection and use of great volumes of data are mechanisms by which products and services are improved and economic efficiency is raised. However, big data may indeed raise competition concerns in some cases. The collection and use of big data may raise entry barriers and can be a source of market power. Furthermore, it can also reinforce market transparency and thus facilitate collusion. But does this allow competition authorities to scrutinise the data protection policies of undertakings?
In Germany, the Bundeskartellamt said that it was examining whether Facebook’s terms of service violated competition law and data protection laws by requiring users to give up their personal data. However, data protection concerns by themselves are not within the field of competence of competition authorities. In Case C-238/05, Asnef-Equifax, the European Court of Justice held that any issues relating to the sensitivity of personal data are not, as such, a matter for competition law, but may be resolved on the basis of the relevant provisions governing data protection. This was confirmed by the European Commission in Case M.4731, Google/ DoubleClick and Case M .7217, Facebook/Whatsapp. In that latter case, the Commission stated that any privacy related concerns that would arise due to the increased concentration of data within Facebook’s control as a result of the merger do not fall within the scope of EU competition law but within the scope of the EC data protection rules.
However, the above does not mean that competition law is completely irrelevant to personal data and data protection. Statutory requirements deriving from other bodies of law may always be taken into account when conducting a legal analysis for competition law purposes, if only as a contextual element. For instance, in case C-32/11, Allianz Hungária, the ECJ held that the violation of another set of national rules could be taken into account to assess whether there was a restriction of competition. On a national level, the German Federal Court of Justice has stated in Case KZR 61/11, VBL-Gegenwert, that contract terms which are incompatible with general contract law might constitute an abuse of a dominant position.
Reference could also be made to how the European Commission takes cultural diversity into account. The Treaty on the Functioning of the European Union (TFEU) states that “the Union shall take cultural aspects into account in its actions under other provisions of the Treaties, in particular in order to respect and promote the diversity of its cultures” (see Article 167(4) TFEU). The European Commission has expressly taken cultural diversity into account in Case M.6458, Universal Music Group/EMI Music.
Although there is no specific Treaty article that requires the Commission to take into account data protection, Article 16 TFEU, a provision that has general application, states that “everyone has the right to the protection of personal data”. This article, when read in conjunction with Article 7 TFEU that places an obligation on the Commission (and other EU Institutions) to ensure consistency between policies, obliges the European Commission to take into account data protection concerns. Therefore, there is scope to argue that competition law should be applied alongside data protection law to enhance the effectiveness of the EU data protection rules. Furthermore, the EU Institutions are obliged to respect the rights as set out in the EU Charter of Fundamental Rights (ECFR) and promote their application. Article 8 of the ECFR includes the right to data protection; thus, the European Commission is in fact obliged to respect and promote the right to data protection. In 2014, the European Data Protection Supervisor advocated for a policy shift and a more holistic approach to enforcement. The European Data Protection Supervisor also pleaded for more dialogue between competition, consumer and data protection authorities in cases where consumer welfare and/or data protection issues arise.
Especially in the context of merger control, data protection can be very relevant from a competition standpoint. If an undertaking gains a powerful position through a merger, it may be capable of gaining further market power through obtaining greater amounts of customer data and further deteriorating the protection of the consumers’ privacy. Also with respect to Article 102 TFEU, the deterioration of data protection could become a problematic issue, especially if a powerful market player intentionally breaches data protection laws, and if there is a strong link between that undertaking’s market position and the collection of data.
However, the above described issues remain competition issues rather than data protection issues, and in a speech on 17 January 2016, Commissioner Margrethe Vestager stated that “she does not think the Commission needs to look to competition enforcement to fix privacy problems.” However, the Commissioner stressed that this does not mean that the European Commission will ignore genuine competition issues just because they have a link to data.
CALL TO ACTION
So although data protection law and competition law serve different goals, data protection issues should not be excluded from a competition law analysis simply on the basis of their nature. Actions of undertakings regarding the collection and use of personal data can have implications for the competition on the market. Therefore, competition authorities are likely to take privacy policies in to account whenever these policies are liable to affect competition, in particular in abuse of dominance investigations into undertakings for which data serves as a main input of its products or services.
However, as Commissioner Vestager indicated during her speech at the DLD conference in Munich last January, DG COMP’s focus will be on genuine competition issues, and not on data protection issues as such. But, it sticks out like a sore thumb that competition authorities will take big data into account as an indication of market power. This will especially be relevant in merger cases and abuse of dominance investigations.