Following up from Part 1 of our article on the interaction of between privacy and competition law in the economy, Part 2 surveys how competition law enforcers in the United States, European Union, and Canada have addressed both competition and privacy concerns as it relates to data.
A number of significant mergers have taken place within the digital economy in the past few years. Notable highlights include Microsoft’s acquisition of LinkedIn, Facebook’s acquisition of WhatsApp, and more recently Salesforce’s acquisition of Tableau Software. Each also highlights the important nexus between competition and data privacy concerns. Consolidation in this market is only expected to continue, so the question becomes when and how should competition law authorities intervene?
In the US, the Federal Trade Commission (“FTC”) is the authority responsible among other things for the enforcement of antitrust laws and the review of proposed mergers. The FTC also contains the Bureau of Consumer Protection, which enables it to address both competition and privacy concerns. This past year, both the FTC and the Government Accountability Office have called on congress for a federal privacy law. On January 1, 2020, the California Consumer Privacy Act came into effect, which grants California residents new rights to know what personal information about them businesses hold, to access and delete such information, and to opt-out of a sale by the business of their personal information.
The matter of Nielsen Holdings N.V. and Arbitron Inc. demonstrates the FTC’s ability to identify the importance of data in merger and acquisition review. By way of background, Nielsen and Arbitron competed in the supply of syndicated cross-platform audience measurement services to media companies and advertisers. The FTC found that access to data posed a significant barrier to entry and obtained a consent order “requiring divestiture of assets to Arbitron’s cross-platform audience measurement services business, including audience data with individual-level demographic information and related technology, and intellectual property.”
In the EU, the European Commission (“EC”) and its Directorate General for Competition are responsible for the administration of competition law. In regard to privacy matters, the General Data Protection Regulation is regulated by the European Data Protection Board. European authorities have had to deal with data implications on several occasions.
In 2016, the EC approved the acquisition of LinkedIn by Microsoft, subject to several conditions. Both companies retained large datasets comprised primarily of personal information. The EC found that the combination of Microsoft’s and LinkedIn’s datasets would act as a barrier to entry. The EC’s commitments included granting competing professional social network service providers access to Microsoft Graph, a gateway for software developers which is used to build applications and services that can, subject to user consent, access data stored in the Microsoft cloud, such as contact information, calendar information, emails etc. Software developers can potentially use this data to drive subscribers and usage to their professional social networks. Interestingly, the FTC did not find anticompetitive implications in this transaction.
In 2019, Germany’s antitrust regulator, the Bundeskartellamt, found Facebook had abused its market power based on the extent of collecting, using and merging data in a user account and imposed on Facebook far-reaching restrictions in the processing of user data. Andreas Mundt, President of the Bundeskartellamt, commented on the barrier of task switching stating that in the operation of its business model, Facebook must take into account that its users practically cannot switch to other social networks.
In Canada, the Competition Bureau (“the Bureau”) is the federal agency that is responsible the administration and enforcement of competition laws. The federal body responsible for privacy issues is the Office of the Privacy Commissioner. As such, Canada has separated issues that combine both competition and privacy issues between two federal bodies.
The Bureau has long acted in competition matters involving data. Two recent abuse of dominance investigations involving Google and the Toronto Real Estate Board (“TREB”) highlight some of the developing issues that have informed the Bureau’s consideration of competition issues in this area.
In 2016, the Bureau announced that it had discontinued its abuse of dominance investigation into Google’s alleged anti-competitive conduct relating to online search and search advertising services. In its investigation, the Bureau considered a number of developing issues related to the competitive significance of data, including:
- Zero pricing for online search services, which generate significant amounts of valuable data;
- Platforms and multi-sided markets that intermediate between users and advertisers on the basis of data; and
- Network effects, where the search engine gathers and analyzes data from users who click on ads and links. Increased user counts can therefore lead to improvements in the search algorithms to display more relevant search results and ads, thus attracting more users and advertisers.
In 2018, the Supreme Court of Canada ruled in favour of the Bureau and dismissed TREB’s application to appeal over the restrictions imposed by TREB on real estate brokers’ and consumers’ access to historical sales data and novel real estate services. TREB argued that the restrictions were designed to protect consumer privacy to comply with federal privacy law and requirements of the Ontario real estate regulator. The Bureau’s decision in the matter touched on many issues related to data, such as:
- market power, including through the control of access to data;
- the assessment of innovation and dynamic competition enabled by data;
- the role of qualitative evidence; and
- the existence and exercise of intellectual property rights over a database.
Competition law enforcers generally have a good grasp on the implications of data as it relates to competition law issues. However, several jurisdictions lack modern data privacy regulations all together, or in some cases, have divided authority for competition and privacy matters to different agencies. As data privacy issues become more prevalent, policy makers should be aware of these potential legislative and organizational challenges to effectively address both competition and privacy concerns as they relate to data.