By Arletta Gorecka, University of Strathclyde (@arlettagorecka)

The magnitude of data collection raises challenges for both society and legislation, as personal data is seen as a tradable commodity, placing companies in a position where the data helps them to achieve a stronger position in a market. This post assesses the current progress of the debate about the intersection between competition law, Big Data and potential privacy breaches, and assesses its potential future recourse.

Proliferation of the privacy and competition law debate

The debate became popular when the practice of several EU Member States indicated an apparent intersection between data protection law and competition law. The case that stimulated the debate is the German Bundeskartellamt decision against Facebook’s abuse of dominant position, based on an investigation into Facebook’s terms of service. At the EU level, the case of Asnef-Equafax established that any issues relating to personal data are not matters for the competition legal framework, and should instead be resolved based on the relevant provisions of data protection law. The aspect related to data protection is not a new concept in the competition framework, as the Commission’s decisions on mergers and antitrust adopted aspects of data-relating issues.[1] In the Facebook/WhatsApp merger control case,[2] the European Commission claimed that privacy polities establish a non-price parameter of competition: a degradation of private policies could affect aspects of product quality, or even amount to the product price increase. This could only have an impact on competition law when privacy was a key parameter of competition and was not a case for consumer communication apps where price, user base, popularity or reliability were important factors.

Privacy protection and competition law: friends or foes?

Both data protection and competition law seek the advancement of market integration, and share a concern for the welfare of individuals, with consumers benefiting from the collection of their data in a wide array of free services, product, or contents. However, a handful of technology undertakings exercise control over a large quantity of personal data and its processing, with a focus on personal practices. Data collection on an unprecedented scale has put the privacy of the end-users into danger. As a result, the changing economic landscape brings uncertainty to the nature of the competition pressures, with an emphasis being given on the normative scope of competition enforcement — mainly as to whether EU competition law could be viewed as a societal norm which also advances wealth.

In other words, the price of privacy is difficult to ascertain. The Internet’s cornerstone is personal data, which is a necessary component of many digital platforms’ business model. Digital platforms acquire and treat data, and regard it as a necessary component to improve the quality of their services, aiming at enhancing their attractiveness to their existing and potential customers. Consequently, digital platforms can monetise their services and products through often targeted/behavioural advertising. In this respect, the volume and quality of the possessed personal data is a key competitive element. Without any doubt, online users benefit from the digital service providers’ ability to process their personal data, acquired through the agreement between a user and a service/product provider, in the terms of a better content or more targeted advertisement. Unquestionably, the acquisition of large quantities of data might introduce competitive restraints in the form of high barriers to entry which in turn facilitates poor competition in the digital market and prevention from competing on the market for data. With a proliferation of new digital business models, an increased number of digital companies possess a large quality of personal data. Although the digital platforms can improve their services, based on the personal data acquisition, the sole consideration of quality might not be a decisive parameter to decide the anticompetitive conduct, influencing the market structure, since it has been widely accepted that economic consideration is of utmost importance in determining both the types of merger/unilateral agreements which create competition law concerns, but also the types of any justifications that might be used to justify any mergers/unilateral agreements.

Conclusion: What is the future?

The debate on the relationship between privacy and competition law is more complex than the primary debate suspected. Big Data might indicate certain promises as well as risk in society.

The tension between competition law and privacy might be amounting to the structural production of ignorance, which is only focused on the notice-and-consent privacy models, based on the opt-in/opt-out scenarios, which are used for coercive monopolistic scenarios. The myopic focus on privacy as an efficiency gain might be just seen as a temporary, and for the long-term pathologies of corporate concentration, there are no sufficient means to protect the process of competition. Hence, the identified elements such as a notice-and-consent privacy regime in its first analysing might create only temporary efficiencies, which are further emphasised on the consumers’ judgement to enter into a one-sided contract, over the reflections to optimise the data flow for the long term interests of consumers. 

On the other side, the debate focuses on the development of an interlinking relationship between competition law, which aims at developing holistic proximity between these fields. With several differentiating approaches to the privacy and competition law, it is important to focus on a more comprehensive vision, which develops a regulatory regime which develops a new orientation toward the process of competition law and privacy concerns and aims at detecting harmful behaviour and aims at improving market processes. Therefore, it is evident that the further discussion should consider how the dominant digital undertakings, with the data orientated models, might be regulated, as the current regulatory regime is in itself limited in the digital gatekeepers: this would involve analysing possible angles of regulatory intervention protection the processes of competition law, consumers, and the internal market.

[1] Telefonica UK/Vodafone UK/Everything Everywhere/J VH (Case COMP/M.6314) Commission Decision C(2012)6063 [2012] OJ C66/5.

[2] Facebook/WhatsApp (Case No COMP/M.7217) Commission Decision [2014] OJ C417/4