top of page

Subscribe to our newsletter

Write a
Title Here

I'm a paragraph. Click here to add your own text and edit me. I’m a great place for you to tell a story and let your users know a little more about you.

© Indic Pacific Legal Research LLP.

For articles published in VISUAL LEGAL ANALYTICA, you may refer to the editorial guidelines for more information.

Objectives and underlying presumptions of EU competition law in the privacy concerns cases

Please note: this article is a long read.

 

The lack of a standardised approach to data collection, privacy assessment, and controversy surrounding the recent investigations[1] indicate challenges that are not initiating traditional anticompetitive scrutiny.[2] The debate on the intersection between competition law and privacy constitutes a major challenge for the existing competition law framework. The notion of privacy has achieved extensive attention from academics and adjudicators, indicating its dynamic nature.[3] The unprecedented magnitude of data collection could raise challenges for both society and legislation, as it has emerged that personal data is seen as a tradable commodity,[4] placing companies in a position where the data helps them to achieve a stronger position in a market. The aspects of personal data protection have had a numerous impact on the framework of competition law — from the anticompetitive agreements to abuse of dominance or merger control. The merger control and abuse of dominance related to competitive harm through the access to substantial customer data; the price-fixing cartels are replaced by irretraceable algorithms based on access to Big Data. Online platforms offer a high quality of digital services and products to users without imposing any monetary price, however, they keep obtaining revenue from the advertisement-based business models, based on collection and procession of data. Examples of such networks are extensive and cover the platforms including Facebook, Youtube or Google. The business models are ambitious without a clerkly defined context of personal data. As would be noted below, the twofold features of their business model might have both advantages and disadvantages for market participants. The more data is collected and processed, there are higher chances of valuable correlation, information and prediction to be obtained. Such data is then used to improve the quality of both paid and free services, and to create new ones. Therefore, the practice of online firms to collect and process exceedingly large amount of data through the use of advanced algorithms to reveal trends, associations and patterns of their users, deserve special attention of competition authorities due to their novel dimensions to market power.


The rapidly evolving digital economy raised challenges at two distinct levels: practical and policy levels.[5] The former concentrates on the added complexity in the assessment of the anticompetitive behaviours and conducting a dynamic enforcement assessment, which includes the additional challenges in the competitive pressure, and self-correctness of markets. The latter focuses on the novel competition dynamics, which raise the issue of the normative scope of competition enforcement. Such analysis is often important to arise with optimal use of competition law, and broadly — its goals. There is a broad consensus that the digital economy is a key driver to future prosperity, which, unquestionably has revolutionised business models, services/products, and social interactions. Furthermore, it is also undisputed that the digital economy has introduced new constraints in delivering innovation, efficiencies, and consumer welfare, as well as stimulated market dynamics.


The article provides a basic discussion of the unique features of the digital free technology economy and discusses the potential limitations of the EU competition legal reasoning in the cases concerning privacy breaches. In essence, this article is about the Big Data-fuelled industries in transition which, because of significant developments, also highlights the difficulty in anticipating the new structural form of the industry. In terms of the normative debate on the objectives of competition law within privacy concerns investigations, the discussion is provided in the doctrinal context. The assessment is carried out concerning the current doctrine on the competition law goals, and this is going to act as the foundation of the article, allowing to deduce the favourable objectives of the competition law within privacy concerns investigation. In contract, socio-economic research on the context of privacy investigations would not be appropriate, due to its extensive nature on the socio-economic consequences of digital technologies and its impact on consumers’ lives and would take away the main focus of this research.


Setting the context: the proliferation of privacy value and unique nature of the digital economy

The aspects of Big Data and the digital services have attracted a lot of attention of academics, regulators, businesses and consumers. Unquestionably, the data collection and procession have become a central element of many digital platforms, which some reach a huge number of users. Digital platforms have become an inevitable part of commercial and social interactions, and the use of data is deeply grounded in the aspects of business-to-consumer relation. It has been widely discussed that the extensive data collection creates challenges for antitrust regulations which aim to preserve competition.

The concept of privacy might be defined both in a broad and narrow sense. Unquestionably, any breaches of privacy affect a great number of peoples and could potentially compromise the process of democracy.[6] Yet, the precise contours of privacy effect constitute a subject of extensive academic discussion. Many perceived the EU legal order as offering the most attractive personal data protection. Article 16 TFEU serves as a basis for the EU data protection.[7] Further protection of personal data is offered by the Charter of Fundamental Rights of European Union, where Article 8 recognises personal data as a proactive right that reaches being individuals’ protection against the intervention of a state.[8] As per Article 8 of the Charter, personal information of individuals could be proceeded by anyone, including the State. Such a wide right is subject to Article 8(2) and (3), requiring any information proceeding to be fair, transparent and lawful for individuals. The protection has been more recently ‘enriched’ with the implementation of the General Data Protection Regulation (GDPR).[9]


The GDPR’s fundamental principle is the requirement to establish a legal basis for personal data processing,[10] requiring of a data subject’s explicit consent. Under the GDPR, the processing involves any activation which could be pursued with personal data, defined as any information acquired relating to natural persons, and allows for their potential identification. The GDPR also introduced clarity of its regime by defying key issues, such as the definition of ‘data subject’ as any person of whom data is collected;[11] and ‘data controller’ which refers to any person that proceed the acquired data.[12] Importantly, the key feature of the GDPR’s regime is a consent, which has to be unambiguous, specific, informed and freely given. The GDPR strengthened the protection of personal data and, simultaneously — users’ privacy.


The GDPR sets a basic required for the effectiveness of the legal consent for the data processing, which requires the consent to be specific, unambiguous, freely given and informed;[13] granted by individuals by clear affirmative action, or by a statement, which signifies a consent to proceed their personal data. In this respect, the GDPR represents a twofold nature: individuals are asked to consent for any data proceeding making it clear that a digital platform or services would rely on their data and consequently have a right to be informed about the way their data would be proceeded,[14] whereas the data controlled is obliged to perform the data processing obligations with the guarantee that the data would be processed to the extent which is well-grounded and demonstrable as agreed by individuals.

Generally, there is no ex ante choice available to the individuals, under the EU data protection law, as to whether they want their personal data to be processed. Although consent is required, individuals are unable to thoroughly consent to a real purpose of data processions.


An attempt to define privacy from a competition law perspective could be witnessed by the Bundeskartellamt’s (BKA) Facebook case. The assessment of the privacy protection rights in the case begins with a simple principle: personal data processing can only take place once data subjects agreed to their data being processed,[15] or when data processing is granted by the law.[16] The BKA took an approach of a data protection authority and explained that the Facebook’s T&Cs were deemed as appropriate within the remits of the GDPR, noting several points from privacy protection’s perspective. Firstly, the BKA noted that Facebook’s users were not aware of the means to which Facebook collected and processed their personal data, which constituted a not genuinely and well-grounded consent from their users. Also, users were not likely to expect that Facebook also analysed the data from different websites.[17]


Objectives of EU Competition Law

EU competition law rules have been clarified through different case law and official publication over the years, with its key objective being often proclaimed to be: “the creation and preservation of an open single market promotes an efficient allocation of resources throughout the Community for the benefit of consumers.”[18] Hence, the promotion of market integration appears to be a key feature of competition law. Yet, the EU Commission safeguarded the market competition as a means of consumer welfare enhancement, ensuring an efficient resources application,[19] as well as protecting ‘not only the interests of competitors or consumers, but also the structure of the market and, in so doing, competition as such.’[20] The unique DNA of the EU competition law by its ethos might be challenging or controversial, as lacking clarity over pursued goals. The competition law values and goals might overlap with each other or reveal some conflicts. Hence, Ezratchi suggested that their implementation could require trade-offs between the goals, which could introduce further ambiguity or balancing points.[21]


The above considerations ought to be interpreted in the scope of wider European normative values, ensuring the consistency between the EU’s policies and activities. Arguably, the EU policies would be implemented by considering social protection,[22] consumer protection,[23] public health,[24] equality considerations,[25] transportation,[26] regional development, investment[27] and environmental protection.[28] Yet, this multitude of goals (its position within the wider normative EU values) is unquestionably challenging, due to its effect on the desire to engage in economic analysis.


This section applies the findings from the above discussion to assess the normative objectives of EU competition law, which could potentially apply to the anticompetitive investigations with the apparent privacy breaches. The section analyses the keynon-welfare and welfare objectives ascertained to the EU competition law regime. As discussed above, the concept of privacy might be defined both in a broad and narrow sense. Unquestionably, any breaches of privacy affect a great number of digital users and could compromise the democratic processes.[29] Yet, the precise contours of privacy effect constitute a subject of extensive discussion, assuming that the debate is more complex than primarily anticipated, as reliance on free high technology services and platforms does not necessarily evidence in distributing which objectives should competition law pursue. Hence, a further question might be asked: should we aim for protection of competition or consumers or both? The debate appears to be fluctuating around the assessment for the intervention desirability, based on better knowledge about the privacy concerns instances. In this respect, an assessment of the rationales behind each of the goals functions as a key prerequisite in undertaking the nature of privacy concerns, which could influence the rationale behind authorities’ investigations.


The literature on EU competition law appears to suggest a multitude of different competition law goals being pursued, which at the different levels act as distant from each other to the extent that the debate amongst them becomes tenuous. The debate on the competition law goals is questioned on several levels of assessment. Firstly, the theoretical underpinning questions why competition law allows for such an objective, often put forward to the theoretical perspective to comply with political goals. The second underpinning bases on the assessment as to the origin from a particular goal, which later allows to rank the goals on its normative levels. Lastly, the underpinning focuses on the goals being derived from case law, or objectives pursued by the Commission or any other competition authority.[30]


Since this research considers the intersection between competition law and privacy, the emphasis is also placed on the coherency of the legal arguments pursued by the EU Commission. Hence, the debate revolves around the interpretation within the framework of Article 102 TFEU, which aims at the prohibition of the abuse of a dominant position at the core, protecting the EU’s internal market.[31] The discussion in this section revolves around three key objectives of competition law, which are demonstrated considering the legal tests applied by the EU Commission, namely: protection of competition, protection of consumer welfare and efficiencies. The assessment of the previous EU Commission indicated that consumer welfare might be one of the key elements of competition law. Yet, simultaneously, the set of investigation is based on the opposing objective of protection of competition law, as originating from the competition law rules. Equally, the third objective of efficiency is based on the assessment of market integration, as a key prerequisite to improve the prosperity of the EU. The assessment of privacy concerns within the remits of competition brings these three elements with each other. Hence, the section considers only these free objectives. Furthermore, as the discussion indicates, the BKA’s Facebook case remains the sole proceeding involving an intersection between competition law and privacy concerns. There is no legal equivalent available at the EU level. In this respect, the further discussion is enriched by reference to different proceeding involving digital services and products.


Non-welfare objectives in the assessment of privacy concerns

Protection of competition structure and competition

The core differentiation in this section is following: the term ‘protection of competition' describes situations to ensure no reduction in the processes of competition, whereas the concept of competition describes the market with multiple competitors.[32] Potentially, the current competition policy narrative aims at effective competition processes, aiming at the protection of competitive structures, and subsequent protection of competitors on a market.[33] Furthermore, the assessment of competition processes protection, within the privacy protection cases, would be based on the assumption that certain digital undertakings are capable of storing a vast quantity of personal data. In this respect, the concept of privacy protection introduces certain industrial elements which are necessary for the competition law assessment, and, in this respect, the definition of privacy acts as a broader prerequisite.


The variety of goals pursued by EU competition law is growing broader with the case law evolution. Notwithstanding, the EU competition law regime demonstrates a pragmatic interpretation of competition law and adheres to a classical provision: deontology and efficiency. Advocate General Kokott, in the British Airways case, expressed that one of the competition law goals exhibits the objective of protecting the competition as an institution since competition law is interlinked with the protection of the internal market.[34] Furthermore, in the same case, the Court, relying on the Continental Can judgement,[35] indicated that Article 102 TFEU aims both at the protection of consumers and competition, from any practices prejudicing their welfare and having detrimental effects on the competition structures.[36] In that sense, competition could be protected where the number of competitors is reduced, assuming that competitors are not stopped from competing on merits.[37] However, the aspect of effective competition protection does not refer to a competitors’ number but aims at ensuring the competitiveness of the market, which produce benefits for consumers.


The evidence that protection of competition is the most important objective of competition law could originate from several sources, including academic literature but also the ideological organs of the law itself. Beginning from the economic ideology of Ordoliberalism, which influenced the regime of EU competition law.[38] The EU competition law proclaims a special responsibly of dominant undertakings, obliging them to function in a way that does not harm the competition processes.[39] Hence, the protection of competition is a very important objective of competition law: competition policy is one of the several key policies that serve in the advancement of the EU goals, which ensures a healthy functioning of the internal market, as per Article 3 TEU.[40]


The concept of the internal market requires elaboration within the remits of competition law.[41] Establishment of the internal market allowed for the creation of further economic benefits, which promotes efficient allocation of resources throughout the EU with the aim of consumers’ benefit.[42] Some of the cases that impact the market integration issues within the digital economy include: contractual restriction used to restrict from selling/buying goods online,[43] or technological specification used for geo-blocking,[44] warranty restrictions,[45] or limitation on broadcasting.[46]


Yet, the concept of market integration is a neutral term, attached to the subject-matter analysis of competition law rather than a self-standing objective of competition law.[47] During the analysis of the potential market structure, a further argument might stipulate that observation of the market remains an important prerequisite in the assessment of behaviour on a particular market over a certain period.[48] In the situations where the outcome of the market is required, the subject-matter of the analysis is the outcome of the market behaviour conduct;[49] competition law tends to look backwards, and observing market outcomes, which allows to perceive if a particular conduct was harmful to consumers as well as internal market. For instance, with a lack of competition in the digital economy market, any dominant platforms might increase demand for data in order to sell more advertisement. However, any enforcement is only precipitated when abuse can be demonstrated. The market structure effect would be required to assess the outcome of the subject-matter analysis on the behaviour of the market and not the consideration of the market structure.


Importantly, the debate on privacy concerns and competition law appears to be myopically, as focuses solely on consumer welfare without considering a wider objective of protection of competition structure. Considering the role of data in the creation of a platform value, it can be deduced that the digital platforms rely on technology to aggregate services and content which allows to connect users for the different purposes of sharing, transactions or communicating. Hence, the potential privacy violation arising from an aggressive data acquisition is that Big Data connotes the concept of Big Analysis, which is a competitive danger.


From the digital economy prism, the protection of economist stricture offers an independent mandate for intervention, detached from a direct effect on consumers. Yet, it does not necessarily have to result in more aggressive enforcement, but arguably more effective approach in the digital economy scope. Also, a focus on competition processes demonstrates the scope for a potential negative impact by the use of networks, data pool as a potential expansion to raise rival’s costs or introduce barriers to entry. Hence, there is an increased significance of data in markets recognised due to its influence on competition distortion.


Hence, the question as to whether the potential privacy breaches might influence the competition law structure could be answered by Ezrachi’s analogy, which pictures the relationship between competition policy and wider societal deliberations with a sponge and membrane analogy.[50] In his research, he recognises competition law as a sponge with a political core, and economics as a membrane which allows certain external by-passes into its realms.[51] Consequently, both general values on the maximisation of consumer welfare and social and political priorities, that shape local enforcement, could be part of the competition law objectives. Competition policy objectives need to be carefully defined, as the incorporation of a multitude of different local political principles might lead to the unpredictability of the competition law enforcement.[52]


Furthermore, the element of ‘effective competition structure’ might be linked to the consideration of choice in the digital economy sphere, introducing important benchmarks for the assessments of limits imposed via tying practices,[53] or reduced interoperability. Ezrachi noted a potential angle of introducing an upstream effect on how bottleneck digital players, impacting on input providers’ viability through practices, negatively affecting upstream, downstream markets and end-users.[54] Economic freedom indicates that healthy competition structures offer an unfettered exercise of choice. In this respect, Rubinstein noted that data mining destroyed informed choice due to lack of users’ knowledge and notice how the Big Data is used/processed/acquired/stored, as well as it remains unclear whether the right to be forgotten and data portability, the key features of the GDPR regime, are capable to be applied to novel knowledge acquired from personal data that has been anonymised or generalised by being put into group profiles.[55] Hence, freedom of choice and competitive marketplace are key elements in the realisation of the democracy and other freedoms pursued by the EU, with the economic plurality acting as an example of protecting wider policy examples. Therefore, the preservation of economic freedom could be a precondition for democracy, and as a result, safeguarding against regulatory or political capture.[56] In a healthy functioning competitive markets, products are offered at lower prices, and better quality of product/services is likely to attract consumers, guided by informed choices. Such a process is further subordinated by better competition and innovation in a ‘virtuous circle’.[57] Unquestionably, digital platforms, due to the proliferation of data-fuelled platforms and services, are becoming monopolies. Yet, a demonstration that all digital platforms demonstrate anticompetitive features could be preliminary wrongful. Therefore, regulators might be required to go beyond the scope of the existing competition law rules and consider a bigger picture. The digital markets are more dynamic than static and require careful considerations, due to the abstract nature of the data-fuelled markets.


Yet, there could be potential problems identifiable in elevating of the protection of market structure to the ultimate objective of competition law regime. One of the potential problems lays in defining the competitive process.[58] Even if the definition of competitive processes encompasses the rivalry amongst firms on a particular market, the standards cannot distinguish between any further anticompetitive misconduct from functioning market equilibrium.[59] By solely focusing on the matters of competitive processes, it is impossible to reach a consensus whether it would be necessary to add a further objective of protecting competitive process, introducing a further normative standard to establish undertaking’s conduct as violating the competition law regime. In this respect, any normative standard should not be the competitive process in itself, because it would not have allowed for further analysis of the market equilibrium. In the EU, the decisions which articulated privacy as non-price competition factor are Facebook/WhatsApp and Microsoft/LinkedIn mergers. In the Facebook/WhatsApp merger, the Commission held that in the consumer communications markets, privacy is the key element of competition.[60] In this case, the Commission realised the need to recognise the data privacy as introducing competitive edges: privacy is valued by consumers. In Microsoft/LinkedIn, the Commission further supported such a statement, stating that privacy concerns can be considered during the competition assessment to the extent that consumers see it as ‘a significant factor of quality’,[61] indicating that ‘data privacy was an important parameter of competition between professional social networks on the market, which could have been negatively affected by the transaction’.[62]


Returning to the concept of preservation of the market structure, which safeguards competition processes, Acquisti inquired whether market forces are capable to maintain a balance between privacy and disclosure in the environment where personal data unfold electronic data trains and where the information available is more respected over the informational protection in the instances of economic interests.[63] In both unilateral conducts assessments and merger reviews, structural remedies are preferred,[64] diverse to shrink the assets and markets, rather than provide with remedies which would require firms to regulate their conduct. In this respect, the aspects of market condition receive less attention. Competition law enforcers would not generally consider the basic market conditions, as it is beyond their legislative power. Yet, in the privacy protection cases, competition authorities might be unable of creating and enforcing any behavioural requirements acting as a means to protect consumers’ privacy. Some features of the data-fuelled industry make it unlikely that any market forces or private investments could result in socially optimal outcomes. Potentially, investors could not be able to capture the benefits of production of the common good, such as cybersecurity. Yet, in other cases, due to network effects, consumers cannot perceive the benefits of increased output.[65]


Furthermore, the EU Commission discussed the calculation of the market share,[66] which is unquestionably an example of the instrumental approach to the assessment of the market.[67] Yet, such an approach demonstrates perils. The defined tests such as SSNIP-test might not explicitly work in the digital economy, especially in the cases regarding privacy protection, as their rationale is based on price deliberations.[68] The SSNIP test might bear a problem of the ‘cellophane fallacy.’[69] Markets, with little or no competition, might distort the protection of privacy, due to anticompetitive donuts of undertaking, which enjoys a strong market position. Yet, the non-price market's elements acts as stripping off consumer rationalities, which do not provide an explanation of market’s functions. This corresponds to the prime problem, namely: how do the digital undertakings process the users’ data? Hence, the question remains whether the privacy could be collected with income, or whether privacy could influence competition law.


Potentially, this discussion could be reverted to the sphere of Big Data and Big Analysis concept which was briefly discussed above. Big Data is currently seen as the new oil,[70] and some data acquisition could result in the data protection law breach. Nevertheless, the sole discussion, in this respect, should be devoted to the concept of Big Analysis, based on personal data acquired allowing digital undertakings to establish the knowledge which could introduce anticompetitive conducts. For example, in Google Shopping, the conduct of Google artificially diverted the traffic from rival shopping comparison services, and hence, hindered the ability to compete.[71] Clearly, such conduct bore a negative impact on innovation and