February 2021 – Indian Competition and Anti-Trust Blog

Continued from our previous post:-

EUROPEAN UNION (E.U.)

In the E.U., the European Commission (E.C.) and its Directorate General for Competition are responsible for the administration of competition law. In regard to privacy matters, the General Data Protection Regulation is regulated by the European Data Protection Board. European authorities have also had the opportunity to deal with data implications on several occasions.

Initially, in the 2014 Facebook-WhatsApp Merger Case, Case No. COMP/M.7217 it took at extremely conservative approach on the issue of privacy. To quote from the Commission’s Order itself:

“For the purposes of this decision, the Commission has analysed potential data concentration only to the extent that it is likely to strengthen Facebook’s position in the online advertising market or in any sub-segments thereof. Any privacy-related concerns flowing from the increased concentration of data within the control of Facebook as a result of the Transaction do not fall within the scope of the EU competition law rules but within the scope of the EU data protection rules.“

On the other hand, in 2016, in the Microsoft-Linkedin Merger Case, Case M.8124 the E.C. approved the acquisition of LinkedIn by Microsoft, subject to several conditions. Both companies retained large datasets comprised primarily of personal information. The E.C. found that the combination of Microsoft’s and LinkedIn’s datasets would act as a barrier to entry. The E.C.’s commitments included granting competing professional social network service providers access to Microsoft Graph, a gateway for software developers which is used to build applications and services that can, subject to user consent, access data stored in the Microsoft cloud, such as contact information, calendar information, emails etc. Software developers can potentially use this data to drive subscribers and usage to their professional social networks. Simply put, the Commission considered Privacy as a parameter for non-price competition Interestingly, the F.T.C. did not find anticompetitive implications in this transaction.

However, it is in fact the German Competition Authority Bundeskartellamt, and subsequently the Federal Court of Justice of Germany which have taken the first proactive to privacy protection through competition law.

In its decision of 6 February 2019 the Bundeskartellamt prohibited Facebook Inc., Menlo Park, USA, Facebook Ireland Ltd., Dublin, Ireland, and Facebook Germany GmbH, Hamburg, Germany from making the use of the Facebook social network by private users residing in Germany, who also use its corporate services WhatsApp, Oculus, Masquerade and Instagram, conditional on the collection of user and device related data by Facebook and combining that information with the Facebook.com user accounts without the users’ consent. The prohibition was based on Section 19(1) of the German Competition Act. The prohibition also applied to terms making the private use of Facebook.com conditional on Facebook being able to combine information saved on the “Facebook account” without the users’ consent with information collected on websites visited or third-party mobile apps used via Facebook business tools and use this data. The Court concluded that there was no effective consent to the users’ information being collected if their consent is a prerequisite for using the Facebook.com service in the first place.

The Bundeskartellamt found Facebook had abused its market power based on the extent of collecting, using and merging data in a user account and imposed on Facebook far-reaching restrictions in the processing of user data. The Bundeskartellamt saw the use of the conditions of use as an abuse of dominant position. It found Facebook dominant in the national market for the provision of social networks. It abuses this position by, contrary to the provisions of the General Data Protection Regulation (G.D.P.R.), making the private use of the network dependent on its authorization to link user and user device-related data generated outside of facebook.com with personal data without further consent of the users. With a resolution dated 06.02.2019, the Federal Cartel Office prohibited Facebook and other group companies from using the corresponding terms of use and processing personal data accordingly. The Federal Court of Justice on 23.06.2020 upheld this decision.

Margrethe Vestager, the current European Commissioner for Competition since 2014, has also recently stated before the European Parliament’s economy committee on Tuesday that there could be scope for “investigating if it’s actually legal for a dominant provider to stop supplying” services, adding that the EU “would have a number of tools to use.”

To be continued further….

The traditional competition/anti-trust law paradigm, both in India and jurisdictions abroad, aims to tackle all abuses under two broad heads:

Violations through Anti-competitive agreements
Violations through Abuse of dominant position

While action is possible against the first only post the agreement coming into effect, competition law allows action against the second even at a pre-execution stage, through the mergers and acquisitions/combinations regime.

Furthermore, traditional competition law enforcement (including in India) has till date limited investigations to pricing models of goods and services on the presumption that companies with greater market power are incentivised to monopolise profits by charging more or limiting supplies. However, with the proliferation of “free” services in exchange for information whose hidden cost appears to be evidently a degradation in privacy protection, competition/anti-trust regulators around the world are now required to tackle a different threat to competition posed by digital businesses other than that of cost of goods or services or its demand and supply.

This would help partially explain why as of today, none of the competition/anti-trust investigations and suits which have recently been launched against ‘Big Tech’ companies in the E.U. and the U.S.A. have focused on consumer privacy protection. Google and Facebook have been charged with allegations of abuse of dominant position, but with respect to their commercial conduct against competitors and not against consumers. Apple has been charged with enforcing unfair policies on its App Store against application developers but not for consumer privacy harm. This coupled with an inability to properly understand technology and its stupendously fast evolution in the last two decades has left regulators picking low hanging fruit, i.e., anti-competitive harm which is possible to fit within the block pegs of comprehensible economic theory.

The traditional train of thought across jurisdictions has been that privacy issues are covered under a separate regulatory mechanism and do not fall under the purview of competition law enforcement. There has also been a second train of thought that competition law enforcement and privacy law enforcement cannot go hand in hand, as they are antithetical to each other, i.e., enforcing privacy or data protection leads to the dominance of a select few, thus stifling innovation in markets. However, there is now a developing strain of thought, particularly in the E.U., that compelling a consumer to access a service only on a pre-condition of their acceding to particular terms of agreement could constitute an abuse of dominant position on the part of such a service provider as the user loses the right of self determination or choice, particularly in the context of dominant social media services like Facebook or WhatsApp.

UNITED STATES OF AMERICA (U.S.A.)

Anti-trust enforcement in the U.S. has relied on an adversarial litigation process, mostly guided by the consumer welfare standard, i.e., a focus on lower prices and greater output. This is the primary reason why ‘Big Tech’ companies like Google and Facebook have received virtually no anti-trust scrutiny until recently. In fact, both companies have in response to the litigations raised against them, have countered by saying that the Federal Trade Commission (F.T.C.), the anti-trust enforcement body in the U.S., had cleared their respective acquisitions after careful scrutiny and reopening them or divesting them now would amount to a violation of the sanctity of the law concerning mergers and acquisitions process itself.

The matter of Nielsen Holdings N.V. and Arbitron Inc., FTC File No. 131 – 0058 demonstrates the F.T.C.’s ability to identify the importance of data in merger and acquisition review. By way of background, Nielsen and Arbitron competed in the supply of syndicated cross-platform audience measurement services to media companies and advertisers. The F.T.C. found that access to data posed a significant barrier to entry and obtained a consent order “requiring divestiture of assets to Arbitron’s cross-platform audience measurement services business, including audience data with individual-level demographic information and related technology, and intellectual property.”

Similarly, in The Dun & Bradstreet Corporation Case, FTC File No. 091-0081, the F.T.C. sued The Dun & Bradstreet Corporation, challenging its February 2009 acquisition of Quality Education Data (QED) and alleging that the deal hurt consumers by eliminating nearly all competition in the market for kindergarten through twelfth-grade educational marketing databases. The data sold by these companies was used to sell books, education materials, and other products to teachers and other educators nationwide. The combination of the two companies had given Dun & Bradstreet, through its subsidiary Market Data Retrieval (MDR), more than ninety percent of the market for K-12 educational marketing data, according to the complaint filed by the F.T.C. Dun & Bradstreet acquired QED from Scholastic, Inc. for about $29 million, which was below the threshold amount that would have required the companies to notify U.S. antitrust authorities before finalizing the deal. It ultimately chose to settle the case. The F.T.C. settlement required Dun & Bradstreet to divest certain assets to MCH Inc., an institutional and educational data company active in the K-12 data market, to restore competition that was eliminated as a result of the transaction. Under the terms of the settlement, Dun & Bradstreet sold MCH an updated K-12 database, the QED name, and certain associated intellectual property.

Both these cases clearly display the trend in the U.S.A. The F.T.C. DOES NOT enter into privacy issues when enforcing anti-trust law on data issues. Rather, the trend is rather the opposite – to prevent the monopolisation of data. It is believed, both in academic and enforcement circles, that using anti-trust law to vindicate privacy interests could make it harder for innovative companies to thrive with new products or technology-based offerings and this could potentially result in less competition. Thus, it is not per se considered an anti-trust issue if a company holds a lot of data.

The F.T.C. though has under its Consumer Protection Authority sued Facebook in the past for multiple privacy violations, which ultimately culminated in a five billion dollar settlement in 2019.

To be continued….