This article – published in (2017) Common Market Law Review 54 11 – looks at the relationship between privacy and competition law (in the EU). The authors state that, instead of getting into a discussion of whether public policy considerations regarding data privacy should be considered as part of consumer welfare, they are looking instead at the elective affinities between privacy and competition law. Curiously, they seem to reach a conclusion related to competition assessment (i.e. the impact of data protection on consumer welfare): “data protection conditions offered to individuals can reflect the parameters of quality, choice, and innovation”
The paper makes two primary arguments:
- that data protection law– a framework designed to identify and achieve an optimal level of personal data protection – can provide the normative guidance that competition law lacks in relation to non-price competitive parameters;
- it develops a normative benchmark to assess whether certain competition law commitments and remedies should be accepted.
The structure of the paper is as follows: after the introduction, a first section identifies the common characteristics of data protection and competition law. This section acknowledges the differences in scope and methods of data protection and competition law, but argues that “the level of data protection offered to individuals is also subject to competition. Thus, even the aspects of data protection law that ostensibly relate to non-economic concerns – such as the conditions governing the processing of personal data – may be parameters of competition.” They also identify a number of common objectives to both EU data protection and competition law. Given the commonalities and intertwining of data protection and competition law, they move on to argue that “data protection can have a normative influence in assessing anti-competitive behaviour [related to competition on data protection parameters]”. To demonstrate this, they distinguish between the role of data in assessing market power (which has been the main focus of the literature on the topic) and as a parameter of competition.
They then move to develop a framework within which privacy considerations can be inserted into competition assessments – based on data protection law. The authors start from the fact that most data processing requires consent under the law. They take this to mean that data processing terms are contractual, offers and that data protection rules could provide an adequate yardstick to determine whether a competition infringement has taken place. I confess to some difficulties in following their reasoning, but the basic idea seems to be that agreements and practices by dominant parties that infringe data protection law should merit particular scrutiny. This is then followed by a section on the role that the EU Charter of Fundamental Rights regarding personal data rights can have in limiting the types of admissible remedies and commitments under EU Competition Law.
The article echoes what seems to be the position behind the German case against Facebook. However, it does not address one of the main concerns raised regarding this case: whether it is possible to develop a theory of harm based on privacy considerations alone. After all, saying that data protection rules provide a useful yardstick to guide enforcement action does not really amount to providing a standard that can be used to distinguish between pro- and anti-competitive practices, or to balance price and non-price competitive dimensions.
I would also have liked to have seen other arguments made in the article be more developed. For example, the authors argue that EU competition law and data protection rules share, as common objectives: “promoting market integration, protecting individuals, and tackling power asymmetries”. However, this exact sentence could be applied to the relationship between EU competition and consumer protection law, but I never heard anyone argue that the use prohibited consumer contract clauses should be relevant to identify infringements of competition law. This is not to say that this could not be a relevant consideration, but I would have liked to better understand what a theory of competitive harm based on this would look like.
Despite my obvious inability to fully agree with the article’s main argument, I very much respect how the article attempts to deal head-first with an important issue: even as we acknowledge privacy as a relevant parameter of competition, we lack the normative tools to assess non-price parameters related to data protection. The authors try to develop exactly such a normative tool – without much success, in my opinion, but they do make a valiant effort.