This paper – which you can find here – asks whether it is possible to protect privacy through competition.
The paper begins from the observation that we are witnessing the advent of many businesses dedicated to offer zero-price services in exchange for advertising revenues and data. While not completely new – old media companies had similar business models –, these new businesses benefit from “new” digital technologies to collect, store and analyse huge amounts of users’ data. Thus, it is unsurprising that user data are now conceptualized as the currency for the many services and products that users find on the Internet at zero-price.
Given this, the question the authors seek to address is “whether and how EU competition law could be enforced as a substitute of EU data protection law.” At this point, I must ask you to moderate your screams of “sacrilege”, appropriate as they may be for the festive season, and give the article a chance. The paper and its conclusions are quite orthodox (and not that focused on EU law).
- Section 2 analyses the current approach that the European Commission has chosen to follow in connection to the privacy concerns that some merger cases have raised (Google / DoubleClick, Facebook / WhatsApp, Microsoft / LinkedIn, etc.). The bottom line is that in all these decisions the Commission reiterated the separation of privacy and competition matters, even if more recently it has recognised that “consumers may see privacy as a significant factor affecting the quality of the goods available on the Internet” and “that digital platforms may compete in providing more or less privacy-friendly products and services”.
- Section 3 very usefully provides an overview of the four main theories of harm that antitrust scholars have elaborated to comingle privacy questions and antitrust issues. The first theory is that network effects and other structural features characterizing digital markets strengthen the market power of digital platforms and, thus, decrease their incentives to compete to offer high levels of privacy or privacy-friendly products, services and technologies. The second theory is that mergers between companies that hold big data, by increasing their joint data booty, would allow the entity resulting from the merger to have even more tools to profile individuals and invade their privacy. The third theory is that privacy is a dimension of quality. Assuming that goods which are not privacy-friendly are low-quality goods, then we must conclude that these goods make consumer welfare decrease. The fourth and last theory is that “«privacy policies could be considered from a competition standpoint whenever these policies are liable to affect competition, notably when they are implemented by a dominant undertaking for which data serves as a main input of its products or services».
- These theories of harm are then criticised in section 4. The first theory does not hold because competition law does not apply to market structures. Furthermore, failure to innovate and to offer the best possible quality products are not breaches of antitrust; the second theory transforms privacy violations into antitrust violations, and wants to apply antitrust beyond its scope; the third theory fails to acknowledge that quality is not a mono-dimensional feature – quality may depend not only on privacy but also on other factors, such as speed or accuracy. Thus, even if there is a reduction of privacy, it would not be easy to assess the effect that such a conduct has on the overall quality of digital goods. Secondly, empirical studies have failed to establish that privacy-sensitive consumers would pay more to use more privacy-friendly goods, or would accept less developed services and products in exchange for more privacy-enhancing solutions. Thirdly, from a technical standpoint, quality-driven assessments are difficult to pursue. Lastly, the fourth theory, which seems to underpin the German investigation of Facebook, lacks a proper standard to assess conducts and, in the extreme, risks equating all infringements of data protection law to infringements of competition law.
- Finally, Section 5 presents the authors’ conclusions. As announced above, they are quite orthodox. They strongly criticise calls for using competition law to protect privacy law goals. Instead, they argue that privacy issues may find their way into antitrust assessments only if it is established that, in some specific markets, consumer welfare strongly depends on the goods’ quality and, in turn, quality strongly depends on the levels of privacy guaranteed to users. This, however, will likely be very difficult to demonstrate in practice.
I really enjoyed this little piece (it’s only 12 pages!). Short and to the point, it provides a fair overview of the lay of the land on the intersection between data protection and competition. I would not have minded a bit more conceptual depth in the authors’ treatment of the interaction between competition and privacy, and would have enjoyed a bit more detail regarding the practical difficulties of using privacy as a competitive benchmark, but those are minor quibbles. Highly recommended.