Combatting the Big Data Conundrum using Antitrust Law

-- By BalajiVenkatakrishnan - 07 Oct 2019

The objective of this paper is to urge India's nascent Competition Commission (CCI) to learn from the European Commission (EC) and German Federal Cartel Office (FCO) about the significant value of antitrust law as a means to combat the omnipresent concerns posed by big data.

This is of extreme importance, given that digitalization and data analytics have transcended the traditional understanding of markets and their regulation such that, data is being used to gain competitive advantages and market power, which in turn causes competition foreclosure, exclusionary practices, and anti-consumer effects. In fact, 79.4% of participants in a survey feared displacement by competitors with data cultures. This is concerning for two reasons - (1) big data capitalism is dominated by few companies like Facebook and Google, and this could result in the big getting bigger; and (2) legislatures around the world are struggling to devise regulations vis-a-vis data, given its overarching effect on society, and the economy.

Accordingly, I will first highlight important instances where the EC and FCO have used antitrust law to regulate the impact of data on not just competition, but also consumers' data rights. Thereafter, basis these global experiences, I offer certain recommendations to the nascent Indian antitrust regime in the hope that it could result in efficient and holistic progress.

I'm not sure why "Despite this." The paragraph is rich in information, but it does not make its argument clearly.

This clarifies that the draft is a sales pitch for a product: "Antitrust law—You need it to regulate your country's part of the global data economy." I think you would be more effective putting it right at the top and then launching into the information about why your solution is needed to solve a problem your information defines.

Global Experiences

Regulators struggle balancing the pro-competitive effects and anti-competitive conduct arising from the use of data, as they are traditionally price-centric in evaluating markets while data is difficult to value. However, increasing number of data-related transactions have made regulators deviate from conventional methods. In 2014, the EC analyzed whether Facebook could use WhatsApp? as a data source to augment its position in advertising (post-acquisition) and noted an absence of competition concerns, as Google dominated data collection. This recognized the possibility of defining data-based markets, but also had some limitations. For instance, it assumed Google and Facebook's data to be substitutable, which is erroneous, as Google would use its data in different ways from Facebook. Additionally, the analysis ignored the consumers’ privacy concerns post-acquisition.

The latter concern regarding consumers' privacy was later addressed in the Microsoft/LinkedIn analysis. The EC recognized that, Microsoft’s intention to integrate LinkedIn? into its products (post-acquisition) could not only result in severe data-related network effects, but could also reduce consumers' privacy-protection. Consequently, the EC approved the transaction only after Microsoft offered behavioral commitments addressing these concerns.

Further, Germany and Austria amended their antitrust law to detect acquisitions of companies (with low turnovers) in the digital sector, by requiring notification of transactions based on value. Prior to the amendment, transactions were vetted based on assets and turnover. This resulted in technology-based transactions circumventing the regulator’s jurisdiction, as businesses were generally acquired for significant consideration in their nascent stages when they had limited assets and turnover. Consequently, the amendment is significant, as it indicates that legislatures are also becoming hyper aware of the technology giants getting bigger.

In February 2019, the FCO, in an unprecedented decision, used antitrust law as the base to drive home the importance of protecting consumers’ privacy concerns. The FCO held that Facebook abused its dominance vide its data processing policy, which authorized its practice of merging data generated through Facebook users’ use of third-party applications (like Instagram, WhatsApp? , and embedded applications on Facebook) with their respective Facebook user accounts. The FCO held that, given Facebook’s dominance, consumers could not have effectively consented to such a policy. More importantly, the FCO consulted with several data protection authorities, and also assumed jurisdiction over enforcing the European Union’s (EU) General Data Protection Regulations (GDPR), and held that Facebook also violated the GDPR. Presently, Facebook has appealed this case.

Compared to such experiences in the EU, U.S.A. has generally refrained from commenting on data-related transactions. However, in 2014, the Department of Justice successfully challenged a consummated merger between two online ratings platforms, on grounds that it could result in severe data-related network effects. Consequently, the acquirer was made to divest the target’s assets to restore competition. Presently, using antitrust law to enforce such divesture on technology giants like Facebook has garnered renewed attention vide Ms. Elizabeth Warren's presidential campaign.

In light of the preceding discussion, it is evident that antitrust law can and has been used to regulate data’s impact, including consumers' privacy protection. Given the GDPR, the latter must not be considered as only viable in the EU. This is because, even prior to the FCO's enforcement of the GDPR, the EC acknowledged privacy-concerns to be part of competition issues in the Microsoft/LinkedIn case. Consequently, it is imperative that regulators across the world use antitrust law to regulate data. This is pertinent, as legislative solutions to the data conundrum are truthfully difficult to evaluate, as the threat model is not only subject to continuous evolution, but also has an overarching impact radius that is difficult assess. Consequently, while comprehensive legislation is being devised, antitrust law must be enforced to ensure that big companies don't get bigger.

Lessons for India

India’s unbridled focus on digitalizing its economy has outpaced its legal regime. A comprehensive law on data protection was proposed only in 2018, the right to privacy was not recognized as fundamental until 2017, and India’s antitrust merger law was given effect only in 2011. Consequently, companies have unsurprisingly seized data-related opportunities to gain advantages. Illustratively, in 2014, a competitor acquisition by India’s leading cab aggregator aimed at gaining an advantage over Uber was not notified to the competition regulator, as the transaction did not exceed merger thresholds. Additionally, an abuse of dominance complaint against WhatsApp? for revising its terms to permit sharing of its user data with Facebook was dismissed.

To that extent, it is apparent that the CCI is somewhat behind in understanding the significant role that antitrust law can play in regulating the impact of data (as evidenced in the above section). This is not to say that antitrust law is the only solution to combatting this conundrum. Rather, my argument is that, at present, antitrust law is an already existing and develop(ed)ing body of law that can be employed to tackle the conundrum, while suitable data protection laws are developed per global best practices. Accordingly, I urge the CCI to retool its interpretation of the existing antitrust regime to consider consumers' privacy concerns under the garb of quality competition, and in the context of network effects. In my view, this could be a good and easy to implement first step, given that the CCI has already disregarded the "free" aspect of multisided markets, as consumers offer their data in exchange for the "free" service. Further, to whatever extend possible, I propose that India's antitrust merger law be amended to account for transaction value, as this could allow for better scrutiny of data-relater or technology based mergers and acquisitions. Considering that this may be a tall order, I alternatively suggest that the thresholds associated with deal notification exemptions be made an "and" requirement instead of an "or" requirement, and/or that the these threshold numbers be reduced. That is, presently, the CCI exempts notification of mergers/acquisitions where the target company has assets and a turnover of less than Indian Rupees 3.5 billion or 10 billion respectively. If the requirements vis-a-vis this exemption are qualified by an "and" rather than "or", then it is possible that Facebook's acquisition of WhatApp? (which was not noticed to the CCI), and like transactions become notifiable. In my opinion, such an amendment would not pose too many difficulties, and would allow the CCI to - (1) be more vigilant; and (2) better use antitrust law to combat the big data conundrum.

In the end, this argument requires an existing weak area of law to become strong enough to replace other legal structures that the current government could enact if it wanted to. That would require judges to be willing to construct that regime out of competition law through the rapid evolution of competition doctrine—which not even your European courts, as opposed to government administrative agencies—have done. They would have to do so under the indifferent or hostile pressure of the government, whose administration will not take the courts' positions for them. This is, to say the least, a tall order. The reader might reasonably want to know what's Plan B?

Perhaps the draft was too committed to selling the virtues of antitrust law as a solution to the platform company problem. "Competition law will be an important component of platform company regulation" would be a more open-ended premise that would still have value—as the discussion at my SFLC/CLS conference was intended to show. If your framework question didn't imply such a strong downstream form of argument, your draft's analysis might improve.

Bala Note to Prof. Moglen - I completely understand the concerns you have pointed out vide the comment above. However, I would think that the recommendations posed above do not pose concerns to extent that you have pointed out. I say this only because, the Indian competition regulator has already been active in making necessary amendments vis-a-vis technology mergers and acquisitions. For instance, a recent amendment was made to provide effect to a green channel filing for simple mergers. At the same time, prior to my enrollment in Columbia, we had suggested amending merger control laws to reflect transaction value, or alternatively revise the existing merger thresholds to lower numbers so that tech acquisitions can come within the fold of the commission's jurisdictions. This was received with great interest, and is still being discussed.