Law in the Internet Society

Combatting the Big Data Conundrum using Antitrust Laws

-- By BalajiVenkatakrishnan - 07 Oct 2019

The advent of digitalization and data analytics has transcended the traditional understanding of markets and their regulation. Data-driven business models have become crucial to gain efficiencies, and create customer benefits, but have also been deployed to gain competitive advantages and market power. The latter could result in competition foreclosure, exclusionary practices, and other anti-consumer effects. In fact, 79.4% of participants in a survey feared displacement by competitors with ‘data cultures’. This is concerning for two broad reasons - (1) the game of big data capitalism is dominated only by few companies like Facebook and Google; and (2) legislatures around the world are struggling to devise comprehensive regulations vis-a-vis data, given its overarching effect on every stakeholder in society, and the economy. Despite this, the European Commission (EC) and the German Federal Cartel Office (FCO) have used antitrust law to regulate the impact of data-driven businesses on not just competition, but also consumers' privacy and data rights. In this brief paper, I attempt to highlight important instances of such regulation, and thereafter argue that regulators must embrace enforcing antitrust law to assess the impact of data, as opposed to waiting for comprehensive legislation. Lastly, given that India's antitrust regime is nascent, I provide some recommendations to its existing regime based on global experiences.

Global Experiences - Using Antitrust to Regulate Data

Regulators struggle balancing the pro-competitive effects and anti-competitive conduct arising from the use of data, as they are traditionally price-centric in evaluating markets while data is difficult to value. However, increasing number of data-related transactions have made regulators deviate from conventional methods to ensure data’s minimal impact on competition. For instance, in 2014, the EC analyzed whether Facebook could use WhatsApp? as a data source to augment its position in advertising (post-acquisition) and noted an absence of competition concerns, as Google dominated data collection. This was a significant development, as it recognized the possibility of defining markets solely based on data. Nevertheless, the EC's conclusion had some drawbacks. For instance, it assumed Google's data to be substitutable with Facebook's data. This seems erroneous, as Google would most definitely use its data in ways different from Facebook. Additionally, the analysis was limited, as it ignored the privacy-concerns that consumers could experience on account of the acquisition.

This latter concern regarding consumers' privacy was later resolved in the EC's analysis of Microsoft's acquisition of LinkedIn? . Specifically, the EC recognized that, Microsoft’s intention to integrate LinkedIn? into its products (post-acquisition) could - (1) result in severe data-related network effects, which could foreclose competition and create entry barriers in the professional social networking market; and (2) reduce consumers' privacy-protection. Consequently, the EC approved the transaction only after Microsoft offered behavioural commitments addressing these concerns.

Further, Germany and Austria amended their antitrust merger law to detect acquisitions of companies (with low assets and turnovers) in the digital sector, by requiring notification of transactions based on value. A similar amendment is being considered across the European Union (EU). Prior to the amendment, potential acquisitions or mergers were vetted only based on asset and turnover numbers. Consequently, the amendment is a significant development, as it indicates that legislatures are also becoming hyper aware of the possibility of technology giants getting bigger through the acquisition of other data-driven startups and businesses, which generally tend to have limited assets and turnover, thereby circumventing competition regulators' jurisdiction. From a legislative standpoint, this could be a very good first step in reigning in the impact of data using antitrust law, while contemplation ensues on comprehensive regulations.

In 2017, privacy-related concerns in antitrust received renewed attention from the FCO. This was extremely significant, as the FCO was not posed with a merger analysis, but was required to examine a potential abuse of dominance by Facebook. The FCO preliminary assessed Facebook’s practice of merging data generated through Facebook users’ use of third-party applications (like Instagram, WhatsApp? , and embedded applications on Facebook) with their respective Facebook user accounts to be an abuse of dominance. It stated that users could not have effectively consented to this practice, given Facebook’s dominance, and even viewed this as a potential data protection violation. In February 2019, the FCO, in line with its preliminary assessment, _issued a prohibition order against Facebook_ for abusing its dominant position. In its order, the FCO explicitly held that Facebook used its dominance to impose a data processing policy that consumers could not have effectively consented to. More importantly, the FCO consulted with several data protection authorities, and assumed jurisdiction over enforcing aspects of the EU's General Data Protection Regulations (GDPR), and held that Facebook also violated the GDPR. Presently, Facebook has moved to appeal this case.

Compared to such experiences in the EU, U.S.A. has generally refrained from commenting on data-related transactions. However, in 2014, the Department of Justice successfully challenged a consummated merger between two online ratings and reviews platforms, on grounds that it could result in severe data-related network effects, creating unscalable entry barriers and increased switching costs. Consequently, the acquirer was made to divest the target’s assets to restore competition. Presently, using antitrust law to enforce such divesture on technology giants like Facebook has garnered renewed attention vide Ms. Elizabeth Warren's presidential campaign.

In light of the preceding discussion, it is evident that antitrust law can and has been used to regulate data related concerns, including consumers' privacy and data protection. Given the GDPR, the latter must not be considered as only viable in the EU. This is because, even prior to the FCO's enforcement of the GDPR, the EC acknowledged privacy-concerns to be part of competition issues in the Microsoft/LinkedIn case. Consequently, it is imperative that regulators across the world use antitrust law to regulate data. This is pertinent, as legislative and long-term solutions to the data conundrum are truthfully difficult to evaluate, as the threat model is not only subject to continuous evolution, but also has an overarching impact radius that is difficult to account for comprehensively. Until this innovation has been devised, it is evident that antitrust law is the global vehicle to address this issue, before world economies cannot keep up with and loose sight of the curve.

Lessons for India & Conclusion

Compared to global experiences, India’s unbridled focus on digitalizing its economy has outpaced its legal regime. A comprehensive law on data protection was proposed only in 2018, the right to privacy was not recognized as fundamental until 2017, and even India’s antitrust merger law was given effect only in 2011. Given that antitrust law (the suggested medium to regulate data) in itself is nascent in India, companies have unsurprisingly seized data-related opportunities to gain advantages. Illustratively, in 2014, a competitor acquisition by India’s leading cab aggregator aimed at gaining an advantage over Uber was not notified to the competition regulator, as the transaction did not exceed merger thresholds. Additionally, an abuse of dominance complaint against WhatsApp? for revising its terms to permit sharing of its user data with Facebook was dismissed. In contrast, and as discussed above, the FCO has held Facebook to have abused its dominant position, and to have the GDPR in relation to a similar complaint.

Thus, it is imperative for India to retool its existing antitrust regime to tackle the data conundrum, while contemplation on comprehensive legislation ensues. Firstly, India must amend its merger thresholds to account for transaction value to be able to detect digital transactions (like Germany). Additionally, despite the lack of data protection laws, the regulator could consider consumers’ privacy-concerns under the garb of quality competition while evaluating transactions that could create network effects or entry barriers. Lastly, India must consider establishing a committee of competition, data and privacy experts with comparative knowledge, to help educate and aid the antitrust regulator on issues involving an intersection of these concepts. While these recommendations are specifically directed towards India, countries with a similar lack of experience could also consider implementing them, as antitrust law seems the only viable modus to effectively deal with the data conundrum at present.


Webs Webs

r7 - 09 Oct 2019 - 17:56:08 - BalajiVenkatakrishnan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM