Combatting the Big Data Conundrum using Antitrust Law

Digitalization and data analytics have transcended the traditional understanding of markets and their regulation. Data has become crucial to gain efficiencies, but has also been used to gain competitive advantages and market power. The latter could result in competition foreclosure, exclusionary practices, and anti-consumer effects. In fact, 79.4% of participants in a survey feared displacement by competitors with data cultures. This is concerning for two reasons - (1) big data capitalism is dominated by few companies like Facebook and Google, and this could result in the big getting bigger; and (2) legislatures around the world are struggling to devise regulations vis-a-vis data, given its overarching effect on society, and the economy. Despite this, the European Commission (EC) and the German Federal Cartel Office (FCO) have used antitrust law to regulate the impact of data on not just competition, but also consumers' data rights.

I'm not sure why "Despite this." The paragraph is rich in information, but it does not make its argument clearly.

In this brief paper, I highlight important instances of such regulation, and argue that regulators must embrace enforcing antitrust law to regulate data. Lastly, given that India's antitrust regime is nascent, I provide some recommendations based on global experiences.

This clarifies that the draft is a sales pitch for a product: "Antitrust law—You need it to regulate your country's part of the global data economy." I think you would be more effective putting it right at the top and then launching into the information about why your solution is needed to solve a problem your information defines.

Global Experiences

Regulators struggle balancing the pro-competitive effects and anti-competitive conduct arising from the use of data, as they are traditionally price-centric in evaluating markets while data is difficult to value. However, increasing number of data-related transactions have made regulators deviate from conventional methods. In 2014, the EC analyzed whether Facebook could use WhatsApp? as a data source to augment its position in advertising (post-acquisition) and noted an absence of competition concerns, as Google dominated data collection. This recognized the possibility of defining data-based markets, but also had some limitations. For instance, it assumed Google and Facebook's data to be substitutable, which is erroneous, as Google would use its data in different ways from Facebook. Additionally, the analysis ignored the consumers’ privacy concerns post-acquisition.

The latter concern regarding consumers' privacy was later addressed in the Microsoft/LinkedIn analysis. The EC recognized that, Microsoft’s intention to integrate LinkedIn? into its products (post-acquisition) could not only result in severe data-related network effects, but could also reduce consumers' privacy-protection. Consequently, the EC approved the transaction only after Microsoft offered behavioral commitments addressing these concerns.

Further, Germany and Austria amended their antitrust law to detect acquisitions of companies (with low turnovers) in the digital sector, by requiring notification of transactions based on value. Prior to the amendment, transactions were vetted based on assets and turnover. This resulted in technology-based transactions circumventing the regulator’s jurisdiction, as businesses were generally acquired for significant consideration in their nascent stages when they had limited assets and turnover. Consequently, the amendment is significant, as it indicates that legislatures are also becoming hyper aware of the technology giants getting bigger.

In February 2019, the FCO, in an unprecedented decision, used antitrust law as the base to drive home the importance of protecting consumers’ privacy concerns. The FCO held that Facebook abused its dominance vide its data processing policy, which authorized its practice of merging data generated through Facebook users’ use of third-party applications (like Instagram, WhatsApp? , and embedded applications on Facebook) with their respective Facebook user accounts. The FCO held that, given Facebook’s dominance, consumers could not have effectively consented to such a policy. More importantly, the FCO consulted with several data protection authorities, and also assumed jurisdiction over enforcing the European Union’s (EU) General Data Protection Regulations (GDPR), and held that Facebook also violated the GDPR. Presently, Facebook has appealed this case.

Compared to such experiences in the EU, U.S.A. has generally refrained from commenting on data-related transactions. However, in 2014, the Department of Justice successfully challenged a consummated merger between two online ratings platforms, on grounds that it could result in severe data-related network effects. Consequently, the acquirer was made to divest the target’s assets to restore competition. Presently, using antitrust law to enforce such divesture on technology giants like Facebook has garnered renewed attention vide Ms. Elizabeth Warren's presidential campaign.

In light of the preceding discussion, it is evident that antitrust law can and has been used to regulate data’s impact, including consumers' privacy protection. Given the GDPR, the latter must not be considered as only viable in the EU. This is because, even prior to the FCO's enforcement of the GDPR, the EC acknowledged privacy-concerns to be part of competition issues in the Microsoft/LinkedIn case. Consequently, it is imperative that regulators across the world use antitrust law to regulate data. This is pertinent, as legislative solutions to the data conundrum are truthfully difficult to evaluate, as the threat model is not only subject to continuous evolution, but also has an overarching impact radius that is difficult assess. Consequently, while comprehensive legislation is being devised, antitrust law must be enforced to ensure that big companies don't get bigger.

Lessons for India

India’s unbridled focus on digitalizing its economy has outpaced its legal regime. A comprehensive law on data protection was proposed only in 2018, the right to privacy was not recognized as fundamental until 2017, and India’s antitrust merger law was given effect only in 2011. Consequently, companies have unsurprisingly seized data-related opportunities to gain advantages. Illustratively, in 2014, a competitor acquisition by India’s leading cab aggregator aimed at gaining an advantage over Uber was not notified to the competition regulator, as the transaction did not exceed merger thresholds. Additionally, an abuse of dominance complaint against WhatsApp? for revising its terms to permit sharing of its user data with Facebook was dismissed.

Thus, it is imperative for India to retool its existing antitrust regime to begin tackling the data conundrum.. Firstly, India must amend its antitrust merger law to account for transaction value, as this will enable detection of digital transactions. Additionally, despite the lack of data protection laws, the regulator could consider consumers’ privacy-concerns under the garb of quality competition, and in the context of network effects. Lastly, India must consider establishing a committee of competition, data and privacy experts with comparative knowledge, to help educate and aid the regulator with this emerging challenge.