by Shreya Bhukhmaria and Vinesh Chaudhary
Consumer data is both an input for online services and a commodity asset for advertisers in the online commercial sector. The global rise of the digital economy has been spurred by the boom in the technology and internet industries. This has considerably improved the mechanism of large corporations and start-ups collecting, analyzing, and financially exploiting data. The concept of ‘big data’ is the collection of vast amounts of data at a high rate and then processing it by computing software to produce unique datasets with significant commercial value.
Data-related concerns are under the purview of data protection regulations, but with the advancement of technology and digitalization, the topic has been scrutinized by antitrust regulators throughout the world to see if ‘big data’ may stifle market competition. Before delving into this question, it’s pertinent to consider the benefits and efficiency that come from commercializing or commodifying big data.
Consider how regularly used search engines operate. They construct extensive user profiles using self-learning computing algorithms that monitor, record, and evaluate search keywords entered by users, as well as websites ‘clicked on,’ and combine it with data obtained from other apps and services such as e-mail or data processing services. This process is followed by selling of the customized and unique data assets to various web advertisers and enterprises for targeted advertising.
This article discusses the various aspects of data privacy that qualify it as a concern of Competition law. This issue will be covered under four different heads, namely- Data as a non-price parameter of competition; Data acts as a means to obtain an unfair competitive advantage in the market; Data protection of consumers as a legitimate aim of Competition law, and lastly, Benefits of incorporating privacy into competition analysis.
Data as a non-price parameter of competition
Competition includes price as well as non-price parameters. Within the latter, quality and innovation are fundamental aspects. Data can be treated as a non-price parameter of competition in that privacy is a quality component of many of the ‘free’ digital services available to customers and that obtaining ‘too much’ information might result in a deterioration in the product or service’s quality. Quality drives innovation and economic growth, and a decrease in quality can be as harmful to consumers as a price increase. Thus, maintaining and improving quality are essential competition policy objectives. Agency speeches, submissions, and proposed guidance in several jurisdictions have recognized that competition may be based on data protection or privacy as an element of product or service quality. In platform business models such as that of Facebook, WhatsApp, Amazon, etc., monetary price is absent, and the use of personal data is associated with data privacy concerns; privacy forms a dimension of product quality. The ECJ confirmed this approach in Microsoft/Skype, where it assessed the merger’s potentially detrimental impact on non-price competition in the form of degradation of innovation and service quality.
Under Competition law, a diminution in consumer data protection and users’ control over their customized data is considered a reduction in quality. Lower data protection by a dominant enterprise can result not only in consumer exploitation but also exclusionary effects, as large platforms and enterprises can significantly establish and strengthen their status and leverage themselves in adjacent or even unrelated markets, creating overwhelming entry barriers for new entrants. Integrated platforms can combine data from all of the services they offer, or data stashes can be aggregated together as a consequence of firm mergers or acquisitions or aggregated without consumers’ knowledge or engagement, resulting in valuable and novel knowledge about them. The information resulting from such analysis serves as an input of production when firms use it to provide and improve their services, mainly through the personalization of online services and targeted advertising.
Superior technology and the ‘internet of things’ have infiltrated our social connections, buying habits, and even societal conventions to the point where the Indian consumer is digitally savvy but not yet privacy-conscious.
Individual privacy rights must be effectively enforced while preserving a healthy competitive environment, which necessitates going beyond an “either-or” mindset and a holistic approach from several regulatory viewpoints. Thus, Competition law can supplement data privacy legislation by factoring in the privacy-as-a-quality (non-price) competition parameter to the extent that privacy degradations can be connected to market power and are not exceeded by other welfare improvements.
Data acts as a means to obtain an unfair competitive advantage in the market-
The ability to collect vast amounts of data gives platforms a considerably advantageous position in the relevant market over other companies. The actions of cross-linking and integrating the user data for using it for specific purposes like targeted advertising not only gives leverage to the conglomerates but also trigger exclusionary effects, which have the potential to undermine the competitive process and create barriers to market entry for the new entrants.
With the introduction of the cloud and new technology, businesses can now swiftly analyze and make sense of massive volumes of data. Customers’ personal information, search activity, content preferences, conversations, social network posts, GPS position, and use patterns can now be collected directly by Internet-connected goods and services. In such a data-driven ecosystem, Competition law needs to examine whether the excessive data collection and the extent to which such collected data is subsequently put to use or otherwise shared have anti-competitive implications, which require antitrust scrutiny.
The amassment of data for gaining a significant advantage over the competitors has been held to be wrong per se. In the case of GDF Suez (Engie) GDF Suez had data on virtually all customers in France, around 11 million in 2007, as a result of its previous regulated gas delivery. The information included extensive information on client identity, contact information, the supply site, the contractual connection, and consumer demands, among other things. GDF Suez utilized the information to make it easier for clients to convert from regulated to unregulated options, as well as to “recover” customers who had shifted to rival unregulated offers. This offered GDF Suez a major competitive edge, potentially eliminating competition. The Authority, through this ruling, decided that GDF Suez will have to enter into a data processing agreement with any approved gas providers willing to have access to the data in its function as “data controller”. This access will allow GDF Suez’s competitors to compete on an equal footing with the incumbent operator by allowing them to better inform customers about the competitive offers they are currently promoting.
The decision of the French authority came as a blow to the large enterprises who were developing an unfettered and unjustified edge over the other competitors in the relevant market, who due to their inaccessibility to such data, become vulnerable to either getting excluded or facing severe problems in sustaining themselves in such an anti-competitiveenvironment.
Due to the prominence of network effects, the dominant corporation in digital marketplaces sometimes acts as a gatekeeper, requiring other companies to be present on this dominating platform, such as Amazon, Google, and so on, in order to be seen. The dominant corporations then tend to take advantage of this. This may be demonstrated in the instance of Google Shopping, where Google favored its own comparison-shopping service above competitor comparison-shopping services in terms of positioning and appearance. Other merchants and consumers may suffer as a result of the fewer options available.
Data protection of consumers is a legitimate aim of Competition law
All contemporary Competition laws prioritize the protection of consumers’ interests. Data protection of consumers is a legitimate aim of Competition law since one of the primary goals of Competition law is to maximize consumer welfare and protect consumer interests. Competition law targets those kinds of business behaviors that have a net negative effect on consumer welfare. Privacy being intrinsic to consumer welfare corroborates the data considerations part and parcel of Competition law.
Privacy harms can reduce consumer welfare, which is a principal goal of modern antitrust analysis and privacy harms can lead to a reduction in the quality of a good or service, which is a standard category of harm that results from market power. Hence, it is a normal part of antitrust to assess such harms and aim to minimize them.
There have been situations where data transfer takes place without the voluntary consent of the consumers, who are devoid of alternatives and are forced to use the platforms comprising their privacy. The Supreme Court of India has observed that the main objective of Competition law is to use competition as a tool to promote economic efficiency and assist in creating a market as responsive to consumer preferences. The ultimate goal of competition policy is to provide a legislative framework that allows other policies to work together to improve competitive outcomes in the country. A healthy competition policy is not only important for the economic policy framework, but it also benefits consumers and society. It serves consumers by creating a corporate climate in which effective resource allocation ultimately reduces or eliminates market power abuse.
Section 4 of the Competition Act of 2002 protects the interests of the customers by recognizing that a company or group is misusing its dominant position if it inhibits or restricts technological or scientific advancement linked to goods or services to the detriment of consumers. According to Section 18 of the Act, the Competition Commission of India has the authority to take suo moto action in order to eradicate practices that have a negative impact on competition, promote and sustain competition, safeguard consumers’ interests, and ensure freedom of trade in Indian markets.
Benefits of Incorporating Privacy into Competition Law
A very general question that comes to mind is: is there really a need to incorporate privacy into competition analysis? Or is there any benefit in incorporating privacy into competition analysis? Because privacy and security are “being increasingly valued” by consumers, the Commission justified the necessity to recognize data privacy as a competition criterion in the Facebook/WhatsApp merger. As a corollary, the challenge for Competition law is whether the market respects customers’ privacy demands and if the inability to do so may be related to market power. Furthermore, in marketplaces where personal data is a vital input for delivering services, such as ad-supported two-sided markets, privacy concerns can be significant competitive restraints on how companies utilize data about their customers in the advertising market. This means that disregarding privacy issues might lead to false positives, where the advertising side’s market strength is assumed without regard for competitive restrictions originating from the ‘consumer side’ due to privacy concerns.
Recognizing privacy as a competitive characteristic may therefore encourage businesses to strive for even better levels of privacy than those granted by the regulations. This measure might also encourage businesses to absorb some of the costs. Externalities to other customers and society at large are neglected under the current system’s existing data protection laws.
Another question to be answered here is: when is it appropriate for the competition authorities to intervene? Competition regulators should only act if the dominant firm’s behavior is either exploitative of its consumers’ privacy or excludes prospective rivals. Furthermore, when evaluating data-driven mergers, competition law should be cautious. The EU Competition law merger test is a substantial obstacle to successful competition. One of the factors in this test should be privacy protection. The combination of Facebook and WhatsApp is an excellent example of this. The Commission noted in the Facebook/WhatsApp merger that privacy and data security are essential competitive characteristics. However, the Commission neglected to consider the impact of the merger on the parties’ motivations to compete on privacy. As a result, WhatsApp modified its privacy policy to allow it to exchange and gather data from Facebook. This case demonstrates the importance of competition authorities taking a forward-looking perspective when examining the implications of a merger. When examining data-driven mergers, it’s important to consider if the merger would encourage firms to compete on the basis of privacy regulations. Furthermore, competition regulators must exercise caution when examining mergers between dominant corporations and companies that might serve as future competitors.
This article is co-authored by Shreya Bhukhmaria and Vinesh Chaudhary, third-year students at NALSAR University of Law, Hyderabad.
Society for International Trade & Competition Law 
Leave a comment