Regulating Digital Markets: Why Privacy and Competition Assessments Must Align
The Department of Justice (DOJ) recently filed a remedy petition in the Google search antitrust violation case. The department has suggested that there should be some check when it comes to Google accessing personal data as it is one of the contributing factors when it comes to maintenance of its monopoly. The said petition comes at a time when the search giant is under intense antitrust and privacy scrutiny across the globe and it recently settled a case in Texas alleging access to unauthorised personal data such as photos and voices.
About the case
The DOJ filed a case against the search giant alleging that the company has signed multiple exclusive distribution agreements to cement its position in the online search and advertisement market. The department further held that the company has secured default positioning for its products at various access points to the internet thereby resulting in monopoly. The court held that the net effect of such agreements is that it forecloses competition and creates exclusionary effects in contravention of the Sherman Antitrust Act, and there are minimal pro-competitive effects. The court is currently in the process of finalising what remedies should be imposed in order to open the market.
Competition aspects
The DOJ had moved a petition before the District Court of Columbia under the Sherman Antitrust Act. The objective of antitrust law in the US is to ensure a level economic field and enhance the consumer welfare standard. These objectives ought to be promoted by strengthening common infrastructure and ensuring there is multiple choice available in the market. The fact that the usage of the internet is currently locked by a few big technological firms has led to rethinking in the antitrust world and whether conventionally prohibited practices such as anti-competitive agreements, abuse of dominance and merger control are sufficient to capture the business strategy in the digital industry.
This rethinking has led to multiple jurisdictions such as the European Union (EU), the UK and Germany enacting separate legislations for promoting competition in digital markets with other jurisdictions catching up steadily.
In the given case, Google has unfettered access to personal data which helps it provide intrusive (and sometimes ‘better’) services. These better services lead to an increase in market share of the company which further leads to improvement in the services, thereby creating a mutually reinforcing vicious cycle. The fact that access to personal data maximises the success of platform companies is a factor which is common to other big tech firms such as Meta (Facebook), Amazon, Microsoft and Apple.
The said aspect has been captured by the European Union Court of Justice (CJEU) where it held that unauthorised collection of personal data violates data protection regulation which, in turn, reaffirms violation of competition law by a dominant enterprise.
The Competition Commission of India passed a similar ruling where it held that any coercion on the part of a dominant enterprise to invade privacy would amount to violation of competition law, even when unaided by a similar finding in data protection law. The logic behind these inquiries is that services such as online search and direct-to-direct messaging applications come with no upfront cost and therefore erosion of the service quality by these firms through privacy invasion would qualify as a competition concern (‘non-price factors’).
Data protection law and the ‘flux’
Data is the proverbial ‘new oil’ of the 21st century. To put it in other words, more the data, more the real estate in the form of ‘user attention’ and more advertisements. This access to personal data becomes a problem as soon as the company obtains the same without, or dubious consent. This is precisely the reason why governments across the globe have personal data protection laws to ensure that the users are not exposed to the advertisement hazard.
At the threshold level, the data protection law is applicable on all companies regardless of the size. In fact, the European Commission has put an explicit bar on third-country transfer of data under the General Data Protection Regulation (GDPR) to ensure the purpose of the law is not evaded by ill intent.
As far as competition law is concerned, the standard for intervention by the competition regulator is market power. To put it in other words, unless an enterprise has some kind of market power, the question of exerting force or tilting the market in its own favour doesn’t arise. In the case of Big Tech, the business strategy involves cementing dominance in the market through offering multiple products making a case out for competition authority. Since these firms have also chosen to invade privacy, the jurisdiction of the data protection authority is further established. The said jurisdictional overlap is best addressed through the referencing mechanism where the involved departments consult each other.
The international best practice is in line where the Bundeskartellamt used a similar approach and consulted the national data protection authority before passing a final order in Germany. There is a hypothesis that a competition authority has initiated investigation for privacy violation by a Big Tech firm, however the data protection authority concludes no contravention. Such a situation could be addressed keeping in mind the market distortion caused. The fact that the German competition regulator engaged in inter-departmental consultation nevertheless reflects robust governance.
Conclusion
Big Tech’s business model is centred on data. The fact that these companies have chosen to extract unauthorised personal data for their business model has resulted in accrual of consumer harm, thereby inviting scrutiny from both, i.e. the competition authority and data protection council. Most of the dust is already settled on this matter by the CJEU decision which duly appreciated the inter-departmental consultation availed by Bundeskartellamt while upholding its decision.
The fact that the US doesn’t have a federal legislation on data protection law puts it more in sync with India when CCI looked into a similar concern. In such a case, the court ought to simply treat privacy invasion as a ‘price’ and pass a judgment under competition law. Such an approach would be in furtherance of consumer welfare which is one of the primary goals of competition law.
Also Read: Nepal’s First Woman PM: Sushila Karki Sworn In Amid Crisis
