Editorial
When two worlds collide: the interface between
competition law and data protection
Christopher Kuner*, Fred H. Cate**, Christopher Millard**,
Dan Jerker B. Svantesson***, and Orla Lynskey****
In his seminal article ‘The Limits of Antitrust’, Easterbrook
argued that ‘when everything is relevant, nothing
is dispositive’; therefore, when applying competition
law, judges should resort to clear presumptions rather
than balancing the pro- and anti-competitive effects of
particular conduct.1
In the intervening 20 years, much
ink has been spilled on the issue of whether competition
law should take into consideration wider policy objec-
tives.2
This discussion has been given renewed impetus
in recent months following the publication of a ‘preliminary
opinion on the intersection of data protection,
consumer protection and competition law’ in March of
this year by the European Data Protection Supervisor
(EDPS).3
The publication of this report was followed by
a workshop held under Chatham House rules in Brussels
in June, a summary of which was published by the EDPS
in July.4
The report reflects lively discussions on several issues
familiar to data protection experts, such as the role of
personal data in the digital economy and how to foster
privacy as a competitive advantage. However, it also
serves to launch a debate regarding matters which have
been overlooked or unsubstantiated thus far. Most significantly,
the report queries whether the traditional
tools of competition law, which focus on parameters
such as price, quality, and choice can explain the impact
of certain business practices on data protection and
privacy. It also questions ‘wider issues’ in competition
law enforcement, for instance whether the Commission’s
current case-by-case approach is correct in the digital
environment or whether specific guidelines or a study
should be introduced to inform authorities dealing with
antitrust and merger cases involving personal data.
These are queries which need to be addressed and the
EDPS is to be applauded for kick-starting this discussion,
whatever its outcome. Many of web 2.0’s datacentric
services are two-sided platforms which are
characterised by network effects: the more users they
have, the more users they acquire. This leads to winnertakes-all
markets which makes the application of key
data protection concepts, such as consent, more difficult.
Quite simply, individual control over personal data (or
‘informational self-determination’) becomes illusory
when individuals are dealing with monopolies. For this
reason, competition law is frequently depicted as the
silver bullet which will render data protection rules more
effective by injecting competition into monopolised
markets and facilitating individual choice. However, that
competition law can or even should play this role is
contested by experts in that field. A discussion on the
potential—and limits—of competition law was therefore
conspicuously lacking until the EDPS initiative in March.
Nevertheless, it is not yet apparent whether, and if so
how, the two fields actually intersect. In recent years,
the enforcement activity of DG Competition has been
guided by a consumer welfare standard, according to
which competition law should seek to deliver benefits to
consumers in the form of ‘lower prices, better quality
and a wider choice of new or improved goods and ser-
vices’.5
This approach assumes that consumer welfare is
negatively affected only when a particular practice has
the effect of foreclosing an equally efficient competitor
* Editor-in-Chief.
** Editor.
*** Managing Editor.
****Book Review Editor.
1 Frank H Easterbrook, ‘The Limits of Antitrust’ (1984) 63 Texas Law
Review 1, at 12.
2 See, for instance, Giorgio Monti, ‘Article 81 EC and public policy’ (2002)
39 Common Market Law Review 1057 in support of such inclusion and
Okeoghene Odudu, ‘The Wider Concerns of Competition Law’ (2010)
30 Oxford Journal of Legal Studies 599 against such inclusion.
3 Preliminary Opinion of the EDPS, ‘Privacy and competitiveness in the age
of big data: The interplay between data protection, competition law and
consumer protection in the Digital Economy’, March 2014.
4 Report of workshop on Privacy, Consumers, Competition and Big Data,
2 June 2014. ,https://secure.edps.europa.eu/EDPSWEB/webdav/site/
mySite/shared/Documents/Consultation/Big%20data/14-07-11_EDPS_
Report_Workshop_Big_data_EN.pdf. accessed 18 August 2014.
5 Guidance on its enforcement priorities in applying Article 82 of the EC
Treaty to abusive exclusionary conduct by dominant undertakings [2009]
OJ C45/7, para 5.
International Data Privacy Law, 2014, Vol. 4, No. 4 EDITORIAL 247
# The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com
atMasarykuniversityonNovember11,2014http://idpl.oxfordjournals.org/Downloadedfrom
from the market. The question is then whether this consumer
welfare standard can encompass data protection
considerations. On the one hand, the standard seeks to
promote competitive parameters such as quality and
choice and the Commission has seemingly placed more
emphasis on these non-price parameters in recent years.
For instance, in its Microsoft decision, DG Competition
suggested that the lack of interoperability of Microsoft’s
operating system diminished consumer choice by
locking consumers into a homogenous product.6
Competition
law could therefore theoretically be used to
intervene in a market where a particular practice or
agreement reduces consumer choice as to privacy policy
or the quality of a product deteriorates as a result of
changes to a privacy policy.
On the other hand, however, the limits of competition
law should also be noted. Price and non-price parameters
are not commensurable: online services are often
provided for ‘free’ in exchange for a user’s personal data.
How can a competition authority balance a price decrease
against a lower quality privacy policy? Moreover,
the Commission cannot intervene solely on the basis
that the market structure is too concentrated or privacy
policies, although compliant with data protection legislation,
could be more protective. An abusive practice or
a restrictive agreement is a prerequisite for intervention.
It is traditionally the role of regulation and not competition
law to tackle systemic market failures and to shape
markets. In previous instances, Asnef-Equifax7
and
Google/Doubleclick,8
the Court of Justice and the Commission
have refused to intervene to protect personal
data on the grounds that any possible issues would be
dealt with by the EU Data Protection Directive.
It therefore appears difficult to fit data protection
considerations into the Commission’s ‘consumer
welfare’ mould. Critically, however, the Court of Justice
has refused to endorse this consumer welfare standard.9
Rather, it has emphasised that competition rules also
promote competition itself and promote market integration.
This more pluralistic approach to the objectives of
competition law may be able to incorporate data protection
concerns. Indeed, the continued viability of the
Commission’s exclusion of data protection concerns
from competition law could be questioned following the
entry into force of the Lisbon Treaty. This Treaty introduced
a provision on data protection which sits amongst
the ‘provisions having general application’ (alongside
other policies such as environmental and consumer protection)
and places a positive obligation on the EU Institutions
to ensure consistency between policies.10
The EU
Institutions are also under an obligation to respect the
rights set out in the EU Charter of Fundamental Rights
(including the rights to data protection and privacy) and
to promote their application.
In light of these factors, it might be argued that competition
law should be applied alongside data protection
law in certain instances in order to enhance the effectiveness
of data protection law. For instance, could DG
Competition intervene if a firm with significant market
power deceptively amended its privacy policy even if this
amendment was also incompatible with data protection
rules? Unlike in the United States, European competition
law has been applied to regulated industries in certain
circumstances.11
Moreover, the ‘special responsibility’ of
dominant firms is well documented. Equally, should DG
Competition take into consideration the aggregation of
personal data which a merger may entail, even if this
merger does not ‘significantly impede effective competition’?
Scale is a significant factor when assessing the
harms caused by personal data processing as personal
data are worth more than the sum of its parts. This is
something which the Court of Justice alluded to in the
Google Spain judgment but which competition law finds
difficult to gauge.
Such intervention is likely to be rejected by competition
law experts who fear the ‘instrumentalisation’ of
competition law and the Commission is likely to
proceed with caution in this area. However, the EDPS
has questioned the wisdom of this cautious case-by-case
approach and queried whether wider guidelines might
be preferable. The genie is now well and truly out of the
bottle.
doi:10.1093/idpl/ipu025
6 COMP/37792 Microsoft [2007] OJ L32/23, para 782.
7 C-238/05 Asnef-Equifax v Ausbanc [2006] ECR I-11125, para 63.
8 COMP/M.4731 Google/DoubleClick [2008] OJ C104/10, para 368.
9 C-501/06 GlaxoSmithKline [2009] ECR I-9291, para 31.
10 Article 7 read in conjunction with Article 16 TFEU.
11 C-280/08 Deutsche Telekom AG v Commission [2010] ECR I-9555.
International Data Privacy Law, 2014, Vol. 4, No. 4248 EDITORIAL
atMasarykuniversityonNovember11,2014http://idpl.oxfordjournals.org/Downloadedfrom