The interplay between Data and Competition Law in the TMT sector

• Europe

• Competition, EU and Trade
• Privacy, data protection and cybersecurity
• Financial services
• Financial services - Digital Financial Services
• Financial services - Payment services
• Technology, Media and Telecoms

09-12-2021

From both a competition, consumer and privacy law perspective there is a dilemma in relation to how people gather and access data. There has also been increased collaboration between competition and data privacy, both in respect of law and regulators. As such, increasingly we are seeing issues relating to how to address the intersection of these two areas, both as external legal advisers and commercial organisations dealing with those overlapping frameworks.

What does competition law have to do with privacy?

Traditionally businesses competed on price and quality of goods/service only. However, data has become an important parameter of competition. Personal data is often processed in exchange for goods or services that are free or do not reflect the value of the data; data generates revenue; data is a unique asset and may be hard to replicate; and data enables customised advertising, marketing, pricing and decision-making.

In the UK, the Information Commissioner’s Office (“ICO”) and the Competition Markets Authority (“CMA”) have a memorandum of understanding on how the two areas should work together. The understanding is that robust data protection can support vibrant competition in digital markets.

Previously, regulators had not considered competition and data to be natural neighbours, however, this has changed as the regulators have become increasingly aware of the fact that data generated can be just as valuable as the product/service itself.

Data can be a source of market power and have limiting effects on competition, for example, by allowing price discrimination (for example, vertically integrated platforms such as marketplaces can adjust products and pricing more efficiently), facilitating price collusion through pricing algorithms, establishing barriers to entry, and cementing a substantial position that a company already has in the market.

Regulators around the world are considering how to address these issues in digital markets and are encouraging the legislator to take action and adjust the law in a way that equips the regulators with the toolbox needed to deal with these issues.

How can the acquisition of data create market power?

There are a number of recent competition law cases, both in Germany and the UK, highlighting the importance of data in creating potential market dominance which may, in turn, prejudice adequate competition in relevant markets. These are outside of the scope of this note but a relatively quick internet search throws up an increasing number of examples. These are not only confined to the acquisition of business assets and companies but may also arise where a group of companies shares data sets between its parents and associated subsidiaries (whether this is permitted depends on the nature of the privacy policies in question at the time and the extent to which you which you may be considered to have dominance in a particular market and behave potentially abusively as a result of consolidating data sets (whether of personal or non-personal data intelligence)).

What new laws are on the horizon that seek to address some of these issues?

Germany

In Germany there is a new law in place already: the Acts Against Restraints on Competition.

There have also been several other steps to adjust to the new situation. Mergers are a specific area relevant to data driven economies. Previously, German merger control was triggered only if the parties met certain worldwide and national merger control thresholds.  However, there are situations where, for example, a company with little turnover may be acquired due to the data that it holds. As  such, a new test has been introduced, which captures any acquisition where there is a disproportionality between the target’s turnover and the purchase price. The regulators have also tried to quantify what this means by setting out that this would arise where the purchase price is €400m or more, and the target has virtually no turnover.

Regulators have also introduced a review for specific companies of which they are suspicious. Certain companies are required to record and notify each and every acquisition they do irrespective of size, to the regulator for three years following the decision made.

Furthermore, the German competition authority has gained new powers allowing it to focus on companies with huge data sets, monitor terms and conditions and behaviour (for example, if the companies give preferential treatment to their own products). A right to claim private damages in cases where such abusive behaviour occurs has also been established and we may see a lot of lawsuits resulting from that.

EU

The EU has proposed a Digital Markets Act (“DMA”) which will be very similar to what exists in Germany and would provide the European Commission with the means to intervene in similar cases, with the possibility of imposing fines/remedies and, in worse cases, to even break up companies. The DMA is designed to tackle the dominance of large, systematic online platforms who are considered to be “gatekeepers”.

A company will be considered to be a “gatekeeper” if it has:

• a strong economic position, is active in multiple EU countries and has a significant impact on the internal market;
• a strong intermediation position (is able to link a large user base to a large number of businesses); and
• an entrenched and durable position in the market.

If a company fulfils the criteria, a number of obligations will be imposed on it relating to its daily operations. Examples of these include that gatekeepers will have to allow third parties to inter-operate with their own services in certain situations and that they will not be able to prevent users from un-installing pre-installed software and/or apps.

There will also be consequences for non-compliance, including potential fines of up to 10% of the company’s annual worldwide turnover and periodic penalty payments. The DMA also contains provision for the imposition of additional remedies following systematic infringements, including non-financial remedies as a last resort.

UK

In the UK, the UK Government recently conducted a consultation on a new “pro-competition regime for digital markets”. This foresees three major changes:

1. The introduction of a legally enforceable code of conduct for firms with “strategic market status” (“SMS”). This would be tailored for each firm based on its activities and business model, and centred around (a) fair trading; (b) open choices and (c) trust and transparency.  The aim of the code would be to prevent SMS firms from abusing their market power and exploiting consumers and businesses. 
2. Empowering a new regulatory body (the Digital Markets Unit which would sit within the CMA) to impose pro-competitive intervention remedies to address market features which hinder competition and innovation including data-related interventions, such as enabling data portability.
3. The introduction of a new merger control regime for SMS firms. The current UK regime is voluntary, however, the UK Government is considering introducing a new mandatory merger control regime for SMS firms where their transactions meet (a) a certain transaction value test  (£100-£200 million) and (b) a UK nexus test.  In addition, SMS firms would be required  to notify the CMA of all of their imminent transactions.

Are there any practical considerations relating to M&A deals which aim to merge data sets or implement a “customer single view”?

In a general sense, from a privacy perspective, it may be unlawful to merge data sets. However, issues also arise relating, for example, to commercial data sharing agreements done at an arm’s length or intragroup.

A company obtains a huge advantage from having a single view of customers across the company group and it provides them with a huge competitive edge. However, the consumer may not be happy with their data being shared in this way. As a consumer, you deal with one particular brand/company, and you may not have anticipated your data being shared with another brand, which is completely different to the company with whom you shared your data.

Offline vs. online markets

Although the focus is on “digital markets”, this may be misleading. This new regime is all part of the general trend of digitalisation generally and there is no segregation between offline and online markets. The issue of data and competition also arises in numerous other sectors, outside of the social media or app-based arena, for example in the: automotive sector or insurance sector. Many markets have significant datasets which have the potential to give great market power/dominance. For example, Tesla has made huge steps in terms of innovation into electric cars but they also have a heavy emphasis on digital applications and data in those cars.

Can you give us an example of how data can be a barrier to entry?

Open Banking in the UK is a good example.  Following a market investigation into retail banking back in 2016, the CMA concluded that the market was not working well. The CMA found that there were barriers to accessing information, barriers to switching and low levels of customer engagement.  The combination of these features meant that there was a weak customer response to differences in prices or service quality. This lead to banks having unilateral market power over their existing customer base.

As a result, the incentives on banks to compete on prices, service quality and/or innovation were reduced. In addition, due to barriers to entry and incumbency advantages, the larger longer-established banks were able to maintain high and stable market shares.

One of the remedies imposed by the CMA on the nine largest institutional banks in the UK was to open up their respective customer bank account data sets to promote, encourage and facilitate Open Banking.

Businesses sometimes enter into data sharing or data licensing agreements. What practical considerations should businesses consider when entering into such agreements?

It is relatively easy for data licensing agreements to be drafted in a way that can appear anti-competitive, for example, including provisions which restrict access to datasets or which impose obligations on other licensees and industry stakeholders which may distort markets and create unfair advantages for the companies that control those datasets.

Sharing data sets which disclose market industry data may inadvertently and unlawfully be classified as ‘insider trading’ (especially in the context of publicly listed or similarly industry regulated entities).

The following are examples of provisions in such clauses which may be unlawful:

• requiring a licensee, as a condition of access or licence, to provide and grant a reciprocal licence to its own (and other’s) data sets (e.g. for the purposes of ensuring that the licensor is able to achieve a monopoly over a particular category or sector data set (or to ‘feed’ an algorithm with a particularly voracious appetite);
• reliance on a ‘more favoured nations clause’ whereby a licensor (or a licensee) is required to offer the same or materially no less favourable terms to a counter-party (where it subsequently or otherwise has offered better terms to another commercial partner);
• terms which seek to require a distributor of data to ‘fix’ the price at which data is sold or licensed;
• arrangements whereby one or more organisations agree to share industry data with one another so as to enable an algorithm to set unfair or higher pricing for a specific type of customer or consumer; and terms which allow the sharing of sales or performance data between a regulated entity and an investment fund, providing an unfair commercial advantage over other buyers of stock in a public listed market.