Interplay between data protection, competition law & consumer rights
On 2 June 2014, the European Data Protection Supervisor (EDPS) hosted an event in the European Parliament to discuss its preliminary opinion entitled “Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy”. This opinion and event is an attempt by EDPS to adopt to a more holistic approach involving the disciplines of data protection, competition law and consumer law to address the challenges of a big data economy.
Since the event was under the Chatham House rule, we cannot give direct quotes from the event. It must however be said that EDPS, quite possibly thanks to its groundwork, assembled an impressive array of speakers. These were not only across various disciplines, but also across the Atlantic, including participation from the US Federal Trade Commission (FTC).
We usually do not think Europe should emulate the American approach to privacy regulation, which frames the challenge mostly as a consumer rights issue rather than as a fundamental human right. The FTC cannot be seen as similar to an independent data protection authority. Nonetheless, there are certainly lessons worth taking from the American attempts to tackle the overlap between data protection, competition law and consumer rights in a comprehensive manner. One example of this is, the FTC’s acknowledgement of at least the potential for a privacy impact in its merger analysis of the Google takeover of DoubleClick, even though we think the conclusions should have been different.
The EU institutional make-up involves four separate Directorate-Generals (DGs) of the European Commission as well as the various DPAs that have the overlap of these three topics, necessitating a focused but joint approach. As mentioned several times during the panels and various interventions, network effects should play a central role in such an analysis. The digital economy poses new questions, especially because of often occurring demand-side scale effects that warp consumer freedom of choice.
One could, for example, argue that social networks have become essential facilities on the demand side and that their vertical acquisitions should be treated with as much scrutiny as their horizontal ones, since acquisitions in adjacent markets can cause similar effects as horizontal mergers. This is because because of the accumulation of personal data in combination with network effects. Prime candidates for such analysis would be the acquisition of Skype by Microsoft and WhatsApp by Facebook.
Another candidate would be both Google’s and Facebook’s decisions not to allow interconnection of their messaging applications beyond their own walled gardens, despite the fact that they are both based on the open XMPP-protocol. These are examples of (sometimes already existing) interconnection of services being disrupted for the sake of hindering competition, or at least forcing data subjects into their respective ecosystems by cutting them of from their social networks by dominant players in their respective markets (Google Talk is tied in to Gmail, Facebook is the dominant player in social networking). This is market power being used to reduce the ability of data subjects to give their consent freely.
Since competition law requires proof of harm caused to consumer choice while data protection law shifts the burden of proof to the data controller whose processing requires a legitimate basis laid down by law, this will not necessarily always be easy. That said, as the EDPS opinion notes, there are parallels. It would certainly be worth exploring them to frame certain privacy questions in terms of economic analysis of competition. One possible paradigm adjustment would be to revisit consumer choice and not just limit it to the suppliers they can choose from, but also to include their freedom not to participate in a market at all. Since in the context of social networks consumers are not really consumers, but providers of personal data that get paid with “free” services.
There are also risks of false metaphors. For example looking at personal data as the fuel of the digital economy is not the framing we would like to see from a DPA. The value put on personal data as a currency for big data can never exceed the value of privacy as a fundamental right. We are nonetheless looking forward to the conversation that undoubtedly will arise as a result of this initiative of EDPS.
(Contribution by Walter van Holst, EDRi member Vrijschrift, Netherlands)