European Union and United States: Antitrust and Data

Enhancing consumer welfare is at the heart of competition law. Of the many facets that can be considered as consumer welfare, changes in price and output are the easiest to measure and have, therefore, traditionally been the de facto benchmark for assessing anticompetitiveness. There are two current trends disrupting this: first, a debate as to whether other elements of consumer welfare should play a greater role, particularly treatment of customers’ data; and second, the importance of big data in maintaining competitive markets. These trends are reflected in the growing regulatory scrutiny of big tech firms, the focus of antitrust regulators on the digital economy and, in the European Union in particular, the May 2018 implementation of the General Data Protection Regulation (GDPR). This chapter provides an overview of the current activities of the EU and US regulators in cases at the intersection of competition law and data issues. Many of the developments can be seen in the regulators’ enforcement of the merger control laws, but there have also been significant developments in the antitrust arena more broadly.

Merger control

The European Commission (EC) has the ability to review mergers, acquisitions and joint ventures between companies that have revenues in the European Union above certain thresholds. The EC has the power to require remedies to address any anticompetitive effects, or in the absence of suitable remedies, prohibit transactions. Similarly, the US Federal Trade Commission (FTC) and Antitrust Division of the Department of Justice (DOJ) can review transactions satisfying certain asset and turnover thresholds, with the power to seek a court injunction (or agree to modifications of transactions) where any competition concerns arise.

In recent years, the authorities on both sides of the Atlantic have routinely been considering big data in merger reviews, analysing it from two main angles. First, an approach adopted by both the EC and the DOJ/FTC: whether bringing together two companies with significant data sets could result in an excessively strong market position, referred to as a ‘horizontal’ issue in antitrust parlance as the consolidation is at the same level of the value chain. Second, an issue investigated more enthusiastically by the EC than the US authorities, is whether a merged entity could and would withhold access to its data to the detriment of rivals and effective competition, known as a ‘vertical’ issue, as one party is upstream of the other in the value chain. Both of these issues can be seen in a number of high-profile investigations, including in , and .

In addition, the antitrust authorities routinely consider the implications of a merged entity obtaining confidential information about its competitors when it is acquiring a supplier or customer of its competitors, and often imposes confidentiality obligations to resolve these concerns. These remedies are based on well-established principles and not related to ‘big data’, and so are not discussed further here.

Data-set combinations

As noted above, both EU and US authorities have investigated whether merging parties could derive an anticompetitive level of market power as a result of combining their data sets. In recent years, despite some lengthy investigations, neither authority has imposed antitrust remedies for an amalgamation of big data, generally relying on the fact that the data sets were not unique. In both [1] and [2] the EC dismissed the fact that any data combination would have such adverse effects, on the grounds that large amounts of other internet user data would remain available to competitors outside the exclusive control of Facebook and Microsoft respectively. [3]

In , the EC specifically assessed whether the merged entity could use WhatsApp user data in conjunction with Facebook data to increase its ability to compete in the advertising market. This was rejected because such conduct would have required a change in WhatsApp’s privacy policy (potentially leading to consumers changing to alternative providers), and even if Facebook were capable of automatically matching users’ WhatsApp and Facebook profiles (a capability confirmed in the EC’s subsequent procedural investigation),[4] there would be no anticompetitive harm in the advertising market as a result.

The FTC also approved the merger without raising competition concerns, but instead threatened future action if Facebook did not live up to its consumer protection commitments with the aim of protecting the privacy of WhatsApp user data.[5] A subsequent change in WhatsApp’s privacy policy in 2016 (which incidentally also triggered the European Union’s procedural fine for providing false information during its investigation) was subsequently confirmed as subject to review by the FTC;[6] however, no enforcement appears to have taken place.

In more recent cases, the authorities have started to evaluate the effects of combining data sets using the industry recognised metrics known as the ‘four Vs’: the variety of data; the velocity at which the data is collected; the volume of data in the set; and the value of the data. These criteria are used to establish whether the data sets changing hands can be considered ‘unique’ and therefore conferring a ‘data advantage’. This appears to be the evolving basis for the legal test of whether data-set combinations have the potential to be anticompetitive. It is predicated on the basis that a large data set could translate into market power. In comparison, a company’s past performance in the market (measured by the proportion of customers or share of the total value of sales in the market) has traditionally been used as a benchmark for assessing whether the company has market power. This leap, from assessing market power based on past performance to assessing it based on the ability to monetise a data set, represents a significant conceptual shift.

This analysis was first used by the EC in its September 2018 decision, where it recognised the increasingly important role of user data in the digital music industry.[7] After an in-depth investigation, the EC found that the transaction was not likely to result in anti-­competitive harm given the multiple alternative providers of data with comparable features when assessed against the four Vs.[8] This developing test for establishing harm can also be seen in US decisional practice. The lack of uniqueness of a data set was a key consideration in the FTC’s review of . Parties opposed to the acquisition were vocal in their allegations that the incremental addition of data about Whole Foods’s customers to Amazon’s existing data reserves would result in further monopolisation of markets in which Amazon is active. This theory was, however, rejected by the FTC, which found that the acquisition would not provide Amazon with data that would give it a strong competitive advantage as it was neither unique to Whole Foods nor particularly meaningful in the competition between Amazon and other retailers, such as Walmart.[9] Bruce Hoffman, Director of the Bureau of Competition at the FTC, supported a focus on a qualitative rather than quantitative analysis of data noting that, when dealing with issues of ‘big data’ in mergers, ‘the relevant question for antitrust is whether the data of the two firms is a key differentiator and whether other firms that compete with them cannot replace the competition that would be lost from the merger.’[10]

In the United States, despite the DC District Court’s preliminary injunction stopping the merger in 2008 on the grounds that the need for large data sets to compete created significant barriers to entry,[11] regulators have generally expressed more scepticism around the possibility for anticompetitive harm to arise from data-set combinations. The DOJ, for instance, chose to close its 2010 investigation into the advertising agreement between Microsoft and Yahoo! Inc, despite the fact that such agreement would provide Microsoft with a larger pool of data, allowing it to enhance its performance of various advertising activities and impose competitive pressure in the market. In the DOJ’s view, the transaction was ‘not likely to cause harm’.[12] Hoffman focused on the potential pro-competitive benefits following , stating that combinations of data sets ‘to achieve a synergistic outcome so . . . customer service or products become substantially better for . . . customers’ would generally be viewed as ‘procompetitive’.[13] More generally, DOJ Assistant Attorney General Makan Delrahim has noted how large data combinations enhance competition, citing the example of comparison services that collate data to provide consumers with a straightforward means of comparing products and services.[14]

The US authorities seem to remain reasonably sceptical that market power can be derived from data. Alden F Abbott, general counsel at the FTC, for instance, queries the possibility for increased market power to arise from the creation or acquisition of big data sets.[15] Equally, the FTC dismissed concerns of anticompetitive harm arising from the combination of data sets in , noting that DoubleClick’s customer information was protected from disclosure in its customer contracts, a commitment that Google vowed to maintain. Interestingly, however, the FTC noted that, even if Google were to breach such contracts: ‘the evidence does not support the conclusion that the aggregation of consumer or competitive information accessible to Google as a result of its acquisition of DoubleClick is likely to confer market power,’ since sensitive information, such as pricing data, was little in volume and lacked the completeness to provide Google with any competitive advantage. Much of the data in question was also already available to Google as well as to Google’s competitors, thereby allowing them to compete effectively.[16]

Input foreclosure and ‘chilling’ of innovation

Both US and EU antitrust regulators have considered whether mergers between an upstream market player with a large data set and a downstream user of such data could result in foreclosure of other downstream players who require access to this data to compete. The assessment of vertical data concerns follows a relatively well-established legal template and does not generally involve novel legal concepts. If an input is important and you can win customers by withholding that input from your downstream rivals, while new tools may be required to determine the ability and incentive to withhold that input, the conceptual assessment is not materially different whether you are considering data, or nuts and bolts.

As part of its review of , the EC investigated whether Microsoft could restrict access to LinkedIn’s database of user data for the purposes of developing machine learning systems in competing customer-relationship management (CRM) software solutions, thereby chilling innovation in the market. The EC rejected these concerns on the basis that, pre-transaction, LinkedIn did not make this data available to third parties, and accordingly, no change would be brought about by the transaction. The EC found that Microsoft’s CRM competitors were already innovating in this space via alternative data providers; therefore, any potential for a chilling effect on innovation was dismissed.[17]

In general, the US authorities are more sceptical about vertical theories of harm in merger cases, considering that harm is less likely compared to horizontal mergers, while there can be material benefits in terms of efficiencies. This is reflected by the fact that there has not yet been any material vertical data input foreclosure analysis in the US authorities’ investigations of big data cases.

The future for data assessments in merger cases

Commissioner Vestager’s comments following the decision and on multiple other occasions give a strong indication that continued scrutiny of big data in merger control is likely to continue – in her view, the EC should ‘review transactions which lead to the acquisition of important sets of data to ensure they do not restrict competition’.[18]

In the United States, by contrast, though data issues are being considered in merger cases, there has generally been scepticism of potential anticompetitive harm. This may well change, however, given the recent circulation by house lawmakers of requests to Alphabet, Amazon, Apple and Facebook, requiring information regarding past corporate acquisitions (as well as other antitrust investigations). As a result, data-related concerns in the merger sphere may appear more brightly on the US regulators’ radar in the near future.

Unilateral conduct – data and dominance

Requiring powerful firms to share data – ‘essential facilities’

In the European Union, article 102 TFEU prohibits abuses of dominant positions, breaches of which allow the EC to fine companies up to 10 per cent of their global turnover. Data was first considered in an abuse of dominance context in IMS Health. IMS generated reports of regional sales data of pharmaceutical products and had refused to license the structure in which this data was presented to its competitor (NDC), arguing that it was protected by copyright. The Commission considered IMS had abused a dominant position and ordered IMS Health to grant a licence to use the structure to all its competitors. This case came to the European Court of Justice in 2004; the Court applied the established legal principle of ‘essential facilities’, normally applied to infrastructure such as ports or telecom networks, namely whether a certain structure is indispensable for a potential competitor to gain access to a market. The Court indeed found that refusing access to a data set could be an abuse of dominance based on the following three limbs: NDC intended to offer new products for which there was consumer demand; IMS’s refusal to allow access was not objectively justified; and IMS’s refusal effectively eliminated all competition in the relevant market.[19]

Interestingly, there has been little development of the case law in the European Union for data-related abuses of dominance since IMS Health. The issue is hotly debated, however, focusing in particular on whether the essential facilities doctrine sets the bar too high to demonstrate an infringement, whether it confused different legal principles and whether dominance can come simply from having a large data set, compared to the traditional starting point being based on having a market share of 40 per cent or more.

The United States, despite also sanctioning monopolies under section 2 of the Sherman Act, treats the notion of an ‘essential facilities’ doctrine more dubiously.[20] The doctrine has not been formally recognised by the US Supreme Court, who, in its 1985 judgment, held that firms have no general obligation to cooperate with rivals.[21] The Supreme Court’s subsequent judgment in largely upheld this position but left open the possibility that there could be some obligation to interact with rivals under very specific circumstances.[22]

Within the data context in particular, US regulators have generally been reluctant to require powerful competitors to share data. The DOJ antitrust department’s then-deputy assistant attorney general Bernard A Nigro Jr noted in December 2017 that: ‘forced sharing of critical assets reduces the incentive to invest in innovation’.[23] Delrahim has also expressed reservations around introducing an essential facilities doctrine at all, let alone specifically in relation to data, stating that: ‘[i]n the United States . . . we do not generally require firms, even dominant ones, to deal with competitors. I am not yet convinced that we should have different rules for data’. In his view, this is justified on the basis that: ‘[a] firm that amassed data because it created a more innovative or efficient product should not be punished for its success by having to share the fruits of its labor and investment with competitors.’ In particular, Delrahim posits that antitrust authorities and courts are not well equipped to determine factors around the suitable sharing of data between competitors, but that this can be determined by ‘free and competitive markets’ instead.[24]

Data use as an abusive conduct

In February 2019, Germany’s Federal Cartel Office (FCO) issued a decision against Facebook which appears to sanction a more speculative harm than that previously assessed in IMS Health.[25]

Having initially announced the probe in early 2016, the FCO found that Facebook abused its dominant position in the market for social networks through its collection of user data from third-party sources, including both Facebook-owned services, such as Instagram and WhatsApp, and other third-party websites. The FCO found that by making such data collection a condition of signing up to its services, Facebook had committed an ‘exploitative abuse’ under German competition law, as a result of ‘inappropriate contractual terms and conditions’. According to Andreas Mundt, president of the FCO: ‘the combination of data sources substantially contributed to the fact that Facebook was able to build a unique database for each individual user and thus to gain market power.’[26] Facebook’s conduct, therefore, resulted in a detriment to consumers, as well as to competitors who were unable to access such a broad volume of data. The FCO prohibited Facebook from combining user data from different sources without voluntary consumer consent, and required that, in the absence of such consent, Facebook must not restrict consumers from the use of its services and must substantially limit its collection of consumer data.

This decision is significant – it recognises data as a key competitive asset, and introduces a novel theory of harm whereby the collection and use of data (including in breach of data protection laws) can constitute an abuse of dominance. This theory, however, has been called into question by the national court following a preliminary assessment of Facebook’s appeal, which suspended the decision in August 2019 citing serious doubts as to the legality of the FCO’s findings. In particular, the court suggested that a breach of data protection laws by Facebook could not in itself amount to a dominance abuse contrary to competition laws, and that the FCO did not provide sufficient reasoning for its findings.[27]

There is every possibility that other European competition agencies may try to adopt a similarly expansive view of data abuses; indeed article 102 TFEU explicitly envisions that unfair trading conditions[28] may constitute exclusionary abuses of dominance. The EC’s investigation into Amazon’s data practices announced in July 2019 may be an indication that the EC is willing to test this previously underused provision. In this investigation, the EC is investigating whether: as a retailer, Amazon’s use of accumulated marketplace seller data affects competition; and, as a marketplace, Amazon’s use of competitively sensitive marketplace seller information affects its selection of winners for its ‘Buy Box’ (where retailers are displayed prominently and from which most orders are made).[29] In particular, the EC is concerned that Amazon could be using data from sellers on its platform to determine ‘the new big thing’, or ‘what is it that people want, what kind of offers do people like to receive, what makes them buy things’,[30] thereby giving Amazon a competitive advantage.

The US authorities have to date imposed fines for data offences on a stand-alone basis rather than as antitrust infringements. In July 2019, the FTC reached a US$5 billion settlement with Facebook for allegedly violating a 2012 FTC order by deceiving its users as to their ability to control the privacy of their personal information. As well as the monetary fine, the FTC also imposed restrictions on Facebook’s operations and a restructuring requirement to ensure protection of consumer privacy.[31] Unlike the FCO’s approach in Germany, and the potential extension of such an approach across the European Union, this sanction only related to a breach of consumer privacy rules and not on the basis of competition law, maintaining a clear demarcation between these areas of law.

Data in cartel investigations – new frontiers

Article 101 TFEU prohibits unlawful agreements between parties which prevent, restrict or distort competition, including through price-fixing or market-sharing. As with breaches of Article 102 TFEU, the EC can fine companies up to 10 per cent of their global turnover for such agreements. In the United States, the DOJ’s Antitrust Division similarly focuses on enforcement against hardcore cartels involving price-fixing, bid-rigging and market allocation under section 1 of the Sherman Act, often imposing significant criminal as well as civil sanctions.

Unlike merger reviews and investigations into unilateral conduct, the scrutiny of data by competition authorities in the investigation of cartels or horizontal agreements have to date been more rare. This is nonetheless a burgeoning area for competition regulation in the European Union and United States.

First, in the European Union, the EC envisions the possibility of a breach of article 101 TFEU in its July 2019 probe. This could, for example, be through the possibility for Amazon’s collected data to be shared among its marketplace sellers, leading to exchanges of competitively sensitive information and effectively rendering the marketplace a price-fixing platform.

Second, the accumulation of substantial troves of data by companies may allow them to develop algorithms to maintain or ‘run’ cartels. This possibility for algorithmic cartel behaviour has been considered in recent years by both EU and US competition authorities. In the European Union, authorities have noted that traditional cartels where competitively sensitive data is exchanged directly between competitors to, for example, fix prices, may now be evolving into automated price-fixing via algorithms. Commissioner Vestager commented in early 2017 on the potential for algorithms to develop: ‘automated systems that monitor, and even adjust, prices automatically’, which ‘could be used to make price-fixing more effective’.[32] In July 2019, the UK Financial Conduct Authority indicated that the use of price-setting algorithms is a matter for concern,[33] and the Portuguese competition authority noted that big data allows for the development of pricing, monitoring, ranking and recommendation algorithms that could lead to market collusion.[34] Vestager’s recent re-appointment as Competition Commissioner as well as her assumption of a broader digital focused role as designate for a Europe fit for the Digital Age also requires her to coordinate work: ‘on a European approach on artificial intelligence’ in the first 100 days of the new EC’s mandate,[35] proving this to be a continued focus for the EC.

The United States has also echoed concerns regarding potential algorithmic cartel behaviour in its contribution to the Organisation for Economic Co-operation and Development’s May 2017 report on Algorithms and Collusion. Here, the United States noted that, while algorithmic pricing can on the one hand ‘be highly competitive by facilitating rapid competitive response’, on the other hand, ‘computer-determined pricing may be susceptible to coordination, just as human-determined pricing can be.’[36] By way of example, the contribution suggests that there may for instance be an antitrust infringement where competing firms enter into agreements with a single firm to use a particular pricing algorithm, with the common understanding that all other competitors would use the same such algorithm.[37]

Interestingly, US authorities have already sanctioned such algorithmic cartel behaviour in two instances. First, the DOJ entered into a settlement with six airlines in 1994 who had used a jointly owned computerised booking system to reach overt price-fixing agreements.[38] Second, the DOJ charged two executives and an e-commerce retailer in a price-fixing conspiracy where algorithms were used to fix poster prices sold on Amazon Marketplace. In this case, which was also sanctioned by the UK Competition and Markets Authority,[39] one of the conspiring competitors programmed its algorithm to find the lowest price offered by another competitor for a particular poster, before then setting its price slightly lower. The second conspiring competitor then programmed its algorithm to match the first conspirer’s price, thereby eliminating competition between them for these poster sales.[40] The competitors therefore used automated repricing software to agree not to undercut each other’s prices, thereby stifling competition in the market.

EU regulators are moving towards scrutinising algorithmic cartels and, by implication, scrutinising companies possessing significant amounts of data that could allow for the development and operation of such anticompetitive algorithms. The United States has also expressed continued concern regarding the anticompetitive nature of such conduct, implying the possibility for similar sanctions in future.

Continuing scrutiny of data in competition regulation

Data as currency

As well as being reviewed as a parameter of competition, data could also be considered as a currency where free services are investigated. The EC recognised this possibility in January 2016, noting that consumers can ‘pay’ for free search engines and social media services using their data, and that consumer protection should extend to these scenarios.[41] The EC recognised the value of data provided in exchange for general search services more recently in its decision,[42] and German competition law now expressly recognises that competition law markets may exist if big data services are offered without monetary reward.[43]

In the United States, by contrast, Delrahim has expressed caution against the ‘temptation’ to use data as a currency, given the lack of uniform value that can be assigned to data unlike monetary currency which can be more straightforwardly calculated. In addition, he notes that ‘it’s not necessarily the case that the more data a platform extracts, the higher the “price” on consumers.’[44]

Market investigations and task forces

There are numerous recent market studies and other initiatives by regulators that indicate the possibility for greater consideration of data aspects in future competition investigations:

  • The CMA opened a market study in July 2019 into Google and Facebook’s digital advertising practices, including concerns regarding consumer control over use and collection of their data.[45] This follows the introduction of a specialised data, technology and analytics unit in the CMA in 2018.[46]
  • The EC reportedly issued questionnaires to online operators in July 2019, including queries into how Facebook uses and shares data.[47]
  • Three Italian authorities, including the competition authority, issued policy guidelines in July 2019 regarding big data, advocating for greater data transparency.[48] The European Union’s second payment services directive due to take effect in September 2019 also promotes data transparency, introducing new open-access data rules that require energy, telecom and mortgage providers and incumbent banks to release customer data in a bid to open up competition.[49]

The FTC established a technology task force in February 2019 ‘dedicated to monitoring competition in US technology markets’[50] a task that may well involve scrutiny of data-­related issues.

The DOJ announced in July 2019 its opening of a wide-ranging antitrust review of big market players in online platforms, suggesting that Google’s dominance in internet search, Facebook’s in social media and Amazon’s in e-commerce would be subject to antitrust scrutiny.[51] These companies’ access to substantial amounts of data may well play a role in this review.

The FTC is also working on the introduction of ‘Big Tech’ guidance, regarding how to properly apply antitrust laws to conduct by big tech firms.[52] This may also touch on data collection and use issues.

The future for competition and data – EU v US perspectives

The overarching question framing this debate is how competition and data protection regulation will interact and converge going forward.

At one end of the spectrum, this interaction could be achieved simply by greater cooperation between data protection regulators. The German competition authority, for example, cooperated closely with data protection authorities in its decision as well as the European Data Protection Supervisor (EDPS). More generally, other competition and data protection representatives in the European Union[53] have consistently called for inter-regulator dialogue and cooperation.[54] Commissioner Vestager’s new dual role of Competition Commissioner and as a digital representative could also pave the way for more convergence between these two regulatory spheres in the European Union in future.

At the other end of the spectrum, data offences may actually be considered as antitrust infringements. The FCO effectively took this approach in its decision;[55] although called into question by the German courts, the approach was supported by Mundt who has subsequently stated that ‘it’s a good idea that we include into our [competition law] assessment an existing legal framework, the GDPR’.[56] The EDPS also appears to encourage competition regulators to use competition enforcement tools to sanction data breaches, given the ability of competition law to ‘rebalance trading conditions and restore their fairness’.[57]

On the contrary, US authorities appear to be more cautious in targeting antitrust investigations against big tech firms on the basis of data issues alone. As Delrahim noted in October 2018, big data does not necessarily present a barrier to entry or prove extensive and unfair market power. In particular, he notes that ‘not all “big data” is “bad,” just as not all big firms are bad’; instead, ‘antitrust agencies need to appreciate differences in data and assess data issues on a case-by-case basis’.[58] Nonetheless, the US authorities’ recently announced investigations targeting big tech firms may imply the possibility for a more in-depth review of data issues in future antitrust investigations.[59] Such an approach is also supported by FTC Commissioner Rohit Chopra, whose recent dissenting opinion insuggests that companies that ‘ingest so much data’ can then ‘[weaponise such data] to increase barriers to entry for new platforms and businesses, allowing a dominant company to charge higher fees to those operating on their platform with less innovative features and services’. He therefore advocates the need for ‘legal tools to redress harms to competition from poor privacy practices’,[60] interestingly signalling an approach more akin to that of the FCO.

Regardless of the answers to such questions, what is clear is the likelihood of a significant development in data aspects of EU and US competition regulation in the near future.

The authors would like to thank associates Ruba Noorali and John Skinner for their invaluable contributions to this article.


Footnotes