Op-Ed: “The German Facebook saga: Quod dei deo, quod Caesaris Caesari” by Alexandra Elena Rădulescu
The past few years have seen an increasing number of debates on the role played by data protection and privacy in antitrust proceedings.
Despite the fact that in Asnef-Equifax (C-238/05) the Court of Justice of the European Union (CJEU) established that the sensitivity of personal data is not, per se, a competition law matter, recent developments show that the line dividing the two areas of law is anything but clear.
It is in the midst of such discussions that we find the German Facebook decision. In February 2019, the German Competition Authority (Bundeskartellamt) prohibited Facebook from combining user data across multiple platforms due to the finding that its terms and conditions were in violation of the General Data Protection Regulation (GDPR). Given the fact that such terms were deemed to be a manifestation of market power, the practice was found to be abusive under German competition law.
Facebook appealed the decision and was granted a suspension of its effects by the High Court of Düsseldorf, which, in doing so, took the opportunity to boldly state that there are serious doubts as to the legality of the decision.
Such suspension was also appealed and subsequently annulled by the German Federal Court, by stating that ‘there are no doubts about Facebook’s dominant position on the market, as well as about its abuse of dominance’. Yet, while at a first glance the Federal Court seems to endorse the German Competition Authority’s claim, a closer look at the press release reveals that the Federal Court took a slightly different stance on the matter and rejected the Competition Authority’s theory of an exploitative abuse based on a breach of the GDPR.
In fact, using a privacy violation to claim an abuse of dominance raises a series of issues, some of which are outlined below.
I. Privacy breaches as a decrease in quality
One way of applying data protection standards to antitrust is by claiming a breach of privacy amounts to a decrease in quality. When we mention privacy as a quality parameter or claim that a decrease in privacy guarantees is undesirable, we engage in broad discussions that most individuals would agree with. However, competition authorities would have to conduct a comparative assessment between the ideal level of privacy and the standards imposed by a dominant undertaking, in order to identify the harm caused.
To do so, one must first define what is the competitive level of privacy: what privacy standards would look like in an optimal, competitive market.
While, when looking at prices, competition authorities can assess the competitive level by looking at different types of costs such as production or marginal costs, no such benchmarks exist yet for data protection. As a matter of fact, the answer to such a dilemma cannot be found in privacy laws either.
The establishment of a touchstone for privacy seems, at least for now, a Sisyphean task. Not only is privacy hard to quantify, but it can also have different meanings depending on the context.
For instance, if privacy was to be considered a quality feature as discussed above, then it would become, in economic terms, ‘currency’ that users pay to access the platform. At the same time, privacy is also a fundamental right enshrined in a number of treaties, and in the EU Charter.
Choosing one definition over the other, or even creating a new definition for antitrust purposes, would not only be futile but it would also lead to the creation of a double-standard. This would do anything but contribute to the clarification of the legal framework applicable to digital markets. Moreover, consumers themselves are likely to have conflicting views on the ideal privacy guarantees.
Hence, any argument claiming tech platforms are breaching their users’ right to privacy is to be considered groundless as long as it cannot be supported by a well-defined benchmark. Absent such a definition, there is no yardstick upon which to base an assessment under EU competition law.
II. Unfair trading conditions
A second type of privacy-related exploitative abuse may be the imposition of unfair trading conditions. This type of conduct was the main focus of the German Competition Authority in its Facebook decision, where it alleged that by not obtaining consumers’ effective consent under the GDPR, the tech giant leveraged its market power to impose unfair trading conditions on its users.
However, one must note that unfair business practices cases are extremely scarce among competition law authorities, and for a good reason. Such practices are already covered by other areas of law such as consumer protection, contract and tort law and are, most of the time, taken over by the relevant authority. What is more, as exemplified by the Microsoft (T-201/04) and Tetra Pak (C-333/94) cases, such conditions are often imposed with the aim of excluding competitors, falling therefore under the separate regime of exclusionary abuses.
III. The requirement of economic harm
Although, as seen above, privacy would be hard to define for the purpose of an antitrust assessment, there is one element that can undoubtedly be excluded from its definition : its potential impact on economic welfare.
Taking it back to the goals of competition law, the application of antitrust sanctions aims at preventing undertakings from engaging in activities that have the potential to diminish the economic efficiency of a market.
In fact, the notion of ‘consumer welfare’ shall not be equated with ‘the welfare of every individual consumer’. Such aim refers, instead, to the pursuit of long-term welfare in the broader sense, meaning it may even encompass potential future consumers.
Hence, a decision establishing abuse of dominance must identify a theory of harm that relies upon economic analysis. Since privacy is, in essence, a fundamental right sitting on the opposite side of the spectrum, introducing such a factor as a main theory of harm would cause the goals of competition law to shift drastically, leading to an increasing overlap with other areas of law.
The importance of economic harm was downplayed in the Facebook case, as the Federal Cartel Office (FCO) claimed that the lack of an economic quantification of the abusive conduct cannot be used as a justification for the harm caused. Yet, to justify its claim, the German Competition Authority itself acknowledged that such a quantification is hardly possible. Such a statement does nothing but prove that, since privacy violations do not have the potential to cause economic harm as understood by antitrust authorities, they shall not be the main indicator of anti-competitive behaviour.
IV. Balancing the benefits
Yet, even if privacy would, hypothetically, be a universally accepted theory of harm in antitrust, a dominant undertaking would still be able to either invoke an objective justification or prove that efficiencies resulting from its conduct outweigh the harm caused.
When assessing efficiencies, competition authorities first scrutinise whether the same aim could be achieved by other means and, in case of a negative response, proceed to an assessment of the pro and anti-competitive effects.
The practice of collecting large amounts of data from users may, on one hand, be a privacy breach, but what if the data is used to improve products and services? This is the case with, for example, targeted advertising. Companies can use the amounts of data collected to create efficiencies, and in most cases they do. Possessing great amounts of data, as worrying as it may sound, achieves economies of scale and improves market efficiencies. Production and distribution costs are reduced, better targeting options are available, and firms are able to innovate up to the point where new products are created.
Since the above are benefits that may outweigh, by far, the harm caused by a privacy breach (especially when consumers do not actively show any concern), the threshold for a successful theory of harm based on privacy considerations is considerably high.
Such a threshold was indeed avoided in the Facebook case, as the FCO focused on a balancing of interests under GDPR and decided that, in an antitrust proceeding, a balancing of interests under antitrust law is not needed.
V. The limited scope of competition law
Lastly, one cannot lose sight of the fact that companies need to meet a certain threshold in terms of market power to fall under the scrutiny of an Article 102 TFEU investigation. The reasoning behind it is, as mentioned above, of an economic nature. Firms with no market power would be less likely to harm the economic efficiencies or impose high barriers to entry, which is why in most cases they do not fall within the scope of antitrust enforcement.
Yet, as far as privacy is concerned, a remarkable number of undertakings without considerable market power would be able to eschew an antitrust inquiry even when engaging in practices limiting the right to privacy of individuals, since market power is not indispensable for a privacy breach.
Alexandra Elena Rădulescu is the Legal Affairs Lead at a digital consultancy firm in the Netherlands and an LL.M. candidate at the London School of Economics and Political Science (LSE).