'Online Digital Services And Competition Law: Why Competition Authorities Should be More Concerned About Portability Rather than About Privacy' by Stefano Lucchini, Jacques Moscianese, Irene de Angelis and Fabrizio Di Benedetto in (2018) 9(9)
Journal of European Competition Law and Practice 563–568 comments
In her highly quoted dissenting opinion in the Google/DoubleClick case in 2007, Commissioner Jones Harbour of the Federal Trade Commission (FTC) – citing Professor Swire’s testimony – included privacy as a non-price dimension of competition, assuming that (in the field of search engines) undertakings compete (also) on ‘privacy protections or related non-price dimensions’.
As Professor Swire argued two years later, non-price (or qualitative) dimensions of competition would have been important for online markets in the coming years, including privacy, considering that already in 2009, some online companies had competing announcements for why each of their services was better in terms of privacy protection.
However, since 2009, there has been an expansion of online markets and, especially, of ‘zero price’ services offered through the web and digital technologies. In particular, all we have perceived our inclination to accept to share personal data in order to obtain a ‘zero price’ service that we deem beneficial for us. It could be said that, provided that the service at stake is for free, we are willing to share any kind of personal data, ours or even those regarding other people.
This is not a provocation, but the result of a study conducted in June 2017 by some researchers of the National Bureau of Economic Research (NBER) regarding the behaviour of a group of students of the MIT in Boston. In the context of a wider project aiming at establishing a cryptocurrency (Bitcon) community within the University, students were asked to make at least three digital privacy choices: ‘whether they wanted to disclose the contact details of their closest friends; whether they wanted to maximise the privacy of their transactions from the public, a commercial intermediary or the government; and whether they subsequently wanted to take additional actions to protect their transaction privacy when using Bitcoin’. Afterwards, researchers gave an incentive to a sub-group of these students, i.e., a pizza that participants could share with their closest friends in exchange for more data on such friends. Results show that, notwithstanding the importance that students recognised to their privacy, a little incentive (like a pizza) can have an important effect on the behaviour of people in terms of availability to share personal data.
Beyond the details of this interesting research, NBER’s researchers traced back the difference between what students said regarding the importance of their privacy, on the one hand, and what students did in presence of a little incentive, on the other, to the concept of ‘digital privacy paradox’. Therefore, to properly assess whether privacy (and its protection) could be considered as a non-price element of competition in the digital online environment, it would be necessary to consider the paradox highlighted by the just mentioned research. Indeed, it suggests that customers do not really take into consideration their privacy when they act in the online market and, specifically, when the only money they spend to buy an online digital service is represented by their own data.4 In other words, a ‘zero price’ service seems to be a sufficient incentive for people to superficially share their personal information. Once companies are able to provide efficient ‘zero price’ services, customers do not really care about their personal data and, consequently, their privacy is not perceived as a decisive element for their choices on the market.
From the above considerations, it should follow that privacy can be hardly considered as a qualitative dimension of competition in the digital world (platforms, social networks, apps, etc.). Thus, in online digital services, it would be unlikely that undertakings engaged into anticompetitive agreements to collude on the terms of their privacy policies,5 provided that such a cartel should not be able to modify the normal conditions of competition within the market and, thus, should not ensure any concrete advantage to the cartelists involved. Similarly, it appears that no abuse of dominant position could be found in the collection of large amounts of data (so-called big data) by companies through their customers’ use of ‘zero price’ services, although this could be realised by undertakings with large market shares. Indeed, once established that the collection of great amounts of data is a common practice in markets characterised by ‘zero price’ services, rather than an unfair business term that a dominant firm impose on its customers due to its market power, any competition abuse would be hard to identify. In fact, as the NBER’s research suggests, the inclination of customers to provide data in presence of little incentives (such as ‘zero price’ services) is a natural response, and it does not need to be forced by, for example, exploitative conducts. Obviously, that would be without prejudice to possible privacy law violations committed by the undertaking concerned, whether dominant or not, which would be in any case investigated by the relevant authorities.
As convincingly stated by the then FTC Commissioner Ohlhausen (now FTC’s Chair) in 2015, ‘[a]ttempting to unify the competition and consumer protection laws [including privacy protection] creates needless risks for the Internet economy and could destabilise the modern consensus on antitrust analysis, again pulling it away from rigorous, scientific methods developed in the last few decades and reverting back to the influence of subjective noncompetition factors. Indeed, trying to expand competition law as some have proposed better reflects legal thinking in 1915, not 2015’.
The authors conclude
The ‘dynamic duo’ composed by data portability under the GDPR and data portability forced through the antitrust enforcement against abuses of dominance seems to be able to introduce a wide concept of portability that has much to do with the concept of interoperability. Its relevance for antitrust purposes demonstrates how much the interconnection between companies is vital to guarantee competition.
In this regard, competition authorities should be more concerned about portability rather than privacy. Indeed, given the opportunity provided by both the internet and the expansion of (ever cheaper) digital technologies, the success of companies does not depend only on the production capacity of their material assets and people, but it also (and even more) relies on an immaterial asset which is represented by data produced by their customers, who have become ‘prosumer’ of data.
A highly digitalised society, where a large share of people lives their life online, can become a deposit of information, which is useful for any undertaking and especially for those who provide online services. The consumer leaves behind him traces of himself and of his preferences surfing online, often giving a careless consent to the use of his own personal data in exchange for online digital services (especially if ‘zero price’, as we saw above).
However, as it happens for all the deposits of resources, an undertaking who wishes to exploit it to obtain an economic value must equip itself with the proper technologies to transform large amounts of data into an information that can be useful for business and commercial purposes. In this regard, as oil can be extracted only by drills over oil wells, also this new kind of ‘digital oil’ that is represented by big data needs its drills, i.e., artificial intelligence composed by algorithms, software and hardware with a very high computational capacity that are more and more able to efficiently exploit data, extracting their real value for an undertaking. Indeed, as it has been recently argued: ‘data is like crude oil with potential value but is of limited economic value in its raw form. Data is refined with analytics that has more potential value in the form of customer, product and operational insights. However the kinetic value of data is not realised until the analytics are ‘put into motion’ to optimise key business processes, uncover new monetisation opportunities or create a more compelling customer engagement’.
Competition in the digital economy, thus, it’s all about the ability to analyse and properly use data. And companies spend a lot of money in these processes. Where such an exploitation of data by undertakings amounts to an anticompetitive behaviour, such as abusive conducts, competition authorities should force the transmission of data (i.e., the portability) to actual and potential competitors of dominant companies, where portability right under the GDPR does not apply. Along with data, also their potential value will be transferred to their competitors, reinforcing competition among undertakings and benefitting consumers. In this regard, it cannot be denied that the real ‘sanction’ for an undertaking who infringes competition law is represented by the obligation to share its data and their value with competitors, rather than by the obligation to reinforce its privacy policy.
