ݺߣ

ݺߣShare a Scribd company logo

The Intersection between Competition and Data Privacy – COLANGELO – June 2024 OECD discussion

OECD Directorate for Financial and Enterprise Affairs
OECD Directorate for Financial and Enterprise Affairs

This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp. This presentation was uploaded with the author’s consent.

1 of 9
Download to read offline
THE PRIVACY/ANTITRUST CURSE: INSIGHTS FROM EU COMPETITION LAW PROCEEDINGS Giuseppe Colangelo sites.google.com/site/giuseppecolangelouni/ OECD Roundtable, 13 June 2024
Background and research question  Integrationist perspective: unity makes strength (the emergence of business models involving the collection and commercial use of personal data determines an inevitable interconnection between market power and data protection)  Separatist perspective: different interests, objectives, and tools • Testing the narrative which describes the relationship in terms of synergy and complementarity: how data protection rules and principles have been applied in antitrust proceedings by the European Commission and national competition authorities • From the privacy offence to the privacy defense: how can the increasing conflicts between the interests protected and the goals pursued by data protection and competition law be resolved? 2
Privacy as an antitrust sword against data accumulation strategies  Privacy harm as an antitrust abuse • The German Facebook case: the users’ privacy exploitation claim • DMA: rivals’ exclusion and primacy of data protection interests over competition policy goals • New Section 19a GWB and the German Google case  Privacy harm in merger analysis: the Commission’s separatist stance • Google/DoubleClick • Facebook/WhatsApp • Microsoft/LinkedIn • Apple/Shazam • Google/Fitbit • Microsoft/Nuance • Meta/Kustomer • Deutsche Telekom, Orange, Telefónica and Vodafone JV 3
Privacy as a shield against antitrust allegations  The risks of regulatory gaming Privacy as a business justification for anticompetitive conduct: privacy protection v. discrimination • Apple’s ATT policy • Google’s Privacy Sandbox 4
The missing integrated approach  The much-invoked integrated approach is more proclaimed than adopted in practice  German Facebook as an isolated case  Commingling data protection and competition law may be counterproductive: Facebook and Apple ATT cases as two faces of the same coin  French and Italian episodes of Apple ATT: invoking the cooperation between authorities risks becoming a rhetorical deception, unfit to solve tensions; the different goals pursued under antitrust and privacy provisions may be irreconcilable in practice  DMA: privacy exception and competition policy deference to privacy 5
The CJEU’s Meta judgement • Conduct relating to data processing may breach competition rules even if it complies with the GDPR; conversely, unlawful conduct under the GDPR does not automatically mean that it breaches competition rules • Assessing the potential use of means other than those which come within the scope of competition on the merits requires to take account of the circumstances of the case, the relevant legal and economic context • AG Rantos: distinguishing the hypothesis in which an antitrust authority, when prosecuting a breach of competition provisions, rules “primarily” on an infringement of the GDPR, from the case in which such an evaluation is merely “incidental” • Cooperation between authorities: the etiquette • The existence of a dominant position alone cannot, in principle, render the consent invalid: case-by-case analysis 6
Compelling principles, however …  As competition authorities have significant leeway in framing their investigations, in practice it will be extremely difficult to demonstrate that they are primarily, rather than incidentally, tackling a data protection breach  The judgement examines only the scenario in which an infringement of the GDPR may occur, while not being useful in unraveling the different situation in which the adoption of a privacy-enhancing solution is invoked as a justification for anticompetitive conduct o In the latter case, the cooperation between competition and data protection authorities could herald new issues and conflicts, rather than being the panacea for all problems o Will the judgement promote a lively and lovely cooperation between authorities or fuel their rivalry? See the Italian Telepass case 7
Concluding remarks  The fallacy of a synergistic narrative • The integrated approach is more proclaimed than adopted in practice • Merely invoking a convergence of ultimate aims will not devise a pragmatic solution • Data protection has been progressively transformed from a weapon used by antitrust authorities to limit data accumulation to a shield exploited by digital platforms to justify anticompetitive strategy • The cooperation with data protection regulators would ensure a coherent and uniform interpretation and application of GDPR provisions, but it will not help to strike the balance between privacy benefits and anticompetitive restrictions 8
References • The privacy/antitrust curse: insights from GDPR application in competition law proceedings, ICLE Working Paper 2024, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4599974 • Antitrust über alles. Whither competition law after Facebook? World Competition Law and Economics Review, 2019, 42(3), 355 • Data Accumulation and the Privacy-Antitrust Interface: Insights from the Facebook case, International Data Privacy Law, 2018, 8(3), 224 • Data Protection in Attention Markets: Protecting Privacy Through Competition? Journal of European Competition Law and Practice, 2017, 8(6), 363 9

More Related Content

The Intersection between Competition and Data Privacy – COLANGELO – June 2024 OECD discussion

  • 1. THE PRIVACY/ANTITRUST CURSE: INSIGHTS FROM EU COMPETITION LAW PROCEEDINGS Giuseppe Colangelo sites.google.com/site/giuseppecolangelouni/ OECD Roundtable, 13 June 2024
  • 2. Background and research question  Integrationist perspective: unity makes strength (the emergence of business models involving the collection and commercial use of personal data determines an inevitable interconnection between market power and data protection)  Separatist perspective: different interests, objectives, and tools • Testing the narrative which describes the relationship in terms of synergy and complementarity: how data protection rules and principles have been applied in antitrust proceedings by the European Commission and national competition authorities • From the privacy offence to the privacy defense: how can the increasing conflicts between the interests protected and the goals pursued by data protection and competition law be resolved? 2
  • 3. Privacy as an antitrust sword against data accumulation strategies  Privacy harm as an antitrust abuse • The German Facebook case: the users’ privacy exploitation claim • DMA: rivals’ exclusion and primacy of data protection interests over competition policy goals • New Section 19a GWB and the German Google case  Privacy harm in merger analysis: the Commission’s separatist stance • Google/DoubleClick • Facebook/WhatsApp • Microsoft/LinkedIn • Apple/Shazam • Google/Fitbit • Microsoft/Nuance • Meta/Kustomer • Deutsche Telekom, Orange, Telefónica and Vodafone JV 3
  • 4. Privacy as a shield against antitrust allegations  The risks of regulatory gaming Privacy as a business justification for anticompetitive conduct: privacy protection v. discrimination • Apple’s ATT policy • Google’s Privacy Sandbox 4
  • 5. The missing integrated approach  The much-invoked integrated approach is more proclaimed than adopted in practice  German Facebook as an isolated case  Commingling data protection and competition law may be counterproductive: Facebook and Apple ATT cases as two faces of the same coin  French and Italian episodes of Apple ATT: invoking the cooperation between authorities risks becoming a rhetorical deception, unfit to solve tensions; the different goals pursued under antitrust and privacy provisions may be irreconcilable in practice  DMA: privacy exception and competition policy deference to privacy 5
  • 6. The CJEU’s Meta judgement • Conduct relating to data processing may breach competition rules even if it complies with the GDPR; conversely, unlawful conduct under the GDPR does not automatically mean that it breaches competition rules • Assessing the potential use of means other than those which come within the scope of competition on the merits requires to take account of the circumstances of the case, the relevant legal and economic context • AG Rantos: distinguishing the hypothesis in which an antitrust authority, when prosecuting a breach of competition provisions, rules “primarily” on an infringement of the GDPR, from the case in which such an evaluation is merely “incidental” • Cooperation between authorities: the etiquette • The existence of a dominant position alone cannot, in principle, render the consent invalid: case-by-case analysis 6
  • 7. Compelling principles, however …  As competition authorities have significant leeway in framing their investigations, in practice it will be extremely difficult to demonstrate that they are primarily, rather than incidentally, tackling a data protection breach  The judgement examines only the scenario in which an infringement of the GDPR may occur, while not being useful in unraveling the different situation in which the adoption of a privacy-enhancing solution is invoked as a justification for anticompetitive conduct o In the latter case, the cooperation between competition and data protection authorities could herald new issues and conflicts, rather than being the panacea for all problems o Will the judgement promote a lively and lovely cooperation between authorities or fuel their rivalry? See the Italian Telepass case 7
  • 8. Concluding remarks  The fallacy of a synergistic narrative • The integrated approach is more proclaimed than adopted in practice • Merely invoking a convergence of ultimate aims will not devise a pragmatic solution • Data protection has been progressively transformed from a weapon used by antitrust authorities to limit data accumulation to a shield exploited by digital platforms to justify anticompetitive strategy • The cooperation with data protection regulators would ensure a coherent and uniform interpretation and application of GDPR provisions, but it will not help to strike the balance between privacy benefits and anticompetitive restrictions 8
  • 9. References • The privacy/antitrust curse: insights from GDPR application in competition law proceedings, ICLE Working Paper 2024, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4599974 • Antitrust über alles. Whither competition law after Facebook? World Competition Law and Economics Review, 2019, 42(3), 355 • Data Accumulation and the Privacy-Antitrust Interface: Insights from the Facebook case, International Data Privacy Law, 2018, 8(3), 224 • Data Protection in Attention Markets: Protecting Privacy Through Competition? Journal of European Competition Law and Practice, 2017, 8(6), 363 9