The increasing importance of (big) data for today’s economy is more and more reflected in (the enforcement of) competition law. In today’s digital (platform) economy, a company’s ability to collect data and subsequently strategically use it, has become one of the most important competitive parameters. As data becomes of growing importance and is increasingly seen as a means of payment (‘data as a currency’), the European Commission (“Commission”) and national competition authorities are intervening more frequently in transactions and anti-competitive behaviour that involve the use of data. Various enforcement tools are deployed in order to safeguard the role of data in the competitive process as much as possible. Although at first this mainly concerned remedies in the context of merger control, recently there has also been an increasing number of cases on the basis of Articles 101 and 102 of the Treaty on the Functioning of the European Union (“TFEU”) that involve data. In the near future, data-related competition issues will be regulated by specific legislation, such as the ‘Digital Markets Regulation’ (aka: Digital Markets Act, “DMA”) and the European Data Act. This blog aims to provide an overview of developments to date and look ahead to upcoming data legislation.

A reluctant start

In 2016, the Commission had to deal with several transactions where the merging parties’ datasets would be combined. Despite that the Commission examined the merging of datasets as a theory of harm in, among others, the Microsoft/LinkedIn, Verizon/Yahoo! and Apple/Shazam cases, yet none of the cases resulted in data-related remedies. In these three cases, the Commission considered that post-transaction aggregation of datasets might raise market entry barriers, but it concluded that this does not confer a competitive advantage on the merging parties. Specifically, the Commission found that the datasets are not unique (Verizon/Yahoo) or that access to the target’s database is not essential to compete in the market (Microsoft/LinkedIn). Moreover, the Commission noted – inter alia, in Verizon/Yahoo – that the merging parties could not significantly restrict competition through the use of data in itself, as they are bound by national legislation and the General Data Protection Regulation (“GDPR”).

Interestingly, in the same period, the Commission already recognised privacy as an important factor for consumers when choosing a  service or platform. In the Facebook/WhatsApp case in 2014, the Commission considered that the parties’ privacy policies can be taken into account when assessing the extent to which the merging parties compete (directly) with each other.

In Microsoft/LinkedIn, the Commission took the view that privacy-related concerns, by themselves, do not fall within the scope of competition law, but that data protection can be an important parameter of competition in social media markets. In that particular case, the acquisition of LinkedIn could risk driving social media with better privacy conditions out of the market.

Dataremedies in merger cases

From 2019 onwards, a change of direction seems to be taking place where transactions in which data play an important role will now only receive (conditional) approval after data-related remedies have been offered. Generally, these remedies entail keeping the data of the merging parties separate and/or allowing or keeping third parties access to the platforms/APIs of (one of the) merging parties. For instance, in the case of the acquisition of Iddink (provider of electronic learning environment Magister) by Sanoma Learning (publisher Malmberg), the Authority Consumer and Market (in Dutch: Autoriteit Consument en Markt, “ACM”) stated that the transaction would give Sanoma an advantage over other learning resource publishers. For this reason, the ACM attached conditions to the approval of the merger. Iddink is obliged to continue to give competing learning resource publishers access to the Magister API, and the competing publishers are entitled to the same information provision as Malmberg. In addition, the commercial departments and IT systems of Sanoma Learning and Iddink are to remain separated via so-called internal Chinese walls. This should prevent competition-sensitive information of competing publishers from reaching Malmberg via Iddink. After the Rotterdam District Court annulled the ACM merger decision, this conditional approval was found to be lawful by the Trade and Industry Appeals Tribunal. See our Competition Flashback Q3 2022 for more details.

Vertical effects also occurred in the somewhat similar European merger case Google/Fitbit. After an in-depth investigation, the Commission concluded that Google would gain a competitive advantage by accessing  Fitbit’s data that would allow it post-transaction to exclude rival health app providers from the market via Android. To address these concerns, Google has offered to use so-called data silos to keep Google and Fitbit’s data separated (so that Fitbit’s health data cannot be used for Google Ads, for example). In addition, Google has agreed to continue giving Fitbit’s competitors access to Android.

A slightly different case concerned the data joint venture between NS, GVB, HTM and RET, which aimed to create a platform for mobility services (often referred to as “mobility-as-a-service”, or “MaaS” platform). The ACM decision set out remedies to prevent (competition-sensitive) data flows from becoming accessible to the platform operators. The platform is prohibited from sharing competition-sensitive data from mobility services and other MaaS providers. Shareholders of the joint venture will also not be given access to this information.

Competition concerns in cartel and abuse cases

In addition to data-related merger control cases, data-related commitments have also been made in several recent investigations into infringements of Articles 101 and 102 TFEU. The Commission’s much-discussed investigation into Amazon concerned Amazon’s dual role as, on the one hand, the provider of the sales platform and, on the other hand, retailer on the platform, in competition with buyers of its platform service. As platform provider, Amazon has access to the sales data of the independent retailers that are active on the platform, such as sales numbers and number of page visits. The Commission concluded in 2020 that Amazon systematically used these data for the benefit of selling Amazon products on the platform, creating an advantage over other retailers. The Commission also concluded that Amazon favoured its own products and those of retailers using Amazon’s logistics services (Amazon Prime) in the so-called ‘Buy Box’.

As a result of the investigation, Amazon has agreed, among other things, to stop using non-public data on the activities of independent sellers for its own products competing with those of third parties on its marketplace. This applies both to Amazon’s automated use of data and to Amazon employees who may use the data for strategic decisions. Amazon will also apply fair terms for access to the Buy Box and Prime programme, and allow Prime sellers to freely choose another logistics provider. On 20 December 2022, the Commission published the final commitment decision, officially closing both investigations.

In the Insurance Ireland case, the Commission accepted commitments relating to Insurance Ireland‘s database. This database contains data relevant to insurance providers. The Commission objected to the fact that only members of the trade association had access to this data pool, and that access for other insurance companies was not offered on transparent and non-discriminatory terms. The commitments consist of Insurance Ireland decoupling membership from access to the database and applying fair and objective entry requirements for membership.

Of a slightly different order are cases where the possession or use of data has been considered by (national) competition authorities as a form of (abuse of) economic dominance. A high-profile example concerns the German Facebook case where the Bundeskartellamt (“Bka”) found in 2019 that Facebook abused its dominant position by collecting and processing users’ data without complying with legal requirements (based on the GDPR). In his recent opinion, Advocate General Rantos concluded that a breach of the GDPR can be an indication of a breach of competition rules, and that national competition authorities may take this breach into consideration when establishing an abuse of a dominant position. A similar investigation into Facebook has been ongoing in the UK since June 2021. Moreover, the Bka is currently investigating Google’s data processing conditions.

In December 2022, the Commission issued new objections to Meta. According to the Commission, Meta may be abusing its dominant position by linking the Facebook Marketplace to its social network Facebook, and applying unreasonable conditions towards ad providers using this ad service. The Commission also found that Facebook potentially uses data from ad providers for the benefit of its own platform.

Abuse (by legal monopolists) by siphoning off customer data

In the context of data and abuse it is interesting to look at  two national cases in which a legal monopolist was fined. In the ENEL case in 2018, the Italian competition authority fined energy provider ENEL for using the customer database it had built during its time as a legal monopolist. After market liberalisation, ENEL used the database to contact customers and make them commercial offers, aiming to get them to switch as customers to ENEL’s subsidiary EE, which is active on the liberalised market. In this preliminary ruling procedure, the Court of Justice of the EU (“CJEU“) ruled that ENEL, as a former legal monopolist, was not allowed to use the data pool (or other resources and sources) that it had gathered during its legal monopoly after market liberalisation. .

The French EDF case also involved a former legal monopolist that continued to use its database after the energy market was opened up. The French competition authority fined EDF for using non-reproducible customer data during the period between 2004 and 2021 in order to maintain market share in the liberalised market. Moreover, the French competition authority concluded that the data EDF did share with other suppliers was incomplete.

Data legislation: DMA curbs data use by gatekeepers

The increasing occurrence of data-related problems for competition have triggered specific legislation. First and foremost, this involves legislation providing rules to curb the (inappropriate) use of data by gatekeepers and/or Big Tech (via the DMA).

The DMA contains a number of obligations for so-called data gatekeepers. These are, in short, digital platforms that are an important gateway to end-users for business users. For instance, Article 5 DMA states that gatekeepers are not allowed to combine personal data from their platforms with other services offered by the gatekeeper. A company like Meta, which owns Facebook and Instagram, may only combine data from these platforms when it has the explicit consent of the end user. This article seems inspired by Facebook’s previously fine for linking WhatsApp phone numbers to Facebook accounts.

In addition, Article 6 DMA prohibits gatekeepers from using non-public information of business users (or their end users) for the benefit of their own services. This Article shows a clear link to the Amazon case.

To enforce these rules, Article 19 DMA grants the Commission the – fairly far-reaching – possibility to request access to companies’ databases and algorithms. This competence not only includes access to databases and algorithms of gatekeepers, but also of other companies.

The DMA has been in force since 1 November 2022 and currently provides an interim period for gatekeepers to conform to the obligations of the DMA. In the meantime, the Commission has opened a consultation for the first draft of the Implementing Regulation for the DMA.

Data regulation in the making

Secondly, legislation that intends to promote data sharing, and this way also the data economy, is currently being worked on. Besides the DMA – which creates obligations only for gatekeepers – a European proposal for a more general Data Act is pending.

This act aims to give users access to their data (generated through the use of a particular product or service), and allows them to share this data with third parties. The Data Act requires producers to develop products in such a way that users can easily access their data. In addition, data must be made available to users free of charge. This way, the Data Regulation aims to shift control of data to the user. This shift, however, is not uncontested: by giving users control over the data they generate, the Data Act also gives them the responsibility to make data sufficiently available to companies for the benefit of an active data economy.

Moreover, at the end of 2023, the Data Governance Act will come into force, which aims to encourage and regulate the provision and sharing of data by companies and government agencies.

In the Netherlands, the ACM is currently developing the ‘Guideline for Promoting a transparent and fair online platform economy for businesses’. This guideline aims to give businesses a better understanding of how online platforms operate. The final version of the guide is likely to be published in early 2023.

Conclusion

It is clear that in recent years the Commission has made considerable efforts to get a grip on the anti-competitive effects of data. Strict enforcement action is now being taken against large companies that misuse their data or the data of others. To some extent, this trend can also be seen at the national level in Europe.

The introduction of the DMA – and in time, the Data Act – still involves some uncertainties. With regard to the DMA, it will soon (autumn 2023) become clear which companies will be designated as gatekeepers by the European Commission, and how they will incorporate the  obligations from the DMA in their operations. Based on the Data Act, non-gatekeepers will also face data-related legislation. In this way, the Commission is sending a clear signal to companies that benefit from Big Data: they too can expect stricter enforcement in the future.

Bas Braeken – Jade Versteeg – Demi van den Berg