Balancing protection of personal data with levelling the playing field is a fine art
The acquisition of large amounts of data can create economic barriers to entry, which eliminates rivals
Data protection and competition law both influence the exercise of economic activity and seek to enhance the interests of individuals. Personal data has become the object of trade, and companies compete to acquire and process this data. This rivalry has necessitated the application of competition law, albeit personal data is protected through data protection law.
Competition authorities worldwide have started to consider the implications of data privacy concerns in merger decisions. These have included those of Facebook-Instagram, Facebook-WhatsApp, Google-DoubleClick and Microsoft-LinkedIn. None of these decisions offer authoritative guidance, apart from a mere reference to potential data privacy concerns.
In these types of transactions it is inevitable that enormous chunks of personal data would be acquired post-merger. The value of this personal data is limitless. It goes beyond its use as an input for advertising and acts as a raw material from which multiple digital business models may be fashioned.
Personal data and the use thereof constitutes a fundamental building block of the digital economy. An increasing number of business models rely on personal data as a key input. In exchange for sharing their data, users benefit from personalised and innovative services, and some welcome this convenience.
The collection, processing and use of personal data by companies poses questions about privacy and fundamental rights, among others ethical decision-making. Given the significant commercial and strategic value of personal data, its accumulation, control and use may raise competition concerns and negatively affect consumers.
It is a challenging task to develop a legal framework that ensures an adequate level of protection of personal data while providing an open and level playing field for businesses to develop innovative data-based services. The acquisition of large amounts of data can create several economic barriers to entry, which in turn excludes rivals from entering a specific market.
This has the effect of creating a dominant firm in the market. For example, a significant amount of data acquired post-merger may allow a company to develop products or services that would not have been possible otherwise. This makes it difficult for competing firms to expand or enter the market.
In the Facebook-WhatsApp merger, the US Commission acknowledged that “competition on privacy” exists and that “privacy and security, the importance of which varies from user to user… are becoming increasingly valued, as shown by the introduction of consumer communications apps specifically addressing privacy and security issues”. However, despite this observation, the commission did not particularly consider the effects of the merger on data protection. A similar stance was taken in the merger of Google and DoubleClick.
The main objective of competition law is to promote market competition by regulating anticompetitive conduct by companies. This results in better-quality goods and services at low prices, efficiency and wider choices for consumers
Data protection law also governs the processing and handling of personal information. Competition law therefore applies to all economic activity, whereas data protection law relates to personal data processing irrespective of whether it is an economic or non-economic activity.
Based on the economic commonalities of data protection and competition law, it is possible for both these policies to work and coexist. Competition law incorporates many non-price dimensions of competition, such as innovation, quality, variety, service and advertising. A significant non-price dimension that should be included in this list is that of data protection.
New technologies, purposes and applications to process individuals’ personal data are being developed on a huge scale and at a faster pace than before. But we have not only entered the “golden age of personal data” in terms of its exploitation: ours is also the “golden age of personal data” in terms of regulation of its use.
Knowledge based on data is applied, and due to algorithmic decisions made based on models, predictions or knowledge, individuals can be categorised or clustered, for example to show people different advertisements or decide what interest they should pay on loans.
The algorithmic decision is not made solely on the basis of the data from a specific targeted individual. The decision rests on a limited amount of personal data from the specific individual, but behind that decision is a wealth of data from other people or sources.
“Big data” has become a catch-all phrase for applications that involve very large quantities of (personal) data, which are analysed to receive knowledge from it and then used to either target individuals or groups or make general information-based decisions. Big data involves acquisition, analysis and application.
• Burger-Smidt is director and head of data protection and privacy practice at Werksmans Attorneys.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.