This presentation by Michal Gal, Professor and Director of the Forum on Law and Markets, Haifa University, was made during the discussion “Data portability, interoperability and competition” held at the 135th meeting of the OECD Competition Committee on 9 June 2021. More papers and presentations on the topic can be found out at oe.cd/dpic.
4. Is it an antitrust Concern?
Theory of Harm: use of data portability and interoperability (standards) to
indirectly foreclose (partly or fully) access of rivals to an input (data) which
they might have otherwise legally accessed, in a way designed to negatively
affects rivals' ability to compete.
Put simply: creating artificial barriers to data flows in the market.
When applied to private data:
• Increases switching costs, strengthens consumer lock-in, and limits multi-homing
• Prevents data-subjects to enjoy the benefits of their data
Might be relevant in two main instances: as an offense (agreement in
restraint of trade; abuse of dominance), or as a consideration in merger
control
5. Requirements (1)
• Data important for competition in that market
• Already collected, or can be collected by infringer
• Feasibility of use by other firms (e.g., data relevant to their operations)
• Data need not be essential, sufficient if limited access can raise rivals' costs significantly
• Suggestion: Need not specify in minute detail how rivals will use the data
• Significant barriers to access to such data (Gal and Rubinfeld):
• Data is a public good, yet not all data are equal (e.g., medical history)
• High barriers (technological, legal, financial) to collection of such data (e.g., data
ecosystems)
• No easy ways to circumvent (e.g., content scraping, algorithms that need less data)
• Suggestion: Where data transfer is mandated by law, this can be assumed
6. Requirements (2)
• No legal constraints on data transfer (e.g. security, privacy, data
ownership)
• Need to determine priorities among laws
• Suggestion: Where data transfer is mandated by law, this can be assumed
• Data transfer increases welfare
• Due to competition, synergies, and extended network effects
• Long term analysis: effects on motivations to collect data
• Counter-justifications: Is it needed to significantly improve privacy or data security,
beyond what is mandated by law? (Nicholas and Weinberg, 2019)
• Suggestion: Reversing the burden of proof: burden should be on dominant firms
restricting multi-homing to demonstrate the efficiencies associated with these actions
(Crémer, de Montjoye and Schweitzer, 2019)
• Suggestion: Where data transfer is mandated by law, this can be assumed
7. Requirements (3)
• Infringer’s actions affect data interoperability and portability in a
way which (significantly) limits data transfers
• Affects ability to use his own data by others (e.g., dark patterns for consent); or
• Directly or indirectly affects the setting of data interoperability or portability standards
in the industry (Standard-Setting Market Power)
• Such actions create a comparative advantage to the one limiting
interoperability and portability
• Whether directly (B2B) or indirectly (B2C: increase user switching costs)
Institution-wise: Requires a more-technological approach
11. Relevance:
• Offense is degradation or limitation of interoperability or
portability
• Part of a remedy for restoring competition in the market, to
enable data sharing
• Alternative to structural remedies (Crémer et al., 2019)
Benefits:
• Limits anticompetitive conduct and/or its consequences
• May introduce competition in the market and for the market,
both with firms and with ecosystems
• Remedies can be flexibly designed according to the situation of
a given market
12. Limitations
• Time is of essence: Ex post regulation (Kerber, 2019)
• Specific case vs market-wide standards (solution: market studies)
• Devil in details: Determining standards and terms (e.g., “pretend
sharing”)
• May require substantial oversight
• Often not stand-alone. Data standardization?
• Effectiveness affected by ability to mitigate data protection concerns
• Effectiveness affected by user consent and behavioral limitations
• Market transparency might facilitate collusion
• Risk discouraging investments in data collection
• implementation costs (do they create comparative advantages to some?)
• Better alternatives? (sharing of learning (Gal and Petit, 2021))
• Economies of scale from data transfer might be limited (Nicholas and
Weinberg, 2019; Gal and Aviv, 2020)
13. Slides for last part of discussion:
Data Protection, Consumer Protection,
and Competition Law
14.
15. The relationship between competition law and
privacy/data protection law
Share the ultimate goal of protecting consumers
• Competition law seeks to ensure that consumers enjoy the benefits of a
competitive market
• Privacy law seeks to ensure that consumers have some measure of control over
their personal data
Contact:
• Competition over privacy:
• Privacy as a quality parameter for consumers
• Firms can offer enhanced privacy to distinguish their products (Apple) if there is
competition
• Competition and Privacy:
• Ensuring interoperability and portability of voluntarily shared data by the data
subject
• Increasing access to alternative data that does not infringe data protection laws
• Excessive private data collection as an abuse (Facebook case)
16. Competition or privacy:
• Increasing competition (and data portability) may imply that more firms access
private data.
• Tension also arises when a competitor relies on access to consumers’ personal
information held by a rival (e.g., hiQ v. LinkedIn)
• Increasing privacy protections can reduce the benefits of competition by limiting
internal and external data flows.
• Yet data protection may increase trust in markets and raise users' willingness to
voluntarily provide their data and at lower cost.
• The mode of regulation itself might create obstacles to competition: which firms
benefit more from the type of legal regime chosen?
• By itself
• By manipulations (changes framed as a response to privacy issues)
• Misapplications without deterrence (Tombal, 2021)
17. GDPR: Shaping Choices
•Compliance of external supplier
•Compliance of Buyer
•Data Management Obligations
•Size-Dependent Requirements
(Gal and Aviv, 2020)
18. Dynamics created by the GDPR (Gal and Aviv, 2020)
• Sharing sometimes impossible
• Reduced incentives for sharing
• Economies of scale
• High costs of non-compliance
• Costs of uncertainty
• Effect on data subjects
Effects:
• Higher concentration levels
• More limited data synergies
• Reduced international competitiveness
19. The way forward (Gal and Aviv, 2020)
•Competition law sensitivity
•Assessments of market power
•Certification and risk
•Limiting uncertainty
•Better anonymization tools
20. Thank you!
Rubinfeld, Daniel L. and Gal, Michal, Access Barriers to Big Data (August
26, 2016). 59 Arizona Law Review 33
(2017) https://ssrn.com/abstract=2830586
Gal, Michal and Rubinfeld, Daniel L., Data Standardization 94 NYU Law
Rev. (2019) https://ssrn.com/abstract=3326377
Gal, Michal and Oshrit Aviv, The Competitive Effects of the GDPR, Journal
of Competition Law and Economics (2020)
https://ssrn.com/abstract=3548444
Gal, Michal and Petit, Nicolas, Radical Restorative Remedies for Digital
Markets, 37 Berkeley Technology Law Journal
(2021) https://ssrn.com/abstract=3687604