When data protection becomes a competition issue…
Tuesday 13 February
This year will be dominated by the implementation of the General Data Protection Regulation (GDPR) which comes into force on 25th May 2018 and will be the biggest overhaul in European data protection law in almost three decades. Much focus has been on how these changes give enhanced rights to data subjects and how this will impact upon businesses. Currently, the German Cartel Office (Bundeskartellamt) are conducting an investigation which considers Facebook’s collection of personal data from users to be a breach of EU competition law. This is one of a series of investigations across the EU which consider the interaction between data protection and competition law.
Historically, the Commission have dealt solely with economic focused competition concerns and have not used competition law to enforce data protection laws as competition law has historically been focussed on conduct with excludes competitors rather than a remedy for consumer harm. More recently, however, competition and data protection law have interacted more frequently, especially in relation to merger control. As the internet and social media platforms become more sophisticated and integrated with our everyday lives, the personal data that social media platforms gather, store and share about our lives has been under the spotlight. The way companies collect and sell user data has often been criticised – and the Bundeskartellamt have now made significant progress in defining when data protection law becomes a competition concern.
The Bundeskartellamt have released preliminary findings in their investigation against Facebook’s use of third party data which it deems to be an infringement of competition law. By signing up to Facebook’s terms and conditions, you allow Facebook to access and share your personal data for advertising purposes. This is not restricted to data held on your Facebook account, but also extends to data held on other platforms owned by Facebook such as Whatsapp and Instagram.
The Bundeskartellamt have found that such practices by Facebook are an abuse of its dominant position in the social media platform market. By making the use of Facebook conditional on the acceptance of the terms and conditions, users have no way to opt out of their personal data being collated from multiple Facebook-owned platforms and are therefore subject to advertising from Facebook using this collated data. Users cannot choose which platforms Facebook uses data from or if they can use data at all.
The Bundeskartellamt case is the first of its kind and there will be no penalties imposed on Facebook for this alleged breach of competition law. However, the Bundeskartellamt findings have the potential to greatly expand the scope of EU competition law. This decision brings competition law and data protection law together to ensure that data subject rights are protected and dominant undertakings cannot abuse their position to the detriment of data protection.
One area in which the EU Commission are giving more weight to data in competition law, is through the merger clearance process. The EU Commission have recognised that the merger of two businesses may cause competition concerns, especially where one or both of those businesses hold a lot of personal data which is potentially very valuable. Facebook and Whatsapp came under fire from the EU Commission after their 2014 merger investigation. Facebook were subsequently fined €110 million for misleading the EU Commission as to how the user data of Facebook and Whatsapp accounts would be used.
Once the GDPR comes into force on 25th May 2018, organisations will be liable for fines of up to €20 million or 4% of global turnover, whichever is greater, for breaches of data protection law. Along with the large fines levied against competition law infringing organisations, this could lead to serious penalties for businesses!
These findings serve as a reminder to businesses who rely heavily on personal data that, not only do they need to comply with data protection laws but they should also be aware of the competition rules and how these could impact on how such data is used.
This article was co-written by Rebecca Ferguson.
David Flint - David Flint is Senior Partner and Head of our IP, Technology and Commercial team.
David specialises in all aspects of non-contentious intellectual property, with particular emphasis on computer-related contracts and issues. He is recognised as a leading expert in intellectual property law, computer/IT law and European law and advises on data protection matters and all types of commercial contract, particularly those with an international element or requiring cross-disciplinary expertise. As a litigator, David has experience in domestic, American and European courts. He has also specialised in corporate insolvency for over 35 years and is author of MacRoberts’ Scottish Liquidation Handbook and other texts on insolvency.
David is a Director of Renfrewshire Chamber of Commerce and Chair of an American Bar Association Committee on Intellectual Property law. He lectures extensively in the UK, the US and internationally in relation to his specialities and is author of the Stair Encyclopaedia section on European competition law, as well as multiple books and articles on intellectual property and cyber law.
David is listed in Who’s Who Legal 2018 as an expert in Data Privacy & Protection.