Tải bản đầy đủ - 0 (trang)
11 Competition Law, a Specific Challenge for Creating Synergies

11 Competition Law, a Specific Challenge for Creating Synergies

Tải bản đầy đủ - 0trang

6.11  Competition Law, a Specific Challenge for Creating Synergies



303



between privacy and data protection on the one hand and competition law on the

other hand may be a promising path to follow.

The synergy between the two areas played a role in the merger between Google

and DoubleClick, which lead to decisions by the European Commission201 and the

United States Federal Trade Commission. In its decision, the Commission addressed

the market position of the merged company, because of the combination of personal

information obtained by both merging companies, but came to the conclusion that

competition would not be affected. In the US, it was in particular the dissenting

statement of FTC Commissioner Jones Harbour that addressed the issue, highlighting amongst other things the nexus between privacy and competition.202

The European Commission has not issued many competition decisions in relation to the information economy.203 At present, the Commission is conducting two

investigations in antitrust cases against Google. In April 2015, the Commission sent

a Statement of Objections to Google because of an alleged abuse of Google’s dominant position in general internet search which amounts to more than 90 % of the EU

market.204 These cases do not explicitly deal with personal data, but a few observations can nevertheless be made in relation to the subject of this book.

The first observation relates to the definition of the relevant market, the first stage

of a legal analysis in competition cases. This definition seems to be particularly

complicated in an internet economy and may require a fundamental rethinking of

market definitions. One reason is that market boundaries are continuously evolving.205 A more fundamental reason, however, is given by Jones Harbour.206 Market

definitions are normally based on products or services. As she explains, in an econ-



201



 Commission Decision, C (2008) 927 final, declaring a concentration to be compatible with the

common market and the functioning of the EEA Agreement (Case No COMP/M.4731 – Google/

DoubleClick).

202

 Federal Trade Commission, Dissenting Statement of Commissioner Harbour In the Matter of

Google/DoubleClick, available on: ftc.gov/sites/default/files/documents/public_statements/statement-matter-google/doubleclick/071220harbour_0.pdf. The statement is explained in the contribution of Jones Harbour in: Data protection anno 2014: how to restore trust? Contributions in

honour of Peter Hustinx, European Data Protection Supervisor (2004–2014), Hielke Hijmans and

Herke Kranenborg (eds), Intersentia 2014, at 225–234.

203

 Source: http://ec.europa.eu/competition/sectors/ICT/overview_en.html

204

 Statement by Commissioner Vestager on antitrust decisions concerning Google, Brussels, 15

April 2015, available on: http://europa.eu/rapid/press-release_STATEMENT-15-4785_en.htm.

The statement also mentions a separate in-depth investigation regarding the mobile operating system Android, apps and services.

205

 As underscored by the Commission regarding social networking services, Press Release of 3

October 2014, Mergers: Commission approves acquisition of WhatsApp by Facebook, available

on: http://europa.eu/rapid/press-release_IP-14-1088_en.htm

206

 Contribution of Jones Harbour in: Data protection anno 2014: how to restore trust? Contributions

in honour of Peter Hustinx, European Data Protection Supervisor (2004–2014), Hielke Hijmans

and Herke Kranenborg (eds), Intersentia 2014, at 232.



304



6  Understanding the Scope and Limits of the EU Legislator’s Contribution…



omy based on big data207 it makes more sense to define a product market for data,

rather than a market based on specific uses of data by specific companies.

The issue is that companies208 collect large amounts of data that will later be sold

or shared with others for purposes far beyond the purpose of initial collection and

for purposes that are only defined in a later stage. This phenomenon is connected to

the two-sided business model on the internet,209 where companies are active on different markets of products and services, and where – large amounts of – personal

data are critical to both sides. Search engine providers are the example210: the

amount and quality of data play a decisive role in the quality of the service that can

be given, whereas they are also essential on the paying side, by facilitating better

targeted advertising.

A second observation relates to market power. Companies acquire market power

because they accumulate large amounts of personal data and are able to diffuse

those data. Article 102 TFEU does not address market power as such, but prohibits

the abuse of a dominant position as being incompatible with the internal market. A

breach of EU competition law could consist of an anticompetitive acquisition of

data, for instance through an exclusivity agreement imposed by a search engine.211

Such a breach does not only prejudice competition as such, but also competition on

privacy settings. The breach deprives consumers of the possibility to choose a search

engine taking into consideration the level of privacy protection.

A specific issue in relation to market power and personal data is the concept of

an essential facility,212 the idea that the owner of a facility needs to share this facility

with his rivals if access to a market would otherwise be impossible or seriously

impeded.213 The Court of Justice accepts that in exceptional circumstances the exer-



207



 Obviously, this may not be in line with the requirement of purpose limitation under EU data

protection law, but that is not the point we want to make here. On big data, see Chap. 3, Sect. 3.6

of this book.

208

 These companies can be defined as “data brokers”; see: Federal Trade Commission, May 2014,

Data Brokers, A Call for Transparency and Accountability.

209

 As explained above, in this same section.

210

 See on this: Damien Geradin & Monika Kuschewsky, Competition Law and Personal Data:

Preliminary Thoughts on a Complex Issue, Discussion Papers Tilburg Law and Economics Center,

DP 2013-010.

211

 Geradin and Kuschewsky allege that Google has entered into exclusivity agreeements with

some of the main publishers’ websites (such as Amazon.com and AOL.com) excluding other

search engines from being accessible on those websites; see: Damien Geradin & Monika

Kuschewsky, Competition Law and Personal Data: Preliminary Thoughts on a Complex Issue,

Discussion Papers Tilburg Law and Economics Center, DP 2013–010.

212

 Damien Geradin & Monika Kuschewsky, Competition Law and Personal Data: Preliminary

Thoughts on a Complex Issue, Discussion Papers Tilburg Law and Economics Center, DP 2013010, at 3; European Data Protection Supervisor, Preliminary Opinion of 26 March 2014 on

“Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy”, at 41.

213

 Paul Craig and Grainne de Burca, EU Law, Text, Cases and Material (Fifth Edition), Oxford

University Press, 2011, at 1031.



6.11  Competition Law, a Specific Challenge for Creating Synergies



305



cise of an exclusive right by the owner may involve abusive conduct.214 As summarised by the Court of First Instance: “the refusal of the service in question must

be likely to eliminate all competition on the market on the part of the person requesting the service, such refusal must not be capable of being objectively justified, and

the service must in itself be indispensable to carrying on that person’s business […].

According to settled case-law, a product or service is considered necessary or essential if there is no real or potential substitute”.215 In a market of personal data, this

concept of an essential facility could possibly be of use, for instance in respect of

the Google search engine with a market share of more than 90 %, but the threshold

is high.

The previous considerations are based on the notion that personal data have

become an asset and, therefore, relevant in a competition context. This would be a

natural way of creating synergy between these areas of law. This synergy between

competition law and privacy and data protection should be addressed by the EU

legislator in further changes of the EU legislative framework, be it the rules on data

protection or on competition. An approach based on synergies would also enhance

the Union’s legitimacy, demonstrating that different parts of bureaucracy are capable of joining efforts in addressing challenges of the information society.

A topical subject that should be part of a possible action of the EU legislator is

including considerations of privacy and data protection as such in EU competition

law and enforcement. Given the fact that protection of consumers is one of the

objectives of competition law,216 this would not be illogical.217 However, the case

law of the Court of Justice of the European Union does not give a clear basis for

including considerations of data protection in competition enforcement. As

Advocate General Geelhoed states: “Any problems concerning the sensitivity of

personal data can be resolved by other instruments, such as data protection

legislation”.218 Finally, a way of increasing synergy between competition law and

privacy and data protection would be the enforcement cooperation with the authorities which are active in the two different areas.219



 E.g., Case C-7/97, Bronner, EU:C:1998:569, at 43–46.

 Case T-301/04, Clearstream Banking AG and Clearstream International SA v Commission,

EU:T:2009:317, at 147.

216

 As mentioned previously in this section.

217

 In the same sense, Dissenting Statement of Commissioner Harbour In the Matter of Google/

DoubleClick, available on: ftc.gov/sites/default/files/documents/public_statements/statementmatter-google/doubleclick/071220harbour_0.pdf.

218

 Opinion of AG Geelhoed in Case C-238/05, Asnef-Equifax, EU:C:2006:440, at 56, included in

the CJEU’s ruling.

219

 Encouraging cooperation with agencies in other fields is included in the model for good governance in the conclusions of Chap. 7 of this book.

214

215



306



6  Understanding the Scope and Limits of the EU Legislator’s Contribution…



6.12  P

 rivacy Rules in the US: An Introduction

to the Importance of Multi-stakeholder Solutions

The General Data Protection Regulation is largely motivated by arguments on efficiency and effectiveness. Those are also the arguments the European Commission

uses to motivate its proposal. The Explanatory Memorandum underlines that the

“current framework remains sound as far as its objectives and principles are concerned”. A new framework is needed for other reasons. It must be stronger than the

present one, more coherent and backed by strong enforcement, just to mention a few

catchwords in the Explanatory Memorandum.220

One of the focuses in the reform is the engagement of the private sector, through

multi-stakeholder solutions, empowering data controllers and making them more

responsible. This focus justifies a short look at the United States, where multi-­

stakeholder solutions are at the core of privacy governance.



6.12.1  General Features of Privacy Legislation in the US

There is no general US law on privacy and data protection. The absence of a general

legal framework in this area has been generally recognised as a shortcoming in the

US system. Instead a number of state laws and sectoral laws exist, often described

as a legislative patchwork.221

At the beginning of 2012, President Obama announced a Consumer Privacy Bill

of Rights,222 containing a set of data privacy principles that were to be codified in

legislation to be adopted by Congress.223 This bill of rights was to apply to the entire

private sector, but not to the public sector. However, further initiatives towards such

a codified set of principles in federal legislation have not been approved, most likely

for reasons not related to the areas of privacy and data protection.224



220



 Commission Proposal for a General Data Protection Regulation, COM (2012), 11 final,

Explanatory Memorandum, at “Context of the proposal”.

221

 Erin Murphy, The Politics of Privacy in the Criminal Justice System: Information Disclosure,

The Fourth Amendment, and Statutory Law Enforcement Exemptions, Michigan Law Review,

Vol. 111, No. 4 (2013), pp. 485–546, at B.2: “Statutory Privacy Protection Is Piecemeal, Sectoral

and Reactive”.

222

 White House paper, Consumer data privacy in a networked world, a framework for protecting

privacy and promoting innovation in the global digital economy, February 2012.

223

 In the absence of legislation, this Bill of Rights should, in a first phase, be elaborated into

enforceable codes of conduct. The term Bill of Rights thus does not by itself imply a legislative

instrument and is not comparable to the US Bill of Rights mentioned before, which is part of the

Constitution.

224



This reason is the well-known deadlock in Congress (see, e.g.: http://www.nytimes.

com/2014/07/02/us/politics/deadlock-in-congress-appears-to-worsen-as-midterms-loom.html).

This was confirmed in various contacts of the author with US experts.



6.12  Privacy Rules in the US: An Introduction to the Importance…



307



6.12.2  US Privacy Legislation Has a Limited Scope

The most general existing federal law225 is the US Privacy Act of 1974,226 which

gives protection to individuals against data processing by the federal government in

federal records and gives them access to records relating to them. This law was

adopted against the background not only of technological developments,227 but also

of the Watergate Scandal.

The US Privacy Act has a limited scope. It does neither apply to the private sector, nor to the administration of the States. Moreover, wide exceptions are provided

for, for instance in relation to intelligence and law enforcement agencies.228 In these

domains specific regimes for protection may exist, such as the – much criticised and

now to a certain extent strengthened – regime under the US Foreign Intelligence

Surveillance Act.229

One limitation to the scope that by definition affects European citizens, is that the

protection under the US Privacy act does not extend to persons who are not “a citizen of the United States or an alien lawfully admitted for permanent residence”.230

This limitation to the scope of protection ratione personae is in line with the case

law of the US Supreme Court, for instance in United States v Verdugo-Urquidez,231

a case concerning the physical search of premises abroad of an alien individual

without any links to the United States invoking his right under the Fourth

Amendment.232 The protection given under the Fourth Amendment233 does not gov225



 “The closest analogue to a European data protection law”, European Parliament, DirectorateGeneral for Internal Policies, Policy Department C, Citizens’ Rights and Constitutional Affairs,

The US legal system on data protection in the field of law enforcement. Safeguards, rights and

remedies for EU citizens, May 2015, at 10–11.

226

 Privacy Act, 5 U.S.C. 552a.

227

 The US Privacy Act concurs in this respect with the first laws on data protection in Europe.

228

 Section 5 U.S.C. § 552a, (j).

229

 An example of strengthening the regime can be found in the Presidential Policy Directive – Signals

Intelligence Activities, Presidential Policy Directive/PPD-28, available on: http://www.whitehouse.

gov/the-press-office/2014/01/17/presidential-policy-directive-signals-intelligence-activities

230

 Section 5 U.S.C. § 552a, (a)(2).

231

 United States v Verdugo-Urquidez, 110 S. Ct. 1056 (1990). See on this: Mary Lynn Nicholas,

United States v. Verdugo-Urquidez: Restricting the Borders of the Fourth Amendment, Fordham

International Law Journal, Volume 14, Issue 1 1990. Also: Kuner in: Data protection anno 2014:

how to restore trust? Contributions in honour of Peter Hustinx, European Data Protection

Supervisor (2004–2014), Hielke Hijmans and Herke Kranenborg (eds), Intersentia 2014, at

216–218.

232

 European Parliament, Directorate-General for Internal Policies, Policy Department C, Citizens’

Rights and Constitutional Affairs, The US legal system on data protection in the field of law

enforcement. Safeguards, rights and remedies for EU citizens, May 2015, at 10.

233

 The Fourth Amendment reads: “The right of the people to be secure in their persons, houses,

papers, and effects, against unreasonable searches and seizures, shall not be violated, and no

Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly

describing the place to be searched, and the persons or things to be seized.”



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

11 Competition Law, a Specific Challenge for Creating Synergies

Tải bản đầy đủ ngay(0 tr)

×