Chen Yongwei/Text
On September 20, Athanasios Rantos, a counsel at the European Court of Justice, submitted a legal opinion to the court that worried Facebook. The opinion notes that when antitrust regulators investigate a company's alleged abuse of market dominance, other rules, such as the EU's General Data Protection Regulation (GDPR), should also be considered.
While the statement of the opinion may not seem special, it could have a key impact on the antitrust lawsuit Facebook is conducting with Germany's antitrust watchdog, the Federal Cartel Office (FCO). And if the FCO ultimately wins, it could have a butterfly effect: the ruling would set a precedent and set an example for national regulators to deal with the intersection of privacy, personal information and competition. Big tech companies have even more headaches when they suffer the same problems.
In February 2019, the FCO criticized Facebook, saying it had gained a "competitive advantage over competitors" by collecting and using third-party behavioral information without users' consent, as well as by using the data in targeted advertising to raise barriers to market entry. As a result, the FCO asked Facebook to stop data collection in Germany and ordered it to reform its data and cookie policies within 12 months to comply with the General Data Protection Regulation (GDPR).
We know that 98% of Facebook's revenue comes from advertising. Why would customers put their money into Facebook? The reason is that Facebook's advertising is accurate. Why can Facebook do all this? It is because it collects a large number of users' personal data. Obviously, if you stop collecting user information in accordance with the requirements of the FCO, it means that your financial path in Germany will be completely cut off. Not only that, but if other countries, especially those within the EU, follow suit, its business model will collapse. Faced with this kind of life-and-death issue for the company, Facebook certainly won't give in so easily. Its reasons for refusing to comply also seem reasonable: the FCO is in charge of antitrust issues, but not on issues such as personal data and privacy protection. Seeing that Facebook disobeyed discipline, the FCO took Facebook to court.
At first, when the case was heard in the district court, the judge's opinion seemed to be in Facebook's favor. He announced a moratorium on the data reforms the FCO had asked Facebook to carry out, and expressed doubts about the legality of antitrust authorities stepping in to handle personal data and privacy issues. However, the FCO did not agree with the judge's opinion, in its view, illegal collection of users' personal information and infringement of their personal privacy should be regarded as a form of harm to the interests of consumers, and such damage should be subject to German competition regulations. In this way, the two sides continued to fight the lawsuit to the Supreme Court.
On June 23, 2020, the German Supreme Court ruled that the FCO was guilty of abusing Facebook's dominant market position to illegally collect user data, and that the FCO had the right to restrict its data collection practices in Germany.
At this time, the lawsuit came to an end in Germany. But Facebook still did not relent, so it filed a complaint with the European Court of Justice, asking the European Court to overturn the ruling of the German Supreme Court. It is clear that even for the European Court of Justice, how to deal with such a case is a new question. Therefore, the court invited Lantos and other consultants to submit their opinions as a reference for the final judgment. And now Lantos's opinion is quite unfavorable for Facebook, so if nothing else, it should be expected that Facebook eventually lost the lawsuit. If so, then in the coming period, more big tech companies are likely to face similar cases involving both competition and privacy issues.
How privacy became a competing issue
From the origin, privacy and competition (or antitrust) are two completely different issues.
The discussion on privacy is conducted from the perspective of protecting the rights of individuals. The Right to Privacy, by Louis D. Brandeis and Samuel D. Warren, is the first book to address privacy from a legal perspective. In the book, they define the role of privacy protection as helping people "stay away from the distractions of the world at the right time" in an "increasingly tense and complex" life. Of course, in the more than a hundred years since, privacy and privacy protection have been given many new connotations, but in general, it is still discussed as an issue of individual rights. Competition and antitrust, on the other hand, are discussed at the market or social level from the beginning, and are concerned with whether the behavior of monopolies harms competition, economic efficiency or social welfare.
For a long time, the discussion of these two issues has evolved along their own trajectories, and in practice, the enforcement of these two issues usually belongs to different departments. However, with the development of the digital economy, especially the rise of large platform enterprises, the two issues seem to be becoming increasingly intertwined and inseparable.
The fundamental reason is caused by the transformation of production and competition in the era of digital economy. Unlike the traditional economy, in the digital economy, data has become a key production resource. Businesses with more, better-quality data can often gain more of an advantage over the competition. However, personal data is inherently tied to privacy, and it is difficult for enterprises to collect data to avoid touching the privacy of users, and various products based on user data (such as targeted push, targeted advertising, relationship chain push, relationship chain advertising, etc.) will inevitably cause various disturbances to users. It is in this context that the two different sources of privacy and competition are intertwined.
From the cases that have occurred so far, we can see that cases involving both privacy and competition issues can be broadly divided into three categories:
The first is the collection of data and the violation of user privacy, which is directly regarded as a form of abuse of its dominant market position by monopolies. For example, in the dispute between the FCO and Facebook, this issue is partly touched upon.
The second category is that monopoly enterprises have more advantages than rival enterprises in collecting user information, so the infringement of user privacy directly constitutes a means for them to maintain and consolidate their market position. Essentially, this type of case is a variation of the data monopoly problem that is now being discussed.
The third category is the so-called privacy rule issue. In the first two types of cases, obtaining users' personal information and infringing on their privacy is usually a form of "evil" by monopoly enterprises, but in the third type of cases, the enterprises involved appear in the image of safeguarding user privacy. For example, in the lawsuit between Fortnite developer Epic Games and Apple, Apple cited the maintenance of user privacy as a reason for refusing to open up its ecology; Not long ago, a dispute between Facebook and Apple over Apple's privacy policy adjustment was triggered by the so-called maintenance of user privacy. This type of case is more challenging than the first two. In such cases, privacy and competition seem to be two conflicting goals, so it is more artistic to weigh the two goals.
Below, we analyze the above three types of problems one by one.
Privacy invasion as a consumer benefit
Let's look first at the first type of problem, which is the situation where monopolists use their dominant market position to directly invade user privacy. From the performance point of view, the form of this behavior actually changes over time. In the past few years, big data technology has just emerged, and people pay relatively little attention to privacy. At that time, the operators of large technology companies hardly shy away from collecting all kinds of data and information from users on a large scale. For example, Zuckerberg has publicly announced to people that "the era of privacy is over," and former Google CEO Eric Schmidt has said, "If there's something you don't want anyone to know, maybe you shouldn't have done it in the first place!" However, with the awakening of people's awareness of privacy, this blatant large-scale data collection has begun to be criticized by more and more people. In this case, the major platforms adopt a "notice-and-consent" model when collecting data, that is, when the user uses the service, the platform will notify the user, and its information may be collected during the service. Formally, this method of information collection is manifested as a contract between the user and the platform: the user allows the platform to collect information in exchange for the platform's services. However, in practice, if the user does not choose to consent to the collection of information, he may not be able to use the service. Therefore, in the eyes of many experts, this contract with a mandatory nature is actually an infringement of the interests of users by the platform by virtue of its dominant position.
In traditional antitrust analysis, the most important indicator of consumer or social welfare is price. However, under the conditions of the digital economy, Internet platforms usually adopt a "free" model to provide services. After consenting to the collection of their data, users can use the service for free, and the platform will monetize this data in other areas such as advertising. In this case, how to introduce privacy into traditional antitrust analysis?
One way of analyzing is to introduce a framework for non-price competition. This can be found in traditional economic theory. For example, in the theory of monopolistic competition, it is emphasized that competition between enterprises is not limited to the price dimension, and the nature of goods and services such as quality can also become a means of competition. Based on this view, some antitrust scholars have proposed a theory of non-price competition. According to this theory, the impact of monopoly on consumer welfare may manifest not only in the demand for higher prices, but also in changing the attributes of certain goods, such as reducing the quality of products. Based on this theory, indicators such as quality reduction can be used when assessing welfare damage. Some experts believe that this line of thinking can also be used to assess privacy issues. Because the platform's violation of user privacy can actually be regarded as a reduction in service quality to some extent.
It should be said that this line of thinking is indeed enlightening. However, there are still two difficulties in its application.
The first difficulty is what standards should be used to measure privacy as a quality of service. Unlike price, personal data or privacy is not a good measure. For example, in reality, some questionnaires will collect a lot of data, but these data will not actually involve privacy; Some surveys, while few questions, cover sensitive issues. From this perspective, we can't measure how much privacy a platform violates in terms of how much data is collected, and it's more difficult to translate it into a decline in consumer welfare.
The second difficulty is that in reality, there is usually a certain correlation between the degree of user information being collected and the service quality of the platform. Generally speaking, the more information a platform collects, the more accurate the platform's portrait of users will be, and therefore the more targeted the services it provides. From this point of view, although users have suffered a reduction in quality in the dimension of personal information and privacy, they may enjoy higher quality in another dimension. How to reasonably compare the quality changes of these different dimensions is a problem to be solved.
If the above two problems are not addressed, it is difficult to truly evaluate the potential abuse of privacy violations from the perspective of efficiency, which makes the so-called "reasonableness principle" analysis difficult to use.
Privacy violation as data blockade
Let's look at the second type of problem, which is the invasion of privacy as a means of foreclosure. According to this view, the competitive harm of invasion of privacy does not lie in itself, but comes from the asymmetry of the ability to violate between different companies - the dominant large enterprises have more ability to collect user data and violate user privacy, while the small companies that are their competitors are much weaker in this regard, which allows large enterprises to apply more data. This makes it easier to compete than small businesses.
This view was first seen in Google's acquisition of online advertising company Doubleclick. When the Federal Trade Commission reviewed the acquisition, then-Commissioner Pamela Jones Harbour wrote an "objection." Haber pointed out that Google and Doubleclick have potential competition in the field of online advertising, both companies have a large amount of user data and strong data collection capabilities, and Google's ability in data analysis is still very prominent, so once this acquisition is completed, Google's advantages established by collecting and analyzing data will be unmatched by competitors. The implication is that Google can mine more users' private information and privacy through mergers and acquisitions (after all, mergers and acquisitions can greatly increase the dimension and measurement of data, both of which are very useful for data mining), while other companies cannot, so this could damage the competitive landscape.
This view is essentially an interpretation of the blocking effect in traditional antitrust theory. In antitrust theory, the blockade effect refers to the restriction of competitors by enterprises with a dominant market position by occupying certain inputs necessary for conducting business (e.g., certain key factors of production, certain production channels). In the above view, the key input in this theory is replaced by data.
However, this simple replacement still has two problems:
The first question is whether data is a key input that can have a lockdown effect. Unlike ordinary items, data is non-exclusive in production. While dominant companies in the market typically have greater power in collecting and processing data, this does not in itself directly affect the data collection and analysis of their competitors. Therefore, it seems debatable to apply this situation directly to the blockade theory.
The second issue is directly related to privacy. As mentioned earlier, for users, more personal data collection actually equates to a decrease in product quality, and thus a decrease in their welfare. The corollary from this is that more companies collect data means that their welfare is more harmed. And if companies with a dominant market position can indeed block their opponents by occupying data, thereby inhibiting these companies from operating, it will also reduce the collection of users' data, thereby reducing the risk of their privacy leakage. In layman's terms, if data is collected by a company, the risk of privacy leakage will be smaller. Of course, this is only a possible scenario. Another situation is that in the face of the data advantage of dominant enterprises, those relatively weak enterprises will also increase their data collection efforts, which will cause greater damage to the welfare of users. But if that happens, it means that the lockdown effect is not really happening. From this point of view, the degree of the blocking effect seems to be the opposite of the direct damage to user welfare, so how to weigh the pros and cons of these two types of competitive damage in practice may be a challenge.
Privacy Policy as a Competitive Strategy
Let's look at the third type of problem: privacy protection policies as a competitive strategy. According to the traditional antitrust case handling process, when an enterprise is accused of monopoly by its conduct, it can usually put forward some reasons to justify its behavior. And as privacy issues become more and more important, it has certainly become an important reason for big tech companies to rationalize their behavior.
For example, in 2020, there was a big conflict between EpicGame and Apple. On August 13 of that year, Epic updated Fortnite with a new feature that allowed users to pay Epic in-app currency directly at a discounted price, bypassing the Apple AppStore payment mechanism that had been used all along, while also bypassing the 30% "Apple tax." In response to Epic's move, Apple directly removed the hit game "Fortnite". In a subsequent response to Epic's allegations, Apple cited the maintenance of service quality and security as a reason, and among the so-called quality and security factors, user privacy is the most critical. Apple pointed out that one important reason why it has not agreed to third-party payment channels accessing its system is that doing so may leak users' personal information and privacy. And because they provide a guarantee of the quality and security of services, including privacy, they also need to receive corresponding remuneration, and up to 30% of their drawing achievements are reflected in this remuneration.
If in the above case, privacy protection was only used as a passive defense in response to the plaintiff's allegations, then in the dispute between Apple and Facebook over the privacy rules of the iOS system, the image of privacy protection as a competitive strategy is more obvious: before the launch of iOS 14, Apple launched a company called AppTracking Transparency (AppTracking Transparency) for the purpose of "helping users better control their information and protect their privacy". ATT). This feature requires apps to request permission from users before they can collect their information. Apple requires that after the launch of the ATT function, if an App violates this provision and collects user information without the user's consent, Apple will remove it from the app store. Obviously, the introduction of this measure is very detrimental to companies like Facebook, which rely heavily on user data. So as soon as Apple announced the policy, Facebook expressed fierce opposition and indicated that it could sue Apple for "abusing its power in the smartphone market to force app developers to comply with AppStore rules that Apple's own apps do not have to follow."
At first glance, Apple's measure seems to be completely on the side of users and implemented for the benefit of users, but in fact, Apple's decision was made on the premise that it controls the single channel of the app store and already has advanced technologies such as "federated learning".
Apple, as the controller of the key channel of the app store, can deepen the profit extraction of its platform app providers through privacy policies and some technical means. Therefore, although from the perspective of direct users, Apple's privacy policy can indeed better protect its privacy and improve its welfare, but from the perspective of App providers using Apple's platform such as Facebook, Apple's privacy policy is a measure to strengthen its monopoly and effectively damage the order of competition. In this context, a very sharp conflict arises between the two goals of protecting privacy and promoting competition.
The trade-off between protecting privacy and promoting competition, both valuable goals, depends on what framework we think about. If we think about this issue in terms of antitrust along Facebook's claims, then the final focus may be on how to view the competitive consequences of privacy policies.
Not long ago, Erika M. Douglas of Temple University published an article discussing this issue. In Douglas's view, if privacy protection is to be considered within the framework of competition or antitrust, then privacy protection can be considered legal if and only if it promotes competition.
He pointed out that although the privacy protection policy may cause damage to the platform operators to a certain extent, on the whole, it is still likely to promote competition. Take the dispute between Epic and Apple as an example, although Apple's closed system and privacy policy do exacerbate Apple's exploitation of App developers within the Apple ecosystem, which is not conducive to competition. But at the same time, it actually promotes competition between different platforms. This will cause many apps that are unhappy with Apple's rules to switch to Android or other platforms. In this way, the competition between the two major systems, iOS and Android, and apps with similar functions on the two systems, can be intensified.
At the same time, Douglass criticized so-called privacy protections that harm competition. To prove this, he cited several well-known cases in the history of antitrust in the United States. In these cases, some trade associations (e.g., engineering associations, dental associations) usually set rules within the association that restrict members from competing with each other, such as prohibiting members from advertising with some of the cases they have experienced. In similar situations, these trade associations will use protecting the privacy of their members or customers as their shield. In Douglas's view, this argument for so-called privacy protections by suppressing competition is not valid, at least within the framework of antitrust law.
How do you balance privacy with competition? This is a problem
Through the above analysis, we can see that in the era of digital economy, there are more and more issues involving both privacy and competition. Since these two issues have traditionally had different origins, and in practice, both have developed a set of relevant legal and regulatory systems, how to weigh and balance the two when encountering these problems has become a problem. From the several cases that have existed, such as the Epic and Apple controversy, and the litigation between FOC and Facebook, it seems that dealing with these issues in an antitrust framework is a common choice of countries. But as a result, how to incorporate privacy into the traditional antitrust analysis framework becomes a new challenge.
Although there is no unified answer to this question, in the author's opinion, it should be preferable to use the principle of reasonableness to compare the pros and cons of privacy invasion or privacy protection, and then determine whether the relevant behavior is illegal according to its net effect - after all, in the era of digital economy, if you completely prohibit the collection of data that will potentially invade privacy, it is very detrimental to social development, so the idea of "violating the law itself" should not be suitable for dealing with this problem. Of course, even if this big idea is clarified, many details are still difficult to deal with. For example, how to calculate the economic costs of privacy violations, or the economic benefits of protecting privacy, and how to compare them with changes in competition, requires more theoretical exploration.