The significance of data for competition is growing, as companies can use it to optimise their own production processes, sales structures and marketing campaigns in competition with other companies, personalise services, identify market trends at an early stage or shape them themselves. Every company needs databases, data pools, data lakes or data warehouses for this purpose. When does this constitute abusive behaviour? When does a company have to provide access to “its” data?
In the latest of her Duet interviews, Dr Caldarola, editor of Data Warehouse as well as author of Big Data and Law, and Dr Grace Nacimiento discuss the competition aspects of data warehouses.
I can well imagine that every company has or needs data pools, data lakes or data warehouses if it wants to participate in the process of digitalisation. This means that not only do they have data, ‑but the information and knowledge gained from it as well, which gives them a competitive advantage and limits competitors in the market. In the book “Data Warehouse”, you examined the antitrust law aspect. Is this fact or are these circumstances relevant under antitrust law and why?
Dr Grace Nacimiento: Your question goes right to the heart of data and anti-trust laws. Data has become a key factor for companies’ competitiveness in the digital economy. Companies that collect and analyse large amounts of data often have a significant competitive advantage. This can lead to a dominant market position, which is relevant under competition law. So, you can in fact say that data is power and thereby has significant potential for influencing market entries, market positions and market conditions. Gaining access to and control over large amounts of data can cause restrictions of competition. If a company denies or restricts access to data, this can significantly affect competition in the market. This is particularly relevant if the data is crucial for developing new products or services. Car manufacturers, for example, have the necessary data for maintenance and repair of their vehicles, enabling them to influence who will be able to offer maintenance and repair services on the market. Digital companies collect personal data of their end users which can be used to market additional services and products. Patient and prescription data collected in pharmacies could be used by pharmaceutical companies or consultancy firms to develop marketing strategies granting competitive advantages to those who have access to the relevant data – of course, in conformance with data protection requirements when dealing with personal and sensitive data. The possibilities are endless when it comes to the use of data and building market positions relevant under anti-trust law.
Data pools and similar structures can also facilitate the exchange of information between competitors. While this may in some cases be pro-competitive, there is, on the other hand, also a risk that agreements of this nature could lead to anti-competitive behaviour, such as price fixing or market sharing. Companies that hold a dominant market position could abuse this position by restricting access to their data or setting discriminatory conditions for data access. Such behaviour may be considered an abuse of a dominant market position under anti-trust laws.
My opinion is:
Dr Grace Nacimiento
All this means that the antitrust relevance of data pools, data lakes and data warehouses lies in their ability to create market power and influence competition”.
But – of course, there is a positive side which should not be dismissed- data pools and similar structures can also contribute to promoting innovation and increasing efficiency. Data sharing and access can help companies develop new products and services and optimise their processes.
With the proceedings against Facebook, the German Federal Cartel Office has set the first milestones in the development of antitrust law with regard to the control of international digital companies with market power. What was the subject of these proceedings and what was the outcome?
The Federal Cartel Office concluded the Meta/Facebook proceedings just a few weeks ago with a decision published on October 10. The proceeding goes back to 2019 when the Federal Cartel Office prohibited Meta (previously Facebook) to combine personal user data originating from different sources without obtaining user consent. Meta filed an appeal against this decision and the proceeding went on to the Federal Court of Justice and the Court of Justice of the European Union. Both courts confirmed the Federal Cartel Office’s decision. Prior to concluding the proceedings, the Federal Cartel Office and Meta discussed measures to be taken for the implementation of the decision. The measures led to significant changes in Meta’s handling of personal data of their users. Prior to the decision, Facebook could only be used under the condition that Facebook was allowed to collect and combine personal data beyond the Facebook service with personal data generated in other services run by Meta, and data generated in third-party apps and websites. As a result of the proceedings, users choose which Meta services they want to link to one another; they also decide if and which third-party data may be linked to their Facebook data, and, users are now clearly informed about their options regarding collection and use of their personal data by Meta. Specifically, the measures to be implemented by Meta included in particular obtaining user consent for Meta to collect data from different Meta services, establishing an Accounts Center to ensure that data collected from different Meta services are kept separate, introducing cookie settings allowing users to decide whether they want their Facebook data combined with data which Meta collects from third-party websites or apps, and ensuring concise customer information to ensure that users are able to find settings to avoid data combination easily. All in all, this decision is certainly a milestone in limiting the amount and quality of data collected by large digital enterprises and at the same time protecting personal user data.
Antitrust laws have already been modernised to a certain extent. Such changes include the 9th amendment to the GWB in 2017, the 2018 coalition agreement, the establishment of a “Competition Law 4.0” commission with the 10th amendment to the GWB (2021), the so-called “GWB Digitalisation Act”. What innovations will they bring? Will they solve pressing issues and gaps?
The revisions or – as you rightly put it – the modernisation of the Act against Competition Restrictions was meant to address growing concerns related to the rapid development of Big Data, meaning the literally limitless data collection and processing across markets with large corporations taking a lead in shaping businesses and securing competitive advantages based on data use. So, the modernisation of competition law resulted in a number of important changes aimed at meeting the challenges of the digital economy and strengthening competition. Some highlights of the innovations include:
The 9th amendment to the GWB in 2017 recognised data and access to data as competition-relevant factors in a first significant legislative step. The 10th amendment to the GWB established specific data access rights and introduced sanctions in case of access denials. Competition legislation is based on the concept of market power and the application of the rules requires a previous determination of market power or market dominance. Adding to this concept of market power and market dominance, the 10th amendment introduced the concept of “paramount significance for competition across markets” to address the growing visible presence of international digital companies doing business across markets. The 10th amendment to the GWB thereby established a new regulatory instrument for the Federal Cartel Office. It entitles the Federal Cartel Office to intervene at an early stage in order to prohibit anti-competitive practices by companies with “paramount significance for competition across markets”. Such anti-competitive practices include, for example, the (ab)use of data power to raise market entry barriers via processing of competition-relevant data collected by the respective company and denying or restricting access to such data. The Federal Cartel is entitled to impose data access obligations on the companies identified. The new provision also shifts the burden of proof to the affected companies when it comes to the question of whether or not there is an objective justification for a certain practice to be prohibited by the Federal Cartel Office. It is the company under investigation that has to demonstrate that their practice is justified. Such reversal of the burden of proof is new to traditional abuse control and may well increase the efficiency of the Federal Cartel Office’s proceedings. In addition, appeals against respective decisions of the Federal Cartel Office will now be dealt with directly by the Federal Court of Justice – instead of going through the Higher Courts first – which may lead to the timeline of legal proceedings to reach final court decisions being reduced significantly. The effectiveness of the new provisions and instruments has yet to be seen in the long run. They certainly do address many of the pressing issues and gaps in antitrust law, particularly with regard to the challenges of the digital economy. It will be a crucial task and challenge for the Federal Cartel Office to continue reviewing and adapting these rules to meet rapidly changing market conditions. Nevertheless, some success can already be chalked up to this new regime . The Federal Cartel Office started investigations against international digital companies back in 2021. The first step consists in establishing the “paramount significance for competition across markets” of target companies. The Federal Cartel Office concluded this first procedural step following investigations into the market positions of Microsoft, Alphabet, Amazon, Apple and Meta and established in all cases the “paramount significance for competition across markets” of these companies. On this basis, the Federal Cartel Office also concluded investigations of market practices considered anti-competitive. The outcomes led, among others, to improved possibilities for end users to control their data when using, for example, Google services.
Your chapter focuses on the handling of and access to data under antitrust laws. Does this refer to the raw data or to further processed data derivatives (information and knowledge) as well? Or is the handling of/access to algorithms trained with data, neural networks and others, also relevant in the context of antitrust laws?
Antitrust laws use the term “data”, but do not provide for a statutory definition. So, in principle, the term is to be understood in the broadest sense as including any type of information. This means that raw data may be relevant in the context of antitrust laws, but also processed data derivatives. Algorithms and models that have been trained on the basis of large amounts of data can also be relevant under antitrust laws. Algorithms are often the result of extensive data processing and can therefore be a significant competitive advantage for the data owner. Similar to algorithms, neural networks trained on large data sets can also provide a significant competitive advantage. Access to these models can be relevant under competition law, especially if they are considered essential resources for competition. From an antitrust perspective the decisive characteristic of “data” that is significant is their competitive relevance.
Am I right in assuming that all kinds of data – whether personal or non-personal – are relevant?
Yes, that is correct. Of course, personal data is the focus of public awareness and attention especially given that end users have become increasingly sensitive to the use of their personal data by digital companies. Companies must ensure that they comply with the legal requirements for the protection of personal data. Data protection law also may have a role in the determination of anti-competitive behaviour in the relevant markets.
But, as mentioned before, “data” refers to any type of information, so non-personal is relevant as well. Non-personal data can be used to optimise business processes, for market research and to develop new products and services. This data is often the basis for analysis and research that can lead to innovation. In addition, companies can increase their efficiency and reduce costs by using non-personal data.
For this reason, both types of data are of crucial importance for companies and competition and therefore are relevant under competition law.
The decisive factor is the antitrust aspect of the competitive relevance of data. When does this criterion apply?
This has to be considered on a case-by-case analysis. Whether or not data has competitive relevance depends on a variety of aspects to be taken into consideration. In theory, data can be considered relevant if it has any bearing on the company’s position on the market in question. Internal and/or external use of data may influence the goods or services by improving their quality, to name an example. Data use may also enable the development of products in the first place. Other factors to be considered when determining competition relevance are volume and diversity of the data, their market value, their economic value for the company and their use for developing new services via combinations of data. Also, a factor to be considered would be the ability of other companies to generate comparable data on their own or their possibility to access such data for their own use.
All in all, one can say that competitive relevance of data depends on various factors, including market power, network effects, innovation potential, market structure and regulatory conditions. These factors will in general determine whether and how data affects competition in a particular market.
How is the market and competition determined? Data can be used in many ways and can be copied endlessly. A commercial enterprise could use aggregated GPS data to locate the nearest store, while another company could use the same GPS data to improve road planning. Both purposes require the integration of the same or at least similar raw data, but their use leads to diverse analyses and further processing which again leads to different information and knowledge. In view of this, how are the market and competitors determined? Is the focus on the industry? Or rather on raw data / processed data derivatives? Or on the purpose for which the data is used, based on its legitimisation in the data collection? Or on the products and services that are improved or offered based on the data and data derivatives?
Defining the relevant market and competitors in the context of data access is complex and depends on several factors.
The industry and the specific use of the data play a central role in any market definition. For example, as you mentioned, GPS data could be used differently in different industries: in retail to determine the location of shops and in traffic management to plan transportation infrastructure. A market definition must therefore, at least in this type of situation, take into account the specific use of the data.
The type of data may also be a relevant factor. For example, both raw data and further processed data derivatives may be relevant. Raw data provides the basis on which various analyses and applications are developed. Data derivatives, such as aggregated or analysed data, can create specific markets and competitive situations. The market definition can in this case therefore take into account both levels, depending on which data is essential for competition.
Then, of course, the products and services that are developed as a result from the use of data are also a crucial determining factor. If data is used to improve or develop new products and services, this may influence how the market is defined. For example, a market for personalised advertising based on user data could be defined.
Furthermore, the economic and technical characteristics of the data, such as, for example, its being non-rival and allowing multiple uses, may have to be taken into account. These characteristics may also influence the way markets are defined and competitors identified.
For these reasons, the definition of markets that are data-based or data-driven requires a comprehensive analysis of – not only – the factors just mentioned.
Let’s assume that a company has to grant access to its data. Do the data subjects then have to waive their informational self-determination because they can no longer decide for themselves to whom they want to pass on the data and for what purpose? How will the conflict between antitrust law and data protection be resolved?
The data subjects’ informational self-determination, that is, their right to determine how their personal data is used remains a fundamental principle, even in the context of antitrust measures. The General Data Protection Regulation (GDPR) ensures, among other things, that personal data may only be processed with the consent of the data subjects or on another legal basis. Should a company be obliged to grant access to personal data, this could only be done in accordance with data protection regulations. This means that data subjects have to be able to continue to exercise their rights under the GDPR, such as the right to access, rectify and erase their data.
When enforcing data access rights, the Federal Cartel Office and other competition authorities must take the data protection rights of data subjects into account. This became clear in the previously mentioned Facebook case where the Federal Cartel Office prohibited the linking of user data from various sources without user consent. The ECJ confirmed that antitrust authorities may also take data protection violations into account when investigating market abuse in order to determine the abuse of a dominant market position. In doing so, the antitrust authorities must cooperate closely with the competent data protection authorities and may not exceed their areas of competence. So, according to the ECJ, the antitrust authorities do not take over the tasks of the data protection authorities, but apply the data protection regulations as part of their own investigations. At the same time, the ECJ sets clear limits with respect to the review of data protection law by antitrust authorities; they may only be carried out in connection with the determination of market abuse and not as an independent examination of data protection regulations
For companies that have to grant access to data this means n practice must ensure that data processing is carried out in accordance with the GDPR. This can be achieved through technical and organisational measures that ensure data protection, such as anonymisation or pseudonymisation of data. The right of data subjects to informational self-determination therefore remains protected.
Who gets access to the data?
Access to data, particularly in the context of antitrust actions, depends on a number of factors, including the type of data, the legal framework and the specific requirements of the case. Very generally speaking, if a company is obliged to grant access to data associated with its dominant market position, it will be the competitors who are granted access to this data. This is to ensure that competition in the market is not hindered by exclusive access to important data. In some cases, third parties, for example, research institutions or partner companies, may also be granted access to the data if and to the extent this is necessary to promote innovation or to comply with legal requirements.
How does access work? The release of a copy of the data? A right of access to the data pool or part of the data pool? Changing the data pool from a “proprietary” to an “open” regime…?
Access to data in the context of antitrust measures can be implemented in different ways, depending on the specific circumstances of the case and the requirements of the competition authorities.
In some cases, for example, it may be necessary for the company which is faced with this sort of obligation to hand over a copy of the relevant data to the competitor. This allows the competitor to analyse and use the data independently. A different scenario could be a right of access to a data pool or a part of a data pool. This means that a competitor, or other third party, obtains direct access to the database and is able to retrieve the data in real time or at periodic intervals. This may be particularly relevant if the data needs to be continuously updated. In other cases, it may in fact be necessary to change the data pool from a proprietary to an open regime. This would mean that the data is made publicly available so that not only specific competitors but also other market participants and the public have access to the data. However, this can be complex and would require in particular careful consideration of data protection and trade secrets.
Regardless of the type of access that has to be granted, it is important to remember that technical and organisational measures must be put in place to ensure data protection. This may include anonymisation or pseudonymisation of data to ensure that personal data remains protected.
Does the company’s access to its data make it a gatekeeper according to the definition found in the Digital Markets Act?
The Digital Markets Act defines gatekeepers as large digital platforms that play a significant role in the single market, provide an important interface for business users and hold, or are likely to hold, an established and sustainable market position. Examples of such gatekeepers are companies such as Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft.
A company that is obliged to grant access to its data does not automatically qualify as a gatekeeper. The gatekeeper status rather depends on certain criteria and not solely on whether the company grants access to data. In order to be designated as gatekeeper, several criteria must be met. Very generally speaking, the company’s platform must have a significant impact on the internal market. The platform must be an important interface for business users to reach end users, and it must have or be likely to achieve an established and sustainable market position.
What justification could a company use to counter the right of others to access their data? Property rights to “its” data? Protection of its investments in digital innovation? Safeguarding the rights of data subjects with regard to personal data?
A company could use various justifications to oppose a data access right.
Companies could, for example, argue that they have proprietary rights to the data they collect and process. They could argue that the data is a valuable business asset which was obtained through significant investment in technology and infrastructure. Another argument could be the protection of investments in digital innovation. Companies often invest significant resources in the development of data collection and analysis technologies. So they may argue that imposed access to this data could reduce the incentives for such investments and weaken the company’s innovative capability. The protection of data subjects’ rights under the General Data Protection Regulation (GDPR) could be another strong argument. Companies could claim that the disclosure of personal data without the explicit consent of the data subjects violates data protection regulations and jeopardises the informal self-determination of the data subject. This could be a relevant argument if the data cannot be anonymised or pseudonymised. Also, companies could point to technical and organisational challenges related to having to provide access to data. This could include the need to adapt complex IT infrastructures or implement additional security measures to ensure data protection.
In any case, these and any other arguments against granting access must be carefully weighed against the objectives of competition law to ensure that competition is promoted without infringing the rights and interests of the companies and individuals concerned.
In his Duet interview, Hans Jürgen Jakobs clearly describes the competition and the battle for monopolies. Can Europe still hold its own in the current data and digitalisation market? Some ways for establishing and maintaining monopolies appear to be subsidies, the promotion of technology and price wars. Must or should Europe enter this competition or should Europe fight with other means such as antitrust measures, import and export duties among other ways in order to be or become a serious competitor? Europe’s legislative bodies in particular are seemingly “leading” the new challenges in terms of data protection, AI, etc., meaning they are “showing” the way. Is this Europe’s only “weapon” against digital monopolies? If so, how effective is this “weapon”?
Europe is in fact facing significant challenges with regard to global competition in terms of dominance in the digital market. There are various means for Europe to meet the challenges and assert itself.
First of all, Europe is already investing heavily in digitalisation and technological innovation. Programs such as the Digital Europe Programme are aimed at accelerating digital transformation and strengthening digital capacity in key areas such as artificial intelligence (AI), cybersecurity and high-performance computing. The Programme provides funding in areas which are crucial to Europe’s position, including, for example, artificial intelligence and cybersecurity. These investments are vital for boosting the competitiveness of European companies and drive innovation.
Moreover, antitrust measures are also a key factor in this context. With the Digital Markets Act and the Digital Services Act, Europe has created strong regulatory instruments to promote competition and limit the power of large digital platforms. These laws aim at creating a level playing field and prevent abuse by dominant companies. The enforcement of these regulations is an important means at combating digital monopolies.
Import and export duties could in theory also be used as a means of influencing competition. However, such measures are often highly controversial and can create trade conflicts. If at all, they should therefore be used with caution and in accordance with international trade agreements.
As we know, Europe has established itself as a pioneer in the area of data protection and ethical standards. The GDPR sets global benchmarks and forces companies to comply with high data protection standards. This regulatory framework can be used as a significant competitive advantage by creating trust among consumers and promoting European values in the digital economy. Furthermore, Europe can strengthen its position through international cooperation. This includes partnerships with other countries and regions to develop common standards and promote global trade. In the end, there is a combination of different means and tools for Europe to compete internationally in the digital economy. Creating a level playing field and encouraging innovation is key to asserting a leading role. At the same time, it is crucial to continuously adapt and evolve these policies to meet the rapidly changing challenges of the digital economy.
Grace, thank you for sharing your insights on competition aspects of data warehouses.
Thank you, Cristina, and I look forward to reading your upcoming interviews with recognised experts, delving even deeper into this fascinating topic.