Follow us on

The Italian Competition Authority, the Communications Authority and the Data Protection Authority publish the findings of a joint sector inquiry into the field of big data

Search by...
Search
10 February 2020

On February 10, 2020 the Italian Authorities for Communications[1], Competition[2] and Data Protection[3] published the findings of a joint sector inquiry into the field of Big Data (“Investigation”)[4], which lasted almost three years. It was launched on May 30, 2017 to study the functioning and impact of Big Data on the economic, political and social environment and whether the applicable regulatory framework is suitable to address concerns for the protection of privacy, consumers and competition.

Differently from similar studies in other jurisdictions[5] – which have seen the “in silos” involvement of competition authorities separately from other regulators – the Italian Investigation is the first featuring a joint effort of the three regulators of the areas of law mainly affected by the transition from analogical to digital economy. The greater added value of the Investigation rests indeed on its interdisciplinary character and the Italian ability to mix ingredients together, valorizing each one individually and as a whole.

Definition. The expression “Big Data” is used to describe the collection, analysis and storage of a vast quantity of personal and non-personal data generated from different sources. They are characterized by four main features (referred to as “the four Vs”):

  • Volume of the enormous quantities of data collected and processed
  • Variety of the many different types and sources of data gathered
  • Velocity of the processing and elaboration activities
  • Value acquired by processed and elaborated data.

Value chain. The Investigation has portrayed the value chain of Big Data as structured along three levels:

  1. data collection (further divided by data generation, collection and retention);
  2. data elaboration (extrapolation, integration, analysis);
  3. data interpretation and decision-making.

The content of the Investigation (122 pages) is vast and articulated and this article focuses on the key findings of the ICA and the main takeaways resulting therefrom.

A. Structure and main characteristics of digital, data-driven markets

The ICA observes that the need to factor Big Data in the antitrust analysis mostly arises for services that either play a central role in the digital ecosystem, to the extent that could not be provided without the use of Big Data (e.g. online advertising), or are characterized by relevant information asymmetries and by distribution and intermediation activities (e.g. financial and insurance markets, with growing relevance of automotive).

While these services are usually provided in highly concentrated markets also featuring dominant players, accumulation of Big Data is only one of the several factors which contribute to such characteristics. The following factors – familiar to antitrust analysis but more relevant in the digital economy – still play a critical role in explaining market power of digital platforms:

  1. the distinctive multi-sided structure of digital markets;
  2. strong investments in innovative data analytics and interpretation technologies (i.e. AI and algorithms)
  3. economics of scale and scope;
  4. network effects; and
  5. switching costs.

It is the cumulated effect of Big Data with all these factors that is capable of strongly conditioning the competitive dynamics of digital markets, leading to “winner takes all” or “market tipping” effects, which ultimately tend to strongly benefit first movers while disincentivizing new entrants.

B. Big Data as a barrier to entry

Considering the above, personal data can be characterized as a barrier to entry, according to the ICA. However, the extent to which data constitute a barrier to entry must be measured case-by-case against:

  1. actual relevance of Big Data for the service in question;
  2. nature, quality and quantity of data needed to compete effectively; and most importantly
  3. number/variety of sources available to attain the information and knowledge generated by such data and which is required to compete effectively.

The Investigation indicates that, in principle, what causes grater competitive strength is not data themselves but the additional information and knowledge which is possible to extract from data. In certain markets (e.g. online search) the competitive advantage may depend on the availability of a greater volume and variety of data, which combined with well-established algorithmic and machine learning technologies generate new knowledge and improved services.[6] Interestingly, however, the ICA notes that in digital advertising the greater value of real-time data, which can be sourced and replicated indefinitely from various sources, may make barriers for new entrants less significant and thus incumbent’s advantage deriving from Big Data less sensitive for competition. In other contexts, raw data may be easily available in large quantity and variety and the crucial factor for gaining a competitive edge is the possession of superior and proprietary AI technologies developed through important investments in innovation. Further, some markets require both data and innovation, whilst others need data of a certain quality over quantity.[7]

Overall, the ICA highlights that most datasets are somehow replicable as there are countless online and offline data available on the market for different uses, often publicly accessible.[8] Hence, it concludes that only exceptionally Big Data may constitute an “essential input” to operate on a market.

C. Novel characteristics of market power and new challenges for antitrust in the digital economy

The ICA takes as a fact that certain strategic digital services are today controlled by dominant companies, expressly pointing to markets for online search and mobile operating systems, social networks and intermediation services in e-commerce. More in general, it points to “systemic” market power caused by the global dimension and the strategic role of gateways played by these services. Such role would give certain platforms a “decisive influence” on social and economic dynamics on the Internet by managing access to digital markets, visibility and reputation of third-party undertakings. In particular, the Investigation identifies the following key contributors to market power of digital platforms.

Vertical and conglomerate integration. It is considered a distinctive characteristic of leading platforms across the Big Data value chain. Supplying a whole range of services allows these platforms to combine data generated by the same subjects from different digital sources and behaviors, and thus better profiling. This integration of data and services is deemed to entrench the power these platforms hold in every market where they operate. This feedback mechanism enables certain platforms to provide an even greater range of services and to enter new markets, gaining a competitive edge from the outset. Further, the ICA points to the strategic position held by certain platforms in supplying crucial intermediate services for acquisition and elaboration of data (e.g. hosting, cloud, analytics etc.); and to the lock-in and lock-out effects that the integration of all these services, combined with limited interoperability, may have on customers and potential competitors respectively.

Persistency of market power. Network externalities typical of multi-sided digital platforms, combined with the availability of a large volume of detailed data on users’ behaviors, apparently make the market power of certain big players difficult to contend for an indefinite timeframe. Such perceived persistency of market power makes the high concentration level of digital markets even more problematic in the eyes of the ICA, as it risks discouraging investments in innovation and preventing future market entry.

Novelty of market power. The ICA stresses that digital economic is challenging basic and consolidated antitrust concepts such as the notion of undertaking, relevant market and market power. It points to the paradox that incumbents in traditional/offline markets (e.g. physical banks or insurance companies) seem to attribute actual market power to digital operators that yet have not entered their markets. Thanks to the greater availability of Big Data and the unmatchable technical capabilities to pool and exploit data to their advantage in potentially any sector, certain platforms are perceived as being able to disrupt the existing positions and become dominant immediately after entry. Competition authorities are worried that, lacking ad hoc powers and regulatory tools to intervene before conduct being occurred, they may lose momentum to prevent the creation or strengthening of persistent dominant positions in digital markets that could be extremely difficult or too late to remedy ex post by means of the existing antitrust toolkit.

D. Market power and control of concentrations

The ICA shares with other competition authorities the concern for a gap in merger control legislation, which allows digital incumbents to acquire innovative start-up platforms or technologies before they can thrive and threaten the persistency of their market power. The targets are businesses with yet a tiny or no turnover that are however very valuable for incumbent platforms because of the strategic value of their data and their innovative potential. Where the aim of such acquisitions is not to give a chance to thrive to an innovative business, which otherwise would not have a growth potential, but rather to impede effective competition in digital services, they are called “killer acquisitions”.

Killer acquisitions may escape antitrust scrutiny because the prior notification and authorization system of most merger control regimes globally is based on market turnover thresholds, which trigger mandatory notification if exceeded by the parties of the concentration. These thresholds were set in a time where market turnover was a reasonable proxy of size and power of firms, whilst the speed of innovation of the digital economy and the value of data generated by zero-pricing services was not even conceivable. The target of a killer acquisition will often not exceed the minimum turnover threshold which triggers prior notification obligation with any competition authority and will thus escape scrutiny altogether. It may also be impracticable to calculate market shares in the digital sector, considering that target’s activity could be an innovative service or platform with yet no market presence.

From the substantive viewpoint, increasing market power by means of mergers and acquisitions in the digital sector poses new concerns for competition, going beyond effects of the concentration on prices. The ICA warns that, in a digital economy boosted by zero-pricing services, quality or innovation and privacy seem the most important competition drivers, which are mostly affected by market power. Analyzing these types of effects in concentrations indeed creates new challenges for the antitrust analysis. It is not only exponentially more complicated to assess the likelihood of a harm to competition; it is also difficult to distinguish between effects on competition, which is the object of antitrust law, and effects on public objectives assigned to other authorities, e.g. the protection of privacy and of other fundamental rights.

In line with similar stances expressed by public institutions globally, the ICA pushes for both procedural and substantive changes to merger control regimes at both national and international level. First, it supports the introduction of value-based thresholds (i.e. purchase price or assets’ value) in merger control regimes to detect killer acquisitions. Secondly, it calls for reviewing European Commission’s criteria for the antitrust analysis of concentrations by giving greater relevance and clarity to “conglomerate effects” on competition in the digital sector (e.g. with respect to powerful platforms’ ability to leverage on Big Data generated by various services to create or entrench dominance across markets).

New guidance is also needed to make complicated analysis on potential effects of mergers on non-price parameters (e.g. innovation, quality, privacy level) or on the collusive potential of pricing algorithms in concentrated digital markets. All these complications are enhanced by the difficulty of defining relevant markets in the digital economy: in this respect, the Investigation suggests that the centrality of market definition in EU competition law should not prevent or make excessively complicated to stop conducts with clear exclusionary effects.[9]

E. Characterizing personal data as commodity, price or quality: impact on competitive analysis

The ICA recognizes that while characterizing personal data as price or quality may – theoretically – help assessing the effects of Big Data on competition and consumers, it is exceptionally complicated to determine a minimum benchmark or expected competitive level of privacy and thus whether platforms’ conducts may cause harm to competition or consumers (e.g. unfair prices or degradation of quality).

Interestingly, while the ICA observes that personal data do not usually constitute autonomous object of trade but rather an ancillary good in the demand or supply of products/services, it nonetheless analyzes the characteristic of demand and supply of personal data as it were the autonomous object of a relevant product market. By contrast, it warns that considering personal data themselves as “commodity” or “currency” might conflict with the philosophy underlying the protection of privacy as a fundamental right.

However, considering personal data as a component of the price or, in the alternative, as a quality feature of digital products/services is deemed a helpful means to address by law the impact of the merchandise of personal data on consumer welfare and competition. Characterizing personal data as (non-monetary) price highpoints that they are often the sole economic consideration in exchange of a product/service, and this enables authorities to use EU law to protect competition and consumers in “zero-pricing” digital markets.

Nevertheless, the ICA recognizes that the relationship between quality or price and the level of privacy is not univocal. For several services and consumers, a greater collection and matching of data means a more efficient service. Further, the Investigation shows that it is difficult for consumers to assign a specific value to their personal data since it is often hidden or unpredictable. The real value may be only revealed when combined with other datasets at a given point in time, acknowledgeable only by data controllers.

Further, the “negotiability” of privacy is at odds with: (i) the low level of differentiation of privacy conditions in digital platforms’ offering; and (ii) fundamental rights relating to protection of personal data (e.g. need to comply with Articles 5-6 GDPR). In addition, assigning the role of price or quality to personal data may “backfire” as it entails that digital players – assuming they would differentiate their offering based on the level of privacy – could charge real money for “premium”, more data-protective services, thus making privacy a “luxury for a few”. In this respect, the Investigation illustrates a “privacy paradox”: while the very large majority of respondents to the ICA’s surveys declared their strong interest in protecting their personal data, a mere third of it refuses to give whatever requested consent – a distortion attributed to the “free effect” of the offering of digital services.

F. The (ambivalent) effects of privacy policy on competition

Along this line, the ICA indicates that privacy rules may have an ambivalent impact on competition. A restrictive approach to data protection may curb digital incumbent’s market power but also hamper the circulation and use of data across multiple sources and thus strengthen barriers to entry. However, national experience has shown that a coordinated application of sector regulation (e.g. energy and financial) with privacy rules can lead to identify the right balance to use access to data to support the dynamics of competition.[10] A full application and enforcement of the GDPRS’ provisions may thus contribute to level the playing field between digital incumbents and new entrants.

The Investigation points to three topics in privacy enforcement having a crucial impact on competition:

  1. portability;
  2. ownership/management of data; and
  3. purpose limitation combined with consent requirements.

Data portability. The introduction of data portability by the GDPR (Article 20) is deemed in principle a fundamental step to reduce switching costs (i.e. lock-in risks for users deriving from accumulation of data with one’s platform) and to incentivize “multihoming” across platforms. However, the ICA observes a few potential obstacles to full exploitation of portability. Firstly, surveys sent to consumers have revealed scarce awareness of this right and on how to use it (up to 91%). Secondly, around 40% of users show low propension to multihoming for certain services (e.g. social networks) because of the time/effort it would take or lack of real alternatives. Thirdly, different standards often cause the transfer of datasets across platform technically unfeasible or unhelpful. In this respect, the principle of portability of the GDPR applies to users’ raw datasets, and not to information extracted therefrom. Indeed, the GDPR only requires interoperability of platforms’ data transfer systems, which does not necessarily entail compatibility of transferor’s data with the transferee’s services.

Ownership and management of data. Some experts heard by the ICA suggest that market dynamics in connection with circulation of personal data may be improved by defining property rights over personal data. Similarly, other have suggested to develop alternative legal and technical architectures for managing personal data, e.g. by passing from the current system based on “centralized” management of data by platforms to a “decentralized” system based on users’ control. However, the feasibility of such a solution is conditioned by the ability of users to identify the value of their personal data, which is often not foreseeable ex ante.

Data minimization, purpose limitation and consent requirements. The Investigation highlights that the massive and generalized collection of Big Data inherently conflicts with the principles of data minimization and purpose limitation, which require controllers to obtain new consent from data subjects to use their data for purposes exceeding that initially communicated. Nonetheless, it may be impossible to foresee from the outset how collected data might be used and the utility they may have. Therefore, how the consent requirement is applied in relation with the principles in question may crucially impact competition by significantly affecting the ability of digital operators to promptly expand into new services and markets. Innovative solutions like “dynamic consent” (by which data subjects should be requested to confirm or retrieve their consent based on actual use of data by controllers over time) may favor the participation of individuals in processing their personal data, reduce information asymmetries enhancing “consumers empowerment” and thus improve competitive dynamics. Dynamic consent may however require alternative architectures for ownership and management of data as well as a functional separation of platforms’ activities.

G. Possible scope of intervention of the AGCM

The ICA Investigation confirms the ICA’s determination to make any possible legal use of its wide powers to enforce competition and consumer protection law to prevent the harmful consequences that may derive by misuse or strengthening of market power in the digital environment.

Consumer protection. In the recent years the ICA has fined leading digital, zero-pricing platforms for allegedly misleading and aggressive practices on the grounds that they collected personal data of consumers in exchange of services promoted as “free”, without however correctly informing on how personal data are used and monetized, irrespective of a breach of the consent requirements set forth in the GDPR.[11] It now seems also willing to monitor personalization of prices and discriminatory conducts based on tracking consumers’ spending behaviors and preferences by using algorithms and Big Data techniques.[12] Personalization of services may be greatly beneficial to individual consumers and consumer welfare, though it may also become unfair if leads to harmful or obscure discrimination based on use of personal data unknown to consumers and which obstructs their ability to make informed commercial choices. Notably, to effectively pursuing and enforcing consumer protection in digital markets, the ICA calls for legislative interventions to increasing maximum fines and investigative powers in the field.

Competition law. The ICA indicates that conducts entailing the use of Big Data may constitute antitrust infringements (Article 101 and 102 TFEU or the national equivalent) in several circumstances.

Abusive conducts. According to the ICA, the three abuse investigations carried out by the European Commission against Google in the recent years are perfectly consistent with traditional abusive conduct. The Commission has framed the peculiarities of a digital commercial practice (e.g. discriminatory use of search algorithms) within a traditional theory of harm based on exclusionary effects. This considered, the ICA deems antitrust law sufficiently flexible to address a whole set of conducts in digital markets through an evolutionary application of existing rules and theories of harm.

Notably, while recognizing the greater complexities connected with defining relevant markets in digital economy, the ICA suggests that antitrust enforcement policy could focus more on exclusionary effects than on rigorous market definition. This would particularly make sense for conducts leveraging on the central role of “irreplicable” Big Data in possession of a dominant platform that could simultaneously affect a variety of markets. It however stresses that refusal to deal or provide access with respect to data must in any case satisfy the “exceptional” conditions set forth by the case law on “essential facilities” to constitute an abuse. In particular, the following aspects are indicated as relevant to assess the “indispensability” of data to compete on a certain market: (i) the personal or non-personal nature of data; (ii) whether data have been collected by the dominant undertakings with the consent of data subjects rather than generated by data analytics operations or integration of various datasets; and (iii) the impact of GDPR or other regulations to portability and circulation of the data concerned.

Finally, the ICA speculates on hypothetical exclusionary conducts consisting in “reducing rivals’ data” (as opposed to conducts “increasing rivals’ costs”). Examples refer to making more difficult for competitors to access customers’ data by imposing contractual limitations to use certain services or by means of exclusivity agreements with third parties; or other obstacles imposed to customers to use competitors’ services. Exploitative abuses, though more complicated to find, are deemed to possibly arise in connection with imposition by dominant platforms of unfair or “excessive” collection of personal data. Despite admitting that it is problematic to assess the competitive level beyond which collection of personal data may be deemed unfair or excessive, the ICA indicates that exploitative abuses may apply to a broader set of circumstances in digital markets than in traditional markets.

Restrictive agreements. The ICA reminds to mainstream theories about the potential anti-competitive effects of pricing software or algorithms used by vendors or platforms to monitor and set prices of goods and services on the Internet.[13] Such algorithms may be designed or operated by competitors with the object or effect of automatically colluding on higher resale prices, in which case traditional case law on cartels may apply unproblematically. If, otherwise, such effect is the result of tacit, anti-competitive interaction between sophisticated algorithms without human intervention and awareness (so called “robot collusion”), it may be extremely complicated to construe a “meeting of minds” or “common understanding” between competitors, as required by the established case law to find an infringement of Article 101 TFEU (or national equivalent).

H. Main takeaways from the inquiry and what to expect

The Investigation shows that privacy law and policy represent the cornerstone to the main issues affecting the protection of competition, consumers and fundamental rights (including ultimately democracy) in the era of Big Data. However, privacy law has ambivalent effects on these issues and may cut both ways depending on the specific circumstances. A restrictive enforcement of data protection may raise barriers to circulation of data and competition to the detriment of new entrants, while a loosen enforcement may favor digital incumbents. There is indeed no straightforward relation between competition and use of personal data and no one-size-fits-all solution.

This said, the Investigation seems to suggest that “dynamic consent” requirements may be a possible means to address a few crucial concerns in the field of competition, media pluralism and privacy. From the perspective of antitrust, dynamic consent could curb market power of digital incumbents by constraining their ability to leverage on Big Data accumulated across a variety of sources and services to cement their dominance into existing or new markets.

Further, dynamic consent architectures, by giving consumers better control on their data, may raise a barrier to supply-side substitutability between different digital services, thus contributing to functional separation of platform’s activities. This in turn would help shaping and distinguishing relevant markets in the digital ecosystem, thus preserving rigorous market definition as a foundation of EU antitrust analysis. In this respect, various authorities across the EU, including the ICA, have proposed to loosen the centrality of market definition to better address abuse and concentration cases in digital markets. However, this stance could undermine certainty and predictability of antitrust law, ultimately making it prone towards non-economic or political considerations.

The Investigation makes evident that in-silos application of sectoral legislations by different authorities and countries is an obstacle to effectively remedy to concerns raised by Big Data on competition, consumer welfare and data protection. Given the global scale of digital players and the imperative of the Single Market within the EU, the raised issues cannot be tackled through a fragmented approach along sectoral or national lines. A holistic, synergic and harmonized application of different fields of law across jurisdictions, which combines sector regulation and common constitutional principles, supported by technical capabilities and resources, has become indispensable.

At the same time, competition law has its own limits and should not be used to achieve public goals that pertain to other legislative fields or political objectives. Arbitrarily using competition, consumer protection or privacy law to address one another’s concerns may indeed cause conflicts of competences between authorities and the risk of double jeopardy.[14] In this perspective, procedural reforms in the direction of further integrating the complementary competences and skills of competition, consumers and privacy authorities may make sense. To avoid the risk of conflicts of competences and double jeopardy in the field of Big Data, undertakings should in fact be given the opportunity to defend within a single proceeding from interconnected allegations investing multiple infringements potentially falling under the remits of two or more authorities.

The ability to make case-by-case analysis also seems increasingly indispensable to avoid mistakes in the assessment of infringements, which might hamper, instead of safeguarding, investments in innovation and the benefits they may bring to society. This requires that competent authorities be equipped with the right technical expertise (e.g. data scientists and analysts) to make such complex analysis. Certainty of law, and thus consistency and predictability, must be safeguarded too as a fundamental right to be preserved – and this is probably the real challenge posed by Big Data.

Currently, the ICA is investigating Amazon and Google for anticompetitive practices in the markets of e-commerce intermediation services and e-mobility services respectively. It alleges – inter alia – that the two platforms may be leveraging on Big Data acquired on dominated markets to preserve prominence of their own or affiliated partners’ products, thus marginalizing potential competitors.[15] For the upcoming future, the AGCM is studying competitive threats raised by Big Data in the banking, insurance and automotive sector. In addition, the Authority for Communications (AGCOM) has strong ex ante regulatory powers in the field of control of media and pluralism by which, theoretically, it could impose structural or behavioral remedies in the online advertising sector, which is currently under inquiry by the same AGCOM. These are crucial cases to understand future competition enforcement policy in Italy on matters such as market definition and remedies in the field of Big Data.

The impact of COVID-19 on digital economy/Big Data was not considered by the Investigation as it was closed before the outbreak. Community lockdowns are likely to further increase the importance of digital services and Big Data, thus enhancing market power of digital platforms. However, competition authorities may adapt their enforcement policy accordingly. It is conceivable that the urgent and overriding objective to protect health, safety and the well-being of the general public – particularly vulnerable peoples – may extend the scope and reach of antitrust enforcement by inflating the concept of consumer welfare, allowing competition law to pursue conduct that otherwise would be at the boundaries of its remit.

Hence, by making a virtue of necessity, the ICA may be more resolute in testing aggressive theories of harm and enforcement against market power of digital incumbents, including by resorting to interim measures any time an immediate threat to weakened businesses or consumers is detected.

This article has been published also on Concurrences.com on February 10, 2020.

[1]Autorità per le Garanzie nelle Comunicazioni (AGCOM).

[2]Autorità Garante della Concorrenza e del Mercato (AGCM).

[3]Garante per la Protezione dei Dati Personali (Garante).

[4]Published on the AGCM’s website (at this link).

[5]Including, inter alia, in UK, Germany, France, Spain and Benelux countries.

[6]Referring to online search, the ICA also mentions the need to consider increasing and decreasing economics of scale generated by the ratio between quantity, variety and frequency of data collection, citing in this respect the European Commission’s Google Search (Shopping) case (AT.39740).

[7] The ICA refers digital agriculture as example of a sector where data are a key competition driver and may require all the listed characteristics. See European Commission’s decision in Bayer/Monsanto, Case M.8084 (2018).

[8]ICA refers to European Commission’s merger cases Facebook/WhatsApp (M.7217) and Apple/Shazam (M.8788), in addition to hearings of Big Tech companies.

[9] European Commission’s top officials reported to press they are about to launch a public consultation for reviewing the 1997 Market Definition Notice to respond to the new challenges of digitization and globalization.

[10] See in this regard Decision of the Garante N. 39 of 25 July 2007.

[11] Decision of the AGCM N. 27432 in Case PS/11112 (Facebook-sharing data with third parties) of 29 November 2018 (as partially upheld in appeal by the first instance administrative court TAR Lazio). A precedent in line is Decision N. 26597 in Case PS/10601 (Whatsapp – transfer of data to Facebook) of 11 May 2017.

[12] A trend that may be confirmed during the COVID emergency with aggressive and frequent use of interim measures by the ICA (including obscuration of websites) to stop misleading practices or price gauging by digital merchants and platforms in the e-retail of essential product or services.

[13] One of the basic texts cited on this topic is A. EZRACHI and MAURICE E. STUCKE, Virtual Competition – The Promise and Perils of the Algorithm-driven Economy, London 2016.

[14] In the 2012 Toshiba judgment (Case C-17/10), the ECJ set out three cumulative conditions for the ne bis in idem principle to apply in the competition field rather than the two applying to criminal matters: two prosecution cases have to cover the same facts, the same offender and the “same protected legal interest”. However, in its Opinion rendered in a subsequent case (C-617/17) AG Wahl took the view that including the identity of the legal interest as a requisite to apply the ne bis in idem principle to the competition field is no longer justified.

[15] A summary of the ICA’s preliminary concerns is available here and here.

Article filed under: Media, Concurrences, Internet & Ecommerce, Mergers & Acquisitions
Back
Follow us on
© Portolano Cavallo Studio Legale, all rights reserved
VAT IT06794491008