Data privacy and competition protection: Overlap or conflict?

In a recent interview, Europe’s antitrust chief, Margrethe Vestager, warned Apple that its recent changes to privacy rules must not give preferential treatment to its apps over those of its competitors or it might be in violation of antitrust norms. Apple has framed those changes as being designed to protect users’ personal data, but that does not exempt its actions from competition rules.

This warning came in reaction to recent changes to the Cupertino-based group’s privacy policy, which led other platforms in the digital advertising market to accuse it of unduly distorting competition. Specifically, the changes to Apple’s privacy policy will make blocking ad tracker software targeting users’ personal data the default setting on all apps sold for use on Apple devices (meaning through the Apple Store). Apple users can choose to allow ad tracking of their data, but they must actively provide consent. At first glance, this seems to give users more control over their own privacy and looks as though it is a response to the recommendations of the authorities responsible for application of the GDPR. However, on closer inspection it becomes clear that by reducing the ability for others to profile app users, thereby reducing their value for advertising purposes, this change would make it much less lucrative for app developers to sell their apps for Apple devices. This is especially true for those who generate earnings solely through ad tracking. In its defense, Apple said the rule also applies to its own apps, but detractors say this would have the effect of funneling the advertising revenues from traffic generated by users of Apple devices to Apple apps.

There are two reasons for this: first, Apple apps, according to competitors’ accusations, use technology and profiling models that are different from those blocked by the new changes, meaning that the policy changes do not have the same consequences for Apple applications; and secondly, the Apple operating system (iOS) is a closed-source system, meaning manufacturers of non-Apple devices cannot get a license to use it. Furthermore, Apple prevents the sale of apps on its devices outside of the Apple Store (and therefore iOS users cannot be accessed and tracked outside of an ecosystem that exists under conditions set by Apple). It is this second point in particular that would make Apple a dominant force in the market of non-licensable operating systems for mobile devices: according to the Commission’s precedents against Google/Android, this is separate from the market of licensable (or open-source) operating systems, where Android is considered the dominant player. It follows that any conduct on the part of Apple that is judged “discriminatory”—which would include conduct that results in its benefiting its own collection of advertising data over that of its competitors—could constitute an antitrust violation in the form of abuse of a dominant market position (Art. 102 of the Treaty on the Functioning of the European Union). The Commission already has two antitrust investigations underway regarding the ban on selling apps outside of the Apple Store at the behest of Spotify and Epic Games.

No formal antitrust investigations have yet been undertaken with regard to the updated Apple privacy policy, but Commissioner Vestager’s statements seem to suggest strongly the tendency to see privacy rules adopted by Internet platforms as crucial drivers of competition in digital markets (especially when it comes to collecting advertising data, the main source of revenue). It stands to reason that privacy policy and practices are therefore subject to antitrust laws and not just privacy laws. While that theory has been debated academically for some time now, the Italian authority (together with its German, UK and French equivalent) seem to be taking a leading role in aggressively enforcing competition rules in that direction. Indeed, in late October 2020 AGCOM opened an investigation into Google for conduct that was in some ways similar to the conduct at issue here, cementing its position as one of the most active and aggressive authorities when it comes to applying antitrust rules in the digital sector. The French authority, too, may be ready to take action: recently an association of online advertising companies filed antitrust charges in France over Apple’s changes to privacy rules.

However, on March 17, the Autorité announced that it did not intend to impose interim measures on Apple. The President Isabelle de Silva reported that the decision came after the Autorité sourced an analysis from the French data protection supervisor (CNIL) that came to the conclusion that Apple’s privacy changes would bring benefits to users on data protection grounds. Nontheless, the Autorité will continue to conduct a probe into whether the company unfairly favors its own services. Further, the UK Competition Authority (CMA) has heard similar concerns as in the French case from complainant Marketers for an Open Web (MOW) in the context of an abuse of dominance probe it launched into Apple’s App Store in early March. Finally, in January this year, the CMA opened an investigation into Google’s proposals to remove third party cookies and other functionalities from its Chrome browser.

So far, the combination of privacy and antitrust issues raised by the digital economy has been considered a matter of overlap between regulations that until recently were seen as covering completely separate areas. The most recent policy indications on competition in Europe tend to consider privacy protection a quality element (or lower “price”) for digital services, resulting in greater privacy protection should be considered to correspond to greater competitiveness among digital services. However, as our understanding of the competitive dynamics linked to data use has grown, we have begun to see potential conflict between the two regulatory areas: while privacy rules applied by Apple and Google clearly seem to result in users being afforded greater data protection (and therefore better “quality” or “price”) for digital services, at the same time the way this is playing out in real terms may result in limiting competition among suppliers of digital services in closed-source ecosystems, where users do not have the option to switching or multi-homing to other platforms without incurring significant costs (such as purchasing a new device), or are at least discouraged from doing so by opportunity costs (e.g. no being able to use the data uploaded on the other platform). However, treating practices that tend to improve user privacy as antitrust infractions seems to fly in the face of the teachings of the European competition authorities.

Therefore, we need to seek the correct balance between these two sets of needs—one that allows the large platforms (so called “gatekeepers”) to know with a fair amount of certainty which privacy behaviors and terms they can provide to users without incurring heavy antitrust fines. Legal certainty and the freedom to conduct business also deserve maximal constitutional protection. The Commission’s newly proposed Digital Markets Act, currently under discussion, would seem to offer an opportunity to deal with this issue, but so far the draft text and the discussions do not appear to properly address it.

Follow us on