Competition Law and Personal Data: Preliminary Thoughts on a Complex Issue

Abstract

With the advent of the Internet, and the development of new business models, companies increasingly hold large amounts of personal data about their employees and their customers. While there is a plethora of literature on the data privacy challenges created by the Internet and these new business models, this paper explores the limits placed by EU competition law on the acquisition and processing of personal data. There is a dearth of literature, and no real precedent, addressing this question. Hence, this paper is a first attempt to address the interface between personal data and competition law. We hope that it will trigger further analysis and debate on what will increasingly become an important policy question.It is common knowledge that a fast growing number of companies, such as, for instance, telecommunications operators, banks, credit card companies, large retailers, Internet service providers, search engine providers, and social networks, collect large amounts of personal data. Other companies specialise in the processing and selling of these data. In particular, personal data are at the core of the Internet. Companies, such as Google or Facebook, have developed services and business models whose success heavily rely on the acquisition and treatment of personal data. Such data allow these companies to improve the quality of their services and make them more attractive to users. They also enable them to monetise their services through targeted (also referred to as “behavioural”) advertising. The volume, but also the quality of the personal data acquired is thus key competitive differentiators in the Internet economy. Online service users certainly benefit from the ability of their providers to use personal data they may have acquired in terms of better services (more relevant search results, etc.) and more targeted advertising. The acquisition of large volumes of data by “first mover” providers may, however, raise barriers to entry and thus deprive users from the benefits of competition. There is also a risk that online service providers may seek to prevent other companies from acquiring the data they need to compete, hence perpetuating their lead.Against this background, this paper is divided into four sections. Section II further elaborates on the critical importance of the acquisition of personal data for most key Internet players (which are referred to hereafter as “online service providers”). Section III analyses the extent to which certain practices aiming at collecting data or at depriving access to such data to competitors can be anticompetitive and constitute a breach of EU competition rules. It also analyses whether EU competition law could be used to force dominant companies to share their data with competitors so as to stimulate competition on one or several markets. Finally, Section IV concludes.