Our contribution aims at giving a comprehensive overview over the intertwining of competition law and data protection law in the EU legal framework, prompted by the rising and disruptive importance of amassed data, including personal data (‘Big Data’), for competition. Big Data has quickly penetrated most business areas in the past decade, posing challenges for the effectiveness of existing data protection rules, on one hand, but also for different aspects of competition law and its enforcement, on the other hand. Access to customer contact data or customer preferences has impacted on competitive parameters, raising completely new questions of competition law, e.g. in the context of data portability or digital cartels. However, the more fundamental issue arises if and how data protection compliance can or should be a parameter in the assessment of competition authorities around the world, being a well-known fact that, in principle, competitive assessment is bound only by welfare considerations. Personal data has had multiple impacts on all pillars of competition law – anticompetitive agreements, abuse of dominance and merger control. While abuse of dominance and merger control relate to competitive harm via the access to greater customer data, the classic price fixing cartels are being replaced by seemingly irretraceable, big data based price fixing algorithms. Proceeding empirically, from the recent practice of several competition authorities, including the European Commission, as well as the German and French competition authorities, this contribution identifies three phases of development of the intersection between data protection and competition law. At the beginning, competition authorities were acknowledging data protection law as being a separate issue without relevance for the purpose of merger control proceedings and thus placing the two areas of law on parallel pathways. In a second phase, the realization that data protection rules may in fact have a role in hampering or enabling competition took more and more space both in policymaking and in adjudication, with Data Protection Authorities starting to play a role. We are currently at the dawn of the third phase identified: data protection law considerations are at the core of at least one current case looking into an abuse of dominant position in Germany, a Digital Clearinghouse started to meet twice every year in Brussels and the European Commission is laying the groundwork for potential changes in the way it enforces competition law in the digital economy. We call this last phase “Uberprotection”, which we define as the protection of the rights of individuals and their welfare as data subjects, participants to the market and consumers, afforded by concerted enforcement and facilitated by coherent policymaking of competition authorities, data protection authorities and consumer protection authorities.
Read full abstract