Data Protection Aspects in Merger Reviews
[Lakshmi is a student at National Law School of India University, Bangalore.]
The question that then arises is when we can validly bring privacy concerns within the jurisdiction of competition law, and how they are to be addressed. In this piece, I argue that when determining whether a combination has an appreciable adverse effect on competition, we must consider the effect of the combination on privacy-friendly substitutes in the relevant market(s).
Potential Harms in a Data-Driven Merger
Mergers, specifically in digital platforms, can potentially result in two main privacy-related harms to competition in these markets. The first is that such mergers could result in a lowering of the quality of the product being offered. Second, such mergers can reduce competition for greater privacy protection.
Lowering of the quality of privacy
In several digital markets, consumers are offered “free” products, though this is often at a heavy cost to personal privacy. As a consequence, in these markets, the effect of a merger on the price of a product (which is taken as a parameter of competition) is either completely absent or negligible. The effect of combinations in such markets can often be seen through non-price parameters, such as the effect on quality or privacy. The merged entity, by virtue of gaining some benefit through the merger in the relevant market(s), could disregard privacy factors leading to a drop in the quality of the product. For example, in the Google/DoubleClick merger a possible consequence of the use of “deep” and “broad” tracking that was brought in due to the merger would result in a drop in the quality of search results for consumers who highly value their privacy. In such a scenario, recognition of other non-price parameters of competition in merger reviews becomes extremely important, because it is through these non-price means that consumers compensate these platforms.
Reduced competition on privacy protection
Mergers have the potential to reduce competition on aspects of privacy by enhancing the network effects and lock-in effects that exist in digital platforms. Network effect refers to how as more people use a particular product the value of the product increases (in digital platforms, this is due to greater data inputs from users). Mergers can help in ensuring a larger market usage and share of a particular product which can therefore increase the quality of the product even further. Lock-in effect refers to how switching to another product is harder or meaningless unless a majority of the users of the original product also switch.
When mergers enhance network and lock-in effects, the merged entity’s user base increases significantly which drives out existing, privacy-protective competitors. Further, this also creates high barriers for potential privacy-protective competitors from entering the market. A good example of this is the Microsoft/LinkedIn merger, wherein the merger assisted LinkedIn in its growth (by pre-installing LinkedIn on Windows platforms, for example), and network effects helped tip the market for professional social media in LinkedIn’s favour. This could prevent the growth of alternatives to LinkedIn which offer greater privacy protection. Therefore, mergers have the potential to reduce competition on aspects of privacy.
Taking this a step further, mergers also have the effect of reducing incentives to compete on the parameter of privacy. To penetrate these markets, newer firms often require large amounts of data – something that large or dominant companies already have a significant advantage over. Further, firms which are dominant in the market are aware that having weaker privacy policies that enable them to collect larger amounts of data can improve their efficiencies and quality. Consumers, on the other hand, while concerned about privacy to some extent, are unable to easily see the costs of privacy harms (unlike they would be able to with, say, price). Here, there is a misalignment of incentives – while consumers want greater privacy, social media platforms have an incentive to undermine privacy to improve their product, which they can get away with because the costs to privacy infringement are hard to see. Mergers amongst large firms which do not put privacy first result in an entrenchment of bare-minimum privacy compliance as the standard in these markets. This results in there being no incentive to innovate and find a better balance between privacy and quality/efficiency, and in a suppression of privacy-enhancing tools and privacy-friendly products. This harms consumers by resulting in less than optimal choices when it comes to privacy in these sectors.
How Competition Law Can Help
Specifically, in the case of mergers in these markets, competition law needs to consider the effect the merger can have on privacy-friendly substitutes in the relevant market(s). Section 20(4) of the Competition Act 2002 requires us to look at the “extent of effective competition likely to sustain in a market” and the “extent to which substitutes are available or are likely to be available in the market”. When it comes to mergers in markets for social media and telecommunication services, as highlighted above, “effective competition” must look at competition with privacy as an important parameter; and “substitutes” must include privacy-friendly substitutes. This is because, in the relevant market, privacy is an important parameter of competition that consumers value and require optimal choices in.
Ultimately, whether or not a combination must be blocked will be the result of balancing between pro-competitive and anti-competitive effects. However, in considering what those effects might be, we cannot ignore the role that privacy has to play in competition.