Data protection and antitrust law – a relationship for eternity?

Last week, we blogged about the Bundeskartellamt finding that Alphabet/Google has a “paramount significance across markets”. One aspect that played a role in this and other cases is the relationship between data protection and antitrust law. A reason for us to take a closer look at this relationship in recent case law.

As an antitrust lawyer, I have always been pleased about the introduction of new data protection regulations. Finally, it was no longer the antitrust lawyers who were the most annoying advisors on a deal. Gradually, however, I realized that data protection regulations can also have a direct impact on antitrust law, as also shown by recent cases of the German Bundeskartellamt and the European Commission.

To start with: Facebook (Meta) again

There are various blogs and comments on this case, so I will keep it rather short. After a three-year investigation, the Bundeskartellamt came to the conclusion that Facebook was abusing its market power to collect and bundle data on a large scale. They also held that Facebook’s behaviour led to a breach of the General Data Protection Regulation, as users had no choice but to consent to the processing of their data.

The Düsseldorf Higher Regional Court, however, issued an interim injunction, ruling that the Bundeskartellamt is not allowed to enforce its decision. Surprisingly for some observers, the Federal High Court of Justice lifted this injunction and referred the case back to the Higher Regional Court for a hearing on the merits. According to the High Court of Justice, there are neither serious doubts about Facebook’s dominant position on the German market for social networks, nor serious doubts “that Facebook is abusing this dominant position with the terms of use prohibited by the Bundeskartellamt”.

The Düsseldorf Higher Regional Court then referred the case to the Court of Justice of the European Union (CJEU), among other things asking the Luxembourg judges whether it is permissible for a national antitrust authority to identify violations of the General Data Protection Regulation and to take measures against these violations. The case remains exciting.

In flux: The Enel case  

You might know the landmark decision Costa vs. Enel from 1964 in which the CJEU established the primacy of European Union law over the law of the Member States. But this is not the case I want to write about here (although it is a very interesting one). The latest Enel case deals with certain practices by Italian energy company Enel in the context of the liberalisation of the Italian energy market.

In Italy, one has to differentiate between customers who purchase their energy on the open market and customers which rely on the so called “service of better protection” (SEN). The SEN is an option that guarantees consumers the supply of electricity and gas under the economic and contractual conditions established by the Regulator of Energy, Networks and Environment (ARERA). Energy suppliers are supposed to operate different entities for the open and the SEN markets. However, the SEN is about to be abolished and transferred to the open market.

In January 2019 the Italian competition authority fined Enel and its subsidiaries EUR 93 million, finding that Enel – in view of the upcoming abolishment of the open market regime – foreclosed competitors by transferring customer data from Enel’s service of better protection entity to its open market entity but not to its competitors, enabling Enel’s open market entity to approach customers on the basis of these data and preventing the large-scale departure of SEN customers to third-party suppliers.

Following an appeal byEnel, the Italian court of second instance stayed the case and asked the CJEU for guidance. Among other things, Advocate General (AG) Rantos held in his opinion dated 9 December 2021 that the case was very interesting because it concerned the potential abusive use of databases and might lead to guidance for assessing conduct relating to data under Art. 102 TFEU. According to AG Rantos, an abuse within the meaning of Art. 102 TFEU cannot be ruled out if the data was collected lawfully, but the unlawful collection of the data does not necessarily lead to an abuse either. He also held that “an exclusionary practice which can be replicated by competitors in an economically viable way does not represent conduct that may lead to anticompetitive foreclosure and thus comes within the scope of competition on the merits.”

It will be interesting to see whether the CJEU will follow AG Rantos and what the Italian courts will finally conclude.

Already cleared by the European Commission: Microsoft/Nuance

As a kind of early Christmas present, the European Commission cleared Microsoft’s acquisition of Nuance on 21 December 2021. Nuance is a provider of AI-powered transcription solutions with a special focus on the medical sector. Potential concerns arose around the use of data transcribed with Nuance’s software by Microsoft. However, the Commission concluded that “Nuance can use this data only to provide its services. It is not used by any other company and cannot be used for any other purpose due to contractual restrictions and data protection legislation. Also, access to such data does not provide an advantage that would allow Microsoft to shut out competing healthcare software providers given that important transcribed information is typically stored in third-party applications like electronic health record systems that combine data from several sources, as opposed to Nuance’s fragmented speech data.

So, it seems that the European Commission looked into the use of data and whether the access to this data would allow Microsoft to restrict the market access for other healthcare software providers, but found that inter alia data protection legislation hindered Microsoft to do so and, thus, also protected competition in a way. Currently, the case is still under investigation by the CMA with the deadline for a phase 1 decision ending on 9 March 2022.

Why did I have to read all this?

At first (and also at second) glance, the cases described above may not have much to do with each other. However, all of these cases show that the question of how data is used, whether it was collected lawfully and who can collect it all play an increasingly important role in current and future antitrust cases. In the process, many interesting questions arise around the tension between data protection law and antitrust law. Both areas of law will have to put up with each other for quite some time.