21 March 2022
Agencies: Federal Trade Commission and US Department of Justice
Docket No.: FTC-2022-0003-0001
I am writing to you in my capacity as the Co-chair of the Global Privacy Assembly’s (“GPA”) Digital Citizen and Consumer Working Group (“DCCWG”). Established in 2017, the DCCWG is focused on examining the intersections of, and promoting regulatory co-operation between, the privacy, consumer protection and competition regulatory spheres. Our work goes to the heart of the GPA’s Policy Strategy to facilitate regulatory co-operation and collaboration to create a global regulatory environment with clear and consistently high standards of data protection. The DCCWG provides a forum that encourages dialogue, co-operation and the sharing of experiences regarding cross-regulatory intersection issues. It further aims to advance how authorities from all three regulatory spheres may use existing frameworks, or foster new ones, to work together and holistically promote a robust and competitive digital economy where privacy rights are respected.
The digital transformation of the global economy has brought with it a number of opportunities and challenges for all regulators. Among other things, this transformation has led to an increased cross-regulatory intersection between privacy, competition and consumer protection. It has become apparent that these intersections will only continue to grow both in frequency and magnitude, as their interplay shapes today’s digital economy and society.
The DCCWG recently completed work that brings together both the theory and practical application underpinning our current understanding of this intersection. It resulted in two complementary reports appended to the DCCWG’s 2021 Annual Report. The first is a DCCWG-commissioned independent academic report by Professor Erika Douglas of Temple University Beasley School of Law, titled ‘Digital Crossroads: The Intersection of Competition Law and Data Privacy’ (the “Digital Crossroads”). It is worth noting that the Digital Crossroads is the first report of its kind to delve comprehensively into the intersection between competition and privacy. It provides a detailed overview of the current regulatory landscape, highlights complements and tensions between the philosophies at the center of these two fields and underscores its emerging development as an important cross-regulatory challenge requiring further consensus-building and international collaboration.
The second is the DCCWG-authored ‘Privacy and Data Protection as Factors in Competition Regulation: Surveying Competition Regulators to Improve Cross-Regulatory Collaboration’ (the “Interview Report”). Based on a series of interviews with competition authorities from around the globe, the Interview Report identifies potential synchronicity between regulatory regimes as well as obstacles to be surmounted and possible tensions to be mitigated. Perhaps most importantly, this report also includes multiple examples illustrating how competition authorities have successfully incorporated privacy considerations into their enforcement analyses and through cross-regulatory collaboration or consideration, have found the balance between the two without sacrificing the objectives of either.
As our membership is comprised of privacy and data protection authorities, our comments will be limited to privacy and cross-regulatory insights, as opposed to a more direct assessment of your existing merger guidelines. It is within the context of the intersection between privacy and competition regulation, and the two reports noted above, that we offer comments with respect to the following questions in your Request for Information on Merger Enforcement:
- Types and Sources of Evidence
- Has the guidelines’ framework been interpreted unduly narrowly as focusing primarily on the predicted price outcome of a merger? Are there non-price effects that are not adequately analyzed by analogy to price effects, and how should the guidelines address such effects? What evidence should the guidelines consider in evaluating these effects?
- Does the guidelines’ framework sufficiently capture the range of circumstances in which a merger will likely enhance the ability and/or incentive of the merging parties or other market participants to reduce competition, and the range of evidence that may be relevant to that consideration?
- Market Definition
- How should markets be defined when the potential harm to competition stems not from the risk of an immediate price increase, but instead from other longer-term or non-price factors such as a loss of innovation, changes to product quality or variety, or creation of new entry barriers?
- Digital Markets
- How, if at all, should the guidelines’ analysis of mergers in digital markets differ from mergers in other markets? How should markets be defined in the case of mergers in the digital sector where products and services undergo rapid change? How should the guidelines address prospective competitive harms in rapidly evolving markets?
- How should the guidelines approach market definition in zero-price markets, negative-price markets, or markets without explicit prices? Can “quality” and other characteristics play the same role as price in market definition?
- How should the guidelines analyze mergers involving data aggregation as an important motive and/or effect? How should economies of scale and scope be measured in these cases?
Privacy will play a larger role in competition policy
As noted in the Digital Crossroads, privacy will play a larger role in competition policy within digital markets in the future. With this in mind, when one views privacy as a non-price factor of competition today, it is not hard to imagine how an organization can engage in anti-competitive conduct. If a reduction in the number of competitors due to mergers in a market is likely to lead to increased prices, the inverse can be true with respect to privacy protections as an element of product and service quality. With fewer competitors in the market, there is less incentive to continue to enhance or maintain existing levels of privacy protections, as a qualitative component of a product or service. Once a digital enterprise gains a dominant market position, if not an outright monopoly, consumers will be left with little to no choice but to accept a lower quality product or service should that enterprise choose to reverse course with respect to previous privacy-serving practices. If, for example, that enterprise were to begin tracking their customers’ online habits in an effort to monetize that information, the lack of substitutable products or services leaves consumers no meaningful alternative but to accept a lower quality product/service or stop using the product/service altogether. In today’s digital economy that may not always be practicable, given consumer dependence on dominant digital platforms as well as other network effects and externalities. At the same time, a digital giant with market power could suppress privacy-friendly product/service innovations and potentially eliminate competition with respect to the level of privacy protections offered by competitors.
A heavy focus on price-based competitive factors, combined with efforts to minimize non-price competitive factors, is likely to entrench what the Interview Report has termed the “traditionalist” approach to regulation. While not unique to competition regulators, as presented on page 12 of that report,
“[t]his approach is rooted in the view that competition authorities can more effectively achieve their mandates by focusing on competitive issues and elements when assessing the conduct at issue, and setting aside any factors that do not have a competitive bearing on the conduct. Under this theory, competitive assessments utilize traditional competitive indicators such as price or market share, and would generally exclude factors such as privacy.”
This approach relies on other regulators to address other issues (such as privacy) within their regulatory sphere. As raised in the Interview Report, such an approach to competition regulation could result in an increased number of “either-or” enforcement resolutions and policy positions that promote competition at the expense of privacy – or vice versa. Such a binary outcome may not only compromise privacy rights, but could also result in a sub-optimal outcome as it relates to promoting competition in a robust digital economy. Our research suggests that we have arrived at a point where privacy and data considerations have been largely accepted in the anti-trust community as having the potential, in certain circumstances and markets, to be material factors in the competitive calculus.
The Need for Cross-Regulatory Collaboration will continue to grow
The overlapping regulatory nature of digital markets calls for a cooperative process. This will help promote a holistic and consistent approach to digital regulation to the benefit of competitive markets, consumer welfare, and the protection of privacy rights.
The benefits of cross-regulatory cooperation can be seen in examples such as the Colombian Superintendencia Industria y Comercio’s (“SIC”) “Bank’s” resolution as discussed in both the Digital Crossroads and the Interview Report. Among other things, the SIC is Colombia’s consumer protection, privacy and competition authority. As discussed in greater detail in paragraphs 78 and 79 of the Interview Report, when Colombia’s financial regulator asked the SIC to conduct a competitive assessment of the creation of a digital joint venture between Colombia’s three largest banks, the competition team conducting the assessment recognized both the privacy implications and the need for the joint venture to garner consumer trust in its services through transparency and respect for Colombia’s privacy regulations. As a result, they consulted with their privacy counterparts and, despite the competitive nature of the assessment, incorporated several privacy-related recommendations into their final report.
Another example can be found in the UK’s Digital Regulation Cooperation Forum, which is comprised of the UK’s Competition and Markets Authority (“CMA”), the Information Commissioner’s Office (“ICO”), the Office of Communications and the Financial Conduct Authority. The Forum was established to ensure greater cooperation on online regulatory matters. In May of 2021, the CMA and the ICO published a joint statement setting out their shared views on the relationship between competition and data protection in digital markets.
I would also draw your attention to the Competition and Consumer Commission of Singapore (“CCCS”) as an example of how both regulatory spheres’ interests have been advanced through cross-sector consideration and collaboration. As part of a public consultation on proposed amendments to various enforcement guidelines, the CCCS has explicitly stated that, where appropriate, their merger assessments will treat data protection as an aspect of quality. Another proposed amendment identified the control/ownership of data as a possible determinant of market power with respect to abuse of dominance assessments. These and other examples are explored in greater detail in the Interview Report and Digital Crossroads, appended to the DCCWG’s 2021 Annual Report (and also accompanying this letter for convenience).
In addition, the growing importance of fostering cross-regulatory cooperation between privacy and competition authorities is also reflected by the G7 data protection and privacy authorities’ recent agreement to strengthen collaboration with their domestic competition counterparts on the regulation of digital markets.
Thank you for the opportunity to participate in your consultation. I can be reached at Brent.Homan@priv.gc.ca should you wish to discuss these issues further.
Sincerely,
Co-Chairs of the Digital Citizen and Consumer Working Group
Global Privacy Assembly
Encl.