Why data protection and competition policy hold the key to a data driven economy
It is commonly acknowledged that data is a fundamental engine for growth in the 21st Century economy. It is particularly true in Fintech and Insurtech, where most of the innovative products and services rely on the use, processing and exploitation of data whether personal or other types of data.
Data is increasingly becoming a new asset class, and can be exchanged, acquired, sold, and bought. It is therefore even more important that individuals can be reliant on the way their data is stored, processed and used.
New Regulatory developments such as the EU General Data Protection Regulation (GDPR) are bringing important changes not only to the sanctions for those companies not complying with its provisions but more fundamentally by giving control to the individual persons over their data. This is where the strategic / market and public policy / regulatory agendas are intersecting in Fintech and Insurtech.
Although compliance is, of course, a major requirement for all market players, there are real strategic, commercial and business benefits for market players to adopt very proactive, transparent and customer friendly data strategies in order to support the growth of their products and services. Start ups and new players can use these strategies to differentiate sharply with incumbents, creating entirely new customer experiences and relationships. By contrast, incumbent players can use this opportunity to heal their relationships with their customers and recreate consumer trust and loyalty.
But the access, ownership, and use of data could also reveal some sensitive competition law related issues, as they are becoming such a fundamental asset in the data economy. The articulation between privacy and data protection rules and competition law is increasingly becoming part of the control exercised by competition authorities.
Margrethe Vestager, European Commissioner for Competition clearly indicated the direction of travel for regulators in a conference in 2015: “The future of big data is not just about technology. It’s about things like data protection, consumer rights, and competition. Things that give people confidence that big data won’t harm them. If we want big data to fulfil its promise, then we need to enforce the rules effectively”.
In March 2016 for instance, the German competition authority, BundesKartellAmt opened a probe into whether Facebook abused its marketing power by infringing data protection rules. In May 2016, the same BundesKartellAmt and the French Autorité de la Concurrence published a Joint paper on Competition Law and Data.
Andreas Mundt, President of the Bundeskartellamt, and Bruno Lasserre, President of the Autorité de la concurrence said on the day of issue: “Business models, particularly in the digital economy, often involve a massive collection and use of (personal) data. The aim of the paper is to provide a good overview of the relevant issues by evaluating the state-of-play of the debate and to discuss the various interfaces between Big Data and established concepts of competition law enforcement. The practical relevance is at hand. “
Following this paper, the Autorité de la concurrence launched a full blown sector inquiry into data related markets and strategies relating to both data and market power and data and business practices. And the Bundeskartellamt has launched the investigation above mentioned on Facebook.
Determining why, how and to what extent data may become an instrument of market power is essential for competition authorities worldwide according to the two Competition authorities. The Joint paper aimed at providing a comprehensive overview of the existing case law and literature. It allowed stakeholders and competition authorities to identify key issues and parameters that may need to be considered when assessing the relevance of data for competition law enforcement.
In a recent speech, Rod Sims, Chairman of the Australian Competition & Consumer Commission (ACCC) remarkably clearly spelled out the new frontiers of applying competition policy to data driven and digital technologies, Algorithms & Big Data including the abuse of dominant positions on data driven innovation / big data & particularly mergers.
Two aspects of particular relevance can be identified:
- Whether the data under consideration can easily be obtained by rivals or if artificial impediments and obstacles restrict this access, and
- Whether the scale and scope of data matter particularly about the market positions of the concerned players.
The newly found interest from Competition authorities into the articulation and connection between privacy and competition law could have major structural and market impacts.
As we have seen, companies holding market power will increasingly be scrutinised on how they deal with holding, use and access to personal data. Abuse of their dominance could lead to severe sanctions on both privacy and competition law bases.
Mergers and partnerships in data driven industries in particular digital / technology ones including fintech and insurtech will increasingly consider the competition side of privacy to scrutinise and approved/refused on this basis.
Some markets like the UK ones which are leaders in the data economy, fintech and insurtech could feel particular heat resulting from this interplay of privacy and competition law.
On the 9th October 2017, it was announced that the European Commission recently raided a number of Polish and Dutch banks. The Commission’s Directorate General for Competition led my Commissioner Margrethe Vestager is investigating whether banks are deliberately preventing non-bank and fintech competitors from gaining access to customer account data.
The European Commission states that: “It has concerns that the companies involved and/or the associations representing them may have engaged in anti-competitive practices in breach of EU antitrust rules against business practices and/or abuse of dominant market positions. They are aimed at excluding non-bank owned providers of financial services by preventing them from gaining access to bank customers’ account data, despite the fact that the respective customers have given their consent to such access.”
These issues developed since some months around implementation of the PSD2 by incumbent banks and the rumbles emanating from fintech startups around their problematic behaviours in particular in the UK. Other raids and legal/regulatory actions against incumbent players in financial services will likely follow. It is particularly true for the future impacts of Brexit as well as those resulting from the negotiations of potential new bilateral trade agreements in particular with the US.