Could the quality of data protection also be a parameter of the theory of harm under Art. 102 TFEU?

(1)

Could the quality of data protection also be a parameter of the

theory of harm under Art. 102 TFEU?

Student: Kim van Hasselt

Student number: <xxx> Student e-mail: <xxx>

Master: International and European Law – European Competition Law and

Regulation

Supervisor: Ms. Dr. K.J. (Kati) Cseres

Words: 12.381

(2)

Abstract

This thesis explores the role of data protection in the competition analysis under Art. 102 of the Treaty on the Functioning of the European Union (‘TFEU’). The digital economy requires a lot of personal data, without consumers knowing the specifics of the data collecting and processing of the undertakings. On two-sided markets, where on the one side the consumer can use a service for free (such as Facebook) and on the other side advertisers pay to have access to the consumer via advertisements, the quality of the user data policies could be degraded to gain more revenue from the advertiser’s side of the market. The research question of this thesis is whether the quality of data protection can be a parameter under the theory of harm of Art. 102 TFEU.

In short, the conclusion can be drawn that it is well-established that quality in itself is a parameter under Art. 102 TFEU. There are no indications that the quality of data protection cannot be a parameter under Art. 102 TFEU and there is sufficient evidence to assume that the quality of data protection is a parameter under competition law. The next step would be to determine the theory of harm under the quality of data protection parameter to see when a certain degree of quality infringes competition law, but this goes beyond the scope of this thesis.

(3)

1 Introduction

The way in which we participate in economic activity has changed in the digital economy. The online economy enlarged the scale of the processing of personal data. Some services are offered for ‘free’, but in return you would have to give up data. Facebook is such a service. It is a two-sided market where it collects personal data from its users on the one side of the market, to sell it to advertisers on the other side of the market, who can then target users by personalised advertisements.1 The traditional distinction between consumers on the one side of the market and producers on the other side, is blurred. When consumers start using Facebook they have to accept the user terms and conditions. Usually it is a long read and it is not clearly set up. Consumers are not aware of the amount of data that is being retrieved. Therefore, there are concerns about the loss of privacy due to no transparency of the collecting process and not really knowing what the data is used for. 81% of the internet users say they feel they do not have control over their personal data.2

In March 2016, the German competition authority, the Bundeskartellamt (‘BKA’), started an investigation into Facebook. The BKA fears that Facebook is abusing its alleged dominant position by imposing unfair terms and conditions on users, which requires the users to ‘hand-over’ a lot of personal data. Undertakings with a dominant position have a special obligation to comply with the law. The mere presence of a dominant undertaking already implies that competition in the market is slightly hindered.3 According to Mundt, president of the BKA, this special responsibility includes “the use of adequate terms of service as far as these are relevant to the market”. If there appears to be an infringement of data protection law via the terms and conditions of an undertaking with market dominance, this would establish an abusive practice under competition law.4

Competition law is there to make sure competition is not infringed and to keep the dynamics of a well-functioning market. In previous abuse of dominance cases, the authorities have

1_{M Stucke and A Ezrachi, ‘The curious case of competition and quality’ (2015) Journal of Antitrust}

Enforcement, p. 21 available via <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2494656> accessed on 10 September 2016.

2_{M Vestager, ‘Making data work for us’ speech 9 September 2016 available via}

<https://ec.europa.eu/commission/2014-2019/vestager/announcements/making-data-work-us_en> accessed on 12 September 2016.

3_{Case C-457/10 P AstraZeneca vs European Commission [2012] ECLI:EU:C:2012:770, para. 150.}

4_{Bundeskartellamt Bundeskartellamt initiates proceeding against Facebook on suspicion of having abused its}

market power by infringing data protection rules Press Release (2 March 2016) available via <

http://www.bundeskartellamt.de/SharedDocs/Meldung/EN/Pressemitteilungen/2016/02_03_2016_Facebook.htm l?nn=3591568> accessed on 18 September 2016.

(5)

tended to focus on the ‘paying’ side. But since Facebook is offered for free, there is no price for authorities to look at. This causes for a different approach. The BKA decided to look at the quality of the terms and conditions. Would it be possible that the behaviour of an undertaking could result in a decrease of quality in the sense of data protection, to such an extent that this qualifies as an abuse of a dominant position?

The BKA is the first competition authority to start an investigation in assessing data protection under competition law. The ruling of the BKA is much awaited. There are a lot of opinions and speculations about how privacy should be or should not be incorporated under the competition framework. For now, it can only be assessed what the current role of quality under the competition framework is and whether the quality of data protection can fit in that role. In the light of the investigation of the BKA, this thesis will therefore assess whether the quality of data protection can be a competitive parameter in the competition law framework under Art. 102 TFEU. For the purpose of this thesis, a dominant position, in the manner of Art. 102 TFEU, is assumed; there will be no attention devoted to how the existence of a dominant position is assessed.

To answer the research question, the theory of harm under Art. 102 TFEU will first be set out. It is then necessary to set out the current quality parameter framework, to determine whether data protection can fit in that frame. This will be discussed in Chapter 2. Chapter 3 will then look at the personal data protection framework and how it collides with competition law. In Chapter 4 it will be assessed whether the quality of data protection can be seen as a competitive parameter. Chapter 5 will shortly look at the case the BKA started. A conclusion will follow.

1.1 Methodology

The methodology used in this thesis is descriptive and evaluative. After looking at the news articles about the start of the BKA investigation, source selection started by combining terms such as “data protection”, “competition law” and “privacy”. The sources used in this thesis are decisions from the European Commission, case law, legislation, opinions, books, articles and press releases.

(6)

2 The role of quality in the competition law framework

2.1 Theory of harm under Art. 102 TFEU

Before answering the question about the role of the quality parameter under Art. 102 TFEU, it is important to evaluate what the theory of harm is under Art. 102 TFEU; when does the Commission enforce Art. 102 TFEU and thus look at the competitive parameters to determine the abuse? The Commission seems to focus on consumer welfare and the proper functioning of the market. Consumers benefit from effective competition, which will lead to lower prices, better quality and a wider choice of new or improved goods and services.5 Safeguarding the competitive process and making sure that dominant undertakings do not exclude their competitors are the main objectives of the Commission under Art. 102 TFEU.6

While being dominant is not illegal, dominant undertakings have a special responsibility; some actions that would have otherwise been legal, are prohibited.7 The Court of Justice of the European Union (‘the Court’) stated that Art. 102 TFEU not only prohibits practices that directly harm the consumer but also prohibits practices that harm competition and thereby harm the consumer indirectly.8 These practices are grouped into two main forms of abuse; exclusionary and exploitative abuses. Exclusionary abuses are focused on preventing or restricting competitors from the market, rather than directly affecting consumers, for example by not giving competitors access to a big database.9 A few examples of exclusionary abuses are exclusive dealing, tying and bundling, predation, refusal to supply and margin squeeze.10 This will eventually also lead to consumer harm, but harming the consumer is not the main objective. Exclusionary effects do not automatically harm competition. Sometimes the less-efficient competitors are forced to leave the market as a result of the more efficient undertakings, which is beneficial to the consumer, because less efficient competitors are less attractive to consumers with regard to price, choice, quality or innovation.11 Exclusionary abuses are listed under Art. 102 (b) ‘limiting production, markets or technical development to the prejudice of consumers’. In this thesis the focus will be on exploitative abuses. Exploitative abuses harm the consumer directly, and therefore do not

5_{Communication from the Commission - Guidance on the Commission’s enforcement priorities in applying}

Article 82 of the EC Treaty to abusive exclusionary conduct by dominant undertakings [2009] OJ C45/7, para. 5.

6_{Ibid., para. 6.}

7_{Case C-322/81 NV Nederlandsche Banden Industrie Michelin v Commission of the EC [1983].}

ECLI:EU:C:1983:313, para. 57.

8_{Case C-52/09 TeliaSonera Sverige [2011] ECR I-527, para. 24.}

9_{R O’Donoghue and J Padilla, The Law and Economics of Article 102 TFEU (Hart Publishing 2013) p. 215.} 10_{Guidance on Art. 82 (n5) paras 32-90.}

(7)

need proof of anti-competitive conduct or intent.12 Exploitative abuses are listed under Art. 102 (a) TFEU; “directly or indirectly imposing unfair purchase or selling prices or other unfair trading conditions”. It entails contractual clauses that are “unfair in that the dominant firm takes advantage of its market power to impose terms that could not be imposed by a firm that did not have market power”.13 According to Akman, the Commission rarely sanctions exploitative abuses because of its focus on exclusionary abuse, since it is assumed that exclusionary abuse will often lead to exploitative abuse, and thus addressing exclusionary abuse will also solve exploitative abuse.14

Consumer welfare is one of the main goals of Art. 102 TFEU. In Post Danmark the Court mentioned the term ‘consumer welfare’ but did not describe its meaning. It did make a reference to the competitive parameters: price, choice, quality and innovation.15_{The exact}

meaning of the consumer welfare concept is unclear for a number of reasons. One of those reasons is that the standard is used in different areas of law and it could even differ in different political systems. In competition law it is based on an economic concept which pursues economic efficiency.16 The consumer welfare model under competition law entails the prevention of increases in consumer prices, restriction of output or a decrease of quality due to a dominant undertaking using its market power, which leads to the maximisation of consumer surplus.17_{While one of the aims is to increase consumer welfare, it also aims at}

decreasing consumer harm. To determine the theory of harm under Art. 102 TFEU, it is important to look at the consumer harm standard; when is a consumer harmed? Consumer harm is defined as “negative effects, in particular on the price, quantity or quality of the goods and services”.18 In the Horizontal Mergers guidelines, it is stated that if undertakings would be able to “profitably increase prices, reduce output, choice or quality of goods and services, diminish innovation, or otherwise influence parameters of competition” this may be harmful to competition and then also harm the consumer.19 Even though, this definition of consumer

12_{M Gal, ‘Abuse of Dominance – Exploitative Abuses’ in Lianos and Geradin (eds), Handbook on European}

Competition Law (Edward Elgar 2013) Chapter 9, p. 1.

13_{O’Donoghue (n9) p. 238.}

14_{P Akman, ‘Exploitative Abuse in Article 82EC: Back to Basics?’, CCP Working Paper 09-1 (2009), p. 4}

available via < http://competitionpolicy.ac.uk/documents/107435/107587/1.105848!wp09-1_exploitative_abuse_in_article82EC_PA.pdf> accessed on 10 October 2016.

15_{Post Danmark (n11) para. 22.}

16_{K Cseres, ‘The Controversies of the Consumer Welfare Standard’ (2007) 3 the Competition Law Review 2, p.}

125.

17_{Ibid., 124.}

18_{Case C-67/13 CB [2012] EU:C:2014:2204, para. 51.}

19_{F Costa-Cabral, ‘The preliminary opinion of the European data protection supervisor and the discretion of the}

(8)

harm is established under merger control, these are also the competitive parameters that are looked at under Art. 102 TFEU. Akman also emphasized that the harm does not have to be actual, but can also be ‘likely’ and the identification of harm can rest on qualitative or quantitative evidence.20 Concluding, the theory of harm under Art. 102 TFEU can exist in two main forms which are exclusionary and exploitative abuses, to determine when there is such an abuse, the competitive parameters will have to be assessed; an increase in price, a restriction in output or innovation or a decrease in quality could constitute consumer harm.

2.2 Quality as a parameter

Price is an ‘easy assessable’ parameter and is the parameter that is mostly used under Art. 102 TFEU. A price-based abuse is most common because economics can be used to determine when a price is excessive and because of the strong (visible) relation between price increases and consumer harm.21 Where a price increase is easily noticeable, a quality decrease is hard to define, let alone hard to measure. The Competition Committee of the Organisation for Economic Co-operation and Development (‘OECD’) looked at the role and measurement of quality in the competition analysis (2013).22 In my opinion, this report emphasizes the importance of quality in the competition analysis, especially because it is hard to define. Quality is hard to measure because of the subjective features that may contribute to a perception of quality by consumers.23 Some may find the cheapest airplane seat more appealing than a luxury one with a higher price tag. Which shows that price could in some cases beat (the level of) quality, and the other way around. Quality is a multidimensional concept which entails many different components that contribute to the level of quality, such as the durability, reliability, location, design, performance, safety, smell, taste, sound etc.24 These features are all important for the level of quality. They need to be balanced in order to be able to make a good evaluation of the product. Quality is also a relative concept, the quality of one product will always be compared to the quality of another and then be

assessment of horizontal mergers under the Council Regulation on the control of concentrations between undertakings, [2004] OJ C 31/5, para. 8.

20_{P Akman, ‘The European Commission’s Guidance on Article 102 TFEU: From Inferno to Paradiso? (2010)}

73(4) MLR p. 12. Guidance on Art. 82 (n5), para. 19.

21_{F Costa-Cabral and O Lynskey ‘The Internal and External Constraints of Data Protection on Competition Law}

in the EU’ (2015) LSE Law, Society and Economics Working Papers 25, 16.

22_{OECD, ‘The Role and Measurement of Quality in Competition Analysis’ (2013) available via}

<http://www.oecd.org/competition/Quality-in-competition-analysis-2013.pdf> accessed on 10 October 2016

23_{Ibid., p. 4.} 24_{Ibid., p. 6.}

(9)

assessed.25 Furthermore, the absence of measurable variables also troubles the identification of a decrease in quality.26 Economists tend to divide quality characteristics into vertical and horizontal groups, which is inexact but at least gives some guidance.27 Vertical differentiation are the characteristics of quality that all consumers would find important and valuable to have in a product. Horizontal differentiation are the characteristics that differ per person.28

Quality can be described as “the flow of service, or the level of value, that consumers derive from a product”.29 Although it is hard to measure, competition authorities recognise quality as a key non-price parameter that determines whether the consumer will purchase a product or not.30 According to Costa-Cabral and Lynskey, competition assessments based on a decrease of quality are equally as important as assessments based on an increase in price.31 Furthermore, quality is an especially important parameter where services are offered for free (as is the case with Facebook), since there is no price consumers can focus on, and quality is the main feature.32 Normally, consumers would compare prices, but since several services are offered for free, that is impossible. In these cases, quality would be the main component consumers look at, which makes it just as an important competitive parameter as price. Competition authorities currently use customer surveys and interviews to assess quality. In some markets, sector-specific experts can be used to assess quality levels.33

Thus identifying a decrease in quality, or in general, identifying dimensions of quality in a competition analysis, is difficult. To avoid having to look at these dimensions individually, competition authorities have been leaning on two general assumptions made about quality. The first being that more competition will generally increase quality for a certain price or reduce the price for a given level of quality, since that will distinguish that producer from the other producers and will make the consumer buy their product.34 Undertakings will generally try to attract consumers by offering products or services lowering its prices and/or increasing the quality of the products or services.35 Stucke and Ezrachi state 25_{OECD (n22) p. 6.} 26_{Ibid., p. 78.} 27_{Ibid., p. 6.} 28_{Ibid., p. 6.} 29_{Ibid., p. 5.} 30_Ibid.

31_{Costa-Cabral and Lynskey (n21) p. 17. This argument is based on case C-202/07 France Telecom SA v}

Commission [2009] ECR I-2369, para. 106, where the Court refers to ‘competition on the basis of quality’.

32_{Commission Decision of 7 October 2011 (Case COMP/M.6281) [2011] OJ C268}_{(Microsoft/Skype) para. 81.} 33_{OECD (n22) p. 6.}

34_{Stucke and Ezrachi (n1) p. 1.}

35_{Ibid., p. 5, footnote 13. US Department of Justice, Antitrust Division, Antitrust Enforcement and the}

Consumer (2005) p. 1 available via <https://www.justice.gov/atr/file/800691/download> accessed on 24 December 2016.

(10)

that this correlation automatically suggests that when there is less competition, the level of quality would drop below the level consumers would prefer.36 The second one is that when prices and quality vary, consumers will weigh the different products using a price-quality standard.37 Consumers will rely on the thought that higher prices equal higher quality. However, according to Stucke and Ezrachi, markets are sometimes more complicated than that and price and quality do not always positively correlate as mentioned above.38 Consumers are victims of limited information flows that make it difficult to compare the quality of several products or even assess the quality of a single product.39 Several experiences have showed that consumers assume that a more expensive product is of higher quality. Companies may sometimes charge a higher price to lead the consumer to believe that its quality is similar to that of an equally priced product, when in fact it is not.40_{As to the expectation that more}

competition will constitute higher quality, this is not always convincing considering the fact that consumers cannot rationally assess the difference in quality between the different products.41 Furthermore, the Commission stated that the incentive to degrade quality is even higher in two-sided markets because degrading quality will lead to more revenue on the advertising side of the market and it is difficult for users to assess this quality degradation.42 Theoretically, quality is seen as an important parameter. But is this established in case law as well?

In practice, as mentioned earlier, the Court has made a reference to the competitive parameters, including quality, in the Post Danmark case, but has never ruled on the definition of quality. In its Intel judgment the Court stated that there is “no single parameter which defines the quality of a product”.43 Though, the Commission has mentioned quality in merger control cases a fair amount of times. An analysis of merger decisions is set out below.

2.3 Quality as a parameter in merger control

Even though the Court stated that there is no single parameter which defines the quality of a product, the Commission has assessed quality in its merger control. Through its merger control, the Commission prevents mergers that will likely be able, because of its gained

36_{Stucke and Ezrachi (n1) p. 5.} 37_{Ibid., p. 1.}

38_Ibid. 39_{Ibid., p. 14.} 40_{Ibid., p. 18.} 41_{Ibid., p. 15.}

42_{Commission Decision of 18 February 2010 (Case COMP/M.5727) [2010] OJ C20 (Microsoft/Yahoo! Search}

Business) para. 204.

(11)

market power, to harm competition.44 The substantive test for assessing mergers is the SIEC test, which stands for “significant impediment of effective competition” and covers all loss of competition, through an increase in price, a reduction of quality, output, innovation or choice.45 In the notified merger of Ryanair and Aer Lingues, the Commission stated that the commitments Ryanair proposed were not enough to take away the identified competition concerns.46 It prohibited the merger, among others, on the assumption that Ryanair may increase their prices and that there is no guarantee that the quality of Aer Lingues’ services would not be negatively affected.47 Which shows that quality is being taken into account when assessing a notified merger. The merger of Microsoft/Yahoo! was approved because the proposed merger would not significantly impede effective competition. Competition mainly takes place on the quality of the search results.48_{One of the theories of harm the Commission}

assessed was whether there would be any post-merger anticompetitive effects on the quality of the organic search results.49 The Commission considered that it is unlikely that quality would be degraded post-merger since this would jeopardise Yahoo’s revenues.50 Looking at Google’s huge market share, one would think that Yahoo would increase its quality due to a larger scale and due to the need to compete with Google.51 In TomTom/Tele Atlas the Commission approved the merger between the parties since it would not give rise to any constraints on competition. It would not make sense for the merged entity to degrade quality since it does not bring higher margins upstream and competitors could also go to NAVTEQ for a quality map database.52 Lastly, in May 2016, the Commission blocked the proposed acquisition of O2 by Hutchison. The Commission had concerns that the acquisition would lead to higher prices for UK consumers and lower quality of the mobile services.53

In the cases analysed above, the Commission assesses whether there are incentives for the merged entity to constitute abusive behaviour post-merger that would harm competition. In these cases, the post-merger abusive behaviour could have constituted a decrease in quality

44_{Guidelines on the assessment of horizontal mergers under the Council Regulation on the control of}

concentrations between undertakings (2004) OJ C031, para. 8.

45_{Regulation 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EC}

Merger Regulation), OJ L24, 29.01.2004, p. 1.

46_{Commission Decision of 27 June 2007 (Case COMP/M.4439) [2007] OJ C274 (Ryanair /Aer Lingues I) para.}

1237. 47_{Ibid., para. 1222.} 48_{Microsoft (n42) para. 101.} 49_{Ibid., para. 202.} 50_{Ibid., para. 218.} 51_{Ibid., para. 226.}

52_{Commission Decision of 14 May 2008 (Case COMP/M. 4854) [2008] OJ C262 (TomTom/Tele Atlas) para.}

220.

53_{Commission Decision of 28 May 2014 (Case COMP/M.7612) [2014] OJ C310 (Hutchison 3G UK/ Telefonica}

(12)

and the Commission is obliged to assess likely post-merger abusive behaviour.54 The Commission follows the economic theory that predicts that competition may either increase or decrease product quality based on market concentration, depending on the market situation.55 It must be done on a case-by-case basis, since the market circumstances are different each time. Comparing the market concentration before and after the merger and looking at the characteristics of the market, will lead to a conclusion as to whether there is a concern that quality will be degraded or not. To conclude, in merger control cases quality is assessed as a competitive parameter. However, there is not a specific test used to define the decrease in quality. The Commission uses an ex-ante market assessment to see whether the merged entity would have an incentive to degrade quality post-merger; merger control is always done pre-emptively and therefore based on speculations.

One could say that merger control and Art. 102 TFEU are two sides of the same coin. The aim of merger control and Art. 102 TFEU is quite similar; to have an effective competitive market. Art. 102 TFEU constitutes this by preventing dominant undertakings to abuse its power in the market and merger control prohibits mergers which would create or strengthen a dominant position. As mentioned earlier, academics, the Commission and even the Court have mentioned quality as a parameter but the Court and the Commission have never ruled on it under Art. 102 TFEU. Merger control and Art. 102 TFEU only differ in its enforcement, namely merger control is done ex-ante, based on speculations, and Art. 102 TFEU enforcement is done ex-post. If Art. 102 TFEU were sufficient to prevent abuses, merger control might not have been necessary.56 A conclusion that can be drawn from this, is that the quality parameter, proven to be there in merger control, is also there under Art. 102 TFEU, although it appears in practice that the authorities have difficulties assessing it under Art. 102 TFEU. Ex-post assessments under Art. 102 TFEU can lead to huge fines; therefore, a pre-determined legal framework is necessary to constitute legal certainty.

2.3.1 SSNDQ test to define the relevant market

Regardless of these difficulties with assessing quality, another important indicator that supports the argument that quality certainly is a competitive parameter under competition law is the existence of a test to define the relevant market based on quality. When assessing

54_{Case C-12/03 Commission v Tetra Laval BV [2005] ECR I-987, para. 159.} 55_{OECD (n22) para. 4.}

(13)

whether an undertaking has a dominant position, it is necessary to define the relevant market. A classic economic model to define the relevant market is the SSNIP test, which stands for a Small but Significant Non-Transitory Increase in Price. This test is used to assess whether consumers would switch to another product if the price of the assessed product would increase by a hypothetical 5-10%. If consumers stop buying the product and switch to a different product, it means these products are in the same relevant market.57 When consumers are assessing whether they still want to buy the product regardless of the price increase, they will look at the quality of the product and compare it to other products. Quality is therefore important in applying the SSNIP test, but since the test makes use of an increase in price, quality is not being brought into the analysis. That is where the Small but Significant Non-Transitory Decrease in Quality (SSNDQ) test might help. This test could lead to a quantitative focus on quality in relation to market definition.58_{Some argue that the SSNDQ test is}

necessary to define relevant markets since undertakings do not only compete on price but also on quality, and it is especially important in markets with rapid technological change.59 The SSNDQ test does not make the identification of quality aspects easier, it only emphasises that when defining a market, quality considerations also need to be looked at, and the SSNDQ can help to achieve that. Although some might criticise the test for being unworkable in practice, the Competition Committee of the OECD states that given the fact that it is hard to measure quality with just applying the SSNIP test, the SSNDQ test might not be a bad idea.60

57_{OECD ‘Roundtable on market definition’ (2012) p. 3 available via <}

http://ec.europa.eu/competition/international/multilateral/2012_jun_market_definition_en.pdf> accessed on 10 October 2016.

58_{OECD (n22) p. 9.} 59_{Ibid., p.14.} 60_{Ibid., p. 9.}

(14)

3 Personal data protection

Now that it has been established that ‘quality’ is a parameter under the competition law analysis, it is time to look at the role of (the quality of) data protection in this analysis. As mentioned before, when a service is offered for free, such as Facebook, consumers tend to look at the terms and conditions of the service, to distinguish services, since there is no price to look at.

3.1 EU Law context

It is important to keep in mind that data processing itself is not illegal and sometimes very useful to innovate products and personalise services. Though, data processing has to be looked at keeping in mind the fundamental right to protection of personal data concerning him or her. This fundamental right is laid down in Art. 8 (1) of the Charter of Fundamental Rights of the European Union (‘the Charter’) and in Art. 16 (1) of the TFEU.61 Art. 38 of the Charter states that EU policies need to ensure a high level of consumer protection. Furthermore, consumer protection needs to be taken into account when defining and implementing EU policies in general, on the basis of Art. 12 TFEU. Consumer law is about protecting the consumers against market failures that will harm the consumer in market transactions.62 In the case of data use policies, the position of consumers is harmed because of a lack of information about the processing of the personal data, the uncertainty about the use of the data and/or the use of unfair terms in the sense of Directive 93/13. Art. 7 TFEU states that the EU institutions are obliged to ensure consistency between policies. When combining this with the fundamental right to data protection in Art. 16 TFEU, one could argue that applying competition law on data protection issues is indirectly laid down in the Treaty.63_{The EU}

institutions are also obliged to respect and promote the right to data protection.64

Because of the principle of proportionality, the fundamental right to the protection of personal data is not an absolute right, it has to be balanced against other fundamental rights.65 The protection of personal data also has to be weighed against the free movement of personal data so that it will not infringe the proper functioning of the internal market.66 The

61_{Regulation 2016/679 of 27 April 2016 [2016] OJ L119/1 (General Data Protection Regulation) para. 1.} 62_{Cseres (n16) p. 122.}

63_{C Kuner, F Cate & others, ‘When two worlds collide: the interface between competition law and data}

protection’ (2014) 4 International Data Privacy Law 4, 248.

64_{Art. 51 (1) Charter of Fundamental Rights.} 65_{Regulation (EU) 2016/679 (n61) para. 4.} 66_{Ibid., para. 13.}

(15)

fundamental right to data protection is further developed in Directive 95/46/EC. This directive will be replaced by Regulation 2016/678 (General Data Protection Regulation, ‘GDPR’).67 The enlarged scale of the processing of data in the online economy required some new rules on the collection and processing. The adoption of a new Regulation confirms the importance of an update of the regulatory framework of data protection.68

Undertakings that collect personal data need to obey several rules regarding the collection and processing of personal data for the processing to be legal. The most important principles of data processing are that the data should be processed lawfully, fairly and with transparency.69 Infringing these principles might lead to huge fines. If the undertaking that processes the data has pre-formulated the terms and conditions, the language has to be clear and plain. Since the text of the terms and conditions is set, the consumer does not have the ability to negotiate terms and conditions. It should not contain unfair terms and in case of doubt, the terms have to be explained in favour of the consumer.70 Art. 102 (a) TFEU specifically prohibits ‘unfair terms and conditions’. The unfairness of the terms of the contract might in itself provide crucial evidence of an abuse of a market position.71 The concept of ‘fairness’ is not described under Art. 102 TFEU; the article merely gives examples of unfair practices.72 It comes back in competition law, data protection law and consumer protection law. The enforcement of these unfair terms and conditions is often pushed around. Competition authorities tend to leave the exploitative abuse enforcement regarding unfair terms and conditions to consumer enforcement, because they may be better equipped. While consumer protection law enforcers may leave enforcement of these unfair terms to data protection authorities.73

67_{Regulation (EU) 2016/679 (n61).}_{This regulation entered into force on 27 April 2016 and shall apply from 25}

May 2018. Art. 4 (1) of the Regulation states that personal data refers to “any information relating to an identified or identifiable natural person (data subject)”.

68_{Para. 9 of the Regulation states that differences in the level of protection of personal data between Member}

States also caused uncertainty with regard to the degree of data processing in each Member State. This led to a disturbance of the free movement of personal data throughout the Union, which distorted competition and economic activities between Member States. Regulation 2016/678 will therefore replace Directive 95/46/EC for a more consistent application of data protection laws across all Member States.

69_{Regulation (EU) 2016/679 (n61) Art. 5. Furthermore, personal data can only be collected for specified,}

explicit and legitimate purposes, i.e. ‘purpose limitation’. The collected data must be adequate, relevant and limited, i.e. ‘data minimisation’. The data collected must be accurate, i.e. ‘accuracy’. The data cannot be stored for longer than necessary, i.e. ‘storage limitation’, and it also has to be collected with integrity and

confidentiality. Art. 17 also states the ‘right to be forgotten’ which constitutes a right for data subjects to request access to the information that is held about them and the right to erasure.

70_{Council Directive (EC) 93/13 on unfair terms in consumer contracts [1993] OJ L95/29 (Directive 93/13) Art.}

5.

71_{P Akman, The Concept of Abuse in EU Competition Law (Bloomsbury Publishing 2012) p. 168.} 72_{Ibid., p. 146.}

73_{European Data Protection Supervisor, ‘EDPS Opinion on coherent enforcement of fundamental rights in the}

(16)

Another prerequisite of the legality of data processing is that the data subject has given his or her consent to the processing of his or her personal data.74 The GDPR states that the declaration of consent cannot be unfair and has to be looked at in the context of Directive 93/13.75 The Directive, part of EU consumer law, has a broad scope and therefore also applies to the two-sided market where one side constitutes ‘free’ services to the users.76 Consent is not freely given if the consumer has no genuine or free choice.77 This is especially important when looking at the abuse of a dominant position: is consent freely given; does the consumer have a choice? If no realistic alternative exists, it leads to a take-it-or-leave-it situation for users, because there is no possibility, for example, to consent only to a basic data processing feature, and not consenting to other use of one’s data.78 Users of Facebook, for example, have no room to negotiate the terms and conditions. This is a significant imbalance between the provider and the user, which also calls into question the genuine choice and the validity of the consent.79 The Court stated that the undertaking needs to provide the full text of the terms and conditions and/or data use policy; providing a hyperlink is not enough.80 Next to the question whether the consumer has a choice, it is also necessary to ask the question whether the data subjects have enough information to make an informed genuine decision.81 The question whether consent is freely given goes beyond the scope of this thesis, but is important to keep in mind.

3.2 Data protection and competition law

For the quality of data protection to be a parameter under Art. 102 TFEU, data protection has to fit in the competition law framework. The application of competition law on data protection infringements raised some issues. Can competition authorities use competition law enforcement to deal with violations of data protection laws that may cause harm to competition? There are some arguments that support a negative answer to this question. It can be argued that competition law is designed to pursue its own objectives and is mainly

74_{Regulation (EU) 2016/679 (n61) Art. 6.1(a).} 75_{Regulation (EU) 2016/679 (n61) para. 42.}

76_{European Commission’s Expert Group on Cloud Computing Contracts, ‘Unfair Contract Terms in}

Cloud-Computing Service Contracts’ Discussion Paper, available via <

http://ec.europa.eu/justice/contract/files/expert_groups/unfair_contract_terms_en.pdf> accessed on 29 October 2016.

77_{Regulation (EU) 2016/679 (n61) para. 42.} 78_{EDPS (n73) p. 13.}

79_{EDPS, ‘The interplay between data protection, competition law and consumer protection in the Digital}

Economy’ (2014) Preliminary Opinion, p. 35.

80_{Case C-49/11 Content Services Ltd v Bundesarbeitskammer [2012] ECLI:EU:C:2012:419, para. 51.} 81_{EDPS (n79) p. 35.}

(17)

concerned with economic efficiency; privacy issues are non-economic. Furthermore, it already struggles with assessing non-economic factors that are assumed to fall under the competition law framework; assessing privacy issues would be even harder.82 Moreover, accepting data protection under competition law could lead to a practice where every law infringement by a dominant undertaking could become relevant for competition law enforcement, which is not desirable because this would go beyond the scope of competition law and beyond the expertise of the Commission.83 Furthermore, it can also be argued that the two areas of law do not have the same strategy of enforcement. Competition law can act ex-ante on proposed mergers, and ex-post on cartel behaviour or on an abuse of dominance. Data protection law can only enforce ex-post.84 Another objection to the application of competition law on data protection issues is that it could be said that by applying competition law on data protection law, one area of law is used to fill an (apparent) gap in another area of law. The question is, whether there is a gap in data protection law or in competition law. It can be argued that data protection law requires adjustments in its regulatory framework where more adequate regulation and remedies are necessary.85 A gap in competition law can also be supported by the fact that it seems to lack a relevant framework to assess data protection issues.

In contrast to the arguments set out above, the French and German competition authorities stated that privacy issues cannot be excluded from competition law merely because of their different nature. Privacy policies should be considered from a competition angle when they are liable to affect competition.86 The competition authorities even specifically stated that in abuse of dominance cases “there may be a link between the dominance of the company, its data collection processes and competition on the relevant markets, which could justify the consideration of privacy policies and regulations in competition proceedings”.87 Furthermore, Costa-Cabral argues that fostering privacy can be seen as a competitive

82_{A Lamadrid de Pablo, ‘On privacy, big data and competition law (2/2) On the nature, goals, means and}

limitations of competition law’ available via < https://chillingcompetition.com/2014/06/06/on-privacy-big-data-and-competition-law-22-on-the-nature-goals-means-and-limitations-of-competition-law/> accessed on 10 September 2016.

83_{I Graef and B van Alsenoy, ‘Data protection through the lens of competition law: will Germany lead the way?’}

(2016) available via < http://blogs.lse.ac.uk/mediapolicyproject/2016/03/23/data-protection-through-the-lens-of-competition-law-will-germany-lead-the-way/> accessed on 28 October 2016.

84_{R Craig, ‘Big Data and competition – merger control is not the remedy for data protection issues’ (2014)}

available via < https://united-kingdom.taylorwessing.com/globaldatahub/article_big_data_competition.html> accessed on 13 October 2016.

85_{Lamadrid de Pablo (n82).}

86_{Autorité de la Concurrence and the Bundeskartellamt, ‘Competition Law and Data’ (2016), p. 23 available via}

< http://www.bundeskartellamt.de/SharedDocs/Publikation/DE/Berichte/Big Data Papier.pdf?__blob=publicationFile&v=2> accessed on 10 November 2016.

(18)

advantage and might be enough to influence the quality on services.88 He states that even if one does not accept the quality of data protection under consumer welfare, because it is a broad and vague concept, it can still be accepted as a parameter in the competitive process. This argument could also be used against the statement that assessing data protection under competition law would be dangerous since then every infringement of law can be assessed under competition law. Keeping in mind the argument above, that would be incorrect, since data protection will only be assessed under competition law if it consists of a competitive problem.89

3.2.1 The Court

So far, the Court has rejected applying competition law on data protection issues. In

Asnef-Equifax the Court stated that “any possible issues relating to the sensitivity of personal data

are not, as such, a matter for competition law, they may be resolved on the basis of the relevant provisions governing data protection”.90 However, in the case of Asnef-Equifax there was no competition on the basis of the quality of their data use policies, and therefore the data use policy cannot be seen as a competitive parameter in this case, which eliminates the opportunity to apply competition law on data protection issues.91_{Costa-Cabral correctly}

argues that the decisions in Asnef-Equifax and Facebook/WhatsApp considered denying a broad interpretation of consumer welfare that incorporates data protection law.92 Though competition law does not have to incorporate all issues in data protection law under its competence. Important here is that undertakings that offer services for ‘free’ and compete on privacy or on the data user policies can fall under competition law enforcement, which is more specific and concerns the competitive process.93 In its Allianz Hungaria judgment in 2013 the Court did state that an infringement in one area of law could possibly be a factor in determining an infringement of competition law as well.94 Though the Court does not seem to go that far in applying the fields together, the German Federal Court of Justice appears to be more certain of its relation. In its judgment of November 2013 the Federal Court stated that

88_{Costa-Cabral (n19) p. 503.} 89_{Ibid., p. 507.}

90_{Case C-238/05 Asnef-Equifax, Servicios de Información sobre Solvencia y Crédito, SL v Asocición de}

Usuarios de Servicios Bancarios (Ausbanc) [2006] ECR I-11125 para. 63.

91_{Costa-Cabral and Lynskey (n21) p. 20.} 92_{Costa-Cabral (n19) p. 503.}

93_Ibid.

94_{European Data Protection Supervisor, ‘Privacy, Consumers, Competition and Big Data’ Report of Workshop}

(2014)<https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Big data/14-07-11_EDPS_Report_Workshop_Big_data_EN.pdf> accessed on 12 September 2016.

(19)

“contract terms which are incompatible with the laws regulating general conditions and terms of trade might be an abuse of a dominant position if the use of the terms is based on the company’s market dominance”.95 Which means that, according to the German Court, even if it is determined that the protection of personal data cannot be assessed under competition law, proving an infringement on the basis of the unfair terms and conditions Directive, can also constitute an abuse of a dominant position.96

3.2.2 The Commission

The Commission has thus far been reluctant in applying competition law on data protection issues. In its Google/DoubleClick and Facebook/WhatsApp merger decision, the Commission specifically stated that privacy-related concerns should not fall within the scope of EU competition law.97 In these cases, similar to the cases of the Court mentioned above, there does not seem to be competition on the basis of data use policies. The Commission did not consider personal data as a commodity, it stated that both parties were not active in markets regarding data or data analytics services.98_{In her speech of 29 September 2016, Margrethe}

Vestager emphasizes the importance of big data and that it could help build better products. She goes on to state that competition law is not there to object to that but it has to keep an eye out to see that these practices do not hurt consumers by undermining competition.99 She states that “Europe’s competition enforcers need to work together on big data” and that it is important to see what tools are needed.100 Vestager also recognizes that a new EU legislation might be needed, but the ongoing impact assessment on big data will give more information about what is necessary.101

3.2.3 European Data Protection Supervisor

Although some arguments support the non-application of competition law on data protection issues and the case law so far rejected the application, the majority of academics and especially the EDPS seem to see a solution in applying competition law on data protection

95_{German Federal Court of Justice (Bundesgerichtshof), ,,VBL-Gegenwert’’, KZR 61/11, judgment of}

16.11.2013, p. 68 available via <http://openjur.de/u/660077.html> accessed on 30 October 2016.

96_{Council Directive (EC) 93/13 (n70).}

97_{Commission Decision of 3 October 2014 (Case M.7217) [2014] OJ C297 (Facebook/WhatsApp) para. 164} 98_{Ibid., para. 72.}

99_{M Vestager, ‘Big Data and Competition’ speech 29 September 2016 available via <}

https://ec.europa.eu/commission/2014-2019/vestager/announcements/big-data-and-competition_en > accessed on 27 December 2016.

100_Ibid. 101_Ibid.

(20)

issues. The EDPS stated in its Preliminary Opinion that data protection rights should be included in the enforcement of competition law. It quotes two main principles which justify the application of competition law on data protection issues namely: “first, privacy harms reduce consumer welfare, which is a principle goal of modern antitrust analysis. Second, privacy harms lead to a reduction in the quality of a good or service, which is a standard category of harm that results from market power”.102 The EDPS argues that next to these arguments, the discretion of the Commission to enforce competition law can imply the assessment of data protection under competition law.103 The EDPS also states that in other markets, businesses such as private banking and security services typically compete on protecting privacy, which therefor makes it a legitimate competitive parameter.104 A failure by one company to respect data protection would mean a reduction of their market power.105_The

EDPS is of the opinion that when undertakings can lose market power by reducing data protection, they could also use data protection as a competitive advantage. Unfortunately, undertakings do not seem to see it that way (yet).106 The EDPS argues that where an individual’s control over its personal data decreases because of the power of a dominant undertaking, this can lead to consumer harm.107 It suggests to develop “a concept of consumer harm, particularly through violation of rights to data protection, for competition enforcement in digital sectors of the economy”.108

According to the EDPS, cooperation between competition authorities and data protection authorities is essential. The EDPS came up with a way to stimulate the collaboration between the different fields of law, namely to get the authorities of the different fields of law to cooperate. The EDPS proposed to facilitate a Digital Clearing House.109 This would constitute a voluntary network of regulatory authorities at both national and EU level. The EDPS even specifically states that the Digital Clearing House could carry out the following activity: “using data protection and consumer protection standards to determine ‘theories of harm’ relevant to merger control cases and to cases of exploitative abuse as

102_{EPDS (n79) p. 17, footnote 48. The EDPS quotes Peter Swire in ‘Protecting Consumers: Privacy Matters in}

Antitrust Analysis’ (2007) available via <

https://www.americanprogress.org/issues/economy/news/2007/10/19/3564/protecting-consumers-privacy-matters-in-antitrust-analysis/> accessed on 23 December 2016.

103_{Costa-Cabral (n19) p. 498.} 104_{EDPS (n79) p. 33.} 105_Ibid. 106_Ibid. 107_{Ibid., p. 31.} 108_{Ibid., p. 32.} 109_{Ibid., p. 15.}

(21)

understood by competition law under Art. 102 TFEU, with a view to developing guidance similar to what already exists for abusive exclusionary conduct”.110

The EDPS also mentioned a few solutions which would help to reduce consumer harm caused by the processing of personal data. The options include offering users a paid service which minimised collection and retention of personal information; applying a proportionate limit to the retention of customer data (‘compare and forget’); implementing data portability by giving the user options to withdraw their personal information and to port it to another service provider; and placing strict controls on information processing across different parts of the business for incompatible purposes.111

110_{EDPS (n79) p.15.} 111_{Ibid., p. 32.}

(22)

4 Data protection as a parameter of quality

4.1 Data protection under competition law analysis

The Commission has assessed personal data issues in several cases under merger control. The first case where data issues were recognised as input was in the merger of

Google/DoubleClick. One of the theories of harm the Commission investigated was whether

post-merger foreclosure scenarios would occur because of the combination of DoubleClick’s and Google’s databases.112 This would constitute an exclusionary abuse, where competitors would not be able to replicate the achieved merged databases. Another case where the Commission investigated such an exclusionary abuse regarding data was in Telefónica

UK/Vodafone Group/Everything Everywhere/JV, where the Commission also stated that other

competitors would not be foreclosed from data-input because of other competitors on the market.113 These cases prove that data can be seen as a valuable input that could lead to an exclusionary abuse under competition law by foreclosing competitors, but with data as an input there is no direct link to harming consumers. According to the cases mentioned below, data can also harm consumers directly by degrading the quality of data protection.

4.1.1 Facebook/WhatsApp acquisition

In 2014, Facebook notified the Commission of its proposed merger with WhatsApp on the basis of Art. 4 of the Merger Regulation. In its investigation the Commission has analysed two possible theories of harm that could help Facebook strengthen its position in online advertising. Facebook could introduce advertising on WhatsApp and/or it could use WhatsApp to gain user data for the purpose of improving the targeting of Facebook’s advertising activities outside WhatsApp.114 Some respondents to the market investigation voiced their concern about how the transaction might materially strengthen Facebook’s position in online advertising services because of the amount of data Facebook will gain.115 Several respondents also pointed out that if the merged entity were to start collecting data from WhatsApp users, some WhatsApp users would switch to a different communication app where the data collection practices are less intrusive.116 In fact, in Germany many users of

112_{Commission Decision of 11 March 2008 (Case COMP/M.4731) [2008] OJ C230 (Google/DoubleClick) para.}

288.

113_{Commission Decision of 4 September 2012 (Case M.6314) [2012] OJ C74 (Telefónica UK/ Vodafone}

UK/Everything Everywhere/ JV) para. 557.

114_{Facebook (n97) para. 167.} 115_{Ibid., para. 184.}

(23)

WhatsApp switched to a different communication application shortly after the merger of Facebook and WhatsApp was announced.117 Which shows that the data protection policy is definitely a competition parameter consumers look at when using a service and when a decrease in the data user policies occurs, consumers might even switch services. Facebook stated that it is aware that users would not be happy if users’ profiles (and thereby data) of the two services would be combined post-merger.118 Eventually, the merger was approved on the grounds that even if Facebook were to use user data from WhatsApp, the merger would only raise competition concerns if the merger were to strengthen the position of Facebook in advertising. According to the Commission, the merger would not strengthen the position of Facebook in advertising as there are a sufficient number of other providers of online advertising services.119

Facebook notified its wish to acquire WhatsApp on 29 August 2014. The proposed merger got approved on 3 October 2014, which is rather quick considering the Commission is allowed to take up to 90 working days to decide on a merger.120 The proposed merger got a lot of attention, perhaps also because of the fact that it was unclear what exactly the merger would mean to ‘us’, the consumer. Next to the switched users in Germany, thousands of other users switched messaging platforms after the merger announcement, because users were afraid Facebook could gain data from WhatsApp conversations and they were concerned about their privacy.121 Those privacy concerns might have been legitimate. In a press release of 20 December 2016, the Commission accuses Facebook in a Statement of Objections of providing incorrect or misleading information during the merger investigation in 2014.122 The Commission argues that Facebook has stated that it would not be able to automatically match Facebook users’ profiles with WhatsApp users’ profiles.123 Apparently, this possibility of matching the profiles already existed in 2014. Even though the Statement of Objections is only based on breaches of procedural rules, namely, breaching the obligation to submit correct information, in my opinion, this demonstrates how elusive the digital markets still are. Parties are obliged to offer correct information, in principle, the Commission would have to trust that they will. Parties will always know more about their market, so in a certain way, you

117_{Facebook (n97) para. 174.} 118_{Ibid., para. 138.}

119_{Ibid., paras 187-188.}

120_{Regulation 139/2004 (EU) (n45) Art. 10 (3).} 121_{Facebook (n97) footnote 79.}

122_{European Commission Mergers: Commission alleges Facebook provided misleading information about}

WhatsApp takeover Press Release (20 December 2016) available via < http://europa.eu/rapid/press-release_IP-16-4473_en.htm> accessed on 22 December 2016.

(24)

could say there is information asymmetry between the parties and the Commission. Especially because the market is still relatively new, more information about the characteristics of the market WhatsApp and Facebook are active in, is necessary. The French Autorité de la Concurrence started a sector inquiry into data processing in the online market in May 2016.124 It is established that personal data plays a huge role in the digital market. With a sector-inquiry, the Commission would be able to better understand this particular market and maybe find a way to better handle cases that involve (personal) data in digital markets.

4.1.2 TomTom/Tele Atlas acquisition

TomTom, a manufacturer of portable navigation devices (‘PNDs’), notified its wish of acquiring Tele Atlas, a supplier of digital map databases for navigation and other end-uses, to the Commission in 2008. As mentioned earlier, the Commission looked at whether it was likely that the merged entity would decrease the quality of its maps post-merger. In addition, when investigating the transaction, the Commission also came to look at the confidential information customers give to a map maker. Independent map makers would want to keep the information shared by customers confidential in order to keep the information from competing customers. But if TomTom merged with Tele Atlas, the question is whether there would still be an incentive for Tele Atlas to keep the information confidential.125 The Commission states that confidentiality concerns could result in damage to Tele Atlas’s reputation, which indicates the value of confidentiality as a competitive parameter.126 In this case, the market investigation showed that “confidentiality concerns can be considered as similar to product degradation in that the perceived value of maps for PND manufacturers would be lower if they feared that their confidential information could be revealed to TomTom”.127 This results in the fact that Tele Atlas’s map database could be seen as relatively less valuable than its competitor NAVTEQ’s map database, where confidentiality is not questionable. Confidentiality can be considered as the level of protection of information that is shared with the map database maker, and is seen as an important parameter for consumers to pick one map database over the other. Confidentiality concerns could lead to

124_{Autorité de la Concurrence The Autorité de la concurrence begins, at its own initiative, gathering information}

in order to assess data processing in the on-line advertising sector Press Release (23 May 2016) available via <http://www.autoritedelaconcurrence.fr/user/standard.php?id_rub=630&id_article=2780> accessed on 10 October 2016.

125_{TomTom (n52) para. 272-273.} 126_{Ibid., para. 275.}

(25)

customers switching to NAVTEQ.128 Lastly, the Commission also states that if there would be confidentiality concerns, the parties would react to these concerns by offering conditions to make customers stay and not switch to NAVTEQ.129 This again shows that when confidentiality concerns arise, and thus the quality of the service decreases, the urge to compensate this decrease by another competitive parameter is there.

So could the quality of data protection be a parameter to the theory of harm under Art. 102 TFEU? In other words, could the way in which an undertaking uses personal data be used to exploit consumers? In multiple merger cases, the Commission considered data as a valuable asset that undertakings can use as an advantage to compete with and can be used to foreclose consumers in terms of an exclusionary abuse. Looking at the Facebook/WhatsApp and

TomTom/Tele Atlas merger decisions, it can also be concluded that the quality of data

protection can be seen as a competitive parameter. A reduction of privacy constitutes a reduction of product quality, and is therefore an important feature of a product or service undertakings can compete with and furthermore an important feature consumers look at when choosing for a product or service.130 Nor the Court nor the Commission ruled on exploitative abuses of data by a dominant undertaking under Art. 102 TFEU, but the merger cases mentioned above are clear illustrations that the quality of data protection could be assessed under competition law. As mentioned earlier, though these indications arise under merger control, merger control and abuse of dominance do not differ significantly, so it is also an important indication under Art. 102 TFEU. Having the quality of data protection as a competitive parameter under Art. 102 TFEU would make it possible to bring the ‘free’ services of an undertaking within the scope of Art. 102 TFEU; this would otherwise not be possible since there is no price that can be abused excessively.131 The question now is how to assess the decrease in quality of data protection, because that seems to be a challenge. A data use policy has many different variables, such as the amount of personal data, the nature and sensitivity of the data and the possible use of the data.132 As mentioned earlier, there is no single factor defining quality, so how will the data use policy be analysed and how will it be decided when a data use policy is abusive?

128_{TomTom (n52) para. 274.} 129_{Ibid., para. 276.}

130_{A Grunes and M Stucke, ‘No Mistake about it: The Important Role of Antitrust in the Era of Big Data’ (2015)}

p. 4 available via <https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2600051 > accessed on 15 September 2016.

131_{Costa-Cabral and Lynskey (n21) p. 21.} 132_{Costa-Cabral and Lynskey (n21) p. 17.}

Could the quality of data protection also be a parameter of the theory of harm under Art. 102 TFEU?