Mandatory components pre-final and final version of the master

Mandatory components pre-final and final version of the master’s thesis Size:

The thesis is expected to be between 12.000 and 13.000 words long (with 1.5 line spacing, Times New Roman font and font size 12; including annotations, excluding abstract, index, bibliography, appendices).

Submission:

Every section of the master’s thesis (incl. final version) has to be submitted via e-mail to the supervisor. The final version also has to be submitted on Canvas in order to carry out the plagiarism check.

The cover contains:

- Titel of the thesis Competition and regulation in the digital economy of the social media platforms: A challenge of foresight

- First and last name Bianca De Angelis - E-mail bianca.deangelis@student.uva.nl - Student number 1393875

- Master track International and European Law – EU Competition Law and Regulation

- Name of supervisor Dr. Krystyna Bakhtin - Date of submission 30/06/2022

Mandatory: Abstract

The digitization of the economy and the new market structure are some of the new challenges that European authorities are currently facing. Indeed, the governance of the digital world has become a priority for the EU.

The desire to represent a global benchmark began with the General Data Protection Regulation (GDPR) and is continuing apace in its implementation with a series of regulations, affecting the digital ecosystem.

Nonetheless, the presence of “market failures” that characterize these markets, is leading EU authorities to address similar behavior of digital companies either from consumer protection or under data protection excluding however the competition law which instead could be the most effective tool to curb the market dominance and the anticompetitive conduct of the digital platforms.

The current regulatory framework leaves a margin of discretion to competition law, as evidenced by the new plan introduced by the European Commission with the Digital Market Act measures, along with the Digital Service Act. In fact, this new regulatory plan aims on the one hand to reduce the monopoly of these digital giants and on the other hand to introduce a system that limits the expansion of the dominance of Big Tech to ensure the participation of other players in order to create competitive and fair conditions in the digital market.

Table of contents Introduction.

1.Economic background: Main divergences between the traditional “non-digital”

and the digital economy.

1.1 Personal Data as a Janus-faced 1.2 Market Failures in Digital Economies

2. The interplay between data protection, competition law and consumer protection

2.1 The approach followed by the Bundeskartellamt under GWB 2.1.1 Decision of the Higher Regional Court of Düsseldorf

2.2 AGCM's approach under the Consumer Protection

2.2.1 The rulings of the Lazio Regional Administrative Court.

2.3 Market failures or regulatory failures? Objectives, contradictions, and uncertainties in European proposals of the Digital Markets Act Package to regulate digital platforms.

3. Conclusion.

Bibliography

The report of the research/master’s thesis

Bibliography Primary Source

• Protocol no. 7 of the European Convention on Human Rights

• The Treaty on the Functioning of the European Union

• Directive 2011/83/EU Consumer Rights Directive and Directive 2019/2161 on Modernisation of EU consumer protection rules: A new deal for consumers

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Charter of CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION (2000/C 364/01)

• Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial

practices in the internal market and amending Council Directive 84/450/EEC, Directives 97/7/EC, 98/27/EC and 2002/65/EC of the European Parliament and of the Council and Regulation (EC) No 2006/2004 of the European Parliament and of the Council

• Directive (EU) 2019/770 of the European Parliament and of the Council of 20 May 2019 on certain aspects concerning contracts for the supply of digital content and digital services

• Harmonized directive Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules (Text with EEA relevance)

• Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty

• Regulation (EC) No 2006/2004 of the European Parliament and of the Council of 27 October 2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws authorities responsible for the enforcement of consumer protection laws

• Directive (EU) 2019/1 of the European Parliament and of the Council of 11 December 2018 to empower the competition authorities of the Member States to be more effective enforcers and to ensure the proper functioning of the internal market

• Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EC Merger Regulation)

• Proposal for a Regulation of The European Parliament and of The Council

on Contestable and Fair Markets in The Digital Sector (Digital Markets Act) Com/2020/842 Final

• Proposal for a Regulation of The European Parliament and of The Council on A Single Market for Digital Services (Digital Services Act) and

Amending Directive 2000/31/EC Com/2020/825 Final

Secondary Source Books and Journals

• RENDA, Single Market 2.0: the European Union as a Platform, European Legal Studies, College of Europe, RESEARCH PAPERS IN LAW 2/2020

• D. GERADIN, What is a digital gatekeeper? in The Platform Law Blog, Oct.

5, 2020

• F. CHAFFEY, Digital marketing includes the use of the internet and related digital technologies to achieve marketing goals, Loughborough University,2019

• H.KOTLER,Digital marketing is a form of communication and interaction between organizations and their customers through digital channels (internet, email, and others) and digital technologies. Journal of Direct, Data and Digital Marketing Practice volume 17, 2009

• K. TAKEN SMITH, Digital Marketing Strategies that Millennials Find Appealing, Motivating, or Just Annoying,Article in Journal Of Strategic Marketing,2011

• PABLO IBÁÑEZ COLOMO,The Draft Digital Markets Act: A Legal and Institutional Analysis Journal of European Competition Law & Practice, Volume 12, Issue 7, 2021, pp568-570

• M. STUCKE – A. GRUNES, Big Data and Competition Policy, Oxford University Press, 2016

• THIERER, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom – 10 March 2014

• R.DAHIYA, R., LE, S., RING, J.K. and K.WATSON .Big data analytics and competitive advantage: the strategic role of firm-specific knowledge, Journal of Strategy and Management, Vol. 15 No. 2, pp. 175-

193, 2022

• J. CANNATACI, V.FALCE, O.POLLICINO, Legal Challenges of Big Data,Elgar,2020

• G. MULGAN, The new ecosystem of trust How data trusts, collaboratives and coops can help govern data for the maximum public benefit,2020

• DAMIEN GERADIN,What Is a Digital Gatekeeper? Which Platforms Should Be Captured by the EC Proposal for a Digital Market Act? Tilburg Law and Economics Center (TILEC); Geradin Partners; University of East Anglia (UEA) - Centre for Competition Policy; University College London - Faculty of Laws 2021

• O.ANDRIYCHUK,The Normative Foundations of European Competition Law: Assessing the Goals of Antitrust through the Lens of Legal Philosophy pp. 69, 2017

• H. RAHNAMA AND A.PENTLAND,The New Rules of Data Privacy, Harward Business Review, 2022

• N. HELBERGER – F. ZUIDERVEEN BORGESIUS – A. REYNA, The Perfect Match? A Closer Look at the Relationship between EU Consumer Law and Data Protection Law, in 54 Common Market Law Review 1427 (2017).

• I.GRAEF,Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy,2014

• M. STUCKE – A. EZRACHI, When Competition Fails to Optimise Quality: A Look at Search Engines, in 18 Yale Journal of Law and Technology (2016).

• S. BARTA MENNO D.T.DE JONG, The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review - Volume 34, Issue 7, 2017

• J. CRÉMER – Y-A. DE MONTJOYE – H. SCHWEITZER Competition policy for the digital era, A report 2019, 71.

• W. WILS, The Obligation for the Competition Authorities of the Eu Member States to Apply Eu Antitrust Law and the Facebook Decision of the Bundeskartellamt, Concurrences, vol. 3, 2019

• COSTA-CABRAL and ORLA LYNSKEY, The Internal and External

Constraints of Data Protection on Competition Law in the EU LSE Law, Society and Economy Working Papers 25/2015 London School of Economics and Political Science Law Department

• C.M. CHRISTENSEN, M. E. RAYNOR, AND R. MCDONALD, What Is Disruptive Innovation?,Harward Businees Review, 2015

• RENDA,Making the digital economy “fit for Europe”,European Law Journal, 2021

• LUC BRÈS,S.MENA MARIE.L.SALLES, Exploring the formal and informal roles of regulatory intermediaries in transnational multistakeholder regulation, p.140 - Regulation & Governance Volume13/02, 2019

• M.BROADBENT,The Digital Services Act, the Digital Markets Act and the New Competition Tool European Initiatives to Hobble U.S. Tech Companies, Center for Strategic and International Studies,2020

• E.LAIDLAW,A Framework for Identifying Internet Information Gatekeepers International Review of Law, Computers & Technology, Vol. 24, No. 3, University of Calgary, Faculty of Law,2015

• PROF. DR. MARK D. COLE, Overview of the impact of the proposed EU Digital Services Act Package on broadcasting in Europe - Institute of European Media Law,2021

• M-EIFERT, A.METZGER, H. SCHWEITZER, Taming the giants: The DMA/DSA package Common Market Law Review Volume 58, Issue 4 (2021) pp. 829 – 994

• J.M. BALKIN, Free Speech in the Algorithmic Society: Big Data, Private Governance, and New School Speech Regulation, Columbia Law Review Association, Inc., 2018

• N. ECONOMIDES, I. LIANOS, Restrictions on Privacy and Exploitation in the Digital Economy: A Market Failure Perspective, on-line, Journal of Competition Law and Economics, Forthcoming,2021

• D. SRINIVASAN,The Antitrust Case Against Facebook, Berkeley Business Law Journal,2019

• L. GORMSEN, J. Llanos, Facebook’s Anticompetitive Lean in Strategies,King’s College School of Law, 2019

• T. HÖPPNER, P. WESTERHOFF, Abrupt End to «Hipster Antitrust’? Tackling Facebook’s Expansion Following the First Court Ruling in Germany, Hausfeld Competition Bulletin,2019

• B.MARTENS, A. DE STREEL. I.G.THOMAS. T.DUCH-BROW,Business-to- Business data sharing: An economic and legal analysis, JRC Digital Economy Working Paper 2020

Case Law

• Case C-131/12 – Google Spain and Google

• Case C-280/08 Deutsche Telekom v Commission, EU:C:2010:63

• Case KZR 58/11, VBL-Gegenwert

• Case No Comp/M.7217 - Facebook/ Whatsapp Regulation (Ec) No 139/2004 Merger Procedure Article 6(1)(B) Non-Opposition Date:

03/10/2014

• C-362/14 - Schrems Main proceedings Judgment of the Court (Grand Chamber) of 6 October 2015 Maximillian Schrems v Data Protection Commissioner

• Case 62/86, AKZO Chemie BV v Commission of the European Communities.

Judgements

• Case Summary 15 February 2019 Facebook, Exploitative business terms pursuant to Section 19(1) GWB for inadequate data processing Sector:

Social networks Ref: B6-22/16 Date of Decision: 6 February 2019

• Rulings no. 260 and no. 261 of 10 January 20201- the Administrative Judges of the First Section of the Lazio Regional Administrative Court

• Facebook. Bundeskartellamt The Decision of the Higher Regional Court of Düsseldorf (Oberlandesgericht Düsseldorf) in interim proceedings, 26 August 2019, Case VI-Kart 1/19 (V)

• Bundesgerichtshof bestätigt vorläufig den Vorwurf der missbräuchlichen Ausnutzung einer marktbeherrschenden Stellung durch Facebook Ausgabejahr Erscheinungsdatum23.06.2020 Nr. 080/2020 KVR 69/19 - Beschluss vom 23. Juni 2020

• Ps11112 - Facebook-Condivisione Dati Con Terzi Provvedimento N.

27432 L’autorità Garante Della Concorrenza E Del Mercato Nella Sua Adunanza Del 29 Novembre 2018

• TAR Lazio, Prima Sezione, Sent. n. 261/2020.

Articles and Blog

• Summary of replies to the Public Consultation on Evaluation of procedural and jurisdictional aspects of EU merger control

• Maintaining competitive conditions in the era of digitalization OECD report to G-20 Finance Ministers and Central Bank Governors, July 2018

• Joint WISP-WIPE Roundtable the Economics of Personal Data and Privacy: 30 Years after the OECD Privacy Guidelines OECD Conference Centre 1 December 2010

• The Economist, the world’s most valuable resource is no longer oil, but data, 6 May 2017

• Andreas Heinemann University of Zurich -

https://www.concurrences.com/en/review/issues/no-4- 2021/editorial/competition-law-in-need-for-speed

• https://ec.europa.eu/commission/presscorner/detail/en/QANDA_20234 9

• https://digital-strategy.ec.europa.eu/en/policies/digital-services-act- package

• https://ec.europa.eu/commission/presscorner/detail/en/ip_20_2347

• https://digital-strategy.ec.europa.eu/en/policies/digital-services-act-

package

• https://www.nytimes.com/2021/01/06/us/politics/protesters-storm- capitol-hill-building.html

• https://www.consilium.europa.eu/en/press/press-

releases/2022/04/23/digital-services-act-council-and-european- parliament-reach-deal-on-a-safer-online-space/

• https://www.bundeskartellamt.de/SharedDocs/Entscheidung/EN/Fallbe richte/Missbrauchsaufsicht/2019/B6-22-16.pdf?blob=publicationFile&v

Attachments

1

Competition and regulation in the digital economy of the social media platforms: A challenge of foresight

Should the current regulatory approach under consumer law and data protection continue to be enforced or an approach that makes use of the competition law tools would achieve the

objective of protecting consumers from the power of the social media platforms?

Master Thesis

International and European Law – EU Competition Law and Regulation

De Angelis Bianca Student ID 1393875 Supervisor Dr. Krystyna Bakhtina

2

Abstract

The digitization of the economy and the new market structure are some of the new challenges that European authorities are currently facing. Indeed, the governance of the digital world has become a priority for the EU.

The desire to represent a global benchmark began with the General Data Protection Regulation (GDPR) and is continuing apace in its implementation with a series of regulations, affecting the digital ecosystem.

Nonetheless, the presence of “market failures” that characterize these markets, is leading EU authorities to address similar behavior of digital companies either from consumer protection or under data protection excluding however the competition law which instead could be the most effective tool to curb the market dominance and the anticompetitive conduct of the digital platforms.

The current regulatory framework leaves a margin of discretion to competition law, as evidenced by the new plan introduced by the European Commission with the Digital Market Act measures, along with the Digital Service Act. In fact, this new regulatory plan aims on the one hand to reduce the monopoly of these digital giants and on the other hand to introduce a system that limits the expansion of the dominance of Big Tech to ensure the participation of other players in order to create competitive and fair conditions in the digital market.

3

Content

Introduction. ... 4

1.Economic background: Main divergences between the traditional “non-digital” and the digital economy. ... 6

1.1 Personal Data as a Janus-faced ... 8

1.2 Market Failures in Digital Economies... 11

2. The interplay between data protection, competition law and consumer protection ... 13

2.1 The approach followed by the Bundeskartellamt under GWB ... 15

2.1.1 Decision of the Higher Regional Court of Düsseldorf ... 18

2.2 AGCM's approach under the Consumer Protection. ... 20

2.2.1 The rulings of the Lazio Regional Administrative Court. ... 22

2.3 Market failures or regulatory failures? Objectives, contradictions, and uncertainties in European proposals of the Digital Markets Act Package to regulate digital platforms. ... 26

3. Conclusion. ... 30

Bibliography………... 36

4

Introduction

At the beginning of the new decade, the EU market integration process, often described as "unfinished business", seems to have become more fragile than ever: the digital transformation is changing not only the traditional economy but also different aspects of our lives.¹

The aim of the digital single market should be to reduce the fragmentation of the internal market, avoiding different approaches at the national level, in order to build a competitive, accessible, technology-neutral, innovation-friendly, citizen-centric, and trustworthy digital single market and to create a data-secure society and economy.

Business models based on the digitization of big data, including our personal data, fall under the scope of various regulatory frameworks: particularly relevant are the data protection provisions of the 2016/679 GDPR Regulation and consumer protection regulations implementing various EU harmonization directives.²

Nevertheless, the German Bundeskartellamt investigation³, (hereafter “Facebook case”), was the first National Competition Authority (NCA) that, evoking the so-called special responsibility of companies in a dominant position, used the competition law tools specifically Art 102 TFEU in order to sanction the exploitation of consumers' personal data.

The main criticisms brought forward towards the decision of the German NCA are mainly disagreements with the statement that the protection of privacy is a task of data protection law and not the task of competition law since competition policy should focus only on protecting the competitive process of the internal market and attempts to protect also privacy would go far beyond the proper scope of competition.

This critique is the core of the ongoing discussion whether the European authorities should rely on the interrelation between competition, data protection and consumer protection law or on the distribution of labour between the three of them. In other words, the current digital context requires

1 A. RENDA, Single Market 2.0: the European Union as a Platform, European Legal Studies, College of Europe, RESEARCH PAPERS IN LAW 2/2020

2 Directive 2011/83/EU Consumer Rights Directive and Directive 2019/2161 on Modernisation of EU consumer protection rules: A new deal for consumers

3 https://www.bundeskartellamt.de/SharedDocs/Entscheidung/EN/Fallberichte/Missbrauchsaufsicht/2019/B6-22- 16.pdf?blob=publicationFile&v=

5

the identification of a new balance between consumer and data protection, on one hand, and freedom of competition, on the other.

The market failures that characterize the digital market justify a more transversal regulatory intervention that however requires a change in attitude. So far, EU policymakers have been reactive rather than proactive as until now such cases related to digital platforms, policymakers have been chasing technology by looking at what came to the market and then trying to react to it.

In this regard, within this thesis, the flaws in the system will be analysed, in particular the Facebook case and the corresponding decisions taken by the NCAs will be considered. Specifically, the approach to competition followed by the German Bundeskartellamt and on the other hand the approach to consumer and data protection followed by the Italian AGCM, and the corresponding decisions of the Italian and German Courts of Appeal will be evaluated. The core of this work will be to point out whether priority should be given to the protection of consumer data or to the mere and thorough respect of competition law taking the different regulatory approach of two Member States as an example in order to answer the main research question:

Should the current regulatory approach under consumer law and data protection continue to be enforced or an approach that makes use of the competition law tools would be more effective in achieving the objective of protecting consumers from the power of the social media platforms?

In order to answer the research question, the following methods were applied: the doctrinal and the comparative methods. The doctrinal approach was used to explain, also from an economic perspective, how digital economies differ from the traditional ones and how, due to the presence of elements such as the network effects, they have reached this huge digital market power. This method is also used to address the dual nature of personal data.

The comparative method was also employed in this thesis, where Facebook investigation in Germany and Italy and the difference between the three regimes of competition, data protection, and consumers law as well as their principles, goals, enforcement procedures and sanctions rules have been analyzed.

The reason to apply these research methods is to aim for a regulatory improvement and to provide an answer to the research question, but mainly to provide a concrete solution to solve the regulatory dilemma.

6

Section I

1. Economic background: Main divergences between the traditional “non-digital” and the digital economy.

To understand how digital platforms have achieved such enormous 'digital market power, it is essential to start by examining what makes digital economies different from the traditional ones, as for the definition of ‘digital market'⁴.

As stated by Smith (2010), a digital market means a type of market-based goods that are not considered as such as in traditional sectors but on information encoded in bits, i.e., data that has lower creation, processing, and transmission costs than physical goods. ⁵

In terms of its economic characteristics what makes these new economies different from the traditional economies comprises:

1) Increasing returns to scale market since there are very high upfront costs and very low marginal costs of using the digital technologies.⁶

2) Lower research costs than those of the offline markets. The underlying reason is that in digital economies search costs are endogenous to the company.

3) Data is non-rivalrous goods meaning that it can be consumed by one individual without reducing the amount of data available to others.

4) Fixed investments needed to start a business in a digital market and reach the critical mass of users are quite high; moreover, incumbents often heavily hinder new entrants in order to avoid losing their market power.

Nonetheless, when it comes to the dominance of these platforms the main reason is rooted in their structure and specifically in peculiar elements such as the network effects between their different sides

4 Other definitions are Chaffey et al. (2003) Digital marketing includes the use of the internet and related digital technologies to achieve marketing goals. Kotler et al. (2009) Digital marketing is a form of communication and interaction between organizations and their customers through digital channels (internet, email, and others) and digital technologies.

5 K. TAKEN SMITH, Digital Marketing Strategies that Millennials Find Appealing, Motivating, or Just Annoying,Article in Journal Of Strategic Marketing,2011

6 Maintaining competitive conditions in the era of digitalization OECD report to G-20 Finance Ministers and Central Bank Governors, July 2018

7

(user and advertiser side). Network effects arise where the value of a product/service increases with the number of other customers consuming the same product/service. These are the cross-platform externalities that result when the actions of participants on any side of the platform, or of the platform itself, affect participants on other sides of the platform (or the functioning of the platform itself).

An example of this kind of effect is present in platforms where “the more people actively or passively contribute data, the more the company can improve the quality of its product, the more attractive the product is to other users, the more data the company has to further improve its product, which becomes more attractive to prospective users”⁷( so called positive feedback loop). ⁸

The last point is worth discussing in order to have a broader overview of how we arrive at this regulatory dilemma of these platforms is related to their regulation. Regulating these technologies is difficult and complicated since there is no single regulatory framework and the reason for that has its root in the past, back to when the Internet started permeating our lives in the early 90s. In that period concrete intentional choices were made in order not to regulate this new sector in the belief that this would lead to the so-called permissionless innovation⁹. The principle of permissionless innovation has fuelled the success of the Internet and much of the modern tech economy in recent years, and it is set to power the next great industrial revolution. ¹⁰

Hence, if at the beginning the early “Big Bang” created a dynamic environment, the situation, later on, crystallized along with centripetal forces that have generated a few large players that accumulate and capture most of the value generated on the Internet. This situation has arisen in an unregulated environment, in most cases because of the overabundance of information on the Internet.

Furthermore, the modularity of products that are largely consumed and distributed online, has also generated a situation where few actors, who have captured the attention of end-users, can monetize it in various ways. This has led, in many respects, to inequality in many markets such as social media and the creation of market failures such as asymmetric information or unequal bargaining power.

However, as far as social networks are concerned, this has created the so-called 'privacy paradox' that has required the intervention of regulators due to the fact that what is traded in the digital economies is not physical goods but big data and specific personal data.

7M. STUCKE – A. GRUNES, Big Data and Competition Policy, Oxford University Press, 2016

8 In economics, these is called positive network effect which means that an additional user of a good or service has on the value of that product to others.

9A. THIERER, Permissionless Innovation: The Continuing Case for Comprehensive Technological Freedom – 10 March 2014

10 https://permissionlessinnovation.org/what-is-permissionless-innovation/

8

1.1 Personal Data as a Janus-faced

According to Acquisti (2010),¹¹ We live in a consumer data-driven and consumer data-focused commercial revolution in which individuals are at the same time consumers and producers of a most valuable asset: their personal information.

After having analysed the main characteristics of the digital markets’ structure, it is necessary to focus on the commodity on which these digital companies are based, i.e., data. The economic value of data is well known¹² whether large amounts of data create an advantage is not so widely acknowledged.

The analysis of big data can provide useful information for companies to improve their production and distribution processes, produce goods or services that are increasingly sensitive to consumer preferences, and even influence consumer choice¹³ based on the tastes and preferences previously expressed¹⁴. In short, big data provides an information advantage that translates into a competitive advantage.

A rather immediate consequence of this is the resulting high market power of the major firms, which in most cases have conditions approximating a monopoly. This suggests that the big players, who have access to a larger amount of data than their competitors do, use it to create a consistent and sustainable competitive advantage for themselves.¹⁵

That said, one of the challenges faced by the EU authorities is precisely the relationship between the digital economy and data.

The digital economy is based on big data which is one of the most common ways that platforms use to monetize; however, there is a lot of debate now, particularly about collecting, storing, and monetizing personal data. ¹⁶Indeed, there has been the presumption, arisen by chance, that personal data should not be owned and collected by these digital companies because of the uncertain structure

11 Joint WISP-WIPE Roundtable the Economics of Personal Data and Privacy: 30 Years after the OECD Privacy Guidelines OECD Conference Centre 1 December 2010

12 The Economist, the world’s most valuable resource is no longer oil, but data, 6 May 2017

13 R.DAHIYA, R., LE, S., RING, J.K. and K.WATSON .Big data analytics and competitive advantage: the strategic role of firm- specific knowledge, Journal of Strategy and Management, Vol. 15 No. 2, pp. 175-193, 2022

14 An example is the results related to the video one is watching on YouTube

15 J. CANNATACI, V.FALCE, O.POLLICINO, Legal Challenges of Big Data,Elgar,2020

16Personal data is defined in Article 4(1) of the Regulation (EU) 2016/679 (GDPR).

9

of legal ownership. As a matter of fact, personal data is a “digital artifact” and tends to be difficult to fence as a sphere of regulation.

The ratio behind personal data is quite fascinating in itself because it combines at the same time fundamental rights such as personal dignity and economic value. Therefore, individual rights are entrenched in the EU primary law and specifically by the provisions of the Charter of Fundamental Rights in Article 7 - Respect for private and family life, Article 8 on the protection of Human Dignity as well as Article 16 TFEU.

Data indeed has this double nature combining the dignity of a human being with economic properties.

This Janus faced is also reflected in the General Data Protection Regulation¹⁷(hereinafter GDPR), which has these dual objectives, on the one hand, it envisaged the protection of individuals’ rights but on the other, it also has to ensure the free circulation of personal in the single market. These two sides’ nature is reflected in Art 1 (2) (3) of the GDPR.

To answer the research question, it is important not only to identify the type of data used by these digital platforms but to ask another relevant question, which is: who holds our personal data? As already stressed above, due to an unregulated environment in this field, it was implicit that data is an asset that can and should be owned; as a matter of fact, it is owned by digital companies.

17Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

10

Source Mulgan and Straub (2019)¹⁸

The graph above exhibits indeed how data changes, what is the amount of data that consumers can decide to share, how much control individuals have over data in data markets; on the vertical axis it is measured the complete control or compulsory sharing of the users’ data and how much value the public currently gets out of the share of their data on the horizontal one, which of course could change depending on the utility function of that specific data part. And as can be seen, there is potential for each box in the graph to a different approach in the data strategy that would aim in achieving the right amount of sharing, the optimal amount of sharing as well as the optimal amount of control. The open question here is: can the EU Commission be able to achieve something with some regulatory measures? Or is the market a better mechanism to sort out what is the optimal level of sharing and the optimal level of control?

There are no net value judgments in this debate, both interventionism and laissez-faire are acceptable as long as they are justified in terms of economic efficiency.¹⁹ Even though, the market does not always tend toward efficiency.

In the end, the graphical representation shows that users do not have control over their personal data.

On the contrary, individuals should be able to decide if and when their data are used, i.e. they should

18 G. MULGAN, The new ecosystem of trust How data trusts, collaboratives and coops can help govern data for the maximum public benefit,2020

19 O.ANDRIYCHUK,The Normative Foundations of European Competition Law: Assessing the Goals of Antitrust through the Lens of Legal Philosophy pp. 69, 2017

11

locate themselves in the bottom left corner. Social media platforms, which also hold most of our personal data, have tended to collect data with very little consent, but are gradually, under public pressure or through new legal obligations, giving users more rights to download or share their information. Moreover, the current legal framework on the data protection regulated by the GDPR has been largely criticized since even though on the one hand, it assigns some kind of controls and rights to individuals e.g right to be informed, right to access, to right to restrict processing, n the other hand, due to the market failures that characterize digital markets, such as information asymmetry, unequal bargaining power, and the "take it or leave it" strategy implemented by these digital companies, it does not seem to be effective²⁰.

Thus, the question remains, since the current regulatory framework is not efficient to protect our personal data from these new economies, who should step in and how can we re-gain control over our data? The answer to this question will be provided in Section II.

1.2 Market Failures in Digital Economies

In a market where power lies in the availability and analysis of data, often provided by consumers in exchange for free services, is data protection law still a powerful tool to protect consumers’ personal data, or should competition law and consumer law also be considered? ²¹

We are dealing with the problem of the simultaneous existence of two market failures, as will be analyzed in the Facebook case, information asymmetry and unequal bargaining power.

Even though the data market suffers from this market failure, the latter has not been seen as a task for competition law but rather of data protection and consumer law by requiring transparency and by prohibiting misleading and manipulative storage of data collecting firms.

However, the main point is that it cannot be expected that the effects of these two market failures are independent of each other, on the contrary, in digital economies, these two market failures exist simultaneously and the interaction between them is one of the main reason why it becomes also a competition problem.

Indeed, the dialogue between these disciplines has been deepening and one is often called upon to protect the interests of the other. Thus, consumer law has been used to protect personal data and the

20 H. RAHNAMA AND A.PENTLAND,The New Rules of Data Privacy, Harward Business Review, 2022

21 https://www.eca.europa.eu/lists/ecadocuments/journal21_01/journal21_01.pdf

12

regulation of the latter has proved to be a useful tool for the interpretation of the former.²²In addition, data protection concepts have been used in the application of competition law. Briefly, an 'integrated approach' seems to be emerging.²³ The advent of the digital economy has certainly accentuated this convergence, but caution begs the question: is there a need for it from a legal point of view?

The Gordian knot is the function of these disciplines. So only to the extent that their application pursues homogeneous goals, if at all, can the concepts of one be used to interpret the others. The obvious example is the right to data portability (Art. 20 GDPR). The possibility of requesting from the data controller and transmitting to another party the data that the former has collected on 0the data subject. In addition to the protection of privacy, the rule in question allows the data subject to rationally choose to whom to entrust the processing of his/her data and, at the same time, reduces switching costs and thus lock-in effects. This, seen from the perspective of newcomers, reduces the barriers to entry erected by network effects and economies of scale, thus ensuring the competitive opening of markets.

What is certain is that the wind of novelty cannot sweep away the criteria on which the interpretation of competition law has traditionally been based - at least not the cornerstones. More precisely, one must avoid reducing the theory of harm to the automatism whereby the mere violation of a provision of the GDPR by a dominant firm becomes an antitrust tort. The danger of such an approach is obvious.

It would end up including the protection of personal data among the objectives of competition law, which would become a sort of pass-part out.

Nevertheless, there are those who prefer to run towards this goal. In particular, since the processing of personal data has become a criterion for assessing the quality of a good or service, some argue that when this is designed or offered by a dominant company to reduce the level of protection of the former, there is damage to consumer welfare and therefore anticompetitive conduct. ²⁴The argument is not without relevance, but it encounters a limitation. It is true that there are markets where consumer welfare is closely linked to the quality of goods, which in turn depends on the level of protection of personal data; however, the reduction of such protection does not always have a negative impact on

22N. HELBERGER – F. ZUIDERVEEN BORGESIUS – A. REYNA, The Perfect Match? A Closer Look at the Relationship between EU Consumer Law and Data Protection Law, in 54 Common Market Law Review 1427 (2017).

23I.GRAEF,Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy,2014

24M. STUCKE – A. EZRACHI, When Competition Fails to Optimise Quality: A Look at Search Engines, in 18 Yale Journal of Law and Technology (2016).

13

consumer welfare. In this sense, the so-called "privacy paradox²⁵"can be read. As expressed also by Susanne Barta Menno D.T.de Jong, this “paradox” lies in the fact that, although data protection is highly valued by consumers, their behaviour in digital markets, on e-commerce and social networking activities, shows the opposite. Thus, consumers may well be willing to provide more data - instead of paying - to get free services online. Therefore, the use of data protection rules in the interpretation of antitrust law is only to be welcomed when the economic analysis of the circumstances of the case demonstrates the anticompetitive effect of privacy harm. In all other cases, it is useless or, worse, misleading, as it risks creating a per se rule incompatible with the effect-based approach of antitrust law.

Section II

2. The interplay between data protection, competition law and consumer protection

In order to gain a more in-depth insight into the flaws in the current legal framework, it is necessary to thoroughly analyze the ongoing debate between enforcing competition law or overriding it due to the implementation of consumer and data protection.²⁶

Business models based on the economic exploitation of consumers' personal data fall within the scope of various regulatory frameworks: to stop at the European Union, the provisions protecting personal data meaning the GDPR, consumer protection rules (Directive (EU) 2019/2161 ²⁷and those protecting competition in particular Articles 101 and 102 TFEU, Regulation 139/2004/EC are relevant.

To answer the main research question, it is essential to address these sub-questions in order to clarify what led to the regulatory dilemma and in detail:

• Is the protection of personal data from digital companies fall within the scope of competition policy?

• And if so, to what extent should privacy considerations and data protection laws filter into

25S. BARTA MENNO D.T.DE JONG, The privacy paradox – Investigating discrepancies between expressed privacy concerns and actual online behavior – A systematic literature review - Volume 34, Issue 7, 2017

26 J. CRÉMER – Y-A. DE MONTJOYE – H. SCHWEITZER Competition policy for the digital era, A report 2019, 71.

27 Harmonized directive Directive (EU) 2019/2161 of the European Parliament and of the Council of 27 November 2019 amending Council Directive 93/13/EEC and Directives 98/6/EC, 2005/29/EC and 2011/83/EU of the European Parliament and of the Council as regards the better enforcement and modernisation of Union consumer protection rules (Text with EEA relevance)

14

competition law assessments? Will competition law be more effective than the current regulatory framework?

The answer to the first question is quite controversial, some scholars think is not possible, ²⁸ arguing that the goal of competition policy is exclusively to ensure the competitiveness of the internal market and protection of the aggregate consumer welfare and not to safeguard data protection and consumer privacy. Moreover, investigation procedures have proven to be too long and slow to detect and condemn anti-competitive behaviour by digital platforms.

In answering the second sub-question, the analysis of the "market failures" inherent in digital economies and data processing practices needs to be considered, as they have highlighted the presence of regulatory and material overlap between the three legal regimes of data protection, consumer protection law, and competition policy. This is explained by the fact that these policies pursue similar goals, particularly the improvement of total consumer welfare, although consumer law is more focused on individual welfare. However, it is crucial to point out that these three legal regimes operate at different levels in terms of enforcement and sanction regimes.²⁹

The EU competition policy is a powerful instrument within the EU Legal Order. It has indeed a constitutional value (effet utile) ³⁰, it is an exclusive competence, so it is a very important tool in the hands of the EU institutions in the sense that they can certainly decide about certain issues without consulting the MS. They also have a toolkit of significant and serious enforcement powers and across the jurisdiction, it is a very efficient and direct applicable part of EU law. In addition, competition law has also decentralized enforcement as stated in Art 3 of Regulation 1/2001 in which it is specified that NCAs and the National Courts have to enforce EU competition law.³¹ Furthermore, Art 3 (2) states that in case of abuse of dominant position the NCAs can adopt stricter rules. ³²

Regarding the imposition of the fines, respect to the other two regimes, competition sanctions are higher and have a major deterrence effect for companies acting in an anticompetitive way indeed according to Art 23(2) Regulation 1/2003 the amount of fine imposed to a firm it is up to 10% of the

28 Andreas Heinemann University of Zurich - https://www.concurrences.com/en/review/issues/no-4-2021/editorial/competition-law- in-need-for-speed

29 BERTIN MARTENS ALEXANDRE DE STREEL INGE GRAEF THOMAS TOMBAL NÉSTOR DUCH-BROWN, Business-to- Business data sharing: An economic and legal analysis, JRC Digital Economy Working Paper 2020

30 Judgment of the Court (Third Chamber) of 4 June 2009. T-Mobile Netherlands BV, KPN Mobile NV, Orange Nederland NV and Vodafone Libertel NV paras 80-81

31 According to Art 3(2) Regulation 1/2003 “this Regulation does not be precluded NCAs from adopting and applying on their territory stricter national laws which prohibit, or sanction unilateral conduct engaged in by undertakings.”

32“Member States shall not under this Regulation be precluded from adopting and applying on their territory stricter national laws which prohibit or sanction unilateral conduct engaged in by undertakings”

15

undertaking’s total turnover achieved in the business year preceding the decision of the authority. In comparison, according to Art. 83(5) GDPR undertakings infringing data protection provisions are subject to fines of up to up to 4% of worldwide turnover for the preceding financial year. About consumer law the new directive 2019/2161 requires Member States to enact in their law’s maximum fines at least 4 % of a company's annual turnover in affected Member States and to apply harmonised criteria for the imposition of penalties^33.

Therefore, the above analysis shows that these regimes are not divided, but rather interconnected. As also pointed out by Francisco Costa-Cabral and Orla Lynskey³⁴, data protection can have an influence on competition law in two ways: first of all, it can have an internal influence meaning that competition law internalizes data protection assessments, so data protection is taken into account as an element of consumer welfare by competition authorities. On the contrary data protection can constitute an external influence on competition assessments that means for instance that data protection may prevent a competition authority from imposing a remedy that it may otherwise considered is considered desirable, an example of this external influence is indeed represented in the Facebook investigation in Germany.

2.1 The approach followed by the Bundeskartellamt under GWB

The Facebook investigation is very emblematic since it expresses perfectly how the competition authorities are struggling to cope with this new type of market and how these companies instead are shaping the competition process. ³⁵

The two different approaches of the German Bundeskartellamt under the competition law and the approach of the Italian AGCM under the Protection of Consumer Rights will be examined.

Competition authorities' interest in theories of harm related to privacy and data protection could focus not only in the area of ex ante enforcement, as in the case of merger control, but also in the area of ex post enforcement, such as in cases where a dominant firm exploits its market power by setting excessive conditions not in relation to prices, but for example in relation to the excessive collection of user data. Noteworthy in this respect is the case of the German competition authority

33 https://www.europarl.europa.eu/RegData/etudes/BRIE/2020/651962/EPRS_BRI(2020)651962_EN.pdf

34 COSTA-CABRAL and ORLA LYNSKEY, The Internal and External Constraints of Data Protection on Competition Law in the EU LSE Law, Society and Economy Working Papers 25/2015 London School of Economics and Political Science Law Department

35 W. WILS, The Obligation for the Competition Authorities of the Eu Member States to Apply Eu Antitrust Law and the Facebook Decision of the Bundeskartellamt, Concurrences, vol. 3, 2019

16

(Bundeskartellamnt) v. Facebook ³⁶which represents a unique case in the landscape of the connection between data protection and competition law since it addresses, for the first time, the way in which competition law might be involved in ex-post enforcement in exploitative behaviour leading to privacy harms.

On February 6, 2019, the German Competition Authority issued a decision against Facebook for abuse of dominance under Article 19 of the German Competition Act (GWB). Specifically, the Bundeskartellamt had identified the presence of a causal link between Facebook's dominant position and the related harm to users recognize an abuse of exploitation under Section 19(1) of the GWB

The type of analysis made by the German Competition Authority was based on whether there is the CONSENT for processing and collecting the data and if the latter is NECESSARY ³⁷for carry out that type of business. The GWB made reference to the Art 6 (1) GDPR on the "Lawfulness of processing “of personal data which expressly stated at point (a) that the data subject has given consent to the processing of his or her personal data and furthermore in point (b) specifies that the processing is necessary for the performance of a contract.

Thus, here we are dealing with the terms and use of Facebook which is a type of contract that falls under the scope of the Consumer Protection Act with regard to unfair contract terms. Nonetheless, even though it seems to be a case either from consumer law, due to the market failures of information asymmetry and especially regarding the uneven bargaining power between the consumer and Facebook, the GWB decided that this case could be considered under competition law since as also expressed by the Bundeskartellamnt “as far as this part of data processing is concerned, it was necessary to intervene from a competition law perspective because the data protection boundaries set forth in the GDPR were clearly overstepped, also in view of Facebook’s dominant position.³⁸” The case stems from the assertion of dominance in the German market for social media services, on which Facebook has a market share of more than 95 percent of daily active users in Germany.³⁹

In identifying the relevant market, the German NCA applied a number of innovations introduced into German Competition law precisely in order to take into the account the peculiarities of online

36 Case Summary 15 February 2019 Facebook, Exploitative business terms pursuant to Section 19(1) GWB for inadequate data processing Sector: Social networks Ref: B6-22/16 Date of Decision: 6 February 2019

37 Reference should be made also in relation to “principle of data minimisation,” laid down in Art. 5(1)(c) GDPR, according to which personal data shall be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”), but focuses its line of argument only on the lack of effective consent. However this art was not taking into consideration.

38 Ibidem p 2

39 Case 62/86, AKZO v Commission, para 60 – Azko’s presumption of dominance

17

platforms. These are in particular Sections 18(2a) and (3a) GWB, which allowed the German Authority to identify the "relevant market" also in relation to services provided to consumers in the absence of a "price".

The innovations introduced also make it possible to examine the position of enterprises active in

"multi-side markets" by considering various aspects: the direct and indirect network effects; the parallel use, by the same consumer, of services offered by different providers; the eventual switching costs for switching to a new operator; the economies of scale enjoyed by the provider in relation to the network effects; the innovation-driven competitive pressure; and also the availability of adequate data to ensure competitive advantage. Moreover, has underlined by A. Wittnetwork effects are so strong in the social media market that it has created a clear foreclosure effect, since the only way other competitors could enter the market might be through the so-called disruptive innovation⁴⁰. However, this would imply the need to gather a critical mass of users extremely quickly to switch from Facebook to its service which is difficult to achieve, and this consequently creates a strong barrier to entry.

At the end, in application of the updated German competition policy, the Bundeskartellamt established that Facebook breach the GDRP and conned to competition law by saying that the conduct of the social media platform was considered to be an exploitative conduct.⁴¹

Indeed, the German authority ruled that Facebook abused its dominant position in the German social media market precisely in the way it processed users' personal data collected through WhatsApp, Instagram, Oculus, Masquerade, and third-party websites linked through plug-ins such as Facebook's

"like" function. Pursuant to its own data policy, Facebook required users, without their prior consent, to merge all personal data from the various sources in their Facebook.com profile in order to use them for commercial purposes. According to the judgments of the Bundesgerichtshof in the VLB- Gegenwert and Pechstein cases cited by the Bundeskartellamt, the imposition of unbalanced contractual clauses in favor of the "stronger party," and in this case a data policy contrary to Article 6 GDPR to the detriment of users, constitutes in itself a violation not only of the GDPR but also of the prohibition against abuse of a dominant position under Article 19(1) of the GWB. On this basis, the Bundeskartellamt therefore ordered Facebook to change the terms of use of its service and end

40 C.M. CHRISTENSEN, M. E. RAYNOR, AND R. MCDONALD, What Is Disruptive Innovation?,Harward Businees Review, 2015

41 The Bundeskartellam, in light also of the German Ordoliberal approach, underlined that Facebook behaviour was coercive since it was against the freedom to access and to participate to market. https://verfassungsblog.de/querdenker-suspension-fb/

18

the conduct within 12 months.⁴²

In an initial press release on the decision, Facebook challenged the conclusions reached by the German Authority and in particular the existence of the Bundeskartellamt's jurisdiction over the application of the Art 56 and 50 GDPR, noting that, in this case would fall within the competence of the Irish Data Protection Commission ( the MS where the subsidiary Facebook Ireland Ltd. is based).⁴³

2.1.1 Facebook and the abuse of its dominant position under scrutiny by the Düsseldorf Higher Regional Court and the Federal Court of Justice

Facebook appealed the Bundeskartellamnt’s decision to the Düsseldorf Higher Regional Court, which suspended the order in August 2019 because it did not accept the approach taken by the German Competition authority during the proceedings.

In particular, the Court first rejected the idea that a possible privacy breach can automatically trigger an antitrust violation in the case of a dominant undertaking. Second, the Bundeskartellamt was criticised for failing to provide any counterfactual analysis and for not showing either how consumer privacy in the social networking market in Germany had been violated or how Facebook's data practices had harmed competition.⁴⁴

The Dusseldorf Court, in fact, considers that in the conclusion of the finding of abusive practice, it was not decisive - as conversely pointed out by the German NCA - whether the Facebook`s processing of users' personal data, is in line with the provisions of GDPR. Rather, it is critical that the terms of use are abusive since they leave Facebook's private users no choice, whether they want to use the network with heightened personalization of the user experience or only allow personalization based on the data disclosed on facebook.com itself.⁴⁵

More precisely, according to the High Court, the Bundeskartellamt had failed to prove that Facebook had given rise to an exploitative abuse through the unilateral imposition of terms of use for the service

42Ibidem p 5-9

43Why We Disagree With the Bundeskartellamt | Meta (fb.com)

44 Facebook. Bundeskartellamt The Decision of the Higher Regional Court of Düsseldorf (Oberlandesgericht Düsseldorf) in interim proceedings, 26 August 2019, Case VI-Kart 1/19 (V) p 28-29

45 Ibidem p.8-9

19

that differed from those that would have theoretically arisen in a competitive environment. So, the (strict) causal link between dominance and abuse related to the adoption of the contractual terms for use of the platform could not be established.

Moreover, as to the abusive nature of the conduct, the judges had emphasized that it was not likely to result in any anticompetitive effect, a fortiori because of its exclusionary nature against actual or potential competitors.

The High Court had noted, the possibility of acquiring even large amounts of data remained within the power of other economic operators, while the Bundeskartellamt had not shown that Facebook had given rise to excessive data processing activities and that users had been been precluded from relative control, since the latter had given consent in the absence of any coercive element. In this regard, the judges had occasion to observe that the lack of users' appreciation of the terms and conditions was not related to Facebook's dominance in the market, but rather to the typical indifference of the average user of the platform. On these premises, the high court had then determined on an interim basis that the company's dominance could not have resulted in any violation of data protection rules and, as well as in terms of (domestic) competition law. ⁴⁶

Therefore,the suspension of the order, therefore, exempted Facebook from implementing the Bundeskartellamt's decision.

However, on June 23, 2020, the Federal Court of Justice (Bundesgerichtshof) provisionally upheld Facebook's claim of abuse of dominant position, thereby confirming the decision of the Bundeskartellamt. ⁴⁷ The Federal Court, in line with the German NCA, highlighted that Facebook has a position of absolute dominance because of several elements: about 90 % of daily active users, the lack of contextual use of other services (multi-homing), high barriers in terms of switching, direct and indirect network effects, and as a function of the absence of substitution effects with other platforms.

Nevertheless, the heart of the decision concerns the anticompetitive conduct. In fact, it is in relation to this aspect that the judges appeared to be extremely clear in finding, contrary to the Düsseldorf High Court's view, Facebook abused its dominant position in relation to the way in which the company collects and processes data. Indeed, the Federal Court stated that it is in the compulsory

46 Ibidem p. 14

47 Bundesgerichtshof bestätigt vorläufig den Vorwurf der missbräuchlichen Ausnutzung einer marktbeherrschenden Stellung durch Facebook Ausgabejahr Erscheinungsdatum23.06.2020 Nr. 080/2020 KVR 69/19 - Beschluss vom 23. Juni 2020

20

expansion of the service that the anticompetitive carat resides as it results in the exploitation of users’

data and equally contributes to generating the restriction of competition. ⁴⁸

Indeed, when users decide to register and use the platform, they do not have the opportunity to refuse the personalized experience based on the processing of data collected essentially everywhere.⁴⁹

It is precisely the wide availability of personal data, which generates anticompetitive effects, that allows Facebook to provide a much more personalized service and thus increase the attractiveness of its platform over (potential) competitors. The competitive advantage (illicitly) capitalized through the wide availability of data is then also functional on the side of advertisers (network effect), as it gives Facebook the ability to monetize the aggregation and processing of data. All of this had contributed to further improving the quality of service by further harmonizing the platform's dominance.

In other words, this decision represents a substantially complete overturning of the decision of the Düsseldorf High Court, which follows the operationalization of the measures and remedies imposed by the Bundeskartellamt.

2.2 AGCM's approach under the Consumer Protection.

In 2018, the AGCM fined Facebook a total of EUR 10 million for two unfair commercial practices, carried out toward Italian users in breach of the Consumer Code⁵⁰. One of the conducts was similar to the anticompetitive one fined by the German NCA, however, the Italian Authority decided to sanction Facebook following the Consumer Protection approach.

Firstly, according to the AGCM, Facebook had engaged in a misleading practice, prohibited by articles 21 and 22 of the Consumer Code, by adopting inadequate information in the phase of first registration of the user in the platform (website and app) by using the claim “Sign up, it's free and it will be free forever”, Facebook has allegedly informed users only of the fact that the service was free of charge, without highlighting the commercial purpose of the data collected.

During the proceedings, Facebook argued that the provision of 'free' services (such as the Social

48 Ibidem para 20

49 Ibidem para 42

50 PS11112 - FACEBOOK-CONDIVISIONE DATI CON TERZI Provvedimento n. 27432

http://www.agcm.it/dotcmsCustom/tc/2023/12/getDominoAttach?urlStr=192.168.14.10:8080/C12560D000291394/0/5A1EFA963A1 09B64C125835F00542FE2/$File/p27432.pdf

21

Network's services for users) would not give rise to an economic activity within the meaning of the Consumer Code. In rejecting this argument, the AGCM confirmed that the use of users’ personal data for marketing purposes constitutes a “consumer relationship between the Professional and the user who uses [Facebook] services (through the website and app), even in the absence of monetary consideration”, thus confirming that users’ data is to all intents and purposes a “non-pecuniary consideration”.⁵¹In the case at hand, according to the AGCM, the deceptiveness was further aggravated by the circumstance that "in the use of [Facebook], the commercial purposes lend themselves to being confused with the social and cultural purposes, typical of a social network'.⁵²

As regards the second type of conduct, which is the one closer to the conduct sanctioned by the German Competition Authority, the AGCM found that Facebook had engaged in an aggressive practice, prohibited by Articles 24 and 25 of the Consumer Code towards registered users, whose data had been transmitted from the social platform to the websites/apps of third parties and viceversa without the prior express consent of the person concerned, for profiling and commercial purposes.

The AGCM ascertained that this unknowing transmission would have been made possible because Facebook pre-set the user's consent to such sharing, by pre-selecting the 'platform activation' function.

In view of the automatic pre-setting of the function, the user would have a mere right to opt-out, which is discouraged by the prospect of penalizing consequences both in the use of Facebook and in the accessibility and use of third-party websites and apps.⁵³

In the course of the proceedings, Facebook claimed that AGCM lacked jurisdiction, pointing out that the Italian Authority would act "beyond its competence insofar as it uses consumer protection rules to analyze conduct that should be assessed on the basis of the legislation on privacy and the processing of personal data ".⁵⁴Similar to what was argued before the Budneskartellamt, Facebook also pointed out that the Irish Data Protection Commission, and not the AGCM, was competent to ascertain the alleged facts.

In rejecting the objection, AGCM confirmed its competence, stating that the fact that the privacy applicable to the conduct of the company [Facebook] does not exempt it from complying with the rules on unfair commercial practices. While the privacy regulations, entrusted to the AGCM, protect personal data, the Consumer Code, on the subject of unfair commercial practices, aims to protect

51 Ibidem 40

52 Ibidem 45

53 Ibidem 53

54 Ibidem 55