perspectives on tackling big tech’s market power

The Imperative for Collaborative Regulation of Big Tech

A crucial discussion regarding the necessity for competition watchdogs and privacy regulators to transcend their traditional ‘legal silos’ and collaboratively address the challenges posed by the market power of large technology companies spurred a series of insightful panel discussions. These events were hosted by the Centre for Economic Policy Research (CEPR) and are now available for on-demand viewing.

A Shift in Digital Market Oversight

The conversations featured prominent regulatory figures from both Europe and the United States, offering a preview of the evolving landscape of digital market oversight. This period is particularly significant, coinciding with the appointment of new leadership to the FTC, signaling a potential shift in regulatory approaches, especially concerning tech antitrust matters.

Integrating Competition and Privacy Law

CEPR’s central premise underscores the need for a comprehensive integration – not merely an intersection – of competition and privacy/data protection law. This is essential for effectively managing the influence of platform giants who have, in numerous instances, exploited their market dominance to impose an ongoing ‘fee’ of surveillance on consumers.

The Cost of Surveillance

This ‘fee’ simultaneously compromises consumer privacy and reinforces the market dominance of tech companies. It creates a barrier to entry for new competitors, who lack comparable access to user data and operate at a distinct disadvantage.

Addressing Under-Enforcement of Privacy Rights

For several years, a recurring theme in Europe, since the 2018 update to the bloc’s data protection framework (GDPR), has been the insufficient enforcement of established privacy rights. Consequently, regional competition authorities are actively exploring how ‘data abuse’ intersects with their antitrust legal frameworks.

Key Regulatory Leaders Involved

The CEPR discussions included participation from key figures such as Andrea Coscelli, CEO of the UK’s Competition and Markets Authority, and Elizabeth Denham, the Information Commissioner. Representatives from Germany, France, and the European Union – including Andreas Mundt, Henri Piffaut, and Wojciech Wiewiórowski, the European Data Protection Supervisor – also contributed.

The UK’s Evolving Role Post-Brexit

Following the UK’s departure from the EU, the CMA now holds a more prominent role in global mergers & acquisitions decisions. This allows the national authority to shape key standards in the digital sphere through its investigations and procedures, and it has been actively pursuing this path.

CMA Antitrust Probes

The CMA currently has several major antitrust investigations underway, targeting companies like Apple and Google. These include inquiries into complaints against Apple’s App Store and Google’s plan to deprecate third-party tracking cookies – the latter involving active collaboration with the UK’s privacy watchdog, the ICO.

Google’s ‘Privacy Sandbox’ and Collaboration

Recently, the competition watchdog indicated a willingness to accept legally binding commitments from Google. This could lead to a collaborative ‘co-design’ process involving the CMA, the ICO, and Google, shaping the technology infrastructure that will replace tracking cookies – a significant development.

Germany’s Proactive Approach

Germany’s FCO has also been actively challenging big tech this year, leveraging an update to national competition law that empowers it to proactively intervene in large digital platforms with significant competitive importance. Open procedures are currently underway against Amazon, Facebook, and Google.

The Facebook Case and Data Protection

The Bundeskartellamt has been a pioneer in integrating EU data protection rules into competition enforcement, notably in a strategic case against Facebook. This ongoing case, concerning Facebook’s ‘superprofiling’ of users, is now before Europe’s top court.

New Powers for the FCO

During the CEPR discussion, Mundt explained that the FCO’s experience with the Facebook case informed key amendments to national law, granting it greater powers to tackle big tech. He stated that regulating tech giants will be easier with these new national powers.

Prohibiting Data-Driven Impediments

“Once we have designated a company to be of ‘paramount significance’ we can prohibit certain conduct much more easily than we could in the past,” he said. “We can prohibit, for example, that a company impedes other undertaking by data processing that is relevant for competition. We can prohibit that a use of service depends on the agreement to data collection with no choice — this is the Facebook case, indeed… When this law was negotiated in parliament parliament very much referred to the Facebook case and in a certain sense this entwinement of competition law and data protection law is written in a theory of harm in the German competition law.”

Data Collection and Dominance

“This makes a lot of sense. If we talk about dominance and if we assess that this dominance has come into place because of data collection and data possession and data processing you need a parameter in how far a company is allowed to gather the data to process it.” He added that the Facebook case is likely to have a lasting impact, potentially clarifying how the European Competition Network (ECN) integrates GDPR into competition assessments.

Joint Efforts in France

France’s competition authority and national privacy regulator (the CNIL) have also been collaborating in recent years, including on a competition complaint against Apple’s pro-user privacy App Tracking Transparency feature.

Bridging Legal Silos

This demonstrates a growing effort by oversight bodies to bridge legal silos and effectively regulate tech giants whose market power stems from past failures in competition law enforcement, allowing them to acquire rivals and control user data.

The Monopoly-Data Nexus

The core argument is that monopoly power built on data access creates an exploitative relationship with platform giants. These companies extract costs – not in monetary fees, but in user privacy – for access to services that have become digital necessities, exacerbating the ‘winner-takes-all’ dynamic in digital markets.

Shifting Focus: From Separate to Integrated

Traditionally, Europe’s competition authorities and data protection regulators operated on separate tracks. However, the consensus from the CEPR panels is that this is changing and must change to effectively regulate digital markets and protect consumers and competitors.

Motivations for Collaboration

Denham explained that the UK government’s consideration of a single ‘Internet’ super regulator motivated her to foster collaboration with other digital regulators. “What scared the hell out of me was the policymakers the legislators floating the idea of one regulator for the Internet. I mean what does that mean?” she said. “So I think what the regulators did is we got to work, we got busy, we become creative, got our of our silos to try to tackle these companies — the likes of which we have never seen before.”

Prioritizing Consumer Protection

“And I really think what we have done in the UK — and I’m excited if others think it will work in their jurisdictions — but I think that what really pushed us is that we needed to show policymakers and the public that we had our act together. I think consumers and citizens don’t really care if the solution they’re looking for comes from the CMA, the ICO, Ofcom… they just want somebody to have their back when it comes to protection of privacy and protection of markets.”

Creative Regulatory Approaches

“We’re trying to use our regulatory levers in the most creative way possible to make the digital markets work and protect fundamental rights.”

The Google ‘Privacy Sandbox’ Investigation

The CMA’s Simeon Thornton highlighted the ongoing Google ‘Privacy Sandbox’ investigation and the joint work with the ICO, asserting that “data protection and respecting users’ rights to privacy are very much at the heart of the commitments upon which we are currently consulting”.

Balancing Competition and Privacy

“If we accept the commitments Google will be required to develop the proposals according to a number of criteria including impacts on privacy outcomes and compliance with data protection principles, and impacts on user experience and user control over the use of their personal data — alongside the overriding objective of the commitments which is to address our competition concerns,” he said. “We have worked closely with the ICO in seeking to understand the proposals and if we do accept the commitments then we will continue to work closely with the ICO in influencing the future development of those proposals.”

A Long-Term Commitment

“If we accept the commitments that’s not the end of the CMA’s work — on the contrary that’s when, in many respects, the real work begins. Under the commitments the CMA will be closely involved in the development, implementation and monitoring of the proposals, including through the design of trials for example. It’s a substantial investment from the CMA and we will be dedicating the right people — including data scientists, for example, to the job,” he added. “The commitments ensure that Google addresses any concerns that the CMA has. And if outstanding concerns cannot be resolved with Google they explicitly provide for the CMA to reopen the case and — if necessary — impose any interim measures necessary to avoid harm to competition.”

Proactive Regulation is Key

“So there’s no doubt this is a big undertaking. And it’s going to be challenging for the CMA, I’m sure of that. But personally I think this is the sort of approach that is required if we are really to tackle the sort of concerns we’re seeing in digital markets today.” Thornton also emphasized the need for regulators to intervene before harm materializes, rather than reacting after the fact.

US Regulatory Perspectives

FTC commissioner Rebecca Slaughter and Chris D’Angelo, the chief deputy AG of the New York Attorney General, also participated, offering US perspectives. Slaughter, a dissenter on the $5BN fine levied against Facebook in 2019, argued that the settlement failed to deter privacy abuse.

The Need for More Effective Enforcement

She advocated for US regulators to move beyond ineffective enforcement patterns, where companies receive minimal penalties that don’t address the root causes of market abuse. She also stressed the importance of being prepared to litigate more aggressively.

Shifting the Burden from Consumers

“That is what is most galling to me that even where we take action, in our best faith good public servants working hard to take action, we keep coming back to the same questions, again and again,” she said. “Which means that the actions we are taking isn’t working. We need different action to keep us from having the same conversation again and again.”

Focus on Firm Responsibility

Slaughter cautioned against relying solely on user control, arguing that it places an undue burden on consumers. “I think transparency and control are important. I think it is really problematic to put the burden on consumers to work through the markets and the use of data, figure out who has their data, how it’s being used, make decisions… I think you end up with notice fatigue; I think you end up with decision fatigue; you get very abusive manipulation of dark patterns to push people into decisions.”

Prioritizing Data Limitation and Prohibition

“So I really worry about a framework that is built at all around the idea of control as the central tenant or the way we solve the problem. I’ll keep coming back to the notion of what instead we need to be focusing on is where is the burden on the firms to limit their collection in the first instance, prohibit their sharing, prohibit abusive use of data and I think that that’s where we need to be focused from a policy perspective.”

Structural Separation as a Potential Solution

Regarding more radical solutions, such as breaking up tech giants, the European regulators indicated that this would likely be led by US agencies. Coscelli noted that structural separation might be more realistic for US agencies to pursue.

The Role of the European Commission

The absence of a representative from the European Commission on the panel was notable, potentially reflecting internal divisions between DG Comp and DG Justice regarding digital policymaking.

The Digital Markets Act

The Commission has proposed the Digital Markets Act, introducing ex ante regulations for ‘gatekeeper’ platforms. However, the challenge of effective pan-EU enforcement remains, given the decentralized nature of oversight across Member States.

The Need for Continued Collaboration

“We can say that no effective competition nor protection of the rights in the digital economy can be ensured when the different regulators do not talk to each other and understand each other,” Wiewiórowski warned. “While we are still thinking about the cooperation it looks a little bit like everybody is afraid they will have to trade a little bit of its own possibility to assess.”

A Complex and Evolving Landscape

The path to effectively regulating big tech is complex and requires careful coordination. While progress is being made on both sides of the Atlantic, significant challenges remain in dismantling the dominance of tech giants and ensuring a fair and competitive digital market.