Fireworks came a bit early this year. Between the Supreme Court’s end-of-term decisions and this week’s January 6th Committee hearings, it wasn’t a week with much antitrust news coming out of either the FTC or Congress. But the Supreme Court’s made sure to keep things exciting: the opinion in West Virginia v. EPA case will reshape the regulatory landscape for years to come, including the world of antitrust.

This week’s headline is the WV v. EPA opinion. Nominally about the EPA’s efforts to regulate coal power plants, the opinion is really about the so-called major questions doctrine (MQD). Summarizing in a sentence a case that will be the subject of hundreds of law review articles and years of clarifying litigation, the MQD says that agencies can’t enact regulations of vast political or economic significance unless Congress clearly delegates them the authority and tools to do so. 

This outcome isn’t surprising – but it is nonetheless a big deal. For some general discussion, you could do worse than listening to Corbin Barthold and Berin Szóka dissecting the opinion in real-time. Focusing specifically on the FTC, commentators anticipating the ruling have argued that the MQD could substantially curtail the FTC’s UMC authority. Now that we have the opinion, that outcome seems likely confirmed.

The contours of the major questions doctrine are unclear. That is one of the most trenchant criticisms of the doctrine. But the Court’s opinion points to several factors beyond merely relating to a rule of “vast political or economic significance” (which remains the defining characteristic). Claiming new, or only rarely used, regulatory authority suggests a major question, especially if that authority would mark a “transformative expansion” in the agency’s authority. If the power is based in vague language or “ancillary provisions” of a statute suggests a major question. Or Congress having “conspicuously and repeatedly declined” to regulate the issue through legislation suggests a major question. All of these factors apply in the context of the FTC using its UMC authority, based the ancillary rulemaking authority of Section 6(g), to transformatively expand its authority to address any number of issues that are believed to be subject to FTC interest.

At the same time, those concerned about expansive UMC authority should not be too quick to think the UMC rulemaking project dead. The EPA and many other agencies to which the MQD is likely to apply, such as the FCC, have narrower scope than the FTC. While broad, the EPA’s authority is tailored to specific environmental issues; the FCC’s authority is tailored to specific communications technologies. Arguably, the FTC’s authority is more general than other agencies to which the MQD will clearly apply – unfair methods of competition can occur in any aspect of the economy.

Realistically, however, the prospects of the FTC surviving a MQD challenge if it pushes aggressive use of its UMC authority are slim. The bareness of the Section 6(g) rulemaking authority is challenge enough. But perhaps even more important is the theory underlying WV v. EPA and the MQD. Justice Roberts’s majority opinion invokes both separation of powers and legislative intent concerns. The MQD is about both whether Congress meant to, and whether it was appropriate for it to, delegate broad authority to an agency. It seems clear that if Congress wants to delegate substantial power to an agency that the Court expects Congress to be very clear about what that power is and how it is to be used. It is not enough to say “EPA, you regulate environmental stuff; FTC you regulate competition stuff.”

Turning now to other news. Can we call AICOA dead yet? Probably not, but time for Sen. Amy Klobuchar (D-MN) to save her American Innovation and Choice Online Act runs low. In addition to the academics, advocates, and Democratic senators (see last week’s Roundup for those details), social justice groups have joined the chorus expressing concerns about how AICOA might limit platforms’ ability to engage in content moderation. Alden Abbott has also brought focus to largely overlooked rule of law concerns raised by AICOA.

Speaking of other dead things, ADPPA seems to be spinning in its own grave. Late last week Sen. Maria Cantwell (D-WA), chair of the committee the bill would need to go through, said she has no plans to consider the bill in committee – and that Sen. Chuck Schumer (D-NY) has no interest in bringing it to the Senate floor. That sounds pretty dead. But the Court’s Dobbs opinion has made it deader. Over the weekend, a spokesperson for Cantwell “does not adequately protect against the privacy threats posed by a post-Roe world.” 

So, it seems likely the FTC remains the only potential privacy bulwark to which privacy advocates can turn. President Biden is already asking them to address Dobbs-related privacy issues. But query: would an FTC effort to develop rules to address privacy concerns present a major question – these are issues of longstanding Congressional debate and substantial economic and political importance? (I expect not; but I expect the issue could get into court.)

Some quick hits, literally. Today one forgets about the CFPB or its director, Rohit Chopra, at their peril. The Chamber of Commerce is trying to change this. ITIF’s Julie Carlson talks about the meteoric rise and fall of Lina Khan. The fall seems premature, but the WV v. EPA has certainly brought the ground closer. It may be a less literal hit, perhaps, but MLB’s antitrust exemption may be in its last innings. And where’s the beef? Price stabilization legislation is moving through the Senate Ag Committee.

Some parting thoughts? If you insist. Last week we mentioned this week’s Concurrences conference on the Rulemaking Authority of the FTC. It was a great event! Among other things, it introduced Dan Crane’s new, must-read, book on the topic, featuring chapters by a who’s-who of writers in the field. Several authors have previously contributed to the Truth on the Market symposium on the topic (hey, this post is part of that, too!) – and in the coming week we will have some more contributions from those authors.

Finally, a Friday afternoon read: Last week was Microsoft Internet Explorer’s last as a going concern. What can those concerned about big tech learn from the browser wars? Find out here.

The FTC UMC Roundup, part of the Truth on the Market FTC UMC Symposium, is a weekly roundup of news relating to the Federal Trade Commission’s antitrust and Unfair Methods of Competition authority. If you would like to receive this and other posts relating to these topics, subscribe to the RSS feed here. If you have news items you would like to suggest for inclusion, please mail them to us at ghurwitz@laweconcenter.org and/or kfierro@laweconcenter.org.

The fate of the badly misnamed American Innovation and Choice Online Act, S. 2992 (AICOA), may be decided by the August congressional recess. AICOA’s serious flaws have been ably dissected by numerous commentators (see, for example, here, here, here, and here). Moreover, respected former senior Democratic antitrust enforcers who have advocated more aggressive antitrust enforcement have also come out against the bill. For example, Stanford professor and former Acting Assistant Attorney General for Antitrust Douglas Melamed (who oversaw the Microsoft case for the Clinton Administration) very recently authored an article stressing that AICOA “is likely to impair innovation by the platforms.” The case has ably been made that the perverse welfare-reducing effects of multiple AICOA provisions, which impose inordinate costs (stemming, for instance, from interoperability requirements and prohibitions on “self-preferencing,” “discrimination,” and data usage) and discourage efficient vertical integration (see here), among other defects.

One aspect of AICOA that perhaps has garnered less attention is its affront to the rule of law. That deficiency in and of itself is sufficient to justify the summary rejection of this legislation by the Congress. Let’s examine it more closely.

A core element of the rule of law is that the government should apply the law neutrally to similarly situated entities. This principle is mocked, however, by the AICOA. The AICOA’s convoluted definition of “covered platform,” found in section 2(a)(5)(B) of S. 2992, focuses on rather arbitrary “monthly user,” capitalization, and sales value thresholds. Although the definitional elements were clearly designed to capture only the largest current digital platforms (all American) that have been in the public spotlight – Amazon, Facebook (now Meta), Apple, Google (now Alphabet), and Microsoft (possibly) – companies could fall within or outside the bill’s scope based on unpredictable changes in financial and user data in the future. This would lead to uncertainty as to whether particular firms were covered by the bill. It would also encourage corporate gamesmanship by specific firms as they sought to avoid the AICOA’s reach. As such, business planning would be rendered more difficult and less efficient, and the rule of law would be frayed.

A related rule of law concern is that parties be informed of the conduct they must adopt in order to avoid violating a particular law. Contemporary antitrust law does a far better job than the AICOA in satisfying this concern.

Contemporary American antitrust law has identified a few types of actions that are inherently anticompetitive, and therefore are “per se illegal” under all circumstances (bid rigging and naked horizontal price fixing and market division). Most business behavior, however, is assessed on a case-by-case basis under the antitrust “rule of reason,” which only condemns behavior whose anticompetitive effects outweigh its procompetitive effects. Rule of reason analysis prohibits  behavior that inefficiently weakens the competitive process and excludes rivals for no legitimate business reason, and thereby tends to reduce consumer welfare. Mere harm to individual competitors (due say to more efficient or innovative production techniques) is not condemned. Specific enforcement agency guidance through speeches, enforcement actions, and enforcement guidelines have developed over time on a bipartisan basis to clarify what competition on the merits means in particular circumstances. As former Acting Assistant Attorney General for Antitrust Andrew Finch explained in a 2017 speech, enforcers’ emphasis has been giving notice about enforcement principles that allows private parties to reasonably predict the legal consequences of their actions:

[S]tability and continuity in enforcement are fundamental to the rule of law. The rule of law is about notice and reliance. When it is impossible to make reasonable predictions about how a law will be applied, or what the legal consequences of conduct will be, these important values are diminished.

In comparison with existing antitrust law, however, AICOA, does a very poor job of fostering predictability regarding what is prohibited. As Professor Melamed explains, it makes it unclear what it means when it uses the key term “material harm to competition”— whose absence a covered platform must demonstrate in order to avoid liability under the bill. Specifically, as Melamed stresses:

[T]he bill does not include the normal antitrust language (e.g., “competition in the market as a whole,” “market power”) that gives meaning to the idea of harm to competition, nor does it say that the imprecise language it does use is to be construed as that language is construed by the antitrust laws. . . . The bill could be very harmful if it is construed to require, not increased market power, but simply harm to rivals.

Rule of law predictability is further undermined by other ambiguous AICOA terms, which also threaten to harm competition and innovation, as Professor Dan Spulber points out (citations omitted):

The new [proposed platform-related] antitrust laws may have adverse effects on innovation and competition because of imprecise concepts and terminology. The American Bar Association Antitrust Law Section expressed concerns about “ambiguous terminology in the [AICOA] Bill regarding fairness, preferencing, materiality, and harm to competition on covered platforms.” The Section recommended that “these definitions direct attention to analysis consistent with antitrust principles: effects-based inquiries concerned with harm to the competitive process.”

Finally, AICOA also is in tension with the rule of law by placing the onus first on private parties to show that they have not violated the law (have not caused “material harm to competition”) when they have engaged in certain types of specified behavior deemed “problematic” under the bill. This is at odds with the approach under the antitrust rule of reason, in which the government first must show harm to competition before the defendant is required to justify its behavior as having procompetitive welfare-enhancing features. The AICOA’s placing of the initial burden on parties is troublesome, because the particular actions that trigger an initial presumption of illegality (self-preferencing, limitations on competitor access to the covered platform, certain “discriminatory” acts, certain restrictions on interoperability, certain use of nonpublic data, and so forth) are efficient and welfare-enhancing in many situations. Thus, AICOA undoubtedly would lead to the presumptive condemnation of much procompetitive conduct. Platforms that fell just outside AICOA’s coverage would not face this risk, because their similar conduct would be under the rule of reason. In short, the AICOA would lead to disparate treatment of identical conduct by similar firms, based on the bill’s arbitrary jurisdictional line-drawing. In conclusion, the AICOA sows confusion and undermines legal stability, continuity, and predictability. As such, it is an affront to the rule of law and should not be enacted, without regard to its substantive policy merits.   

Things are getting spicy in the administrative state. This week we have the first formal indication of new rules coming out of the FTC. We have lobbyists lobbying, and influencers influencing, CEOs loitering, and academics … academicing? We have some review and preview of what’s at stake with administrative law. We’ve got interesting upcoming events. And we’ve got more. So let’s get going!

This week’s headline can’t not be the first official news that the FTC is planning to make some rules (h/t Leah Nylen). The Commission is working on a “rulemaking under section 18 of the FTC Act to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.” Section 18, of course, is Mag-Moss, so we’re not talking straight-up UMC rules – though there will be lots of details in the details (our first Trojan Horse).

Bending the rulemaking narrative, and perhaps easy-riding under the radar, this week, the FTC has issued an order to Harley-Davidson, among other manufacturers, requiring them to change their warranties to allow customers to use independent dealers for repairs. One wonders whether this enforcement-based approach to the right-to-repair is a tap on the breaks for potential right-to-repair rules – one of the potential rules that many have speculated the FTC would be quick to adopt.

Truth be told, things were pretty quiet on the FTC front this week. Not so much a few blocks away, down on the Congressional end of the Mall. The academics came out in force this week, with caution about Sen. Amy Klobuchar’s American Innovation and Choice Online Act (AICOA). We start things off with Doug Melamed, who faults AICOA for not defining “harm to competition” and for prohibiting welfare-enhancing conduct. His key point: “Economists have long understood that innovation is far more important for economic welfare than static efficiency” – least some in Congress, it seems, missed that memo.

Melamed ends his piece drawing attention to concerns that the bill might limit platforms’ ability to moderate content they host—a point that the bill’s Republican supporters take seriously. This concern was most forcefully made this week by Georgetown Law professor Anupam Chander in a letter coauthored with other well-respected law professors and signed by another dozen, all experts in this field. Frustratingly, if predictably, this letter was overshadowed by the lobbying against it, with Yelp’s Luther Lowe accusing Chander of being a shill – and getting egg all over his face in the process.

Lobbying is the name of the game right now. Brian Fung reports that tech CEOs have been loitering around Congress. Social media influencers the latest conscripts to the front lines. And with AICOA built upon a strange-bedfellows coalition, those unusual lines of cooperation are being explored as potential cleavage points.

Time for some quick hits. With the role of labor issues in antitrust a focus for the administration (both with the FTC’s interest in non-competes and attention on labor in the potential merger guideline revisions), a recent interview with Eric Posner, an advisor to AAG Kanter, is of great interest. Posner notes that “There is this very close and complicated relationship between labor law and antitrust law that has to be maintained.” Indeed. And on the litigation front, the judge overseeing some of the FTC litigation against Meta agrees with the company’s contention that it needs information from competing firms to mount its defense, including TikTok, WeChat, and Telegram. And folks continue to explain that price controls (antitrust style or otherwise) don’t work to fight inflation.

But not so fast! We leave you with some deeper thinking about what’s to come today. We mentioned AHA v. Becerra and what it means for the future of the Chevron doctrine last week. The Notice and Comment blog has some nice further discussion about what AHA v. Becerra means for the future of the Chevron doctrine. Another important administrative law case, West Virginia v. EPA, will almost certainly be released next week – this could be a major “major questions doctrine” case – and is important enough that APM Marketplace covered it. And while the courts might be working to make the administrative state smaller, some argue to make it bigger to deal with Big Tech. Whoever and however we regulate things, Maureen Ohlhausen (former acting FTC Chair) has wise words for whomever is in charge.

Some closing words. Bill Shughart offers a reflection on the passing of Internet Explorer (1995-2022. RIP). For those in DC on Monday, the Concurrences conference on Rulemaking Authority of the Federal Trade Commission is a must-attend event – and you can attend online if you can’t make it in person. And on Tuesday, BYU is hosting the first in what promises to be a good series of webinars on antitrust and tech-related regulatory issues, starting with a discussion of AICOA.

Just three weeks after a draft version of the legislation was unveiled by congressional negotiators, the American Data Privacy and Protection Act (ADPPA) is heading to its first legislative markup, set for tomorrow morning before the U.S. House Energy and Commerce Committee’s Consumer Protection and Commerce Subcommittee.

Though the bill’s legislative future remains uncertain, particularly in the U.S. Senate, it would be appropriate to check how the measure compares with, and could potentially interact with, the comprehensive data-privacy regime promulgated by the European Union’s General Data Protection Regulation (GDPR). A preliminary comparison of the two shows that the ADPPA risks adopting some of the GDPR’s flaws, while adding some entirely new problems.

A common misconception about the GDPR is that it imposed a requirement for “cookie consent” pop-ups that mar the experience of European users of the Internet. In fact, this requirement comes from a different and much older piece of EU law, the 2002 ePrivacy Directive. In most circumstances, the GDPR itself does not require express consent for cookies or other common and beneficial mechanisms to keep track of user interactions with a website. Website publishers could likely rely on one of two lawful bases for data processing outlined in Article 6 of the GDPR:

  • data processing is necessary in connection with a contractual relationship with the user, or
  • “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party” (unless overridden by interests of the data subject).

For its part, the ADPPA generally adopts the “contractual necessity” basis for data processing but excludes the option to collect or process “information identifying an individual’s online activities over time or across third party websites.” The ADPPA instead classifies such information as “sensitive covered data.” It’s difficult to see what benefit users would derive from having to click that they “consent” to features that are clearly necessary for the most basic functionality, such as remaining logged in to a site or adding items to an online shopping cart. But the expected result will be many, many more popup consent queries, like those that already bedevil European users.

Using personal data to create new products

Section 101(a)(1) of the ADPPA expressly allows the use of “covered data” (personal data) to “provide or maintain a specific product or service requested by an individual.” But the legislation is murkier when it comes to the permissible uses of covered data to develop new products. This would only clearly be allowed where each data subject concerned could be asked if they “request” the specific future product. By contrast, under the GDPR, it is clear that a firm can ask for user consent to use their data to develop future products.

Moving beyond Section 101, we can look to the “general exceptions” in Section 209 of the ADPPA, specifically the exception in Section 209(a)(2)):

With respect to covered data previously collected in accordance with this Act, notwithstanding this exception, to perform system maintenance, diagnostics, maintain a product or service for which such covered data was collected, conduct internal research or analytics to improve products and services, perform inventory management or network management, or debug or repair errors that impair the functionality of a service or product for which such covered data was collected by the covered entity, except such data shall not be transferred.

While this provision mentions conducting “internal research or analytics to improve products and services,” it also refers to “a product or service for which such covered data was collected.” The concern here is that this could be interpreted as only allowing “research or analytics” in relation to existing products known to the data subject.

The road ends here for personal data that the firm collects itself. Somewhat paradoxically, the firm could more easily make the case for using data obtained from a third party. Under Section 302(b) of the ADPPA, a firm only has to ensure that it is not processing “third party data for a processing purpose inconsistent with the expectations of a reasonable individual.” Such a relatively broad “reasonable expectations” basis is not available for data collected directly by first-party covered entities.

Under the GDPR, aside from the data subject’s consent, the firm also could rely on its own “legitimate interest” as a lawful basis to process user data to develop new products. It is true, however, that due to requirements that the interests of the data controller and the data subject must be appropriately weighed, the “legitimate interest” basis is probably less popular in the EU than alternatives like consent or contractual necessity.

Developing this path in the ADPPA would arguably provide a more sensible basis for data uses like the reuse of data for new product development. This could be superior even to express consent, which faces problems like “consent fatigue.” These are unlikely to be solved by promulgating detailed rules on “affirmative consent,” as proposed in Section 2 of the ADPPA.

Problems with ‘de-identified data’

Another example of significant confusion in the ADPPA’s the basic conceptual scheme is the bill’s notion of “de-identified data.” The drafters seemed to be aiming for a partial exemption from the default data-protection regime for datasets that no longer contain personally identifying information, but that are derived from datasets that once did. Instead of providing such an exemption, however, the rules for de-identified data essentially extend the ADPPA’s scope to nonpersonal data, while also creating a whole new set of problems.

The basic problem is that the definition of “de-identified data” in the ADPPA is not limited to data derived from identifiable data. The definition covers: “information that does not identify and is not linked or reasonably linkable to an individual or a device, regardless of whether the information is aggregated.” In other words, it is the converse of “covered data” (personal data): whatever is not “covered data” is “de-identified data.” Even if some data are not personally identifiable and are not a result of a transformation of data that was personally identifiable, they still count as “de-identified data.” If this reading is correct, it creates an absurd result that sweeps all information into the scope of the ADPPA.

For the sake of argument, let’s assume that this confusion can be fixed and that the definition of “de-identified data” is limited to data that is:

  1. derived from identifiable data, but
  2. that hold a possibility of re-identification (weaker than “reasonably linkable”) and
  3. are processed by the entity that previously processed the original identifiable data.

Remember that we are talking about data that are not “reasonably linkable to an individual.” Hence, the intent appears to be that the rules on de-identified data would apply to non-personal data that would otherwise not be covered by the ADPPA.

The rationale for this may be that it is difficult, legally and practically, to differentiate between personally identifiable data and data that are not personally identifiable. A good deal of seemingly “anonymous” data may be linked to an individual—e.g., by connecting the dataset at hand with some other dataset.

The case for regulation in an example where a firm clearly dealt with personal data, and then derived some apparently de-identified data from them, may actually be stronger than in the case of a dataset that was never directly derived from personal data. But is that case sufficient to justify the ADPPA’s proposed rules?

The ADPPA imposes several duties on entities dealing with “de-identified data” (that is, all data that are not considered “covered” data):

  1. to take “reasonable measures to ensure that the information cannot, at any point, be used to re-identify any individual or device”;
  2. to publicly commit “in a clear and conspicuous manner—
    1. to process and transfer the information solely in a de- identified form without any reasonable means for re- identification; and
    1. to not attempt to re-identify the information with any individual or device;”
  3. to “contractually obligate[] any person or entity that receives the information from the covered entity to comply with all of the” same rules.

The first duty is superfluous and adds interpretative confusion, given that de-identified data, by definition, are not “reasonably linkable” with individuals.

The second duty — public commitment — unreasonably restricts what can be done with nonpersonal data. Firms may have many legitimate reasons to de-identify data and then to re-identify them later. This provision would effectively prohibit firms from effective attempts at data minimization (resulting in de-identification) if those firms may at any point in the future need to link the data with individuals. It seems that the drafters had some very specific (and likely rare) mischief in mind here but ended up prohibiting a vast sphere of innocuous activity.

Note that, for data to become “de-identified data,” they must first be collected and processed as “covered data” in conformity with the ADPPA and then transformed (de-identified) in such a way as to no longer meet the definition of “covered data.” If someone then re-identifies the data, this will again constitute “collection” of “covered data” under the ADPPA. At every point of the process, personally identifiable data is covered by the ADPPA rules on “covered data.”

Finally, the third duty—“share alike” (to “contractually obligate[] any person or entity that receives the information from the covered entity to comply”)—faces a very similar problem as the second duty. Under this provision, the only way to preserve the option for a third party to identify the individuals linked to the data will be for the third party to receive the data in a personally identifiable form. In other words, this provision makes it impossible to share data in a de-identified form while preserving the possibility of re-identification. Logically speaking, we would have expected a possibility to share the data in a de-identified form; this would align with the principle of data minimization. What the ADPPA does instead is effectively to impose a duty to share de-identified personal data together with identifying information. This is a truly bizarre result, directly contrary to the principle of data minimization.

Conclusion

The basic conceptual structure of the legislation that subcommittee members will take up this week is, to a very significant extent, both confused and confusing. Perhaps in tomorrow’s markup, a more open and detailed discussion of what the drafters were trying to achieve could help to improve the scheme, as it seems that some key provisions of the current draft would lead to absurd results (e.g., those directly contrary to the principle of data minimization).

Given that the GDPR is already a well-known point of reference, including for U.S.-based companies and privacy professionals, the ADPPA may do better to re-use the best features of the GDPR’s conceptual structure while cutting its excesses. Re-inventing the wheel by proposing new concepts did not work well in this ADPPA draft.

The European Union’s Digital Markets Act (DMA) has been finalized in principle, although some legislative details are still being negotiated. Alas, our earlier worries about user privacy still have not been addressed adequately.

The key rules to examine are the DMA’s interoperability mandates. The most recent DMA text introduced a potentially very risky new kind of compulsory interoperability “of number-independent interpersonal communications services” (e.g., for services like WhatsApp). However, this obligation comes with a commendable safeguard in the form of an equivalence standard: interoperability cannot lower the current level of user security. Unfortunately, the DMA’s other interoperability provisions lack similar security safeguards.

The lack of serious consideration of security issues is perhaps best illustrated by how the DMA might actually preclude makers of web browsers from protecting their users from some of the most common criminal attacks, like phishing.

Key privacy concern: interoperability mandates

​​The original DMA proposal included several interoperability and data-portability obligations regarding the “core platform services” of platforms designated as “gatekeepers”—i.e., the largest online platforms. Those provisions were changed considerably during the legislative process. Among its other provisions, the most recent (May 11, 2022) version of the DMA includes:

  1. a prohibition on restricting users—“technically or otherwise”—from switching among and subscribing to software and services “accessed using the core platform services of the gatekeeper” (Art 6(6));
  2. an obligation for gatekeepers to allow interoperability with their operating system or virtual assistant (Art 6(7)); and
  3. an obligation “on interoperability of number-independent interpersonal communications services” (Art 7).

To varying degrees, these provisions attempt to safeguard privacy and security interests, but the first two do so in a clearly inadequate way.

First, the Article 6(6) prohibition on restricting users from using third-party software or services “accessed using the core platform services of the gatekeeper” notably applies to web services (web content) that a user can access through the gatekeeper’s web browser (e.g., Safari for iOS). (Web browsers are defined as core platform services in Art 2(2) DMA.)

Given that web content is typically not installed in the operating system, but accessed through a browser (i.e., likely “accessed using a core platform service of the gatekeeper”), earlier “side-loading” provisions (Article 6(4), which is discussed further below) would not apply here. This leads to what appears to be a significant oversight: the gatekeepers appear to be almost completely disabled from protecting their users when they use the Internet through web browsers, one of the most significant channels of privacy and security risks.

The Federal Bureau of Investigation (FBI) has identified “phishing” as one of the three top cybercrime types, based on the number of victim complaints. A successful phishing attack normally involves a user accessing a website that is impersonating a service the user trusts (e.g., an email account or corporate login). Browser developers can prevent some such attacks, e.g., by keeping “block lists” of websites known to be malicious and warning about, or even preventing, access to such sites. Prohibiting platforms from restricting their users’ access to third-party services would also prohibit this vital cybersecurity practice.

Under Art 6(4), in the case of installed third-party software, the gatekeepers can take:

…measures to ensure that third party software applications or software application stores do not endanger the integrity of the hardware or operating system provided by the gatekeeper, provided that such measures go no further than is strictly necessary and proportionate and are duly justified by the gatekeeper.

The gatekeepers can also apply:

measures and settings other than default settings, enabling end users to effectively protect security in relation to third party software applications or software application stores, provided that such measures and settings go no further than is strictly necessary and proportionate and are duly justified by the gatekeeper.

None of those safeguards, insufficient as they are—see the discussion below of Art 6(7)—are present in Art 6(6). Worse still is that the anti-circumvention rule in Art 13(6) applies here, prohibiting gatekeepers from offering “choices to the end-user in a non-neutral manner.” That is precisely what a web-browser developer does when warning users of security risks or when blocking access to websites known to be malicious—e.g., to protect users from phishing attacks.

This concern is not addressed by the general provision in Art 8(1) requiring the gatekeepers to ensure “that the implementation” of the measures under the DMA complies with the General Data Protection Regulation (GDPR), as well as “legislation on cyber security, consumer protection, product safety.”

The first concern is that this would not allow the gatekeepers to offer a higher standard of user protection than that required by the arguably weak or overly vague existing legislation. Also, given that the DMA’s rules (including future delegated legislation) are likely to be more specific—in the sense of constituting lex specialis—than EU rules on privacy and security, establishing a coherent legal interpretation that would allow gatekeepers to protect their users is likely to be unnecessarily difficult.

Second, the obligation from Art 6(7) for gatekeepers to allow interoperability with their operating system or virtual assistant only includes the first kind of a safeguard from Art 6(4), concerning the risk of compromising “the integrity of the operating system, virtual assistant or software features provided by the gatekeeper.” However, the risks from which service providers aim to protect users are by no means limited to system “integrity.” A user may be a victim of, e.g., a phishing attack that does not explicitly compromise the integrity of the software they used.

Moreover, as in Art 6(4), there is a problem with the “strictly necessary and proportionate” qualification. This standard may be too high and may push gatekeepers to offer more lax security to avoid liability for adopting measures that would be judged by European Commission and the courts as going beyond what is strictly necessary or indispensable.

The relevant recitals from the DMA preamble, instead of aiding in interpretation, add more confusion. The most notorious example is in recital 50, which states that gatekeepers “should be prevented from implementing” measures that are “strictly necessary and proportionate” to effectively protect user security “as a default setting or as pre-installation.” What possible justification can there be for prohibiting providers from setting a “strictly necessary” security measure as a default? We can hope that this manifestly bizarre provision will be corrected in the final text, together with the other issues identified above.

Finally, there is the obligation “on interoperability of number-independent interpersonal communications services” from Art 7. Here, the DMA takes a different and much better approach to safeguarding user privacy and security. Art 7(3) states that:

The level of security, including the end-to-end encryption, where applicable, that the gatekeeper provides to its own end users shall be preserved across the interoperable services.

There may be some concern that the Commission or the courts will not treat this rule with sufficient seriousness. Ensuring that user security is not compromised by interoperability may take a long time and may require excluding many third-party services that had hoped to benefit from this DMA rule. Nonetheless, EU policymakers should resist watering down the standard of equivalence in security levels, even if it renders Art 7 a dead letter for the foreseeable future.

It is also worth noting that there will be no presumption of user opt-in to any interoperability scheme (Art 7(7)-(8)), which means that third-party service providers will not be able to simply “onboard” all users from a gatekeeper’s service without their explicit consent. This is to be commended.

Conclusion

Despite some improvements (the equivalence standard in Art 7(3) DMA), the current DMA language still betrays, as I noted previously, “a policy preference for privileging uncertain and speculative competition gains at the cost of introducing new and clear dangers to information privacy and security.” Jane Bambauer of the University of Arizona Law School came to similar conclusions in her analysis of the DMA, in which she warned:

EU lawmakers should be aware that the DMA is dramatically increasing the risk that data will be mishandled. Nevertheless, even though a new scandal from the DMA’s data interoperability requirement is entirely predictable, I suspect EU regulators will evade public criticism and claim that the gatekeeping platforms are morally and financially responsible.

The DMA’s text is not yet entirely finalized. It may still be possible to extend the approach adopted in Article 7(3) to other privacy-threatening rules, especially in Article 6. Such a requirement that any third-party service providers offer at least the same level of security as the gatekeepers is eminently reasonable and is likely what the users themselves would expect. Of course, there is always a risk that a safeguard of this kind will be effectively nullified in administrative or judicial practice, but this may not be very likely, given the importance that EU courts typically attach to privacy.

The Biden administration’s antitrust reign of error continues apace. The U.S. Justice Department’s (DOJ) Antitrust Division has indicated in recent months that criminal prosecutions may be forthcoming under Section 2 of the Sherman Antitrust Act, but refuses to provide any guidance regarding enforcement criteria.

Earlier this month, Deputy Assistant Attorney General Richard Powers stated that “there’s ample case law out there to help inform those who have concerns or questions” regarding Section 2 criminal enforcement, conveniently ignoring the fact that criminal Section 2 cases have not been brought in almost half a century. Needless to say, those ancient Section 2 cases (which are relatively few in number) antedate the modern era of economic reasoning in antitrust analysis. What’s more, unlike Section 1 price-fixing and market-division precedents, they yield no clear rule as to what constitutes criminal unilateral behavior. Thus, DOJ’s suggestion that old cases be consulted for guidance is disingenuous at best. 

It follows that DOJ criminal-monopolization prosecutions would be sheer folly. They would spawn substantial confusion and uncertainty and disincentivize dynamic economic growth.

Aggressive unilateral business conduct is a key driver of the competitive process. It brings about “creative destruction” that transforms markets, generates innovation, and thereby drives economic growth. As such, one wants to be particularly careful before condemning such conduct on grounds that it is anticompetitive. Accordingly, error costs here are particularly high and damaging to economic prosperity.

Moreover, error costs in assessing unilateral conduct are more likely than in assessing joint conduct, because it is very hard to distinguish between procompetitive and anticompetitive single-firm conduct, as DOJ’s 2008 Report on Single Firm Conduct Under Section 2 explains (citations omitted):

Courts and commentators have long recognized the difficulty of determining what means of acquiring and maintaining monopoly power should be prohibited as improper. Although many different kinds of conduct have been found to violate section 2, “[d]efining the contours of this element … has been one of the most vexing questions in antitrust law.” As Judge Easterbrook observes, “Aggressive, competitive conduct by any firm, even one with market power, is beneficial to consumers. Courts should prize and encourage it. Aggressive, exclusionary conduct is deleterious to consumers, and courts should condemn it. The big problem lies in this: competitive and exclusionary conduct look alike.”

The problem is not simply one that demands drawing fine lines separating different categories of conduct; often the same conduct can both generate efficiencies and exclude competitors. Judicial experience and advances in economic thinking have demonstrated the potential procompetitive benefits of a wide variety of practices that were once viewed with suspicion when engaged in by firms with substantial market power. Exclusive dealing, for example, may be used to encourage beneficial investment by the parties while also making it more difficult for competitors to distribute their products.

If DOJ does choose to bring a Section 2 criminal case soon, would it target one of the major digital platforms? Notably, a U.S. House Judiciary Committee letter recently called on DOJ to launch a criminal investigation of Amazon (see here). Also, current Federal Trade Commission (FTC) Chair Lina Khan launched her academic career with an article focusing on Amazon’s “predatory pricing” and attacking the consumer welfare standard (see here).

Khan’s “analysis” has been totally discredited. As a trenchant scholarly article by Timothy Muris and Jonathan Nuechterlein explains:

[DOJ’s criminal Section 2 prosecution of A&P, begun in 1944,] bear[s] an eerie resemblance to attacks today on leading online innovators. Increasingly integrated and efficient retailers—first A&P, then “big box” brick-and-mortar stores, and now online retailers—have challenged traditional retail models by offering consumers lower prices and greater convenience. For decades, critics across the political spectrum have reacted to such disruption by urging Congress, the courts, and the enforcement agencies to stop these American success stories by revising antitrust doctrine to protect small businesses rather than the interests of consumers. Using antitrust law to punish pro-competitive behavior makes no more sense today than it did when the government attacked A&P for cutting consumers too good a deal on groceries. 

Before bringing criminal Section 2 charges against Amazon, or any other “dominant” firm, DOJ leaders should read and absorb the sobering Muris and Nuechterlein assessment. 

Finally, not only would DOJ Section 2 criminal prosecutions represent bad public policy—they would also undermine the rule of law. In a very thoughtful 2017 speech, then-Acting Assistant Attorney General for Antitrust Andrew Finch succinctly summarized the importance of the rule of law in antitrust enforcement:

[H]ow do we administer the antitrust laws more rationally, accurately, expeditiously, and efficiently? … Law enforcement requires stability and continuity both in rules and in their application to specific cases.

Indeed, stability and continuity in enforcement are fundamental to the rule of law. The rule of law is about notice and reliance. When it is impossible to make reasonable predictions about how a law will be applied, or what the legal consequences of conduct will be, these important values are diminished. To call our antitrust regime a “rule of law” regime, we must enforce the law as written and as interpreted by the courts and advance change with careful thought.

The reliance fostered by stability and continuity has obvious economic benefits. Businesses invest, not only in innovation but in facilities, marketing, and personnel, and they do so based on the economic and legal environment they expect to face.

Of course, we want businesses to make those investments—and shape their overall conduct—in accordance with the antitrust laws. But to do so, they need to be able to rely on future application of those laws being largely consistent with their expectations. An antitrust enforcement regime with frequent changes is one that businesses cannot plan for, or one that they will plan for by avoiding certain kinds of investments.

Bringing criminal monopolization cases now, after a half-century of inaction, would be antithetical to the stability and continuity that underlie the rule of law. What’s worse, the failure to provide prosecutorial guidance would be squarely at odds with concerns of notice and reliance that inform the rule of law. As such, a DOJ decision to target firms for Section 2 criminal charges would offend the rule of law (and, sadly, follow the FTC ‘s recent example of flouting the rule of law, see here and here).

In sum, the case against criminal Section 2 prosecutions is overwhelming. At a time when DOJ is facing difficulties winning “slam dunk” criminal Section 1  prosecutions targeting facially anticompetitive joint conduct (see here, here, and here), the notion that it would criminally pursue unilateral conduct that may generate substantial efficiencies is ludicrous. Hopefully, DOJ leadership will come to its senses and drop any and all plans to bring criminal Section 2 cases.

Welcome to the FTC UMC Roundup for June 17, 2022. This week’s roundup is a bit shorter – but only because your narrator would rather be out climbing mountains in Squamish, BC, than reading or writing about Sen. Amy Klobuchar’s (D-MN) pretty bad week. From where I sit, me climbing a multipitch 5.13 mountain looks quite a bit more likely than Sen. Klobuchar charting a path for the American Innovation and Choice Online Act (AICOA) to become law.

This week’s headline is the seeming demise of AICOA. That’s a surprising headline given where the week started: John Oliver’s (D-HBO) latest episode of Last Week Tonight focused on Tech Monopolies. And the weight of Oliver can make legislative initiatives such as this a fait accompli. My colleague Dirk Auer does a nice job dissecting the episode and discussing mistakes he sees in Oliver’s analysis. But Dirk, like Oliver, does miss perhaps the most important point. Oliver notes in the episode that AICOA is a bipartisan bill, and marvels at the novelty of seeing Sen. Josh Hawley (R-MO) co-sponsoring a bill with Sen. Klobuchar. If only Oliver had slightly better journalistic chops, he might have thought to ask “Why? Why in the world is Josh Hawley on team Klobuchar?

The answer to this question explains this week’s seeming collapse of AICOA. Hawley, along with most other Republicans who support AICOA, supports the bill because he believes it limits platforms’ ability to engage in content moderation. The bill’s Democrat champions have downplayed this concern. But with academics and activists alike drawing attention to this concern, it has now taken center stage. This week four Democratic Senators asked Senator Klobuchar to amend AICOA to expressly make clear that it does not limit content moderation practices.

The problem with this? Well, Republicans are making pretty clear that their real concern is with content moderation. A large group of Republican Senators, let by Sen. John Thune (R-SD) have introduce the Political BIAS Emails Act, which would prohibit platforms from “censoring or discriminating against political emails.” I have even heard some speculation that Republicans will push for the Political BIAS Emails Act to be merged with AICOA – but note the lack of a hyperlink to support that speculation.

In any event, Sen. Klobuchar seems to be in the center of a circular firing squad. Her Democratic allies demand she make clear that AICOA does not limit content moderation and her Republican frenemies demand that she maintain the possibility that it does. Given that she can’t lose many of either, it seems unlikely she can keep both. Of course, last time Sen. Klobuchar tried to fix problems with AICOA, transparently trying to buy support by excluding favored industries, she failed to address any of the bill’s substantive flaws

At the FTC

Senator Klobuchar’s bad week may be making FTC Chair Lina Khan feel better about her bad week. Last week was the Chair Khan press tour, with interviews given to a half dozen or so of the tipity-top of the tech reporting aristocracy. This week’s press coverage, however, focused on the management crisis facing the agency and the staff departures that have resulted. No matter your views on Chair Khan’s policies these are tragic stories. Almost all antitrust commentators want the FTC to be a successful agency, and – as with the rest of the government – that success is built upon the work and dedication of the career staff.

The substantive point to be made is to reflect on the different roles between the FTC and DOJ in “making law” through litigation. Chair Khan wants to use aggressive enforcement to make new law – even if that means asking staff to bring cases that believe are not supported by current law – but it is a legitimately hard question whether an agency empowered by Congress to enforce a statute authored by Congress should view itself as a common law enforcer that develops law through litigation. The common law may develop through litigation, but regulatory law is more a creature of legislation. At the same time, antitrust law is often thought of as one of the curious few remaining creatures of federal common law.

Some Quick Hits

Not all cases result in litigation. In the past weeks the FTC has announced that it would challenge multiple hospital mergers. This week, several of those mergers have been called off

Perhaps the biggest straight-up antitrust news this week was Qualcomm’s successful appeal of DG Comp’s billion euro fine for exclusive conduct. The court faulted DG Comp on both procedural and – more importantly – substantive grounds. As Nicolas Petit explains, the factual findings in the case showed that Apple had no alternative to using Qualcomm’s products – how then could Qualcomm have engaged in “exclusionary” conduct? Exclusionary of whom? Santa Clause? The Easter Bunny? For European readers, the Cadbury Bunny? Those are all fictional characters – and harm cannot be to a fictional party. 

Coming in somewhat below the radar is the Supreme Court’s opinion in American Hospital Association v. Becerra. Chris Walker has a nice write-up of the case at the Notice & Comment blog. This case had been framed to create an opportunity for the Court to substantially narrow the Chevron doctrine – an opportunity that the court seemingly did not take up. In the opinion below, the DC Circuit had affirmed an agency action on Chevron grounds, giving substantial weight to the policy rationale advanced by the agency to uphold the agency’s reading of its statute. The Supreme Court, in an opinion that didn’t mention Chevron or deference a single time, interpreted the statute on its own and came to a conclusion based on that reading of the statute. Arguably, this opinion leaves Chevron unscathed; arguably, this opinion narrows Chevron to truly ambiguous statutory language and not merely language that can be tortured to support tortured policy-motivated readings.

This week’s reads: It’s Friday. It’s not a Supreme Court opinion day. It’s not a January 6th Select Committee hearing day. If you’re looking for something to keep you busy on your lunch break, you could do much worse than reading Richard Pierce’s caution about abandoning antitrust principle to fight inflation. And Ben Brody takes a step back to offer a big picture piece on Khan’s FTC.

The FTC UMC Roundup, part of the Truth on the Market FTC UMC Symposium, is a weekly roundup of news relating to the Federal Trade Commission’s antitrust and Unfair Methods of Competition authority. If you would like to receive this and other posts relating to these topics, subscribe to the RSS feed here. If you have news items you would like to suggest for inclusion, please mail them to us at ghurwitz@laweconcenter.org and/or kfierro@laweconcenter.org.

Welcome to the FTC UMC Roundup for June 10, 2022. This is a week of headlines! One would be forgiven for assuming that our focus, once again, would on the American Innovation and Choice Online Act (AICOA). I heard on the radio yesterday that it’s champion, Sen. Amy Klobuchar (D-MN), has the 60 votes it needs to pass, and we are told the vote will be “quite soon.” Yet that is not our headline this week. So it goes in a busy week of news. 

This week’s headline is FTC Chair Lina Khan’s press tour–a clear sign of big things on the horizon. This past week she spoke with the AP, Axios, CNN, The Hill, Politico, Protocol, New York Times, Vox, Wall Street Journal, and Washington Post, and probably more. Almost a year to the day into her term as Chair, it seems she may have something to say? Yes: “There are [sic] a whole set of major policy initiatives that we have underway that we’re expecting will come to fruition over this next year.” 

The Chair’s press tour consistently struck several chords. She emphasized three priorities: merger guidelines and enforcement, regulating non-compete compete agreements, and privacy and security. In several interviews she discussed the use of both enforcement and rulemaking. It seems clear that a proposal for rules targeting non-compete agreements using the FTC’s unfair methods of competition (UMC) authority is imminent. It also seems likely that these rules will be modest. In several of the interviews Khan emphasized proceeding cautiously with respect to process. This speaks to one of the questions everyone has been asking: will Khan approach UMC rulemaking slowly, using modest initial rules to lay the groundwork to support more ambitious future rules but risking the clock on her term as Chair running out before much can be accomplished–or will she instead take a more aggressive approach, for instance by pushing ahead with a slate of proposed rules right out of the gate. We seem to have at least an initial answer: she hopes slow and steady will in the race.

Slow and steady doesn’t mean not aggressive. Khan’s interviews clearly suggest more aggressive merger enforcement moving forward–including potential challenges to mergers that have cleared the HSR review period. While not new news, Khan also made clear her preference to block transactions outright instead of allowing firms to cure potentially problematic parts of proposed deals. And she also discussed potential rulemaking relating to mergers. Perhaps most noteworthy was her discussion of “user privacy and commercial surveillance” in several interviews–including some in which it was unclear whether these concerns sounded in consumer protection or competition. The inclusion of “commercial surveillance” suggests a broader focus than traditional privacy concerns–perhaps including business models or competition in the advertising space.

Another theme was Khan’s blurred distinction between merely enforcing existing law and transforming the FTC. Her view is probably best described as neither and both: technology has transformed the economy and the FTC’s existing law is flexible enough to adapt to those changes. That, surely, will frame the central questions–likely to ultimately be answered by the courts–as the FTC charts a course across this sea of change: whether Congress empowered the FTC to regulate wherever the market took it and, if so, whether such power is too broad for Congress to have given to an agency.

That brings us to Congress. AICOA’s uncertain future remains uncertain. We can say with certainty that the bill has entered the proxy war phase. Supporters of the bill, having already played the “exclude favored industries from the bill” hand, are now targeting leadership directly. And industry still covered by the bill–if you can call a small number of individual firms an industry–is pulling out the lobbying stops, including getting the message out directly to consumers

If AICOA is to pass, it will do so upon a fragile coalition–at least 10 Republicans will need to cross party lines to support the legislation. Several Republicans seem poised to support the bill today, but will that be true tomorrow? Conservative voices including the Wall Street Journal are urging them not to. Not-so-conservative voices like Mike Masnick also raise concerns about the strange bedfellows needed to make the AICOA dream real. Both sides make the same point: Republican support for the bill comes from a belief that the bill addresses Republican concerns about censorship by BigTech. The Wall Street Journal argues that states are already addressing censorship concerns through narrower legislation that doesn’t risk the harm to innovation that AICOA could bring; Masnick warns Democrats that the Republican belief that AICOA could worsen the content moderation landscape is non-frivolous. 

With Republican support for the bill built on so soft a foundation–clearly not based on antitrust concerns–it is quite possible for it to shift quickly. Indeed, one wonders whether this fragile bipartisan coalition will survive the January 6th Committee hearings started this week.

Some quick hits before we leave. This was a busy week for the FTC in healthcare. Continuing its focus on PBMs in recent weeks, the FTC has now opened a probe of PBMs. And the Commission has sued to block multiple hospital mergers in New Jersey and Utah. There were several reminders that Elon Musk’s proposed acquisition of Twitter has passed the HSR’s review period without challenge–perhaps someone should remind reporters on the Elon beat that that won’t prevent the FTC from challenging the merger? And in case anyone is wondering whether a settlement is on the table for Facebook, Khan has made clear that the FTC will gladly settle with Facebook–Facebook just needs to accept all the FTC’s terms.  

A closing note: If you’re reading this on a lazy Friday afternoon in June and could use a good listen during lunch or on the commute home, you could do worse than listening to Richard Pierce, professor and Administrative Law guru, discuss whether administrative law allows the FTC to use rulemaking to change antitrust law.  

The FTC UMC Roundup, part of the Truth on the Market FTC UMC Symposium, is a weekly roundup of news relating to the Federal Trade Commission’s antitrust and Unfair Methods of Competition authority. If you would like to receive this and other posts relating to these topics, subscribe to the RSS feed here. If you have news items you would like to suggest for inclusion, please mail them to us at ghurwitz@laweconcenter.org and/or kfierro@laweconcenter.org.

 

[The following is a guest post from Andrew Mercado, a research assistant at the Mercatus Center at George Mason University and an adjunct professor and research assistant at George Mason’s Antonin Scalia Law School.]

The Competition and Transparency in Digital Advertising Act (CTDAA), introduced May 19 by Sens. Mike Lee (R-Utah), Ted Cruz (R-Texas), Amy Klobuchar (D-Minn.), and Richard Blumenthal (D-Conn.), is the latest manifestation of the congressional desire to “do something” legislatively about big digital platforms. Although different in substance from the other antitrust bills introduced this Congress, it shares one key characteristic: it is fatally flawed and should not be enacted.  

Restrictions

In brief, the CTDAA imposes revenue-based restrictions on the ownership structure of firms engaged in digital advertising. The CTDAA bars a firm with more than $20 billion in annual advertising revenue (adjusted annually for inflation) from:

  1. owning a digital-advertising exchange if it owns either a sell-side ad brokerage or a buy-side ad brokerage; and
  2. owning a sell-side brokerage if it owns a buy-side brokerage, or from owning a buy-side or sell-side brokerage if it is also a buyer or seller of advertising space.

The proposal’s ownership restrictions present the clearest harm to the future of the digital-advertising market. From an efficiency perspective, vertical integration of both sides of the market can lead to enormous gains. Since, for example, Google owns and operates an ad exchange, a sell-side broker, and a buy-side broker, there are very few frictions that exist between each side of the market. All of the systems are integrated and the supply of advertising space, demand for that space, and the marketplace conducting price-discovery auctions are automatically updated in real time.

While this instantaneous updating is not unique to Google’s system, and other buy- and sell-side firms can integrate into the system, the benefit to advertisers and publishers can be found in the cost savings that come from the integration. Since Google is able to create synergies on all sides of the market, the fees on any given transaction are lower. Further, incorporating Google’s vast trove of data allows for highly relevant and targeted ads. All of this means that advertisers spend less for the same quality of ad; publishers get more for each ad they place; and consumers see higher-quality, more relevant ads.

Without the ability to own and invest in the efficiency and transaction-cost reduction of an integrated platform, there will likely be less innovation and lower quality on all sides of the market. Further, advertisers and publishers will have to shoulder the burden of using non-integrated marketplaces and would likely pay higher fees for less-efficient brokers. Since Google is a one-stop shop for all of a company’s needs—whether that be on the advertising side or the publishing side—companies can move seamlessly from one side of the market to the other, all while paying lower costs per transaction, because of the integrated nature of the platform.

In the absence of such integration, a company would have to seek out one buy-side brokerage to place ads and another, separate sell-side brokerage to receive ads. These two brokers would then have to go to an ad exchange to facilitate the deal, bringing three different brokers into the mix. Each of these middlemen would take a proportionate cut of the deal. When comparing the situation between an integrated and non-integrated market, the fees associated with serving ads in a non-integrated market are almost certainly higher.

Additionally, under this proposal, the innovative potential of each individual firm is capped. If a firm grows big enough and gains sufficient revenue through integrating different sides of the market, they will be forced to break up their efficiency-inducing operations. Marginal improvements on each side of the market may be possible, but without integrating different sides of the market, the scale required to justify those improvements would be insurmountable.

Assumptions

The CTDAA assumes that:

  1. there is a serious competitive problem in digital advertising; and
  2. the structural separation and regulation of advertising brokerages run by huge digital-advertising platforms (as specified in the CTDAA) would enhance competition and benefit digital advertising customers and consumers.

The first assumption has not been proven and is subject to debate, while the second assumption is likely to be false.

Fundamental to the bill’s assumption that the digital-advertising market lacks competition is a misunderstanding of competitive forces and the idea that revenue and profit are inversely related to competition. While it is true that high profits can be a sign of consolidation and anticompetitive outcomes, the dynamic nature of the internet economy makes this theory unlikely.

As Christopher Kaiser and I have discussed, competition in the internet economy is incredibly dynamic. Vigorous competition can be achieved with just a handful of firms,  despite claims from some quarters that four competitors is necessarily too few. Even in highly concentrated markets, there is the omnipresent threat that new entrants will emerge to usurp an incumbent’s reign. Additionally, while some studies may show unusually large profits in those markets, when adjusted for the consumer welfare created by large tech platforms, profits should actually be significantly higher than they are.

Evidence of dynamic entry in digital markets can be found in a recently announced product offering from a small (but more than $6 billion in revenue) competitor in digital advertising. Following the outcry associated with Google’s alleged abuse with Project Bernanke, the Trade Desk developed OpenPath. This allowed the Trade Desk, a buy-side broker, to handle some of the functions of a sell-side broker and eliminate harms from Google’s alleged bid-rigging to better serve its clients.

In developing the platform, the Trade Desk said it would discontinue serving any Google-based customers, effectively severing ties with the largest advertising exchange on the market. While this runs afoul of the letter of the law spelled out in CTDAA, it is well within the spirit its sponsor’s stated goal: businesses engaging in robust free-market competition. If Google’s market power was as omnipresent and suffocating as the sponsors allege, then eliminating traffic from Google would have been a death sentence for the Trade Desk.

While various theories of vertical and horizontal competitive harm have been put forward, there has not been an empirical showing that consumers and advertising customers have failed to benefit from the admittedly efficient aspects of digital-brokerage auctions administered by Google, Facebook, and a few other platforms. The rapid and dramatic growth of digital advertising and associated commerce strongly suggests that this has been an innovative and welfare-enhancing development. Moreover, the introduction of a new integrated brokerage platform by a “small” player in the advertising market indicates there is ample opportunity to increase this welfare further.  

Interfering in brokerage operations under the unproven assumption that “monopoly rents” are being charged and that customers are being “exploited” is rhetoric unmoored from hard evidence. Furthermore, if specific platform practices are shown inefficiently to exclude potential entrants, existing antitrust law can be deployed on a case-specific basis. This approach is currently being pursued by a coalition of state attorneys general against Google (the merits of which are not relevant to this commentary).   

Even assuming for the sake of argument that there are serious competition problems in the digital-advertising market, there is no reason to believe that the arbitrary provisions and definitions found in the CTDAA would enhance welfare. Indeed, it is likely that the act would have unforeseen consequences:

  • It would lead to divestitures supervised by the U.S. Justice Department (DOJ) that could destroy efficiencies derived from efficient targeting by brokerages integrated into platforms;
  • It would disincentivize improvements in advertising brokerages and likely would reduce future welfare on both the buy and sell sides of digital advertising;
  • It would require costly recordkeeping and disclosures by covered platforms that could have unforeseen consequences for privacy and potentially reduce the efficiency of bidding practices;
  • It would establish a fund for damage payments that would encourage wasteful litigation (see next two points);
  • It would spawn a great deal of wasteful private rent-seeking litigation that would discourage future platform and brokerage innovations; and
  • It would likely generate wasteful lawsuits by rent-seeking state attorneys general (and perhaps the DOJ as well).

The legislation would ultimately harm consumers who currently benefit from a highly efficient form of targeted advertising (for more on the welfare benefits of targeted advertising, see here). Since Google continually invests in creating a better search engine (to deliver ads directly to consumers) and collects more data to better target ads (to deliver ads to specific consumers), the value to advertisers of displaying ads on Google constantly increases.

Proposing a new regulatory structure that would directly affect the operations of highly efficient auction markets is the height of folly. It ignores the findings of Nobel laureate James M. Buchanan (among others) that, to justify regulation, there should first be a provable serious market failure and that, even if such a failure can be shown, the net welfare costs of government intervention should be smaller than the net welfare costs of non-intervention.

Given the likely substantial costs of government intervention and the lack of proven welfare costs from the present system (which clearly has been associated with a growth in output), the second prong of the Buchanan test clearly has not been met.

Conclusion

While there are allegations of abuses in the digital-advertising market, it is not at all clear that these abuses have had a long-term negative economic impact. As shown in a study by Erik Brynjolfsson and his student Avinash Collis—recently summarized in the Harvard Business Review (Alden Abbott offers commentary here)—the consumer surplus generated by digital platforms has far outstripped the advertising and services revenues received by the platforms. The CTDAA proposal would seek to unwind much of these gains.

If the goal is to create a multitude of small, largely inefficient advertising companies that charge high fees and provide low-quality service, this bill will deliver. The market for advertising will have a far greater number of players but it will be far less competitive, since no companies will be willing to exceed the $20 billion revenue threshold that would leave them subject to the proposal’s onerous ownership standards.

If, however, the goal is to increase consumer welfare, increase rigorous competition, and cement better outcomes for advertisers and publishers, then it is likely to fail. Ownership requirements laid out in the proposal will lead to a stagnant advertising market, higher fees for all involved, and lower-quality, less-relevant ads. Government regulatory interference in highly successful and efficient platform markets are a terrible idea.

Welcome to the FTC UMC Roundup for June 3, 2023–Memorial Day week. The holiday meant we had a short week, but we still have plenty of news to share. It also means we’re now in meteorological summer, a reminder that the sands of legislative time run quickly through the hourglass. So it’s perhaps unsurprising that things continue to heat up on the legislative front, from antitrust to privacy and even some saber-rattling on remedies. Plus a fair bit of traditional-feeling action coming out of the FTC. Let’s jump in

At the Top

This week’s headline isn’t quite UMC- or even antitrust-related, but it’s headline-worthy nonetheless: after 14 years as COO of Facebook/Meta, Sheryl Sandberg has decided it’s time to lean her way out of the role. There aren’t obvious lines to read between with this departure–but it nonetheless marks a significant change to the organization and comes at a challenging time for the organization.

On the Hill

Turning to Congress, our first topic is Sen. Amy Klobuchar’s (D-MN) continued efforts to wrangle up enough support for the American Innovation and Choice Online Act (AICOA). The hold-up appears to be on the Democrat’s side of the aisle. Republican co-sponsor of the bill, Sen. Josh Hawley (R-Mo.), says of Democratic efforts to rally support that “they don’t think they have the votes.” Also on the topic of AICOA, the International Center for Law and Economics hosted a discussion about the legislation this past week. Lazar Radic offered a recap here, complete with a link to the recording. 

Reuters reports that Big Tech is ramping up efforts against AICOA. A spokesperson for Senator Klobuchar responded to a statement released by Amazon by asking “Who do you trust?” Well, Big Tech over Congress by a 2.5-to-1 margin, with a majority of Americans disfavoring increased regulation of Big Tech. The “who do you trust” question was actually focusing on concerns that some small businesses have shared about Amazon. How would AICOA affect small business? Geoff Manne weighs in, discussing the harm that AICOA could bring to the startup and venture capital markets.

AICOA isn’t the only bill making the rounds this week. A bipartisan privacy bill came out of left field, which is also where it seems likely to stay, with Sen. Brain Schatz (D-Hawaii) sending a letter to the Senate Commerce Committee “begging them to pump the brakes” on the bill. What’s the concern? Well, the bill is a compromise–one side agreed to preempt state privacy legislation in exchange for getting a private right of action. Sen. Schatz, likely along with many others, isn’t willing to lose existing state legislation. The bill is likely DOA in this Congress; probably even more DOA post-2022. 

Other legislative news includes another bipartisan bill that would streamline permitting for certain tech industries. Ultimately proposed in the interest of supply-chain resilience and on-shoring critical industries, this seems to set the stage for future “left hand vs. right hand” industrial policy. (D-Georgia) has 

At the Agencies

While most of this week’s news has been focused on Congress, the FTC and DOJ have been busy as well. Bloomberg reports on the increased attention the FTC is giving to Amazon, including some details about how resources allocated to the investigation have changed and that John Newman is leading the charge within the agency. And there are rumblings that the FTC could still challenge the Amazon-MGM deal, even post-closing. 

DOJ and the FTC have announced a June 14/15 workshop “to explore new approaches to enforcing the antitrust laws in the pharmaceutical industry.” Despite the curious phrasing (there aren’t that many ways to enforce a law!) this event could provide insight into the FTC’s thinking about potential UMC rulemaking. 

Binyamin Applebaum has an interesting NY Times opinion piece arguing that President Biden needs to appoint more judges with antitrust expertise to the bench. The lack of antitrust and regulatory expertise among Biden’s appointees to date is notable. Of course, Applebaum likely has a different sort of “antitrust expertise” in mind than most antitrust experts do. As Brian Albrecht writes in his own National Review op-ed, “Antitrust is Easy (When you Think You Know All the Answers).”

The “we need more judges” argument juxtaposes with AAG Kanter’s recent comments that he wants to bring cases, lots and lots of cases. “If we don’t go to court, then we’re regulators, not enforcers,” he recently commented at a University of Chicago conference. That is his approach to “the need to update and adapt our antitrust enforcement to address new market realities.” It remains to be seen how the courts will respond. Regardless, it is refreshing to see a preference for the antitrust laws to be enforced through the Article III courts.

Closing Notes

If you’re looking for some distraction on your commute home, we have two recommendations this week. The top choice is the Tech Policy Podcast discussion with FTC Commissioner Noah Phillips. And when you’re done with that, Mark Jamison will point you to an AEI discussion with Howard Beales, former FTC Chair Tim Muris, and former FTC Commissioner and Acting Chair Maureen K. Ohlhausen.

The FTC UMC Roundup, part of the Truth on the Market FTC UMC Symposium, is a weekly roundup of news relating to the Federal Trade Commission’s antitrust and Unfair Methods of Competition authority. If you would like to receive this and other posts relating to these topics, subscribe to the RSS feed here. If you have news items you would like to suggest for inclusion, please mail them to us at ghurwitz@laweconcenter.org and/or kfierro@laweconcenter.org.

We will learn more in the coming weeks about the fate of the proposed American Innovation and Choice Online Act (AICOA), legislation sponsored by Sens. Amy Klobuchar (D-Minn.) and Chuck Grassley (R-Iowa) that would, among other things, prohibit “self-preferencing” by large digital platforms like Google, Amazon, Facebook, Apple, and Microsoft. But while the bill has already been subject to significant scrutiny, a crucially important topic has been absent from that debate: the measure’s likely effect on startup acquisitions. 

Of course, AICOA doesn’t directly restrict startup acquisitions, but the activities it would restrict most certainly do dramatically affect the incentives that drive many startup acquisitions. If a platform is prohibited from engaging in cross-platform integration of acquired technologies, or if it can’t monetize its purchase by prioritizing its own technology, it may lose the motivation to make a purchase in the first place.

This would be a significant loss. As Dirk Auer, Sam Bowman, and I discuss in a recent article in the Missouri Law Review, acquisitions are arguably the most important component in providing vitality to the overall venture ecosystem:  

Startups generally have two methods for achieving liquidity for their shareholders: IPOs or acquisitions. According to the latest data from Orrick and Crunchbase, between 2010 and 2018 there were 21,844 acquisitions of tech startups for a total deal value of $1.193 trillion. By comparison, according to data compiled by Jay R. Ritter, a professor at the University of Florida, there were 331 tech IPOs for a total market capitalization of $649.6 billion over the same period. As venture capitalist Scott Kupor said in his testimony during the FTC’s hearings on “Competition and Consumer Protection in the 21st Century,” “these large players play a significant role as acquirers of venture-backed startup companies, which is an important part of the overall health of the venture ecosystem.”

Moreover, acquisitions by large incumbents are known to provide a crucial channel for liquidity in the venture capital and startup communities: While at one time the source of the “liquidity events” required to yield sufficient returns to fuel venture capital was evenly divided between IPOs and mergers, “[t]oday that math is closer to about 80 percent M&A and about 20 percent IPOs—[with important implications for any] potential actions that [antitrust enforcers] might be considering with respect to the large platform players in this industry.” As investor and serial entrepreneur Leonard Speiser said recently, “if the DOJ starts going after tech companies for making acquisitions, venture investors will be much less likely to invest in new startups, thereby reducing competition in a far more harmful way.” (emphasis added)

Going after self-preferencing may have exactly the same harmful effect on venture investors and competition. 

It’s unclear exactly how the legislation would be applied in any given context (indeed, this uncertainty is one of the most significant problems with the bill, as the ABA Antitrust Section has argued at length). But AICOA is designed, at least in part, to keep large online platforms in their own lanes—to keep them from “leveraging their dominance” to compete against more politically favored competitors in ancillary markets. Indeed, while covered platforms potentially could defend against application of the law by demonstrating that self-preferencing is necessary to “maintain or substantially enhance the core functionality” of the service, no such defense exists for non-core (whatever that means…) functionality, the enhancement of which through self-preferencing is strictly off limits under AICOA.

As I have written (and so have many, many, many, many others), this is terrible policy on its face. But it is also likely to have significant, adverse, indirect consequences for startup acquisitions, given the enormous number of such acquisitions that are outside the covered platforms’ “core functionality.” 

Just take a quick look at a sample of the largest acquisitions made by Apple, Microsoft, Amazon, and Alphabet, for example. (These are screenshots of the first several acquisitions by size drawn from imperfect lists collected by Wikipedia, but for purposes of casual empiricism they are well-suited to give an idea of the diversity of acquisitions at issue):

Apple:

Microsoft:

Amazon:

Alphabet (Google):

Vanishingly few of these acquisitions go to the “core functionalities” of these platforms. Alphabet’s acquisitions, for example, involve (among many other things) cybersecurity; home automation; cloud computing; wearables, smart glasses, and AR hardware; GPS navigation software; communications security; satellite technology; and social gaming. Microsoft’s acquisitions include companies specializing in video games; social networking; software versioning; drawing software; cable television; cybersecurity; employee engagement; and e-commerce. The technologies and applications involved in acquisitions by Apple and Amazon are similarly varied.

Drilling down a bit, consider the companies Alphabet acquired and put to use in the service of Google Maps:

Which, if any, of these companies would Google have purchased if it knew it would be unable to prioritize Maps in its search results? Would Google have invested more than $1 billion in these companies—and likely significantly more in internal R&D to develop Maps—if it had to speculate whether it would be required (or even be able) to prove someday in the future that prioritizing Google Maps results would enhance its core functionality?

What about Xbox? As noted, AICOA’s terms aren’t perfectly clear, so I’m not certain it would apply to Xbox (is Xbox a “website, online or mobile application, operating system, digital assistant, or online service”?). Here are Microsoft’s video-gaming-related purchases:

The vast majority of these (and all of the acquisitions for which Wikipedia has purchase-price information, totaling some $80 billion of investment) involve video games, not the development of hardware or the functionality of the Xbox platform. Would Microsoft have made these investments if it knew it would be prohibited from prioritizing its own games or exclusively using data gleaned through these games to improve its platform? No one can say for certain, but, at the margin, it is absolutely certain that these self-preferencing bills would make such acquisitions less likely.

Perhaps the most obvious—and concerning—example of the problem arises in the context of Google’s Android platform. Google famously gives Android away for free, of course, and makes its operating system significantly open for bespoke use by all comers. In exchange, Google requires that implementers of the Android OS provide some modicum of favoritism to Google’s revenue-generating products, like Search. For all its uncertainty, there is no question that AICOA’s terms would prohibit this self-preferencing. Intentionally or not, it would thus prohibit the way in which Google monetizes Android and thus hopes to recoup some of the—literally—billions of dollars it has invested in the development and maintenance of Android. 

Here are Google’s Android-related acquisitions:

Would Google have bought Android in the first place (to say nothing of subsequent acquisitions and its massive ongoing investment in Android) if it had been foreclosed from adopting its preferred business model to monetize its investment? In the absence of Google bidding for these companies, would they have earned as much from other potential bidders? Would they even have come into existence at all?

Of course, AICOA wouldn’t preclude Google charging device makers for Android and thus raising the price of mobile devices. But that mechanism may not have been sufficient to support Google’s investment in Android, and it would certainly constrain its ability to compete. Even if rules like those proposed by AICOA didn’t undermine Google’s initial purchase of and investment in Android, it is manifestly unclear how forcing Google to adopt a business model that increases consumer prices and constrains its ability to compete head-to-head with Apple’s iOS ecosystem would benefit consumers. (This excellent series of posts—1, 2, 3, 4—by Dirk Auer on the European Commission’s misguided Android decision discusses in detail the significant costs of prohibiting self-preferencing on Android.)

There are innumerable further examples, as well. In all of these cases, it seems clear not only that an AICOA-like regime would diminish competition and reduce consumer welfare across important dimensions, but also that it would impoverish the startup ecosystem more broadly. 

And that may be an even bigger problem. Even if you think, in the abstract, that it would be better for “Big Tech” not to own these startups, there is a real danger that putting that presumption into force would drive down acquisition prices, kill at least some tech-startup exits, and ultimately imperil the initial financing of tech startups. It should go without saying that this would be a troubling outcome. Yet there is no evidence to suggest that AICOA’s proponents have even considered whether the presumed benefits of the bill would be worth this immense cost.

Banco Central do Brasil (BCB), Brazil’s central bank, launched a new real-time payment (RTP) system in November 2020 called Pix. Evangelists at the central bank hoped that Pix would offer a low-cost alternative to existing payments systems and would entice some of the country’s tens of millions of unbanked and underbanked adults into the banking system.

A recent review of Pix, published by the Bank for International Settlements, claims that the payment system has achieved these goals and that it is a model for other jurisdictions. However, the BIS review seems to have been written with rose-tinted spectacles. This is perhaps not surprising, given that the lead author runs the division of the central bank that developed Pix. In a critique published this week, I suggest that, when seen in full color, Pix looks a lot less pretty. 

Among other things, the BIS review misconstrues the economics of payment networks. By ignoring the two-sided nature of such networks, the authors claim erroneously that payment cards incur a net economic cost. In fact, evidence shows that payment cards generate net benefits. One study put their value add to the Brazilian economy at 0.17% of GDP. 

The report also obscures the costs of the Pix system and fails to explain that, whereas private payment systems must recover their full operational cost, Pix appears to benefit from both direct and indirect subsidies. The direct subsidies come from the BCB, which incurred substantial costs in developing and promoting Pix and, unlike other central banks such as the U.S. Federal Reserve, is not required to recover all operational costs. Indirect subsidies come from the banks and other payment-service providers (PSPs), many of which have been forced by the BCB to provide Pix to their clients, even though doing so cannibalizes their other payment systems, including interchange fees earned from payment cards. 

Moreover, the BIS review mischaracterizes the role of interchange fees, which are often used to encourage participation in the payment-card network. In the case of debit cards, this often includes covering some or all of the operational costs of bank accounts. The availability of “free” bank accounts with relatively low deposit requirements offers customers incentives to open and maintain accounts. 

While the report notes that Pix has “signed up” 67% of adult Brazilians, it fails to mention that most of these were automatically enrolled by their banks, the majority of which were required by the BCB to adopt Pix. It also fails to mention that 33% of adult Brazilians have not “signed up” to Pix, nor that a recent survey found that more than 20% of adult Brazilians remain unbanked or underbanked, nor that the main reason given for not having a bank account was the cost of such accounts. Moreover, by diverting payments away from debit cards, Pix has reduced interchange fees and thereby reduced the ability of banks and other PSPs to subsidize bank accounts, which might otherwise have increased financial inclusion.  

The BIS review falsely asserts that “Big Tech” payment networks are able to establish and maintain market power. In reality, tech firms operate in highly competitive markets and have little to no market power in payment networks. Nonetheless, the report uses this claim regarding Big Tech’s alleged market power to justify imposing restrictions on the WhatsApp payment system. The irony, of course, is that by moving to prohibit the WhatsApp payment service shortly before the rollout of Pix, the BCB unfairly inhibited competition, effectively giving Pix a monopoly on RTP with the full support of the government. 

In acting as both a supplier of a payment service and the regulator of payment service providers, the BCB has a massive conflict of interest. Indeed, the BIS itself has recommended that, in cases where such conflicts might exist, it is good practice to ensure that the regulator is clearly separated from the supplier. Pix, in contrast, was developed and promoted by the same part of the bank as the payments regulator. 

Finally, the BIS report also fails to address significant security issues associated with Pix, including a dramatic rise in the number of “lightning kidnappings” in which hostages were forced to send funds to Pix addresses.