Archives For

Thomas Wollmann has a new paper — “Stealth Consolidation: Evidence from an Amendment to the Hart-Scott-Rodino Act” — in American Economic Review: Insights this month. Greg Ip included this research in an article for the WSJ in which he claims that “competition has declined and corporate concentration risen through acquisitions often too small to draw the scrutiny of antitrust watchdogs.” In other words, “stealth consolidation”.

Wollmann’s study uses a difference-in-differences approach to examine the effect on merger activity of the 2001 amendment to the Hart-Scott-Rodino (HSR) Antitrust Improvements Act of 1976 (15 U.S.C. 18a). The amendment abruptly increased the pre-merger notification threshold from $15 million to $50 million in deal size. Strictly on those terms, the paper shows that raising the pre-merger notification threshold increased merger activity.

However, claims about “stealth consolidation” are controversial because they connote nefarious intentions and anticompetitive effects. As Wollmann admits in the paper, due to data limitations, he is unable to show that the new mergers are in fact anticompetitive or that the social costs of these mergers exceed the social benefits. Therefore, more research is needed to determine the optimal threshold for pre-merger notification rules, and claiming that harmful “stealth consolidation” is occurring is currently unwarranted.

Background: The “Unscrambling the Egg” Problem

In general, it is more difficult to unwind a consummated anticompetitive merger than it is to block a prospective anticompetitive merger. As Wollmann notes, for example, “El Paso Natural Gas Co. acquired its only potential rival in a market” and “the government’s challenge lasted 17 years and involved seven trips to the Supreme Court.”

Rolling back an anticompetitive merger is so difficult that it came to be known as “unscrambling the egg.” As William J. Baer, a former director of the Bureau of Competition at the FTC, described it, “there were strong incentives for speedily and surreptitiously consummating suspect mergers and then protracting the ensuing litigation” prior to the implementation of a pre-merger notification rule. These so-called “midnight mergers” were intended to avoid drawing antitrust scrutiny.

In response to this problem, Congress passed the Hart–Scott–Rodino Antitrust Improvements Act of 1976, which required companies to notify antitrust authorities of impending mergers if they exceeded certain size thresholds.

2001 Hart–Scott–Rodino Amendment

In 2001, Congress amended the HSR Act and effectively raised the threshold for premerger notification from $15 million in acquired firm assets to $50 million. This sudden and dramatic change created an opportunity to use a difference-in-differences technique to study the relationship between filing an HSR notification and merger activity.

According to Wollmann, here’s what notifications look like for never-exempt mergers (>$50M):

And here’s what notifications for newly-exempt ($15M < X < $50M) mergers look like:

So what does that mean for merger investigations? Here is the number of investigations into never-exempt mergers:

We see a pretty consistent relationship between number of mergers and number of investigations. More mergers means more investigations.  

How about for newly-exempt mergers?

Here, investigations go to zero while merger activity remains relatively stable. In other words, it appears that some mergers that would have been investigated had they required an HSR notification were not investigated.

Wollmann then uses four-digit SIC code industries to sort mergers into horizontal and non-horizontal categories. Here are never-exempt mergers:

He finds that almost all of the increase in merger activity (relative to the counterfactual in which the notification threshold were unchanged) is driven by horizontal mergers. And here are newly-exempt mergers:

Policy Implications & Limitations

The charts show a stark change in investigations and merger activity. The difference-in-differences methodology is solid and the author addresses some potential confounding variables (such as presidential elections). However, the paper leaves the broader implications for public policy unanswered.

Furthermore, given the limits of the data in this analysis, it’s not possible for this approach to explain competitive effects in the relevant antitrust markets, for three reasons:

Four-digit SIC code industries are not antitrust markets

Wollmann chose to classify mergers “as horizontal or non-horizontal based on whether or not the target and acquirer operate in the same four-digit SIC code industry, which is common convention.” But as Werden & Froeb (2018) notes, four-digit SIC code industries are orders of magnitude too large in most cases to be useful for antitrust analysis:

The evidence from cartel cases focused on indictments from 1970–80. Because the Justice Department prosecuted many local cartels, for 52 of the 80 indictments examined, the Commerce Quotient was less than 0.01, i.e., the SIC 4-digit industry was at least 100 times the apparent scope of the affected market.  Of the 80 indictments, 19 involved SIC 4-digit industries that had been thought to comport well with markets, so these were the most instructive. For  16 of the 19, the SIC 4-digit industry was at least 10 times the apparent scope of the affected market (i.e., the Commerce Quotient was less than 0.1).

Antitrust authorities do not rely on SIC 4-digit industry codes and instead establish a market definition based on the facts of each case. It is not possible to infer competitive effects from census data as Wollmann attempts to do.

The data cannot distinguish between anticompetitive mergers and procompetitive mergers

As Wollmann himself notes, the results tell us nothing about the relative costs and benefits of the new HSR policy:

Even so, these findings do not on their own advocate for one policy over another. To do so requires equating industry consolidation to a specific amount of economic harm and then comparing the resulting figure to the benefits derived from raising thresholds, which could be large. Even if the agencies ignore the reduced regulatory burden on firms, introducing exemptions can free up agency resources to pursue other cases (or reduce public spending). These and related issues require careful consideration but simply fall outside the scope of the present work.

For instance, firms could be reallocating merger activity to targets below the new threshold to avoid erroneous enforcement or they could be increasing merger activity for small targets due to reduced regulatory costs and uncertainty.

The study is likely underpowered for effects on blocked mergers

While the paper provides convincing evidence that investigations of newly-exempt mergers decreased dramatically following the change in the notification threshold, there is no equally convincing evidence of an effect on blocked mergers. As Wollmann points out, blocked mergers were exceedingly rare both before and after the Amendment (emphasis added):

Over 57,000 mergers comprise the sample, which spans eighteen years. The mean number of mergers each year is 3,180. The DOJ and FTC receive 31,464 notifications over this period, or 1,748 per year. Also, as stated above, blocked mergers are very infrequent: there are on average 13 per year pre-Amendment and 9 per-year post-Amendment.

Since blocked mergers are such a small percentage of total mergers both before and after the Amendment, we likely cannot tell from the data whether actual enforcement action changed significantly due to the change in notification threshold.

Greg Ip’s write-up for the WSJ includes some relevant charts for this issue. Ironically for a piece about the problems of lax merger review, the accompanying graphs show merger enforcement actions slightly increasing at both the FTC and the DOJ since 2001:

Source: WSJ

Overall, Wollmann’s paper does an effective job showing how changes in premerger notification rules can affect merger activity. However, due to data limitations, we cannot conclude anything about competitive effects or enforcement intensity from this study.

Source: KC Green

GDPR is officially one year old. How have the first 12 months gone? As you can see from the mix of data and anecdotes below, it appears that compliance costs have been astronomical; individual “data rights” have led to unintended consequences; “privacy protection” seems to have undermined market competition; and there have been large unseen — but not unmeasurable! — costs in forgone startup investment. So, all-in-all, about what we expected.

GDPR cases and fines

Here is the latest data on cases and fines released by the European Data Protection Board:

  • €55,955,871 in fines
    • €50 million of which was a single fine on Google
  • 281,088 total cases
    • 144,376 complaints
    • 89,271 data breach notifications
    • 47,441 other
  • 37.0% ongoing
  • 62.9% closed
  • 0.1% appealed

Unintended consequences of new data privacy rights

GDPR can be thought of as a privacy “bill of rights.” Many of these new rights have come with unintended consequences. If your account gets hacked, the hacker can use the right of access to get all of your data. The right to be forgotten is in conflict with the public’s right to know a bad actor’s history (and many of them are using the right to memory hole their misdeeds). The right to data portability creates another attack vector for hackers to exploit. And the right to opt-out of data collection creates a free-rider problem where users who opt-in subsidize the privacy of those who opt-out.

Article 15: Right of access

  • “Amazon sent 1,700 Alexa voice recordings to the wrong user following data request” [The Verge / Nick Statt]
  • “Today I discovered an unfortunate consequence of GDPR: once someone hacks into your account, they can request-—and potentially access—all of your data. Whoever hacked into my Spotify account got all of my streaming, song, etc. history simply by requesting it.” [Jean Yang]

Article 17: Right to be forgotten

  • “Since 2016, newspapers in Belgium and Italy have removed articles from their archives under [GDPR]. Google was also ordered last year to stop listing some search results, including information from 2014 about a Dutch doctor who The Guardian reported was suspended for poor care of a patient.” [NYT / Adam Satariano]
  • “French scam artist Michael Francois Bujaldon is using the GDPR to attempt to remove traces of his United States District Court case from the internet. He has already succeeded in compelling PacerMonitor to remove his case.” [PlainSite]
  • “In the last 5 days, we’ve had requests under GDPR to delete three separate articles … all about US lawsuits concerning scams committed by Europeans. That ‘right to be forgotten’ is working out just great, huh guys?” [Mike Masnick]

Article 20: Right to data portability

  • Data portability increases the attack surface for bad actors to exploit. In a sense, the Cambridge Analytica scandal was a case of too much data portability.
  • “The problem with data portability is that it goes both ways: if you can take your data out of Facebook to other applications, you can do the same thing in the other direction. The question, then, is which entity is likely to have the greater center of gravity with regards to data: Facebook, with its social network, or practically anything else?” [Stratechery / Ben Thompson]
  • “Presumably data portability would be imposed on Facebook’s competitors and potential competitors as well.  That would mean all future competing firms would have to slot their products into a Facebook-compatible template.  Let’s say that 17 years from now someone has a virtual reality social network innovation: does it have to be “exportable” into Facebook and other competitors?  It’s hard to think of any better way to stifle innovation.” [Marginal Revolution / Tyler Cowen]

Article 21: Right to opt out of data processing

  • “[B]y restricting companies from limiting services or increasing prices for consumers who opt-out of sharing personal data, these frameworks enable free riders—individuals that opt out but still expect the same services and price—and undercut access to free content and services.” [ITIF / Alan McQuinn and Daniel Castro]

Compliance costs are astronomical

  • Prior to GDPR going into effect, “PwC surveyed 200 companies with more than 500 employees and found that 68% planned on spending between $1 and $10 million to meet the regulation’s requirements. Another 9% planned to spend more than $10 million. With over 19,000 U.S. firms of this size, total GDPR compliance costs for this group could reach $150 billion.” [Fortune / Daniel Castro and Michael McLaughlin]
  • “[T]he International Association of Privacy Professionals (IAPP) estimates 500,000 European organizations have registered data protection officers (DPOs) within the first year of the General Data Protection Regulation (GDPR). According to a recent IAPP salary survey, the average DPO’s salary in Europe is $88,000.” [IAPP]
  • As of March 20, 2019, 1,129 US news sites are still unavailable in the EU due to GDPR. [Joseph O’Connor]
  • Microsoft had 1,600 engineers working on GDPR compliance. [Microsoft]
  • During a Senate hearing, Keith Enright, Google’s chief privacy officer, estimated that the company spent “hundreds of years of human time” to comply with the new privacy rules. [Quartz / Ashley Rodriguez]
    • However, French authorities ultimately decided Google’s compliance efforts were insufficient: “France fines Google nearly $57 million for first major violation of new European privacy regime” [Washington Post / Tony Romm]
  • “About 220,000 name tags will be removed in Vienna by the end of [2018], the city’s housing authority said. Officials fear that they could otherwise be fined up to $23 million, or about $1,150 per name.” [Washington Post / Rick Noack]

Tradeoff between privacy regulations and market competition

“On the big guys increasing market share? I don’t believe [the law] will have such a consequence.” Věra Jourová, the European Commissioner for Justice, Consumers and Gender Equality [WSJ / Sam Schechner and Nick Kostov]

“Mentioned GDPR to the head of a European media company. ‘Gift to Google and Facebook, enormous regulatory own-goal.'” [Benedict Evans]

Source: WSJ
  • “Hundreds of companies compete to place ads on webpages or collect data on their users, led by Google, Facebook and their subsidiaries. The European Union’s General Data Protection Regulation, which took effect in May, imposes stiff requirements on such firms and the websites who use them. After the rule took effect in May, Google’s tracking software appeared on slightly more websites, Facebook’s on 7% fewer, while the smallest companies suffered a 32% drop, according to Ghostery, which develops privacy-enhancing web technology.” [WSJ / Greg Ip]
  • Havas SA, one of the world’s largest buyers of ads, says it observed a low double-digit percentage increase in advertisers’ spending through DBM on Google’s own ad exchange on the first day the law went into effect, according to Hossein Houssaini, Havas’s global head of programmatic solutions. On the selling side, companies that help publishers sell ad inventory have seen declines in bids coming through their platforms from Google. Paris-based Smart says it has seen a roughly 50% drop. [WSJ / Nick Kostov and Sam Schechner]
  • “The consequence was that just hours after the law’s enforcement, numerous independent ad exchanges and other vendors watched their ad demand volumes drop between 20 and 40 percent. But with agencies free to still buy demand on Google’s marketplace, demand on AdX spiked. The fact that Google’s compliance strategy has ended up hurting its competitors and redirecting higher demand back to its own marketplace, where it can guarantee it has user consent, has unsettled publishers and ad tech vendors.” [Digiday / Jessica Davies]

Unseen costs of forgone investment & research

  • Startups: One study estimated that venture capital invested in EU startups fell by as much as 50 percent due to GDPR implementation: “Specifically, our findings suggest a $3.38 million decrease in the aggregate dollars raised by EU ventures per state per crude industry category per week, a 17.6% reduction in the number of weekly venture deals, and a 39.6% decrease in the amount raised in an average deal following the rollout of GDPR … We use our results to provide a back-of-the-envelope calculation of a range of job losses that may be incurred by these ventures, which we estimate to be between 3,604 to 29,819 jobs.” [NBER / Jian Jia, Ginger Zhe Jin, and Liad Wagman]
  • Mergers and acquisitions: “55% of respondents said they had worked on deals that fell apart because of concerns about a target company’s data protection policies and compliance with GDPR” [WSJ / Nina Trentmann]
  • Scientific research: “[B]iomedical researchers fear that the EU’s new General Data Protection Regulation (GDPR) will make it harder to share information across borders or outside their original research context.” [Politico / Sarah Wheaton]

GDPR graveyard

Small and medium-sized businesses (SMBs) have left the EU market in droves (or shut down entirely). Here is a partial list:

Blockchain & P2P Services

  • CoinTouch, peer-to-peer cryptocurrency exchange
  • FamilyTreeDNA, free and public genetic tools
    • Mitosearch
    • Ysearch
  • Monal, XMPP chat app
  • Parity, know-your-customer service for initial coin offerings (ICOs)
  • Seznam, social network for students
  • StreetLend, tool sharing platform for neighbors

Marketing

  • Drawbridge, cross-device identity service
  • Klout, social reputation service by Lithium
  • Unroll.me, inbox management app
  • Verve, mobile programmatic advertising

Video Games

Other