[This post is the fourth in an ongoing symposium on “Should We Break Up Big Tech?“that features analysis and opinion from various perspectives.]
[This post is authored by Pallavi Guniganti, editor of Global Competition Review.]
Start with the assumption that there is a problem
The European Commission and Austria’s Federal Competition Authority are investigating Amazon over its use of Marketplace sellers’ data. US senator Elizabeth Warren has said that one reason to require “large tech platforms to be designated as ‘Platform Utilities’ and broken apart from any participant on that platform” is to prevent them from using data they obtain from third parties on the platform to benefit their own participation on the platform.
Amazon tweeted in response to Warren: “We don’t use individual sellers’ data to launch private label products.” However, an Amazon spokeswoman would not answer questions about whether it uses aggregated non-public data about sellers, or data from buyers; and whether any formal firewall prevents Amazon’s retail operation from accessing Marketplace data.
If the problem is solely that Amazon’s own retail operation can access data from the Marketplace, structurally breaking up the company and forbidding it and other platforms from participating on those platforms may be a far more extensive intervention than is needed. A targeted response such as a firewall could remedy the specific competitive harm.
Germany’s Federal Cartel Office implicitly recognised this with its Facebook decision, which did not demand the divestiture of every business beyond the core social network – the “Mark Zuckerberg Production” that began in 2004. Instead, the competition authority prohibited Facebook from conditioning the use of that social network on consent to the collection and combination of data from WhatsApp, Oculus, Masquerade, Instagram and any other sites or apps where Facebook might track them.
The decision does not limit data collection on Facebook itself. “It is taken into account that an advertising-funded social network generally needs to process a large amount of personal data,” the authority said. “However, the Bundeskartellamt holds that the efficiencies in a business model based on personalised advertising do not outweigh the interests of the users when it comes to processing data from sources outside of the social network.”
The Federal Cartel Office thus aims to wall off the data collected on Facebook from data that can be collected anywhere else. It ordered Facebook to present a road map for how it would implement these changes within four months of the February 2019 decision, but the time limit was suspended by the company’s emergency appeal to the Düsseldorf Higher Regional Court.
Federal Cartel Office president Andreas Mundt has described the kind of remedy he had ordered for Facebook as not exactly structural, but going in a “structural direction” that might work for other cases as well. Keeping the data apart is a way to “break up this market power” without literally breaking up the corporation, and the first step to an “internal divestiture”, he said.
Mundt claimed that this kind of remedy gets to “the core of the problem”: big internet companies being able to out-compete new entrants, because the former can obtain and process data even beyond what they collected on a single service that has attracted a large number of users.
He used terms like “silo” rather than “firewall”, but the essential idea is to protect competition by preventing the dissemination of certain information. Antitrust authorities worldwide have considered firewalls, particularly in vertical merger remedies, as a way to prevent the anticompetitive movement of data while still allowing for some efficiencies of business units being under the same corporate umbrella.
Notwithstanding Mundt’s reference to a “structural direction”, competition authorities including his own have traditionally classified firewalls as a behavioural or conduct remedy. They purport to solve a specific problem: the movement of information.
Other aspects of big companies that can give them an advantage – such as the use of profits from one part of a company to invest in another part, perhaps to undercut rivals on prices – would not be addressed by firewalls. They would more likely would require dividing up a company at the corporate level.
But if data are the central concern, then the way forward might be found in firewalls.
What do the enforcers say?
The Federal Cartel Office’s May 2017 guidance on merger remedies disfavours firewalls, stating that such obligations are “not suitable to remedy competitive harm” because they require continuous oversight. Employees of a corporation in almost any sector will commonly exchange information on a daily basis in almost every industry, making it “extremely difficult to identify, stop and prevent non-compliance with the firewall obligations”, the guidance states. In a footnote, it acknowledges that other, unspecified jurisdictions have regarded firewalls “as an effective remedy to remove competition concerns”.
The UK’s Competition and Markets Authority takes a more optimistic view of the ability to keep a firewall in place, at least in the context of a vertical integration to prevent the use of “privileged information generated by competitors’ use of the merged company’s facilities or products”. In addition to setting up the company to restrict information flows, staff interactions and the sharing of services, physical premises and management, the CMA also requires the commitment of “significant resources to educating staff about the requirements of the measures and supporting the measures with disciplinary procedures and independent monitoring”.
The European Commission’s merger remedies notice is quite short. It does not mention firewalls or Chinese walls by name, simply noting that any non-structural remedy is problematic “due to the absence of effective monitoring of its implementation” by the commission or even other market participants. A 2011 European Commission submission to the Organisation for Economic Co-operation and Development was gloomier: “We have also found that firewalls are virtually impossible to monitor.”
The US antitrust agencies have been inconsistent in their views, and not on a consistent partisan basis. Under George W Bush, the Department of Justice’s antitrust division’s 2004 merger guidance said “a properly designed and enforced firewall” could prevent certain competition harms. But it also would require the DOJ and courts to expend “considerable time and effort” on monitoring, and “may frequently destroy the very efficiency that the merger was designed to generate. For these reasons, the use of firewalls in division decrees is the exception and not the rule.”
Under Barack Obama, the Antitrust Division revised its guidance in 2011 to omit the most sceptical language about firewalls, replacing it with a single sentence about the need for effective monitoring. Under Donald Trump, the Antitrust Division has withdrawn the 2011 guidance, and the 2004 guidance is operative.
At the Federal Trade Commission, on the other hand, firewalls had long been relatively uncontroversial among both Republicans and Democrats. For example, the commissioners unanimously agreed to a firewall remedy for PepsiCo’s and Coca-Cola’s separate 2010 acquisitions of bottlers and distributors that also dealt with rival a rival beverage maker, the Dr Pepper Snapple Group. (The FTC later emphasised the importance in those cases of obtaining industry expert monitors, who “have provided commission staff with invaluable insight and evaluation regarding each company’s compliance with the commission’s orders”.)
In 2017, the two commissioners who remained from the Obama administration both signed off on the Broadcom/Brocade merger based on a firewall – as did the European Commission, which also mandated interoperability commitments. And the Democratic commissioners appointed by President Trump voted with their Republican colleagues in 2018 to clear the Northrop Grumman/Orbital ATK deal subject to a behavioural remedy that included supply commitments and firewalls.
Several months later, however, those Democrats dissented from the FTC’s approval of Staples/Essendant, which the agency conditioned solely on a firewall between Essendant’s wholesale business and the Staples unit that handles corporate sales. While a firewall to prevent Staples from exploiting Essendant’s commercially-sensitive data about Staples’ rivals “will reduce the chance of misuse of data, it does not eliminate it,” Commissioner Rohit Chopra said. He emphasised the difficulty of policing oral communications, and said the FTC instead could have required Essendant to return its customers’ data. Commissioner Rebecca Kelly Slaughter said she shared Chopra’s “concerns about the efficacy of the firewall to remedy the information sharing harm”.
The majority defended firewalls’ effectiveness, noting that it had used them solve competition concerns in past vertical mergers, “and the integrity of those firewalls was robust.” The Republican commissioners cited the FTC’s review of the merger remedies it had imposed from 2006 to 2012, which concluded: “All vertical merger orders were judged successful.”
Republican commissioner Christine Wilson wrote separately about the importance of choosing “a remedy that is narrowly tailored to address the likely competitive harms without doing collateral damage.” Certain behavioural remedies for past vertical mergers had gone too far and even resulted in less competition, she said. “I have substantially fewer qualms about long-standing and less invasive tools, such as the ‘firewalls, fair dealing, and transparency provisions’ the Antitrust Division endorsed in the 2004 edition of its Policy Guide.”
Why firewalls don’t work, especially for big tech
Firewalls are designed to prevent the anticompetitive harm of information exchange, but whether they work depends on whether the companies and their employees behave themselves – and if they do not, on whether antitrust enforcers can know it and prove it. Deputy assistant attorney general Barry Nigro at the Antitrust Division has questioned the effectiveness of firewalls as a remedy for deals where the relevant business units are operationally close. The same problem may arise outside the merger context.
For example, Amazon’s investment fund for products to complement its Alexa virtual assistant could be seen as having the kind of firewall that is undercut by the practicalities of how a business operates. CNBC reported in September 2017 that “Alexa Fund representatives called a handful of its portfolio companies to say a clear ‘firewall’ exists between the Alexa Fund and Amazon’s product development teams.” The chief executive from Nucleus, one of those portfolio companies, had complained that Amazon’s Echo Show was a copycat of Nucleus’s product. While Amazon claimed that the Alexa Fund has “measures” to ensure “appropriate treatment” of confidential information, the companies said the process of obtaining the fund’s investment required them to work closely with Amazon’s product teams.
CNBC contrasted with Intel Capital – a division of the technology company that manages venture capital and investment – where a former managing director said he and his colleagues “tried to be extra careful not to let trade secrets flow across the firewall into its parent company”.
Firewalls are commonplace to corporate lawyers, who instill temporary blocks to prevent transmission of information in a variety of situations, such as during due diligence on a deal. This experience may lead such attorneys to put more faith in firewalls than enforcement advocates do.
Diana Moss, the president of the American Antitrust Institute, says that like other behavioral remedies, firewalls “don’t change any incentive to exercise market power”. In contrast, structural remedies eliminate that incentive by removing the part of the business that would make the exercise of market power profitable.
No internal monitoring or compliance ensures the firewall is respected, Moss says, unless a government consent order installs a monitor in a company to make sure the business units aren’t sharing information. This would be unlikely to occur, she says.
Moss’s 2011 white paper on behavioural merger remedies, co-authored with John Kwoka, reviews how well such remedies have worked. It notes that “information firewalls in Google-ITA and Comcast-NBCU clearly impede the joint operation and coordination of business divisions that would otherwise naturally occur.”
Lina Khan’s 2019 Columbia Law Review article, “The Separation of Platforms and Commerce,” repeatedly cites Moss and Kwoka in the course of arguing that non-separation solutions such as firewalls do not work.
Khan concedes that information firewalls “in theory could help prevent information appropriation by dominant integrated firms.” But regulating the dissemination of information is especially difficult “in multibillion dollar markets built around the intricate collection, combination, and sale of data”, as companies in those markets “will have an even greater incentive to combine different sets of information”.
Why firewalls might work, especially for big tech
Yet neither Khan nor Moss points to an example of a firewall that clearly did not work. Khan writes: “Whether the [Google-ITA] information firewall was successful in preventing Google from accessing rivals’ business information is not publicly known. A year after the remedy expired, Google shut down” the application programming interface, through which ITA had provided its customisable flight search engine.
Even as enforcement advocates throw doubt on firewalls, enforcers keep requiring them. China’s Ministry of Commerce even used them to remedy a horizontal merger, in two stages of its conditions on Western Digital’s acquisition of Hitachi’s hard disk drive.
If German courts allow Andreas Mundt’s remedy for Facebook to go into effect, it will provide an example of just how effective a firewall can be on a platform. The decision requires Facebook to detail its technical plan to implement the obligation not to share data on users from its subsidiaries and its tracking on independent websites and apps.
A section of the “frequently asked questions” about the Federal Cartel Office’s Facebook case includes: “How can the Bundeskartellamt enforce the implementation of its decision?” The authority can impose fines for known non-compliance, but that assume it could detect violations of its order. Somewhat tentatively, the agency says it could carry out random monitoring, which is “possible in principle… as the actual flow of data eg from websites to Facebook can be monitored by analysing websites and their components or by recording signals.”
As perhaps befits the digital difference between Staples and Facebook, the German authority posits monitoring that would not be able to catch the kind of “oral communications” that Commissioner Chopra worried about when the US FTC cleared Staples’ acquisition of Essendant. But the use of such high-monitors could make firewalls even more appropriate as a remedy for platforms – which look to large data flows for a competitive advantage – than for old economy sales teams that could harm competition with just a few minutes of conversation.
Rather than a human monitor installed in a company to guard against firewall breaches, which Moss said was unlikely, software installed on employee computers and email systems might detect data flows between business units that should be walled off from each other. Breakups and firewalls are both longstanding remedies, but the latter may be more amenable to the kind of solutions that “big tech” itself has provided.