Archives For European Union

7 Top Takeaways from the 2nd Annual Mercatus Antitrust Forum

Alden Abbott —  1 February 2023

At the Jan. 26 Policy in Transition forum—the Mercatus Center at George Mason University’s second annual antitrust forum—various former and current antitrust practitioners, scholars, judges, and agency officials held forth on the near-term prospects for the neo-Brandeisian experiment undertaken in recent years by both the Federal Trade Commission (FTC) and the U.S. Justice Department (DOJ). In conjunction with the forum, Mercatus also released a policy brief on 2022’s significant antitrust developments.

Below, I summarize some of the forum’s noteworthy takeaways, followed by concluding comments on the current state of the antitrust enterprise, as reflected in forum panelists’ remarks.

Takeaways

    1. The consumer welfare standard is neither a recent nor an arbitrary antitrust-enforcement construct, and it should not be abandoned in order to promote a more “enlightened” interventionist antitrust.

George Mason University’s Donald Boudreaux emphasized in his introductory remarks that the standard goes back to Adam Smith, who noted in “The Wealth of Nations” nearly 250 years ago that the appropriate end of production is the consumer’s benefit. Moreover, American Antitrust Institute President Diana Moss, a leading proponent of more aggressive antitrust enforcement, argued in standalone remarks against abandoning the consumer welfare standard, as it is sufficiently flexible to justify a more interventionist agenda.

    1. The purported economic justifications for a far more aggressive antitrust-enforcement policy on mergers remain unconvincing.

Moss’ presentation expressed skepticism about vertical-merger efficiencies and called for more aggressive challenges to such consolidations. But Boudreaux skewered those arguments in a recent four-point rebuttal at Café Hayek. As he explains, Moss’ call for more vertical-merger enforcement ignores the fact that “no one has stronger incentives than do the owners and managers of firms to detect and achieve possible improvements in operating efficiencies – and to avoid inefficiencies.”

Moss’ complaint about chronic underenforcement mistakes by overly cautious agencies also ignores the fact that there will always be mistakes, and there is no reason to believe “that antitrust bureaucrats and courts are in a position to better predict the future [regarding which efficiencies claims will be realized] than are firm owners and managers.” Moreover, Moss provided “no substantive demonstration or evidence that vertical mergers often lead to monopolization of markets – that is, to industry structures and practices that harm consumers. And so even if vertical mergers never generate efficiencies, there is no good argument to use antitrust to police such mergers.”

And finally, Boudreaux considers Moss’ complaint that a court refused to condemn the AT&T-Time Warner merger, arguing that this does not demonstrate that antitrust enforcement is deficient:

[A]s soon as the  . . . merger proved to be inefficient, the parties themselves undid it. This merger was undone by competitive market forces and not by antitrust! (Emphasis in the original.)

    1. The agencies, however, remain adamant in arguing that merger law has been badly unenforced. As such, the new leadership plans to charge ahead and be willing to challenge more mergers based on mere market structure, paying little heed to efficiency arguments or actual showings of likely future competitive harm.

In her afternoon remarks at the forum, Principal Deputy Assistant U.S. Attorney General for Antitrust Doha Mekki highlighted five major planks of Biden administration merger enforcement going forward.

  • Clayton Act Section 7 is an incipiency statute. Thus, “[w]hen a [mere] change in market structure suggests that a firm will have an incentive to reduce competition, that should be enough [to justify a challenge].”
  • “Once we see that a merger may lead to, or increase, a firm’s market power, only in very rare circumstances should we think that a firm will not exercise that power.”
  • A structural presumption “also helps businesses conform their conduct to the law with more confidence about how the agencies will view a proposed merger or conduct.”
  • Efficiencies defenses will be given short shrift, and perhaps ignored altogether. This is because “[t]he Clayton Act does not ask whether a merger creates a more or less efficient firm—it asks about the effect of the merger on competition. The Supreme Court has never recognized efficiencies as a defense to an otherwise illegal merger.”
  • Merger settlements have often failed to preserve competition, and they will be highly disfavored. Therefore, expect a lot more court challenges to mergers than in recent decades. In short, “[w]e must be willing to litigate. . . . [W]e need to acknowledge the possibility that sometimes a court might not agree with us—and yet go to court anyway.”

Mekki’s comments suggest to me that the soon-to-be-released new draft merger guidelines may emphasize structural market-share tests, generally reject efficiencies justifications, and eschew the economic subtleties found in the current guidelines.

    1. The agencies—and the FTC, in particular—have serious institutional problems that undermine their effectiveness, and risk a loss of credibility before the courts in the near future.

In his address to the forum, former FTC Chairman Bill Kovacic lamented the inefficient limitations on reasoned FTC deliberations imposed by the Sunshine Act, which chills informal communications among commissioners. He also pointed to our peculiarly unique global status of having two enforcers with duplicative antitrust authority, and lamented the lack of policy coherence, which reflects imperfect coordination between the agencies.

Perhaps most importantly, Kovacic raised the specter of the FTC losing credibility in a possible world where Humphrey’s Executor is overturned (see here) and the commission is granted little judicial deference. He suggested taking lessons on policy planning and formulation from foreign enforcers—the United Kingdom’s Competition and Markets Authority, in particular. He also decried agency officials’ decisions to belittle prior administrations’ enforcement efforts, seeing it as detracting from the international credibility of U.S. enforcement.

    1. The FTC is embarking on a novel interventionist path at odds with decades of enforcement policy.

In luncheon remarks, Commissioner Christine S. Wilson lamented the lack of collegiality and consultation within the FTC. She warned that far-reaching rulemakings and other new interventionist initiatives may yield a backlash that undermines the institution.

Following her presentation, a panel of FTC experts discussed several aspects of the commission’s “new interventionism.” According to one panelist, the FTC’s new Section 5 Policy Statement on Unfair Methods of Competition (which ties “unfairness” to arbitrary and subjective terms) “will not survive in” (presumably, will be given no judicial deference by) the courts. Another panelist bemoaned rule-of-law problems arising from FTC actions, called for consistency in FTC and DOJ enforcement policies, and warned that the new merger guidelines will represent a “paradigm shift” that generates more business uncertainty.

The panel expressed doubts about the legal prospects for a proposed FTC rule on noncompete agreements, and noted that constitutional challenges to the agency’s authority may engender additional difficulties for the commission.

    1. The DOJ is greatly expanding its willingness to litigate, and is taking actions that may undermine its credibility in court.

Assistant U.S. Attorney General for Antitrust Jonathan Kanter has signaled a disinclination to settle, as well as an eagerness to litigate large numbers of cases (toward that end, he has hired a huge number of litigators). One panelist noted that, given this posture from the DOJ, there is a risk that judges may come to believe that the department’s litigation decisions are not well-grounded in the law and the facts. The business community may also have a reduced willingness to “buy in” to DOJ guidance.

Panelists also expressed doubts about the wisdom of DOJ bringing more “criminal Sherman Act Section 2” cases. The Sherman Act is a criminal statute, but the “beyond a reasonable doubt” standard of criminal law and Due Process concerns may arise. Panelists also warned that, if new merger guidelines are ”unsound,” they may detract from the DOJ’s credibility in federal court.

    1. International antitrust developments have introduced costly new ex ante competition-regulation and enforcement-coordination problems.

As one panelist explained, the European Union’s implementation of the new Digital Markets Act (DMA) will harmfully undermine market forces. The DMA is a form of ex ante regulation—primarily applicable to large U.S. digital platforms—that will harmfully interject bureaucrats into network planning and design. The DMA will lead to inefficiencies, market fragmentation, and harm to consumers, and will inevitably have spillover effects outside Europe.

Even worse, the DMA will not displace the application of EU antitrust law, but merely add to its burdens. Regrettably, the DMA’s ex ante approach is being imitated by many other enforcement regimes, and the U.S. government tacitly supports it. The DMA has not been included in the U.S.-EU joint competition dialogue, which risks failure. Canada and the U.K. should also be added to the dialogue.

Other International Concerns

The international panelists also noted that there is an unfortunate lack of convergence on antitrust procedures. Furthermore, different jurisdictions manifest substantial inconsistencies in their approaches to multinational merger analysis, where better coordination is needed. There is a special problem in the areas of merger review and of criminal leniency for price fixers: when multiple jurisdictions need to “sign off” on an enforcement matter, the “most restrictive” jurisdiction has an effective veto.

Finally, former Assistant U.S. Attorney General for Antitrust James Rill—perhaps the most influential promoter of the adoption of sound antitrust laws worldwide—closed the international panel with a call for enhanced transnational cooperation. He highlighted the importance of global convergence on sound antitrust procedures, emphasizing due process. He also advocated bolstering International Competition Network (ICN) and OECD Competition Committee convergence initiatives, and explained that greater transparency in agency-enforcement actions is warranted. In that regard, Rill said, ICN nongovernmental advisers should be given a greater role.

Conclusion

Taken as a whole, the forum’s various presentations painted a rather gloomy picture of the short-term prospects for sound, empirically based, economics-centric antitrust enforcement.

In the United States, the enforcement agencies are committed to far more aggressive antitrust enforcement, particularly with respect to mergers. The agencies’ new approach downplays efficiencies and they will be quick to presume broad categories of business conduct are anticompetitive, relying far less closely on case-specific economic analysis.

The outlook is also bad overseas, as European Union enforcers are poised to implement new ex ante regulation of competition by large platforms as an addition to—not a substitute for—established burdensome antitrust enforcement. Most foreign jurisdictions appear to be following the European lead, and the U.S. agencies are doing nothing to discourage them. Indeed, they appear to fully support the European approach.

The consumer welfare standard, which until recently was the stated touchstone of American antitrust enforcement—and was given at least lip service in Europe—has more or less been set aside. The one saving grace in the United States is that the federal courts may put a halt to the agencies’ overweening ambitions, but that will take years. In the meantime, consumer welfare will suffer and welfare-enhancing business conduct will be disincentivized. The EU courts also may place a minor brake on European antitrust expansionism, but that is less certain.

Recall, however, that when evils flew out of Pandora’s box, hope remained. Let us hope, then, that the proverbial worm will turn, and that new leadership—inspired by hopeful and enlightened policy advocates—will restore principled antitrust grounded in the promotion of consumer welfare.

In Antitrust & Competition, Antitrust Division, European Union, Federal Trade Commission, International, Justice Department, Mergers & Acquisitions , , , , , , , , , , , , ,
permalink

Fixing the Procedural Infirmities in the DMA’s Draft Implementing Regulation

Lazar Radic —  23 January 2023

Just before Christmas, the European Commission published a draft implementing regulation (DIR) of the Digital Markets Act (DMA), establishing procedural rules that, in the Commission’s own words, seek to bolster “legal certainty,” “due process,” and “effectiveness” under the DMA. The rights of defense laid down in the draft are, alas, anemic. In the long run, this will leave the Commission’s DMA-enforcement decisions open to challenge on procedural grounds before the Court of Justice of the European Union (CJEU).

This is a loss for due process, for third parties seeking to rely on the Commission’s decisions, and for the effectiveness of the DMA itself.

Detailed below are some of the significant problems with the DIR, as well as suggestions for how to address them. Many of these same issues have been highlighted in the comments submitted by likely gatekeepers, law firms, and academics during the open-consultation period. You can also read the brief explainer that Dirk Auer & I wrote on the DIR here.

Access to File

The DIR establishes that parties have the right to access files that the Commission used to issue preliminary findings. But if parties wish to access other documents in the Commission’s file, they will need to submit a “substantiated request.” Among the problems with this approach is that the documents cited in the Commission’s preliminary reference will be of  limited use to defendants, as they are likely to be those used to establish an infringement, and thus unlikely to be exculpatory.

Moreover, as the CJEU has stated, it should not be up to the Commission alone to decide whether to disclose documents in the file. The Commission can preclude documents unrelated to the statement of objections from the administrative procedure, but that isn’t the same as excluding documents that aren’t mentioned in the statement of objections. After all, evidence might be irrelevant for the prosecution but relevant for the defense.

Parties’ right to be heard is unnecessarily circumscribed by requiring that they must “duly substantiate why access to a specific document or part thereof is necessary to exercise its right to be heard.” A party might be hard-pressed to argue convincingly that it needs access to a document based solely on a terse and vague description in the Commission’s file. More generally, why would a document be in the Commission’s file if it is not relevant to the case? The right to be heard cannot be respected where access to information is prohibited.

Solution: The DIR should allow gatekeepers full access to the Commission’s file. This is the norm in antitrust and merger proceedings in the EU where:

undertakings or associations of undertakings that receive a Statement of Objections have the right to see all the evidence, whether it is incriminating or exonerating, in the Commission’s investigation file. [bold in original]

 There is little sense in deviating from this standard in DMA proceedings.

No Role for the Hearing Officer

The DIR does not spell out a role for the hearing officer, a particularly jarring omission given the Commission’s history of acting as “judge, jury and executioner” in competition-law proceedings (see here, here and here). Hearing officers are a staple in antitrust (here and here), as well as in trade proceedings more generally, where their role is to enhance impartiality and objectivity by, e.g., resolving disputes over access to certain documents. As Alfonso Lamadrid has noted, an obvious inference to reach is that DMA proceedings before the Commission are to be less impartial and objective.

Solution: Grant the hearing officer a role in, at the very least, resolving access-to-file and confidentiality disputes.

Cap on the Length of Responses

The DIR establishes a 50-page limit on parties’ responses to the Commission’s preliminary findings. Of course, no such cap is imposed on the Commission in issuing its preliminary findings, designation decisions, and other decisions under the DMA. This imbalance between the Commission’s and respondents’ duties plainly violates the principle of equality of arms—a fundamental element of the right to a fair trial under Article 47 of the EU Charter of Fundamental Rights.

An arbitrary page limit also means that the Commission may not take all relevant facts and evidence into account in its decisions, which will be based largely on the preliminary findings and the related response. This lays the groundwork for subsequent challenges before the courts.

Solution: Either remove the cap on responses to preliminary findings or impose a similar limit on the Commission in issuing those findings.

A ‘Succinct’ Right to Speak

The DIR does not contemplate granting parties oral hearings to explain their defense more fully. Oral hearings are particularly important in cases involving complex and technical arguments and evidence.

While the right to a fair trial does not require oral hearings to be held in every case, “refusing to hold an oral hearing may be justified only in rare cases.” Given that, under the DMA, companies can be fined as much as 20% of their worldwide turnover, these proceedings involve severe financial penalties of a criminal or quasi-criminal nature (here and here), and are thus unlikely to qualify (here).

Solution: Grant parties the ability to request an oral hearing following the preliminary findings.

Legal Uncertainty

As one commenter put it, “the document is striking for what it leaves out.”  As Dirk Auer and I point out, the DIR leaves unanswered such questions as the precise role of third parties in DMA processes; the role of the advisory committee in decision making; whether the college of commissioners or just one commissioner is the ultimate decision maker; whether national authorities will be able to access data gathered by the Commission; and whether there is a role for the European Competition Network in coordinating and allocating cases between the EU and the member states.

Granted, not all of these questions needed to be answered in the DIR (although some—like the role of third parties—arguably should have been). Still, the sooner they are resolved, the better for everyone. 

Solution: Clarify the above questions—either with the final version of the implementing regulation or soon thereafter—in a manual of procedures or best-practice guidelines, as appropriate.

Conclusion

Unless substantive changes are made, the DIR in its current form risks running afoul of a well-established line of jurisprudence highlighting the importance of fundamental rights in antitrust law, which is guaranteed to apply in DMA proceedings as well. One of these is the general principle that judicial and administrative promptness cannot be attained at the expense of parties’ right of defense (here). Ignoring this would not only result in a loss for the rights of defense in the EU, but would also drive a wedge in the effectiveness of the DMA—thereby staining the Commission’s credibility.

In Antitrust & Competition, European Union, Truth on the Market , ,
permalink

GDPR Decision Against Meta Highlights that Privacy Regulators Don’t Understand ‘Necessity’

Mikołaj Barczentewicz and Kristian Stout —  11 January 2023

The €390 million fine that the Irish Data Protection Commission (DPC) levied last week against Meta marks both the latest skirmish in the ongoing regulatory war on the use of data by private firms, as well as a major blow to the ad-driven business model that underlies most online services. 

More specifically, the DPC was forced by the European Data Protection Board (EDPB) to find that Meta violated the General Data Protection Regulation (GDPR) when it relied on its contractual relationship with Facebook and Instagram users as the basis to employ user data in personalized advertising. 

Meta still has other bases on which it can argue it relies in order to make use of user data, but a larger issue is at-play: the decision’s findings both that making use of user data for personalized advertising is not “necessary” between a service and its users and that privacy regulators are in a position to make such an assessment. 

More broadly, the case also underscores that there is no consensus within the European Union on the broad interpretation of the GDPR preferred by some national regulators and the EDPB.

The DPC Decision

The core disagreement between the DPC and Meta, on the one hand, and some other EU privacy regulators, on the other, is whether it is lawful for Meta to treat the use of user data for personalized advertising as “necessary for the performance of” the contract between Meta and its users. The Irish DPC accepted Meta’s arguments that the nature of Facebook and Instagram is such that it is necessary to process personal data this way. The EDPB took the opposite approach and used its powers under the GDPR to direct the DPC to issue a decision contrary to DPC’s own determination. Notably, the DPC announced that it is considering challenging the EDPB’s involvement before the EU Court of Justice as an unlawful overreach of the board’s powers.

In the EDPB’s view, it is possible for Meta to offer Facebook and Instagram without personalized advertising. And to the extent that this is possible, Meta cannot rely on the “necessity for the performance of a contract” basis for data processing under Article 6 of the GDPR. Instead, Meta in most cases should rely on the “consent” basis, involving an explicit “yes/no” choice. In other words, Facebook and Instagram users should be explicitly asked if they consent to their data being used for personalized advertising. If they decline, then under this rationale, they would be free to continue using the service without personalized advertising (but with, e.g., contextual advertising). 

Notably, the decision does not mandate a particular contractual basis for processing, but only invalidates “contractual necessity” for personalized advertising. Indeed, Meta believes it has other avenues for continuing to process user data for personalized advertising while not depending on a “consent” basis. Of course, only time will tell if this reasoning is accepted. Nonetheless, the EDBP’s underlying animus toward the “necessity” of personalized advertising remains concerning.

What Is ‘Necessary’ for a Service?

The EDPB’s position is of a piece with a growing campaign against firms’ use of data more generally. But as in similar complaints against data use, the demonstrated harms here are overstated, while the possibility that benefits might flow from the use of data is assumed to be zero. 

How does the EDPB know that it is not necessary for Meta to rely on personalized advertising? And what does “necessity” mean in this context? According to the EDPB’s own guidelines, a business “should be able to demonstrate how the main subject-matter of the specific contract with the data subject cannot, as a matter of fact, be performed if the specific processing of the personal data in question does not occur.” Therefore, if it is possible to distinguish various “elements of a service that can in fact reasonably be performed independently of one another,” then even if some processing of personal data is necessary for some elements, this cannot be used to bundle those with other elements and create a “take it or leave it” situation for users. The EDPB stressed that:

This assessment may reveal that certain processing activities are not necessary for the individual services requested by the data subject, but rather necessary for the controller’s wider business model.

This stilted view of what counts as a “service” completely fails to acknowledge that “necessary” must mean more than merely technologically possible. Any service offering faces both technical limitations as well as economic limitations. What is technically possible to offer can also be so uneconomic in some forms as to be practically impossible. Surely, there are alternatives to personalized advertising as a means to monetize social media, but determining what those are requires a great deal of careful analysis and experimentation. Moreover, the EDPB’s suggested “contextual advertising” alternative is not obviously superior to the status quo, nor has it been demonstrated to be economically viable at scale.  

Thus, even though it does not strictly follow from the guidelines, the decision in the Meta case suggests that, in practice, the EDPB pays little attention to the economic reality of a contractual relationship between service providers and their users, instead trying to carve out an artificial, formalistic approach. It is doubtful whether the EDPB engaged in the kind of robust economic analysis of Facebook and Instagram that would allow it to reach a conclusion as to whether those services are economically viable without the use of personalized advertising. 

However, there is a key institutional point to be made here. Privacy regulators are likely to be eminently unprepared to conduct this kind of analysis, which arguably should lead to significant deference to the observed choices of businesses and their customers.

Conclusion

A service’s use of its users’ personal data—whether for personalized advertising or other purposes—can be a problem, but it can also generate benefits. There is no shortcut to determine, in any given situation, whether the costs of a particular business model outweigh its benefits. Critically, the balance of costs and benefits from a business model’s technological and economic components is what truly determines whether any specific component is “necessary.” In the Meta decision, the EDPB got it wrong by refusing to incorporate the full economic and technological components of the company’s business model. 

In Data Privacy & Security, European Union, Facebook, Truth on the Market , , , , , ,
permalink

Your Definitive End-of-Year Global Tech Regulation Wrap-Up: Who’s Doing What, Where, and What to Make of It

Lazar Radic —  21 December 2022

As 2023 draws to a close, we wanted to reflect on a year that saw jurisdictions around the world proposing, debating, and (occasionally) enacting digital regulations. Some of these initiatives amended existing ex-post competition laws. Others were more ambitious, contemplating entirely new regulatory regimes from the ground up.

With everything going on, it can be overwhelming even for hardcore antitrust enthusiasts to keep pace with the latest developments. If you have the high-brow interests of a scholar but the jam-packed schedule of a CEO, you have come to the right place. This post is intended to summarize who is doing what, where, and what to make of it.

Status of Tech Regulation Around the World

European Union

In the European Union—the patient zero of tech regulation—two crucial pieces of legislation passed this year: the Digital Markets Act (DMA) and the Digital Services Act (DSA).

But notably, the EU is just now—i.e., six months before the act is set to apply in full to all digital “gatekeepers”—launching a consultation on the DMA’s procedural rules (a draft is available here). Many of those procedural questions remain exceedingly fuzzy (substantive ones, too), such as, e.g.—the role of the advisory committee, the role of third parties in proceedings, national authorities’ access to data gathered by the Commission, and the role to be played (if any) by the European Competition Network. Further, only now is a DMA enforcement unit being created within the Commission, although it is also unclear whether it will have the staffing capacity to satisfy the tight deadlines.

Whether or not the implementing regulation ultimately resolves all of these questions, they should have been settled much sooner. But as is becoming customary in tech regulation, it seems that the political urge to “do something” has once again prevailed over careful consideration and foresight.

United Kingdom

In the United Kingdom, legislation to empower the Competition and Markets Authority’s (CMA) Digital Markets Unit (DMU) is set to be brought to Parliament this term, meaning that it may be discussed in the next two months. Of all the “pending” antitrust bills around the world, this is probably the most likely to be adopted. Although it dropped an earlier dubious proposal on mergers, there remain several significant concerns with the DMU (see here and here for previous commentary). For example, the DMU’s standard of review is surprisingly truncated, considering the expansive powers that would be bestowed on the agency. The DMU would apply the strategic market significance (SMS) tag to entire firms and not just to those operations where the firm may have market power. Moreover, the DMU proposal shows little concern for due process.

One looming question is whether the UK will learn from the EU’s example, and resolve substantive and procedural questions well ahead of imposing any obligations on SMS companies. In the end, whatever the UK does or doesn’t do will have reverberations around the globe, as many countries appear to be adopting a DMA-style designation process for gatekeepers but imposing “code of conduct” obligations inspired by the DMU.

United States

Across the pond, the major antitrust tech bills introduced in Congress have come to a standstill. Despite some 11th hour efforts by their sponsors, neither the American Innovation and Choice Online Act, nor the Open App Markets Act, nor the Journalism Competition and Preservation Act made the cut to be included in the $1.7 trillion, 4,155-page omnibus bill that will be the last vote taken by the 117th Congress. With divided power in the 118th Congress, it’s possible that the push to regulate tech might fizzle out.

What went wrong for antitrust reformers? Republicans and Democrats have always sought different things from the bills. Democrats want to “tame” big tech, hold it accountable for the proliferation of “harmful” content online, and redistribute rents toward competitors and other businesses across the supply chain (e.g., app developers, media organizations, etc.). Republicans, on the other hand, seek to limit platforms’ ability to “censor conservative views” and to punish them for supposedly having done so in the past. The difficulty of aligning these two visions has obstructed decisive movement on the bills. But, more broadly, it also goes to show that the logic for tech regulation is far from homogenous, and that wildly different aims can be pursued under the umbrella of “choice,” “contestability,” and “fairness.”

South Africa

As my colleague Dirk Auer covered yesterday, South Africa has launched a sectoral inquiry into online-intermediation platforms, which has produced a provisional report (see here for a brief overview). The provisional report identifies Apple, Google, Airbnb, Uber Eats, and South Africa’s own Takealot, among others, as “leading online platforms” and offers suggestions to make the markets in which these companies compete more “contestable.” This includes a potential ex ante regulatory regime.

But as Dirk noted, there are certain considerations the developing countries must bear in mind when contemplating ex ante regimes that developed countries do not (or, at least, not to the same extent). Most importantly, these countries are typically highly dependent on foreign investment, which might sidestep those jurisdictions that impose draconian DMA-style laws.

This could be the case with Amazon, which is planning to launch its marketplace in South Africa in February 2023 (the same month the sectoral inquiry is due). The degree and duration of Amazon’s presence might hinge on the country’s regulatory regime for online platforms. If unfavorable or exceedingly ambiguous, the new rules might prompt Amazon and other companies to relocate elsewhere. It is notable that local platform Takealot has, to date, demonstrated market dominance in South Africa, which most observers doubt that Amazon will be able to displace.

India

No one can be quite sure what is going on in India. There has been some agitation for a DMA-style ex ante regulatory regime within the Parliament of India, which is currently debating an amendment to the Competition Act that would, among other things, lower merger thresholds.

More drastically, however, a standing committee on e-commerce (where e-commerce is taken to mean all online commerce, not just retail) issued a report that recommended identifying “gatekeepers” for more stringent supervision under an ex ante regime that would, e.g., bar companies from selling goods on the platforms they own. At its core, the approach appears to assume that the DMA constitutes “best practices” in online competition law, despite the fact that the DMA’s ultimate effects and costs remain a mystery. As such, “best practices” in this area of law may not be very good at all.

Australia

The Australian Competition and Consumer Commission (ACCC) has been conducting a five-year inquiry into digital-platform services, which is due in March 2025. In its recently published fifth interim report, the ACCC recommended codes of conduct (similar to the DMU) for “designated” digital platforms. Questions surrounding the proposed regime include whether the ACCC will have to demonstrate effects; the availability of objective justifications (the latest report mentions security and privacy); and what thresholds would be used to “designate” a company (so far, turnover seems likely).

On the whole, Australia’s strategy has been to follow closely in the footsteps of the EU and the United States. Given this influence from international developments, the current freeze on U.S. tech regulation might have taken some of the wind out of the sails of similar regulatory efforts down under.

China

China appears to be playing a waiting game. On the one hand, it has ramped up antitrust enforcement under the Anti-Monopoly Law (AML). On the other, in August 2022, it introduced the first major amendment since the enactment of the AML, which included a new prohibition on the use of “technology, algorithms and platform rules” to engage in monopolistic behavior. This is clearly aimed at strengthening enforcement against digital platforms. Numerous other digital-specific regulations are also under consideration (with uncertain timelines). These include a platform-classification regime that would subject online platforms to different obligations in the areas of data protection, fair competition, and labor treatment, and a data-security regulation that would prohibit online-platform operators from taking advantage of data for unfair discriminatory practices against the platform’s users or vendors.

South Korea

Seoul was one of the first jurisdictions to pass legislation targeting app stores (see here and here). Other legislative proposals include rules on price-transparency obligations and the use of platform-generated data, as well as a proposed obligation for online news services to remunerate news publishers. With the government’s new emphasis on self-regulation as an alternative to prescriptive regulation, however, it remains unclear whether or when these laws will be adopted.

Germany

Germany recently implemented a reform to its Competition Act that allows the Bundeskartellamt to prohibit certain forms of conduct (such as self-preferencing) without the need to prove anticompetitive harm and that extends the essential-facility doctrine to cover data. The Federal Ministry for Economic Affairs and Climate Action (BMWK) is now considering further amendments that would, e.g., allow the Bundeskartellamt to impose structural remedies following a sectoral inquiry, independent of an abuse; and introduce a presumption that anticompetitive conduct has resulted in profits for the infringing company (this is relevant for the purpose of calculating fines and, especially, for proving damages in private enforcement).

Canada

Earlier this year, Canada reformed its abuse-of-dominance provisions to bolster fines and introduce a private right of access to tribunals. It also recently opened a consultation on the future of competition policy, which invites input about the objectives of antitrust, the enforcement powers of the Competition Bureau, and the effectiveness of private remedies, and raises the question of whether digital markets require special rules (see this report). Although an ex-ante regime doesn’t currently appear to be in the cards, Canada’s strategy has been to wait and see how existing regulatory proposals play out in other countries.

Turkey

Turkey is considering a DMA-inspired amendment to the Competition Act that would, however, go beyond even the EU’s ex-ante regulatory regime in that it would not allow for any objective justifications or defenses.

Japan

In 2020, Japan introduced the Act on Improving Transparency and Fairness of Digital Platforms, which stipulates that designated platforms should take voluntary and proactive steps to ensure transparency and “fairness” vis-a-vis businesses. This “co-regulation” approach differs from other regulations in that it stipulates the general framework and leaves details to businesses’ voluntary efforts. Japan is now, however, also contemplating DMA-like ex-ante regulations for mobile ecosystems, voice assistants, and wearable devices.

Six Hasty Conclusions from the Even Hastier Global Wave of Tech Regulation

  • Most of these regimes are still in the making. Some have just been proposed and have a long way to go until they become law. The U.S. example shows how lack of consensus can derail even the most apparently imminent tech bill.
  • Even if every single country covered in this post were to adopt tech legislation, we have seen that the goals pursued and the obligations imposed can be wildly different and possibly contradictory. Even within a given jurisdiction, lawmakers may not agree what the purpose of the law should be (see, e.g., the United States). And, after all, it should probably be alarming if the Chinese Communist Party and the EU had the same definition of “fairness.”
  • Should self-preferencing bans, interoperability mandates, and similar rules that target online platforms be included under the banner of antitrust? In some countries, like Turkey, rules copied and pasted from the DMA have been proposed as amendments to the national competition act. But the EU itself insists that competition law and the DMA are separate things. Which is it? At this stage, shouldn’t the first principles of digital regulation be clearer?
  • In the EU, in particular, multiple overlapping ex-ante regimes can lead to double and even triple jeopardy, especially given their proximity to antitrust law. In other words, there is a risk that the same conduct will be punished at both the national and EU level, and under the DMA and EU competition rules.
  • In light of the above, global ex-ante regulatory compliance is going to impose mind-boggling costs on targeted companies, especially considering the opacity of some provisions and the substantial differences among countries (think, e.g., of Turkey, where there is no space for objective justifications).
  • There are always complex tradeoffs to be made and sensitive considerations to keep in mind when deciding whether and how to regulate the most successful tech companies. The potential for costly errors is multiplied, however, in the case of developing countries, where there is a realistic risk of repelling “dominant” companies before they even enter the market (see South Africa).

Some of the above issues could be addressed with some foresight. That, however, seems to be sorely lacking in the race to push tech regulation through the door at any cost. As distinguished scholars like Fred Jenny have warned, caving to the political pressure of economic populism can come at the expense of competition and innovation. Let’s hope that is not the case here, there, or anywhere.

In Antitrust & Competition, China, European Union, Federal Trade Commission, International, Justice Department, United Kingdom , , , , , , , , , , , , ,
permalink

Brussels Effect or Brussels Defect: Digital Regulation in Emerging Markets

Geoffrey Manne & Dirk Auer —  20 December 2022

The blistering pace at which the European Union put forward and adopted the Digital Markets Act (DMA) has attracted the attention of legislators across the globe. In its wake, countries such as South Africa, India, Brazil, and Turkey have all contemplated digital-market regulations inspired by the DMA (and other models of regulation, such as the United Kingdom’s Digital Markets Unit and Australia’s sectoral codes of conduct).

Racing to be among the first jurisdictions to regulate might intuitively seem like a good idea. By emulating the EU, countries could hope to be perceived as on the cutting edge of competition policy, and hopefully earn a seat at the table when the future direction of such regulations is discussed.

There are, however, tradeoffs involved in regulating digital markets, which are arguably even more salient in the case of emerging markets. Indeed, as we will explain here, these jurisdictions often face challenges that significantly alter the ratio of costs and benefits when it comes to enacting regulation.

Drawing from a paper we wrote with Sam Bowman about competition policy in the Association of Southeast Asian Nations (ASEAN) zone, we highlight below three of the biggest issues these initiatives face.

To Regulate Competition, You First Need to Attract Competition

Perhaps the biggest factor cautioning emerging markets against adoption of DMA-inspired regulations is that such rules would impose heavy compliance costs to doing business in markets that are often anything but mature. It is probably fair to say that, in many (maybe most) emerging markets, the most pressing challenge is to attract investment from international tech firms in the first place, not how to regulate their conduct.

The most salient example comes from South Africa, which has sketched out plans to regulate digital markets. The Competition Commission has announced that Amazon, which is not yet available in the country, would fall under these new rules should it decide to enter—essentially on the presumption that Amazon would overthrow South Africa’s incumbent firms.

It goes without saying that, at the margin, such plans reduce either the likelihood that Amazon will enter the South African market at all, or the extent of its entry should it choose to do so. South African consumers thus risk losing the vast benefits such entry would bring—benefits that dwarf those from whatever marginal increase in competition might be gained from subjecting Amazon to onerous digital-market regulations.

While other tech firms—such as Alphabet, Meta, and Apple—are already active in most emerging jurisdictions, regulation might still have a similar deterrent effect to their further investment. Indeed, the infrastructure deployed by big tech firms in these jurisdictions is nowhere near as extensive as in Western countries. To put it mildly, emerging-market consumers typically only have access to slower versions of these firms’ services. A quick glimpse at Google Cloud’s global content-delivery network illustrates this point well (i.e., that there is far less infrastructure in developing markets):

Ultimately, emerging markets remain relatively underserved compared to those in the West. In such markets, the priority should be to attract tech investment, not to impose regulations that may further slow the deployment of critical internet infrastructure.

Growth Is Key

The potential to boost growth is the most persuasive argument for emerging markets to favor a more restrained approach to competition law and regulation, such as that currently employed in the United States.

Emerging nations may not have the means (or the inclination) to equip digital-market enforcers with resources similar to those of the European Commission. Given these resource constraints, it is essential that such jurisdictions focus their enforcement efforts on those areas that provide the highest return on investment, notably in terms of increased innovation.

This raises an important point. A recent empirical study by Ross Levine, Chen Lin, Lai Wei, and Wensi Xie finds that competition enforcement does, indeed, promote innovation. But among the study’s more surprising findings is that, unlike other areas of competition enforcement, the strength of a jurisdiction’s enforcement of “abuse of dominance” rules does not correlate with increased innovation. Furthermore, jurisdictions that allow for so-called “efficiency defenses” in unilateral-conduct cases also tend to produce more innovation. The authors thus conclude that:

From the perspective of maximizing patent-based innovation, therefore, a legal system that allows firms to exploit their dominant positions based on efficiency considerations could boost innovation.

These findings should give pause to policymakers who seek to emulate the European Union’s DMA—which, among other things, does not allow gatekeepers to put forward so-called “efficiency defenses” that would allow them to demonstrate that their behavior benefits consumers. If growth and innovation are harmed by overinclusive abuse-of-dominance regimes and rules that preclude firms from offering efficiency-based defenses, then this is probably even more true of digital-market regulations that replace case-by-case competition enforcement with per se prohibitions.

In short, the available evidence suggests that, faced with limited enforcement resources, emerging-market jurisdictions should prioritize other areas of competition policy, such as breaking up or mitigating the harmful effects of cartels and exercising appropriate merger controls.

These findings also cut in favor of emphasizing the traditional antitrust goal of maximizing consumer welfare—or, at least, protecting the competitive process. Many of the more recent digital-market regulations—such as the DMA, the UK DMU, and the ACCC sectoral codes of conduct—are instead focused on distributional issues. They seek to ensure that platform users earn a “fair share” of the benefits generated on a platform. In light of Levine et al.’s findings, this approach could be undesirable, as using competition policy to reduce monopoly rents may lead to less innovation.

In short, traditional antitrust law’s focus on consumer welfare and relatively limited enforcement in the area of unilateral conduct may be a good match for emerging nations that want competition regimes that maximize innovation under important resource constraints.

Consider Local Economic and Political Conditions

Emerging jurisdictions have diverse economic and political profiles. These features, in turn, affect the respective costs and benefits of digital-market regulations.

For example, digital-market regulations generally offer very broad discretion to competition enforcers. The DMA details dozens of open-ended prohibitions upon which enforcers can base infringement proceedings. Furthermore, because they are designed to make enforcers’ task easier, these regulations often remove protections traditionally afforded to defendants, such as appeals to the consumer welfare standard or efficiency defenses. The UK’s DMU initiative, for example, would lower the standard of proof that enforcers must meet.

Giving authorities broad powers with limited judicial oversight might be less problematic in jurisdictions where the state has a track record of self-restraint. The consequences of regulatory discretion might, however, be far more problematic in jurisdictions where authorities routinely overstep the mark and where the threat of corruption is very real.

To name but two, countries like South Africa and India rank relatively low in the World Bank’s “ease of doing business index” (84th and 62nd, respectively). They also rank relatively low on the Cato Institute’s “human freedom index” (77th and 119th, respectively—and both score particularly badly in terms of economic freedom). This suggests strongly that authorities in those jurisdictions are prone to misapply powers derived from digital-market regulations in ways that hurt growth and consumers.

To make matters worse, outright corruption is also a real problem in several emerging nations. Returning to South Africa and India, both jurisdictions face significant corruption issues (they rank 70th and 85th, respectively, on Transparency International’s “Corruption Perception Index”).

At a more granular level, an inquiry in South Africa revealed rampant corruption under former President Jacob Zuma, while current President Cyril Ramaphosa also faces significant corruption allegations. Writing in the Financial Times in 2018, Gaurav Dalmia—chair of Delhi-based Dalmia Group Holdings—opined that “India’s anti-corruption battle will take decades to win.”

This specter of corruption thus counsels in favor of establishing competition regimes with sufficient checks and balances, so as to prevent competition authorities from being captured by industry or political forces. But most digital-market regulations are designed precisely to remove those protections in order to streamline enforcement. The risk that they could be mobilized toward nefarious ends are thus anything but trivial. This is of particular concern, given that such regulations are typically mobilized against global firms in order to shield inefficient local firms—raising serious risks of protectionist enforcement that would harm local consumers.

Conclusion

The bottom line is that emerging markets would do well to reconsider the value of regulating digital markets that have yet to reach full maturity. Recent proposals threaten to deter tech investments in these jurisdictions, while raising significant risks of reduced growth, corruption, and consumer-harming protectionism.

In Amazon, Antitrust & Competition, European Union, Google, International, International Trade, Patent, Platforms, Truth on the Market, United Kingdom , , , , , , , , , , , ,
permalink

European Commission Tentatively Finds US Commitments ‘Adequate’: What It Means for Transatlantic Data Flows

Mikolaj Barczentewicz —  13 December 2022

Under a draft “adequacy” decision unveiled today by the European Commission, data-privacy and security commitments made by the United States in an October executive order signed by President Joe Biden were found to comport with the EU’s General Data Protection Regulation (GDPR). If adopted, the decision would provide a legal basis for flows of personal data between the EU and the United States.

This is a welcome development, as some national data-protection authorities in the EU have begun to issue serious threats to stop U.S.-owned data-related service providers from offering services to Europeans. Pending more detailed analysis, I offer some preliminary thoughts here.

Decision Responds to the New U.S. Data-Privacy Framework

The Commission’s decision follows the changes to U.S. policy introduced by Biden’s Oct. 7 executive order. In its July 2020 Schrems II judgment, the EU Court of Justice (CJEU) invalidated the prior adequacy decision on grounds that EU citizens lacked sufficient redress under U.S. law and that U.S. law was not equivalent to “the minimum safeguards” of personal data protection under EU law. The new executive order introduced redress mechanisms that include creating a civil-liberties-protection officer in the Office of the Director of National Intelligence (DNI), as well as a new Data Protection Review Court (DPRC). The DPRC is proposed as an independent review body that will make decisions that are binding on U.S. intelligence agencies.

The old framework had sparked concerns about the independence of the DNI’s ombudsperson, and what was seen as insufficient safeguards against external pressures that individual could face, including the threat of removal. Under the new framework, the independence and binding powers of the DPRC are grounded in regulations issued by the U.S. Attorney General.

To address concerns about the necessity and proportionality of U.S. signals-intelligence activities, the executive order also defines the “legitimate objectives” in pursuit of which such activities can be conducted. These activities would, according to the order, be conducted with the goal of “achieving a proper balance between the importance of the validated intelligence priority being advanced and the impact on the privacy and civil liberties of all persons, regardless of their nationality or wherever they might reside.”

Will the Draft Decision Satisfy the CJEU?

With this draft decision, the European Commission announced it has favorably assessed the executive order’s changes to the U.S. data-protection framework, which apply to foreigners from friendly jurisdictions (presumed to include the EU). If the Commission formally adopts an adequacy decision, however, the decision is certain to be challenged before the CJEU by privacy advocates. In my preliminary analysis after Biden signed the executive order, I summarized some of the concerns raised regarding two aspects relevant to the finding of adequacy: proportionality of data collection and availability of effective redress.

Opponents of granting an adequacy decision tend to rely on an assumption that a finding of adequacy requires virtually identical substantive and procedural privacy safeguards as required within the EU. As noted by the European Commission in the draft decision, this position is not well-supported by CJEU case law, which clearly recognizes that only “adequate level” and “essential equivalence” of protection are required from third-party countries under the GDPR.

To date, the CJEU has not had to specify in greater detail precisely what, in their view, these provisions mean. Instead, the Court has been able simply to point to certain features of U.S. law and practice that were significantly below the GDPR standard (e.g., that the official responsible for providing individual redress was not guaranteed to be independent from political pressure). Future legal challenges to a new Commission adequacy decision will most likely require the CJEU to provide more guidance on what “adequate” and “essentially equivalent” mean.

In the draft decision, the Commission carefully considered the features of U.S. law and practice that the Court previously found inadequate under the GDPR. Nearly half of the explanatory part of the decision is devoted to “access and use of personal data transferred from the [EU] by public authorities in the” United States, with the analysis grounded in CJEU’s Schrems II decision. The Commission concludes that, collectively, all U.S. redress mechanisms available to EU persons:

…allow individuals to have access to their personal data, to have the lawfulness of government access to their data reviewed and, if a violation is found, to have such violation remedied, including through the rectification or erasure of their personal data.

The Commission accepts that individuals have access to their personal data processed by U.S. public authorities, but clarifies that this access may be legitimately limited—e.g., by national-security considerations. Unlike some of the critics of the new executive order, the Commission does not take the simplistic view that access to personal data must be guaranteed by the same procedure that provides binding redress, including the Data Protection Review Court. Instead, the Commission accepts that other avenues, like requests under the Freedom of Information Act, may perform that function.

Overall, the Commission presents a sophisticated, yet uncynical, picture of U.S. law and practice. The lack of cynicism, e.g., about the independence of the DPRC adjudicative process, will undoubtedly be seen by some as naïve and unrealistic, even if the “realism” in this case is based on speculations of what might happen (e.g., secret changes to U.S. policy), rather than evidence. Given the changes adopted by the U.S. government, the key question for the CJEU will be whether to follow the Commission’s approach or that of the activists.

What Happens Next?

The draft adequacy decision will now be scrutinized by EU and national officials. It remains to be seen what will be the collective recommendation of the European Data Protection Board and of the representatives of EU national governments, but there are signs that some domestic data-protection authorities recognize that a finding of adequacy may be appropriate (see, e.g., the opinion from the Hamburg authority).

It is also likely that a significant portion of the European Parliament will be highly critical of the decision, even to the extent of recommending not to adopt it. Importantly, however, none of the consulted bodies have formal power to bind the European Commission on this question. The whole process is expected to take at least several months.

In Data Privacy & Security, European Union, International, Platforms, Truth on the Market , , , , ,
permalink

Biden’s Data Flows Order: Does It Comport with EU Law?

Mikolaj Barczentewicz —  30 November 2022

European Union officials insist that the executive order President Joe Biden signed Oct. 7 to implement a new U.S.-EU data-privacy framework must address European concerns about U.S. agencies’ surveillance practices. Awaited since March, when U.S. and EU officials reached an agreement in principle on a new framework, the order is intended to replace an earlier data-privacy framework that was invalidated in 2020 by the Court of Justice of the European Union (CJEU) in its Schrems II judgment.

This post is the first in what will be a series of entries examining whether the new framework satisfies the requirements of EU law or, as some critics argue, whether it does not. The critics include Max Schrems’ organization NOYB (for “none of your business”), which has announced that it “will likely bring another challenge before the CJEU” if the European Commission officially decides that the new U.S. framework is “adequate.” In this introduction, I will highlight the areas of contention based on NOYB’s “first reaction.”

The overarching legal question that the European Commission (and likely also the CJEU) will need to answer, as spelled out in the Schrems II judgment, is whether the United States “ensures an adequate level of protection for personal data essentially equivalent to that guaranteed in the European Union by the GDPR, read in the light of Articles 7 and 8 of the [EU Charter of Fundamental Rights]” Importantly, as Theodore Christakis, Kenneth Propp, and Peter Swire point out, “adequate level” and “essential equivalence” of protection do not necessarily mean identical protection, either substantively or procedurally. The precise degree of flexibility remains an open question, however, and one that the EU Court may need to clarify to a much greater extent.

Proportionality and Bulk Data Collection

Under Article 52(1) of the EU Charter of Fundamental Rights, restrictions of the right to privacy must meet several conditions. They must be “provided for by law” and “respect the essence” of the right. Moreover, “subject to the principle of proportionality, limitations may be made only if they are necessary” and meet one of the objectives recognized by EU law or “the need to protect the rights and freedoms of others.”

As NOYB has acknowledged, the new executive order supplemented the phrasing “as tailored as possible” present in 2014’s Presidential Policy Directive on Signals Intelligence Activities (PPD-28) with language explicitly drawn from EU law: mentions of the “necessity” and “proportionality” of signals-intelligence activities related to “validated intelligence priorities.” But NOYB counters:

However, despite changing these words, there is no indication that US mass surveillance will change in practice. So-called “bulk surveillance” will continue under the new Executive Order (see Section 2 (c)(ii)) and any data sent to US providers will still end up in programs like PRISM or Upstream, despite of the CJEU declaring US surveillance laws and practices as not “proportionate” (under the European understanding of the word) twice.

It is true that the Schrems II Court held that U.S. law and practices do not “[correlate] to the minimum safeguards resulting, under EU law, from the principle of proportionality.” But it is crucial to note the specific reasons the Court gave for that conclusion. Contrary to what NOYB suggests, the Court did not simply state that bulk collection of data is inherently disproportionate. Instead, the reasons it gave were that “PPD-28 does not grant data subjects actionable rights before the courts against the US authorities” and that, under Executive Order 12333, “access to data in transit to the United States [is possible] without that access being subject to any judicial review.”

CJEU case law does not support the idea that bulk collection of data is inherently disproportionate under EU law; bulk collection may be proportionate, taking into account the procedural safeguards and the magnitude of interests protected in a given case. (For another discussion of safeguards, see the CJEU’s decision in La Quadrature du Net.) Further complicating the legal analysis here is that, as mentioned, it is far from obvious that EU law requires foreign countries offer the same procedural or substantive safeguards that are applicable within the EU.

Effective Redress

The Court’s Schrems II conclusion therefore primarily concerns the effective redress available to EU citizens against potential restrictions of their right to privacy from U.S. intelligence activities. The new two-step system proposed by the Biden executive order includes creation of a Data Protection Review Court (DPRC), which would be an independent review body with power to make binding decisions on U.S. intelligence agencies. In a comment pre-dating the executive order, Max Schrems argued that:

It is hard to see how this new body would fulfill the formal requirements of a court or tribunal under Article 47 CFR, especially when compared to ongoing cases and standards applied within the EU (for example in Poland and Hungary).

This comment raises two distinct issues. First, Schrems seems to suggest that an adequacy decision can only be granted if the available redress mechanism satisfies the requirements of Article 47 of the Charter. But this is a hasty conclusion. The CJEU’s phrasing in Schrems II is more cautious:

…Article 47 of the Charter, which also contributes to the required level of protection in the European Union, compliance with which must be determined by the Commission before it adopts an adequacy decision pursuant to Article 45(1) of the GDPR

In arguing that Article 47 “also contributes to the required level of protection,” the Court is not saying that it determines the required level of protection. This is potentially significant, given that the standard of adequacy is “essential equivalence,” not that it be procedurally and substantively identical. Moreover, the Court did not say that the Commission must determine compliance with Article 47 itself, but with the “required level of protection” (which, again, must be “essentially equivalent”).

Second, there is the related but distinct question of whether the redress mechanism is effective under the applicable standard of “required level of protection.” Christakis, Propp, and Swire offered a helpful analysis suggesting that it is, considering the proposed DPRC’s independence, effective investigative powers,  and authority to issue binding determinations. I will offer a more detailed analysis of this point in future posts.

Finally, NOYB raised a concern that “judgment by ‘Court’ [is] already spelled out in Executive Order.” This concern seems to be based on the view that a decision of the DPRC (“the judgment”) and what the DPRC communicates to the complainant are the same thing. Or in other words, that legal effects of a DPRC decision are exhausted by providing the individual with the neither-confirm-nor-deny statement set out in Section 3 of the executive order. This is clearly incorrect: the DPRC has power to issue binding directions to intelligence agencies. The actual binding determinations of the DPRC are not predetermined by the executive order, only the information to be provided to the complainant is.

What may call for closer consideration are issues of access to information and data. For example, in La Quadrature du Net, the CJEU looked at the difficult problem of notification of persons whose data has been subject to state surveillance, requiring individual notification “only to the extent that and as soon as it is no longer liable to jeopardise” the law-enforcement tasks in question. Given the “essential equivalence” standard applicable to third-country adequacy assessments, however, it does not automatically follow that individual notification is required in that context.

Moreover, it also does not necessarily follow that adequacy requires that EU citizens have a right to access the data processed by foreign government agencies. The fact that there are significant restrictions on rights to information and to access in some EU member states, though not definitive (after all, those countries may be violating EU law), may be instructive for the purposes of assessing the adequacy of data protection in a third country, where EU law requires only “essential equivalence.”

Conclusion

There are difficult questions of EU law that the European Commission will need to address in the process of deciding whether to issue a new adequacy decision for the United States. It is also clear that an affirmative decision from the Commission will be challenged before the CJEU, although the arguments for such a challenge are not yet well-developed. In future posts I will provide more detailed analysis of the pivotal legal questions. My focus will be to engage with the forthcoming legal analyses from Schrems and NOYB and from other careful observers.

In Administrative Law, Data Privacy & Security, European Union, Facebook, Google, International, Truth on the Market , , , , , ,
permalink

Lina Khan’s Christmas Wish Is To Have Margrethe Vestager’s Powers

Dirk Auer —  16 November 2022

[This post is a contribution to Truth on the Market‘s continuing digital symposium “FTC Rulemaking on Unfair Methods of Competition.” You can find other posts at the symposium page here. Truth on the Market also invites academics, practitioners, and other antitrust/regulation commentators to send us 1,500-4,000 word responses for potential inclusion in the symposium.]

Federal Trade Commission (FTC) Chair Lina Khan has just sent her holiday wishlist to Santa Claus. It comes in the form of a policy statement on unfair methods of competition (UMC) that the FTC approved last week by a 3-1 vote. If there’s anything to be gleaned from the document, it’s that Khan and the agency’s majority bloc wish they could wield the same powers as Margrethe Vestager does in the European Union. Luckily for consumers, U.S. courts are unlikely to oblige.

Signed by the commission’s three Democratic commissioners, the UMC policy statement contains language that would be completely at home in a decision of the European Commission. It purports to reorient UMC enforcement (under Section 5 of the FTC Act) around typically European concepts, such as “competition on the merits.” This is an unambiguous repudiation of the rule of reason and, with it, the consumer welfare standard.

Unfortunately for its authors, these European-inspired aspirations are likely to fall flat. For a start, the FTC almost certainly does not have the power to enact such sweeping changes. More fundamentally, these concepts have been tried in the EU, where they have proven to be largely unworkable. On the one hand, critics (including the European judiciary) have excoriated the European Commission for its often economically unsound policymaking—enabled by the use of vague standards like “competition on the merits.” On the other hand, the Commission paradoxically believes that its competition powers are insufficient, creating the need for even stronger powers. The recently passed Digital Markets Act (DMA) is designed to fill this need.

As explained below, there is thus every reason to believe the FTC’s UMC statement will ultimately go down as a mistake, brought about by the current leadership’s hubris.

A Statement Is Just That

The first big obstacle to the FTC’s lofty ambitions is that its leadership does not have the power to rewrite either the FTC Act or courts’ interpretation of it. The agency’s leadership understands this much. And with that in mind, they ostensibly couch their statement in the case law of the U.S. Supreme Court:

Consistent with the Supreme Court’s interpretation of the FTC Act in at least twelve decisions, this statement makes clear that Section 5 reaches beyond the Sherman and Clayton Acts to encompass various types of unfair conduct that tend to negatively affect competitive conditions.

It is telling, however, that the cases cited by the agency—in a naked attempt to do away with economic analysis and the consumer welfare standard—are all at least 40 years old. Antitrust and consumer-protection laws have obviously come a long way since then, but none of that is mentioned in the statement. Inconvenient case law is simply shrugged off. To make matters worse, even the cases the FTC cites provide, at best, exceedingly weak support for its proposed policy.

For instance, as Commissioner Christine Wilson aptly notes in her dissenting statement, “the policy statement ignores precedent regarding the need to demonstrate anticompetitive effects.” Chief among these is the Boise Cascade Corp. v. FTC case, where the 9th U.S. Circuit Court of Appeals rebuked the FTC for failing to show actual anticompetitive effects:

In truth, the Commission has provided us with little more than a theory of the likely effect of the challenged pricing practices. While this general observation perhaps summarizes all that follows, we offer  the following specific points in support of our conclusion.

There is a complete absence of meaningful evidence in the record that price levels in the southern plywood industry reflect an anticompetitive effect.

In short, the FTC’s statement is just that—a statement. Gus Hurwitz summarized this best in his post:

Today’s news that the FTC has adopted a new UMC Policy Statement is just that: mere news. It doesn’t change the law. It is non-precedential and lacks the force of law. It receives the benefit of no deference. It is, to use a term from the consumer-protection lexicon, mere puffery.

Lina’s European Dream

But let us imagine, for a moment, that the FTC has its way and courts go along with its policy statement. Would this be good for the American consumer? In order to answer this question, it is worth looking at competition enforcement in the European Union.

There are, indeed, striking similarities between the FTC’s policy statement and European competition law. Consider the resemblance between the following quotes, drawn from the FTC’s policy statement (“A” in each example) and from the European competition sphere (“B” in each example).

Example 1 – Competition on the merits and the protection of competitors:

A. The method of competition must be unfair, meaning that the conduct goes beyond competition on the merits.… This may include, for example, conduct that tends to foreclose or impair the opportunities of market participants, reduce competition between rivals, limit choice, or otherwise harm consumers. (here)

B. The emphasis of the Commission’s enforcement activity… is on safeguarding the competitive process… and ensuring that undertakings which hold a dominant position do not exclude their competitors by other means than competing on the merits… (here)

Example 2 – Proof of anticompetitive harm:

A. “Unfair methods of competition” need not require a showing of current anticompetitive harm or anticompetitive intent in every case. … [T]his inquiry does not turn to whether the conduct directly caused actual harm in the specific instance at issue. (here)

B. The Commission cannot be required… systematically to establish a counterfactual scenario…. That would, moreover, oblige it to demonstrate that the conduct at issue had actual effects, which…  is not required in the case of an abuse of a dominant position, where it is sufficient to establish that there are potential effects. (here)

    Example 3 – Multiple goals:

    A. Given the distinctive goals of Section 5, the inquiry will not focus on the “rule of reason” inquiries more common in cases under the Sherman Act, but will instead focus on stopping unfair methods of competition in their incipiency based on their tendency to harm competitive conditions. (here)

    B. In its assessment the Commission should pursue the objectives of preserving and fostering innovation and the quality of digital products and services, the degree to which prices are fair and competitive, and the degree to which quality or choice for business users and for end users is or remains high. (here)

    Beyond their cosmetic resemblances, these examples reflect a deeper similarity. The FTC is attempting to introduce three core principles that also undergird European competition enforcement. The first is that enforcers should protect “the competitive process” by ensuring firms compete “on the merits,” rather than a more consequentialist goal like the consumer welfare standard (which essentially asks how a given practice affects economic output). The second is that enforcers should not be required to establish that conduct actually harms consumers. Instead, they need only show that such an outcome is (or will be) possible. The third principle is that competition policies pursue multiple, sometimes conflicting, goals.

    In short, the FTC is trying to roll back U.S. enforcement to a bygone era predating the emergence of the consumer welfare standard (which is somewhat ironic for the agency’s progressive leaders). And this vision of enforcement is infused with elements that appear to be drawn directly from European competition law.

    Europe Is Not the Land of Milk and Honey

    All of this might not be so problematic if the European model of competition enforcement that the FTC now seeks to emulate was an unmitigated success, but that could not be further from the truth. As Geoffrey Manne, Sam Bowman, and I argued in a recently published paper, the European model has several shortcomings that militate against emulating it (the following quotes are drawn from that paper). These problems would almost certainly arise if the FTC’s statement was blessed by courts in the United States.

    For a start, the more open-ended nature of European competition law makes it highly vulnerable to political interference. This is notably due to its multiple, vague, and often conflicting goals, such as the protection of the “competitive process”:

    Because EU regulators can call upon a large list of justifications for their enforcement decisions, they are free to pursue cases that best fit within a political agenda, rather than focusing on the limited practices that are most injurious to consumers. In other words, there is largely no definable set of metrics to distinguish strong cases from weak ones under the EU model; what stands in its place is political discretion.

    Politicized antitrust enforcement might seem like a great idea when your party is in power but, as Milton Friedman wisely observed, the mark of a strong system of government is that it operates well with the wrong person in charge. With this in mind, the FTC’s current leadership would do well to consider what their political opponents might do with these broad powers—such as using Section 5 to prevent online platforms from moderating speech.

    A second important problem with the European model is that, because of its competitive-process goal, it does not adequately distinguish between exclusion resulting from superior efficiency and anticompetitive foreclosure:

    By pursuing a competitive process goal, European competition authorities regularly conflate desirable and undesirable forms of exclusion precisely on the basis of their effect on competitors. As a result, the Commission routinely sanctions exclusion that stems from an incumbent’s superior efficiency rather than welfare-reducing strategic behavior, and routinely protects inefficient competitors that would otherwise rightly be excluded from a market.

    This vastly enlarges the scope of potential antitrust liability, leading to risks of false positives that chill innovative behavior and create nearly unwinnable battles for targeted firms, while increasing compliance costs because of reduced legal certainty. Ultimately, this may hamper technological evolution and protect inefficient firms whose eviction from the market is merely a reflection of consumer preferences.

    Finally, the European model results in enforcers having more discretion and enjoying greater deference from the courts:

    [T]he EU process is driven by a number of laterally equivalent, and sometimes mutually exclusive, goals.… [A] large problem exists in the discretion that this fluid arrangement of goals yields.

    The Microsoft case illustrates this problem well. In Microsoft, the Commission could have chosen to base its decision on a number of potential objectives. It notably chose to base its findings on the fact that Microsoft’s behavior reduced “consumer choice”. The Commission, in fact, discounted arguments that economic efficiency may lead to consumer welfare gains because “consumer choice” among a variety of media players was more important.

    In short, the European model sorely lacks limiting principles. This likely explains why the European Court of Justice has started to pare back the commission’s powers in a series of recent cases, including Intel, Post Danmark, Cartes Bancaires, and Servizio Elettrico Nazionale. These rulings appear to be an explicit recognition that overly broad competition enforcement not only fails to benefit consumers but, more fundamentally, is incompatible with the rule of law.

    It is unfortunate that the FTC is trying to emulate a model of competition enforcement that—even in the progressively minded European public sphere—is increasingly questioned and cast aside as a result of its multiple shortcomings.

    In Antitrust & Competition, European Union, Exclusive Dealing, Federal Trade Commission, FTC UMC Rulemaking, Section 5, Supreme Court, Symposia, Truth on the Market , , , , , , , , , , , , , ,
    permalink

    7 Big Questions About the Open App Markets Act

    Lazar Radic —  1 November 2022

    With just a week to go until the U.S. midterm elections, which potentially herald a change in control of one or both houses of Congress, speculation is mounting that congressional Democrats may seek to use the lame-duck session following the election to move one or more pieces of legislation targeting the so-called “Big Tech” companies.

    Gaining particular notice—on grounds that it is the least controversial of the measures—is S. 2710, the Open App Markets Act (OAMA). Introduced by Sen. Richard Blumenthal (D-Conn.), the Senate bill has garnered 14 cosponsors: exactly seven Republicans and seven Democrats. It would, among other things, force certain mobile app stores and operating systems to allow “sideloading” and open their platforms to rival in-app payment systems.

    Unfortunately, even this relatively restrained legislation—at least, when compared to Sen. Amy Klobuchar’s (D-Minn.) American Innovation and Choice Online Act or the European Union’s Digital Markets Act (DMA)—is highly problematic in its own right. Here, I will offer seven major questions the legislation leaves unresolved.

    1.     Are Quantitative Thresholds a Good Indicator of ‘Gatekeeper Power’?

    It is no secret that OAMA has been tailor-made to regulate two specific app stores: Android’s Google Play Store and Apple’s Apple App Store (see here, here, and, yes, even Wikipedia knows it).The text makes this clear by limiting the bill’s scope to app stores with more than 50 million users, a threshold that only Google Play and the Apple App Store currently satisfy.

    However, purely quantitative thresholds are a poor indicator of a company’s potential “gatekeeper power.” An app store might have much fewer than 50 million users but cater to a relevant niche market. By the bill’s own logic, why shouldn’t that app store likewise be compelled to be open to competing app distributors? Conversely, it may be easy for users of very large app stores to multi-home or switch seamlessly to competing stores. In either case, raw user data paints a distorted picture of the market’s realities.

    As it stands, the bill’s thresholds appear arbitrary and pre-committed to “disciplining” just two companies: Google and Apple. In principle, good laws should be abstract and general and not intentionally crafted to apply only to a few select actors. In OAMA’s case, the law’s specific thresholds are also factually misguided, as purely quantitative criteria are not a good proxy for the sort of market power the bill purportedly seeks to curtail.

    2.     Why Does the Bill not Apply to all App Stores?

    Rather than applying to app stores across the board, OAMA targets only those associated with mobile devices and “general purpose computing devices.” It’s not clear why.

    For example, why doesn’t it cover app stores on gaming platforms, such as Microsoft’s Xbox or Sony’s PlayStation?

    Source: Visual Capitalist

    Currently, a PlayStation user can only buy digital games through the PlayStation Store, where Sony reportedly takes a 30% cut of all sales—although its pricing schedule is less transparent than that of mobile rivals such as Apple or Google.

    Clearly, this bothers some developers. Much like Epic Games CEO Tim Sweeney’s ongoing crusade against the Apple App Store, indie-game publisher Iain Garner of Neon Doctrine recently took to Twitter to complain about Sony’s restrictive practices. According to Garner, “Platform X” (clearly PlayStation) charges developers up to $25,000 and 30% of subsequent earnings to give games a modicum of visibility on the platform, in addition to requiring them to jump through such hoops as making a PlayStation-specific trailer and writing a blog post. Garner further alleges that Sony severely circumscribes developers’ ability to offer discounts, “meaning that Platform X owners will always get the worst deal!” (see also here).

    Microsoft’s Xbox Game Store similarly takes a 30% cut of sales. Presumably, Microsoft and Sony both have the same type of gatekeeper power in the gaming-console market that Apple and Google are said to have on their respective platforms, leading to precisely those issues that OAMA ostensibly purports to combat. Namely, that consumers are not allowed to choose alternative app stores through which to buy games on their respective consoles, and developers must acquiesce to Sony’s and Microsoft’s terms if they want their games to reach those players.

    More broadly, dozens of online platforms also charge commissions on the sales made by their creators. To cite but a few: OnlyFans takes a 20% cut of sales; Facebook gets 30% of the revenue that creators earn from their followers; YouTube takes 45% of ad revenue generated by users; and Twitch reportedly rakes in 50% of subscription fees.

    This is not to say that all these services are monopolies that should be regulated. To the contrary, it seems like fees in the 20-30% range are common even in highly competitive environments. Rather, it is merely to observe that there are dozens of online platforms that demand a percentage of the revenue that creators generate and that prevent those creators from bypassing the platform. As well they should, after all, because creating and improving a platform is not free.

    It is nonetheless difficult to see why legislation regulating online marketplaces should focus solely on two mobile app stores. Ultimately, the inability of OAMA’s sponsors to properly account for this carveout diminishes the law’s credibility.

    3.     Should Picking Among Legitimate Business Models Be up to Lawmakers or Consumers?

    “Open” and “closed” platforms posit two different business models, each with its own advantages and disadvantages. Some consumers may prefer more open platforms because they grant them more flexibility to customize their mobile devices and operating systems. But there are also compelling reasons to prefer closed systems. As Sam Bowman observed, narrowing choice through a more curated system frees users from having to research every possible option every time they buy or use some product. Instead, they can defer to the platform’s expertise in determining whether an app or app store is trustworthy or whether it contains, say, objectionable content.

    Currently, users can choose to opt for Apple’s semi-closed “walled garden” iOS or Google’s relatively more open Android OS (which OAMA wants to pry open even further). Ironically, under the pretext of giving users more “choice,” OAMA would take away the possibility of choice where it matters the most—i.e., at the platform level. As Mikolaj Barczentewicz has written:

    A sideloading mandate aims to give users more choice. It can only achieve this, however, by taking away the option of choosing a device with a “walled garden” approach to privacy and security (such as is taken by Apple with iOS).

    This obviates the nuances between the two and pushes Android and iOS to converge around a single model. But if consumers unequivocally preferred open platforms, Apple would have no customers, because everyone would already be on Android.

    Contrary to regulators’ simplistic assumptions, “open” and “closed” are not synonyms for “good” and “bad.” Instead, as Boston University’s Andrei Hagiu has shown, there are fundamental welfare tradeoffs at play between these two perfectly valid business models that belie simplistic characterizations of one being inherently superior to the other.

    It is debatable whether courts, regulators, or legislators are well-situated to resolve these complex tradeoffs by substituting businesses’ product-design decisions and consumers’ revealed preferences with their own. After all, if regulators had such perfect information, we wouldn’t need markets or competition in the first place.

    4.     Does OAMA Account for the Security Risks of Sideloading?

    Platforms retaining some control over the apps or app stores allowed on their operating systems bolsters security, as it allows companies to weed out bad players.

    Both Apple and Google do this, albeit to varying degrees. For instance, Android already allows sideloading and third-party in-app payment systems to some extent, while Apple runs a tighter ship. However, studies have shown that it is precisely the iOS “walled garden” model which gives it an edge over Android in terms of privacy and security. Even vocal Apple critic Tim Sweeney recently acknowledged that increased safety and privacy were competitive advantages for Apple.

    The problem is that far-reaching sideloading mandates—such as the ones contemplated under OAMA—are fundamentally at odds with current privacy and security capabilities (see here and here).

    OAMA’s defenders might argue that the law does allow covered platforms to raise safety and security defenses, thus making the tradeoffs between openness and security unnecessary. But the bill places such stringent conditions on those defenses that platform operators will almost certainly be deterred from risking running afoul of the law’s terms. To invoke the safety and security defenses, covered companies must demonstrate that provisions are applied on a “demonstrably consistent basis”; are “narrowly tailored and could not be achieved through less discriminatory means”; and are not used as a “pretext to exclude or impose unnecessary or discriminatory terms.”

    Implementing these stringent requirements will drag enforcers into a micromanagement quagmire. There are thousands of potential spyware, malware, rootkit, backdoor, and phishing (to name just a few) software-security issues—all of which pose distinct threats to an operating system. The Federal Trade Commission (FTC) and the federal courts will almost certainly struggle to control the “consistency” requirement across such varied types.

    Likewise, OAMA’s reference to “least discriminatory means” suggests there is only one valid answer to any given security-access tradeoff. Further, depending on one’s preferred balance between security and “openness,” a claimed security risk may or may not be “pretextual,” and thus may or may not be legal.

    Finally, the bill text appears to preclude the possibility of denying access to a third-party app or app store for reasons other than safety and privacy. This would undermine Apple’s and Google’s two-tiered quality-control systems, which also control for “objectionable” content such as (child) pornography and social engineering. 

    5.     How Will OAMA Safeguard the Rights of Covered Platforms?

    OAMA is also deeply flawed from a procedural standpoint. Most importantly, there is no meaningful way to contest the law’s designation as “covered company,” or the harms associated with it.

    Once a company is “covered,” it is presumed to hold gatekeeper power, with all the associated risks for competition, innovation, and consumer choice. Remarkably, this presumption does not admit any qualitative or quantitative evidence to the contrary. The only thing a covered company can do to rebut the designation is to demonstrate that it, in fact, has fewer than 50 million users.

    By preventing companies from showing that they do not hold the kind of gatekeeper power that harms competition, decreases innovation, raises prices, and reduces choice (the bill’s stated objectives), OAMA severely tilts the playing field in the FTC’s favor. Even the EU’s enforcer-friendly DMA incorporated a last-minute amendment allowing firms to dispute their status as “gatekeepers.” While this defense is not perfect (companies cannot rely on the same qualitative evidence that the European Commission can use against them), at least gatekeeper status can be contested under the DMA.

    6.     Should Legislation Protect Competitors at the Expense of Consumers?

    Like most of the new wave of regulatory initiatives against Big Tech (but unlike antitrust law), OAMA is explicitly designed to help competitors, with consumers footing the bill.

    For example, OAMA prohibits covered companies from using or combining nonpublic data obtained from third-party apps or app stores operating on their platforms in competition with those third parties. While this may have the short-term effect of redistributing rents away from these platforms and toward competitors, it risks harming consumers and third-party developers in the long run.

    Platforms’ ability to integrate such data is part of what allows them to bring better and improved products and services to consumers in the first place. OAMA tacitly admits this by recognizing that the use of nonpublic data grants covered companies a competitive advantage. In other words, it allows them to deliver a product that is better than competitors’.

    Prohibiting self-preferencing raises similar concerns. Why wouldn’t a company that has invested billions in developing a successful platform and ecosystem not give preference to its own products to recoup some of that investment? After all, the possibility of exercising some control over downstream and adjacent products is what might have driven the platform’s development in the first place. In other words, self-preferencing may be a symptom of competition, and not the absence thereof. Third-party companies also would have weaker incentives to develop their own platforms if they can free-ride on the investments of others. And platforms that favor their own downstream products might simply be better positioned to guarantee their quality and reliability (see here and here).

    In all of these cases, OAMA’s myopic focus on improving the lot of competitors for easy political points will upend the mobile ecosystems from which both users and developers derive significant benefit.

    7.     Shouldn’t the EU Bear the Risks of Bad Tech Regulation?

    Finally, U.S. lawmakers should ask themselves whether the European Union, which has no tech leaders of its own, is really a model to emulate. Today, after all, marks the day the long-awaited Digital Markets Act— the EU’s response to perceived contestability and fairness problems in the digital economy—officially takes effect. In anticipation of the law entering into force, I summarized some of the outstanding issues that will define implementation moving forward in this recent tweet thread.

    We have been critical of the DMA here at Truth on the Market on several factual, legal, economic, and procedural grounds. The law’s problems range from it essentially being a tool to redistribute rents away from platforms and to third-parties, despite it being unclear why the latter group is inherently more deserving (Pablo Ibañez Colomo has raised a similar point); to its opacity and lack of clarity, a process that appears tilted in the Commission’s favor; to the awkward way it interacts with EU competition law, ignoring the welfare tradeoffs between the models it seeks to impose and perfectly valid alternatives (see here and here); to its flawed assumptions (see, e.g., here on contestability under the DMA); to the dubious legal and economic value of the theory of harm known as  “self-preferencing”; to the very real possibility of unintended consequences (e.g., in relation to security and interoperability mandates).

    In other words, that the United States lags the EU in seeking to regulate this area might not be a bad thing, after all. Despite the EU’s insistence on being a trailblazing agenda-setter at all costs, the wiser thing in tech regulation might be to remain at a safe distance. This is particularly true when one considers the potentially large costs of legislative missteps and the difficulty of recalibrating once a course has been set.

    U.S. lawmakers should take advantage of this dynamic and learn from some of the Old Continent’s mistakes. If they play their cards right and take the time to read the writing on the wall, they might just succeed in averting antitrust’s uncertain future.

    In Antitrust & Competition, Apple, Data Privacy & Security, European Union, Federal Trade Commission, Google, Monopolization, Platforms, Truth on the Market, Tying, Vertical Restraints , , , , , , , , , , , , , , , , , ,
    permalink

    How Not to Use Industrial Policy to Promote Europe’s Digital Sovereignty

    Mikołaj Barczentewicz and Kristian Stout —  5 October 2022

    The concept of European “digital sovereignty” has been promoted in recent years both by high officials of the European Union and by EU national governments. Indeed, France made strengthening sovereignty one of the goals of its recent presidency in the EU Council.

    The approach taken thus far both by the EU and by national authorities has been not to exclude foreign businesses, but instead to focus on research and development funding for European projects. Unfortunately, there are worrying signs that this more measured approach is beginning to be replaced by ill-conceived moves toward economic protectionism, ostensibly justified by national-security and personal-privacy concerns.

    In this context, it is worth reconsidering why Europeans’ best interests are best served not by economic isolationism, but by an understanding of sovereignty that capitalizes on alliances with other free democracies.

    Protectionism Under the Guise of Cybersecurity

    Among the primary worrying signs regarding the EU’s approach to digital sovereignty is the union’s planned official cybersecurity-certification scheme. The European Commission is reportedly pushing for “digital sovereignty” conditions in the scheme, which would include data and corporate-entity localization and ownership requirements. This can be categorized as “hard” data localization in the taxonomy laid out by Peter Swire and DeBrae Kennedy-Mayo of Georgia Institute of Technology, in that it would prohibit both data transfers to other countries and for foreign capital to be involved in processing even data that is not transferred.

    The European Cybersecurity Certification Scheme for Cloud Services (EUCS) is being prepared by ENISA, the EU cybersecurity agency. The scheme is supposed to be voluntary at first, but it is expected that it will become mandatory in the future, at least for some situations (e.g., public procurement). It was not initially billed as an industrial-policy measure and was instead meant to focus on technical security issues. Moreover, ENISA reportedly did not see the need to include such “digital sovereignty” requirements in the certification scheme, perhaps because they saw them as insufficiently grounded in genuine cybersecurity needs.

    Despite ENISA’s position, the European Commission asked the agency to include the digital–sovereignty requirements. This move has been supported by a coalition of European businesses that hope to benefit from the protectionist nature of the scheme. Somewhat ironically, their official statement called on the European Commission to “not give in to the pressure of the ones who tend to promote their own economic interests,”

    The governments of Denmark, Estonia, Greece, Ireland, Netherlands, Poland, and Sweden expressed “strong concerns” about the Commission’s move. In contrast, Germany called for a political discussion of the certification scheme that would take into account “the economic policy perspective.” In other words, German officials want the EU to consider using the cybersecurity-certification scheme to achieve protectionist goals.

    Cybersecurity certification is not the only avenue by which Brussels appears to be pursuing protectionist policies under the guise of cybersecurity concerns. As highlighted in a recent report from the Information Technology & Innovation Foundation, the European Commission and other EU bodies have also been downgrading or excluding U.S.-owned firms from technical standard-setting processes.

    Do Security and Privacy Require Protectionism?

    As others have discussed at length (in addition to Swire and Kennedy-Mayo, also Theodore Christakis) the evidence for cybersecurity and national-security arguments for hard data localization have been, at best, inconclusive. Press reports suggest that ENISA reached a similar conclusion. There may be security reasons to insist upon certain ways of distributing data storage (e.g., across different data centers), but those reasons are not directly related to the division of national borders.

    In fact, as illustrated by the well-known architectural goal behind the design of the U.S. military computer network that was the precursor to the Internet, security is enhanced by redundant distribution of data and network connections in a geographically dispersed way. The perils of putting “all one’s data eggs” in one basket (one locale, one data center) were amply illustrated when a fire in a data center of a French cloud provider, OVH, famously brought down millions of websites that were only hosted there. (Notably, OVH is among the most vocal European proponents of hard data localization).

    Moreover, security concerns are clearly not nearly as serious when data is processed by our allies as it when processed by entities associated with less friendly powers. Whatever concerns there may be about U.S. intelligence collection, it would be detached from reality to suggest that the United States poses a national-security risk to EU countries. This has become even clearer since the beginning of the Russian invasion of Ukraine. Indeed, the strength of the U.S.-EU security relationship has been repeatedly acknowledged by EU and national officials.

    Another commonly used justification for data localization is that it is required to protect Europeans’ privacy. The radical version of this position, seemingly increasingly popular among EU data-protection authorities, amounts to a call to block data flows between the EU and the United States. (Most bizarrely, Russia seems to receive a more favorable treatment from some European bureaucrats). The legal argument behind this view is that the United States doesn’t have sufficient legal safeguards when its officials process the data of foreigners.

    The soundness of that view is debated, but what is perhaps more interesting is that similar privacy concerns have also been identified by EU courts with respect to several EU countries. The reaction of those European countries was either to ignore the courts, or to be “ruthless in exploiting loopholes” in court rulings. It is thus difficult to treat seriously the claims that Europeans’ data is much better safeguarded in their home countries than if it flows in the networks of the EU’s democratic allies, like the United States.

    Digital Sovereignty as Industrial Policy

    Given the above, the privacy and security arguments are unlikely to be the real decisive factors behind the EU’s push for a more protectionist approach to digital sovereignty, as in the case of cybersecurity certification. In her 2020 State of the Union speech, EU Commission President Ursula von der Leyen stated that Europe “must now lead the way on digital—or it will have to follow the way of others, who are setting these standards for us.”

    She continued: “On personalized data—business to consumer—Europe has been too slow and is now dependent on others. This cannot happen with industrial data.” This framing suggests an industrial-policy aim behind the digital-sovereignty agenda. But even in considering Europe’s best interests through the lens of industrial policy, there are reasons to question the manner in which “leading the way on digital” is being implemented.

    Limitations on foreign investment in European tech businesses come with significant costs to the European tech ecosystem. Those costs are particularly high in the case of blocking or disincentivizing American investment.

    Effect on startups

    Early-stage investors such as venture capitalists bring more than just financial capital. They offer expertise and other vital tools to help the businesses in which they invest. It is thus not surprising that, among the best investors, those with significant experience in a given area are well-represented. Due to the successes of the U.S. tech industry, American investors are especially well-positioned to play this role.

    In contrast, European investors may lack the needed knowledge and skills. For example, in its report on building “deep tech” companies in Europe, Boston Consulting Group noted that a “substantial majority of executives at deep-tech companies and more than three-quarters of the investors we surveyed believe that European investors do not have a good understanding of what deep tech is.”

    More to the point, even where EU players do hold advantages, a cooperative economic and technological system will allow the comparative advantage of both U.S. and EU markets to redound to each others’ benefit. That is to say, of course not all U.S. investment expertise will apply in the EU, but certainly some will. Similarly, there will be EU firms that are positioned to share their expertise in the United States. But there is no ex ante way to know when and where these complementarities will exist, which essentially dooms efforts at centrally planning technological cooperation.

    Given the close economic, cultural, and historical ties of the two regions, it makes sense to work together, particularly given the rising international-relations tensions outside of the western sphere. It also makes sense, insofar as the relatively open private-capital-investment environment in the United States is nearly impossible to match, let alone surpass, through government spending.

    For example, national government and EU funding in Europe has thus far ranged from expensive failures (the “Google-killer”) to the all-too-predictable bureaucracy-heavy grantmaking, the beneficiaries of which describe as lacking flexibility, “slow,” “heavily process-oriented,” and expensive for businesses to navigate. As reported by the Financial Times’ Sifted website, the EU’s own startup-investment scheme (the European Innovation Council) backed only one business over more than a year, and it had “delays in payment” that “left many startups short of cash—and some on the brink of going out of business.”

    Starting new business ventures is risky, especially for the founders. They risk devoting their time, resources, and reputation to an enterprise that may very well fail. Given this risk of failure, the potential upside needs to be sufficiently high to incentivize founders and early employees to take the gamble. This upside is normally provided by the possibility of selling one’s shares in a business. In BCG’s previously cited report on deep tech in Europe, respondents noted that the European ecosystem lacks “clear exit opportunities”:

    Some investors fear being constrained by European sovereignty concerns through vetoes at the state or Europe level or by rules potentially requiring European ownership for deep-tech companies pursuing strategically important technologies. M&A in Europe does not serve as the active off-ramp it provides in the US. From a macroeconomic standpoint, in the current environment, investment and exit valuations may be impaired by inflation or geopolitical tensions.

    More broadly, those exit opportunities also factor importantly into funders’ appetite to price the risk of failure in their ventures. Where the upside is sufficiently large, an investor might be willing to experiment in riskier ventures and be suitably motivated to structure investments to deal with such risks. But where the exit opportunities are diminished, it makes much more sense to spend time on safer bets that may provide lower returns, but are less likely to fail. Coupled with the fact that government funding must run through bureaucratic channels, which are inherently risk averse, the overall effect is a less dynamic funding system.

    The Central and Eastern Europe (CEE) region is an especially good example of the positive influence of American investment in Europe’s tech ecosystem. According to the state-owned Polish Development Fund and Dealroom.co, in 2019, $0.9 billion of venture-capital investment in CEE came from the United States, $0.5 billion from Europe, and $0.1 billion from the rest of the world.

    Direct investment

    Technological investment is rarely, if ever, a zero-sum game. U.S. firms that invest in the EU (and vice versa) do not do so as foreign conquerors, but as partners whose own fortunes are intertwined with their host country. Consider, for example, Google’s recent PLN 2.7 billion investment in Poland. Far from extractive, that investment will build infrastructure in Poland, and will employ an additional 2,500 Poles in the company’s cloud-computing division. This sort of partnership plants the seeds that grow into a native tech ecosystem. The Poles that today work in Google’s cloud-computing division are the founders of tomorrow’s innovative startups rooted in Poland.

    The funding that accompanies native operations of foreign firms also has a direct impact on local economies and tech ecosystems. More local investment in technology creates demand for education and support roles around that investment. This creates a virtuous circle that ultimately facilitates growth in the local ecosystem. And while this direct investment is important for large countries, in smaller countries, it can be a critical component in stimulating their own participation in the innovation economy. 

    According to Crunchbase, out of 2,617 EU-headquartered startups founded since 2010 with total equity funding amount of at least $10 million, 927 (35%) had at least one founder who previously worked for an American company. For example, two of the three founders of Madrid-based Seedtag (total funding of more than $300 million) worked at Google immediately before starting Seedtag.

    It is more difficult to quantify how many early employees of European startups built their experience in American-owned companies, but it is likely to be significant and to become even more so, especially in regions—like Central and Eastern Europe—with significant direct U.S. investment in local talent.

    Conclusion

    Explicit industrial policy for protectionist ends is—at least, for the time being—regarded as unwise public policy. But this is not to say that countries do not have valid national interests that can be met through more productive channels. While strong data-localization requirements is ultimately counterproductive, particularly among closely allied nations, countries have a legitimate interest in promoting the growth of the technology sector within their borders.

    National investment in R&D can yield fruit, particularly when that investment works in tandem with the private sector (see, e.g., the Bayh-Dole Act in the United States). The bottom line, however, is that any intervention should take care to actually promote the ends it seeks. Strong data-localization policies in the EU will not lead to success of the local tech industry, but it will serve to wall the region off from the kind of investment that can make it thrive.

    In Data Privacy & Security, European Union, International, Mergers & Acquisitions, Truth on the Market , , , , , , , , , ,
    permalink

    Damn the Economics, Full Speed Ahead!

    Alden Abbott —  22 September 2022

    A White House administration typically announces major new antitrust initiatives in the fall and spring, and this year is no exception. Senior Biden administration officials kicked off the fall season at Fordham Law School (more on that below) by shedding additional light on their plans to expand the accepted scope of antitrust enforcement.

    Their aggressive enforcement statements draw headlines, but will the administration’s neo-Brandeisians actually notch enforcement successes? The prospects are cloudy, to say the least.

    The U.S. Justice Department (DOJ) has lost some cartel cases in court this year (what was the last time that happened?) and, on Sept. 19, a federal judge rejected the DOJ’s attempt to enjoin United Health’s $13.8 billion bid for Change Healthcare. The Federal Trade Commission (FTC) recently lost two merger challenges before its in-house administrative law judge. It now faces a challenge to its administrative-enforcement processes before the U.S. Supreme Court (the Axon case, to be argued in November).

    (Incidentally, on the other side of the Atlantic, the European Commission has faced some obstacles itself. Despite its recent Google victory, the Commission has effectively lost two abuse of dominance cases this year—the Intel and Qualcomm matters—before the European General Court.)

    So, are the U.S. antitrust agencies chastened? Will they now go back to basics? Far from it. They enthusiastically are announcing plans to charge ahead, asserting theories of antitrust violations that have not been taken seriously for decades, if ever. Whether this turns out to be wise enforcement policy remains to be seen, but color me highly skeptical. Let’s take a quick look at some of the big enforcement-policy ideas that are being floated.

    Fordham Law’s Antitrust Conference

    Admiral David Farragut’s order “Damn the torpedoes, full speed ahead!” was key to the Union Navy’s August 1864 victory in the Battle of Mobile Bay, a decisive Civil War clash. Perhaps inspired by this display of risk-taking, the heads of the two federal antitrust agencies—DOJ Assistant Attorney General (AAG) Jonathan Kanter and FTC Chair Lina Khan—took a “damn the economics, full speed ahead” attitude in remarks at the Sept. 16 session of Fordham Law School’s 49th Annual Conference on International Antitrust Law and Policy. Special Assistant to the President Tim Wu was also on hand and emphasized the “all of government” approach to competition policy adopted by the Biden administration.

    In his remarks, AAG Kanter seemed to be endorsing a “monopoly broth” argument in decrying the current “Whac-a-Mole” approach to monopolization cases. The intent may be to lessen the burden of proof of anticompetitive effects, or to bring together a string of actions taken jointly as evidence of a Section 2 violation. In taking such an approach, however, there is a serious risk that efficiency-seeking actions may be mistaken for exclusionary tactics and incorrectly included in the broth. (Notably, the U.S. Court of Appeals for the D.C. Circuit’s 2001 Microsoft opinion avoided the monopoly-broth problem by separately discussing specific company actions and weighing them on their individual merits, not as part of a general course of conduct.)

    Kanter also recommended going beyond “our horizontal and vertical framework” in merger assessments, despite the fact that vertical mergers (involving complements) are far less likely to be anticompetitive than horizontal mergers (involving substitutes).

    Finally, and perhaps most problematically, Kanter endorsed the American Innovative and Choice Online Act (AICOA), citing the protection it would afford “would-be competitors” (but what about consumers?). In so doing, the AAG ignored the fact that AICOA would prohibit welfare-enhancing business conduct and could be harmfully construed to ban mere harm to rivals (see, for example, Stanford professor Doug Melamed’s trenchant critique).

    Chair Khan’s presentation, which called for a far-reaching “course correction” in U.S. antitrust, was even more bold and alarming. She announced plans for a new FTC Act Section 5 “unfair methods of competition” (UMC) policy statement centered on bringing “standalone” cases not reachable under the antitrust laws. Such cases would not consider any potential efficiencies and would not be subject to the rule of reason. Endorsing that approach amounts to an admission that economic analysis will not play a serious role in future FTC UMC assessments (a posture that likely will cause FTC filings to be viewed skeptically by federal judges).

    In noting the imminent release of new joint DOJ-FTC merger guidelines, Khan implied that they would be animated by an anti-merger philosophy. She cited “[l]awmakers’ skepticism of mergers” and congressional rejection “of economic debits and credits” in merger law. Khan thus asserted that prior agency merger guidance had departed from the law. I doubt, however, that many courts will be swayed by this “economics free” anti-merger revisionism.

    Tim Wu’s remarks closing the Fordham conference had a “big picture” orientation. In an interview with GW Law’s Bill Kovacic, Wu briefly described the Biden administration’s “whole of government” approach, embodied in President Joe Biden’s July 2021 Executive Order on Promoting Competition in the American Economy. While the order’s notion of breaking down existing barriers to competition across the American economy is eminently sound, many of those barriers are caused by government restrictions (not business practices) that are not even alluded to in the order.

    Moreover, in many respects, the order seeks to reregulate industries, misdiagnosing many phenomena as business abuses that actually represent efficient free-market practices (as explained by Howard Beales and Mark Jamison in a Sept. 12 Mercatus Center webinar that I moderated). In reality, the order may prove to be on net harmful, rather than beneficial, to competition.

    Conclusion

    What is one to make of the enforcement officials’ bold interventionist screeds? What seems to be missing in their presentations is a dose of humility and pragmatism, as well as appreciation for consumer welfare (scarcely mentioned in the agency heads’ presentations). It is beyond strange to see agencies that are having problems winning cases under conventional legal theories floating novel far-reaching initiatives that lack a sound economics foundation.

    It is also amazing to observe the downplaying of consumer welfare by agency heads, given that, since 1979 (in Reiter v. Sonotone), the U.S. Supreme Court has described antitrust as a “consumer welfare prescription.” Unless there is fundamental change in the makeup of the federal judiciary (and, in particular, the Supreme Court) in the very near future, the new unconventional theories are likely to fail—and fail badly—when tested in court. 

    Bringing new sorts of cases to test enforcement boundaries is, of course, an entirely defensible role for U.S. antitrust leadership. But can the same thing be said for bringing “non-boundary” cases based on theories that would have been deemed far beyond the pale by both Republican and Democratic officials just a few years ago? Buckle up: it looks as if we are going to find out. 

    In Administrative Law, Antitrust & Competition, Cartels, European Union, Federal Trade Commission, Justice Department, Mergers & Acquisitions, Regulation, Section 5, Truth on the Market , , , , , , , , , , , , , ,
    permalink

    The Case Against Self-Preferencing as a New Antitrust Offense

    Giuseppe Colangelo —  22 September 2022

    The practice of so-called “self-preferencing” has come to embody the zeitgeist of competition policy for digital markets, as legislative initiatives are undertaken in jurisdictions around the world that to seek, in various ways, to constrain large digital platforms from granting favorable treatment to their own goods and services. The core concern cited by policymakers is that gatekeepers may abuse their dual role—as both an intermediary and a trader operating on the platform—to pursue a strategy of biased intermediation that entrenches their power in core markets (defensive leveraging) and extends it to associated markets (offensive leveraging).

    In addition to active interventions by lawmakers, self-preferencing has also emerged as a new theory of harm before European courts and antitrust authorities. Should antitrust enforcers be allowed to pursue such a theory, they would gain significant leeway to bypass the legal standards and evidentiary burdens traditionally required to prove that a given business practice is anticompetitive. This should be of particular concern, given the broad range of practices and types of exclusionary behavior that could be characterized as self-preferencing—only some of which may, in some specific contexts, include exploitative or anticompetitive elements.

    In a new working paper for the International Center for Law & Economics (ICLE), I provide an overview of the relevant traditional antitrust theories of harm, as well as the emerging case law, to analyze whether and to what extent self-preferencing should be considered a new standalone offense under EU competition law. The experience to date in European case law suggests that courts have been able to address platforms’ self-preferencing practices under existing theories of harm, and that it may not be sufficiently novel to constitute a standalone theory of harm.

    European Case Law on Self-Preferencing

    Practices by digital platforms that might be deemed self-preferencing first garnered significant attention from European competition enforcers with the European Commission’s Google Shopping investigation, which examined whether the search engine’s results pages positioned and displayed its own comparison-shopping service more favorably than the websites of rival comparison-shopping services. According to the Commission’s findings, Google’s conduct fell outside the scope of competition on the merits and could have the effect of extending Google’s dominant position in the national markets for general Internet search into adjacent national markets for comparison-shopping services, in addition to protecting Google’s dominance in its core search market.

    Rather than explicitly posit that self-preferencing (a term the Commission did not use) constituted a new theory of harm, the Google Shopping ruling described the conduct as belonging to the well-known category of “leveraging.” The Commission therefore did not need to propagate a new legal test, as it held that the conduct fell under a well-established form of abuse. The case did, however, spur debate over whether the legal tests the Commission did apply effectively imposed on Google a principle of equal treatment of rival comparison-shopping services.

    But it should be noted that conduct similar to that alleged in the Google Shopping investigation actually came before the High Court of England and Wales several months earlier, this time in a dispute between Google and Streetmap. At issue in that case was favorable search results Google granted to its own maps, rather than to competing online maps. The UK Court held, however, that the complaint should have been appropriately characterized as an allegation of discrimination; it further found that Google’s conduct did not constitute anticompetitive foreclosure. A similar result was reached in May 2020 by the Amsterdam Court of Appeal in the Funda case.  

    Conversely, in June 2021, the French Competition Authority (AdlC) followed the European Commission into investigating Google’s practices in the digital-advertising sector. Like the Commission, the AdlC did not explicitly refer to self-preferencing, instead describing the conduct as “favoring.”

    Given this background and the proliferation of approaches taken by courts and enforcers to address similar conduct, there was significant anticipation for the judgment that the European General Court would ultimately render in the appeal of the Google Shopping ruling. While the General Court upheld the Commission’s decision, it framed self-preferencing as a discriminatory abuse. Further, the Court outlined four criteria that differentiated Google’s self-preferencing from competition on the merits.

    Specifically, the Court highlighted the “universal vocation” of Google’s search engine—that it is open to all users and designed to index results containing any possible content; the “superdominant” position that Google holds in the market for general Internet search; the high barriers to entry in the market for general search services; and what the Court deemed Google’s “abnormal” conduct—behaving in a way that defied expectations, given a search engine’s business model, and that changed after the company launched its comparison-shopping service.

    While the precise contours of what the Court might consider discriminatory abuse aren’t yet clear, the decision’s listed criteria appear to be narrow in scope. This stands at odds with the much broader application of self-preferencing as a standalone abuse, both by the European Commission itself and by some national competition authorities (NCAs).

    Indeed, just a few weeks after the General Court’s ruling, the Italian Competition Authority (AGCM) handed down a mammoth fine against Amazon over preferential treatment granted to third-party sellers who use the company’s own logistics and delivery services. Rather than reflecting the qualified set of criteria laid out by the General Court, the Italian decision was clearly inspired by the Commission’s approach in Google Shopping. Where the Commission described self-preferencing as a new form of leveraging abuse, AGCM characterized Amazon’s practices as tying.

    Self-preferencing has also been raised as a potential abuse in the context of data and information practices. In November 2020, the European Commission sent Amazon a statement of objections detailing its preliminary view that the company had infringed antitrust rules by making systematic use of non-public business data, gathered from independent retailers who sell on Amazon’s marketplace, to advantage the company’s own retail business. (Amazon responded with a set of commitments currently under review by the Commission.)

    Both the Commission and the U.K. Competition and Markets Authority have lodged similar allegations against Facebook over data gathered from advertisers and then used to compete with those advertisers in markets in which Facebook is active, such as classified ads. The Commission’s antitrust proceeding against Apple over its App Store rules likewise highlights concerns that the company may use its platform position to obtain valuable data about the activities and offers of its competitors, while competing developers may be denied access to important customer data.

    These enforcement actions brought by NCAs and the Commission appear at odds with the more bounded criteria set out by the General Court in Google Shopping, and raise tremendous uncertainty regarding the scope and definition of the alleged new theory of harm.

    Self-Preferencing, Platform Neutrality, and the Limits of Antitrust Law

    The growing tendency to invoke self-preferencing as a standalone theory of antitrust harm could serve two significant goals for European competition enforcers. As mentioned earlier, it offers a convenient shortcut that could allow enforcers to skip the legal standards and evidentiary burdens traditionally required to prove anticompetitive behavior. Moreover, it can function, in practice, as a means to impose a neutrality regime on digital gatekeepers, with the aims of both ensuring a level playing field among competitors and neutralizing the potential conflicts of interests implicated by dual-mode intermediation.

    The dual roles performed by some platforms continue to fuel the never-ending debate over vertical integration, as well as related concerns that, by giving preferential treatment to its own products and services, an integrated provider may leverage its dominance in one market to related markets. From this perspective, self-preferencing is an inevitable byproduct of the emergence of ecosystems.

    However, as the Australian Competition and Consumer Commission has recognized, self-preferencing conduct is “often benign.” Furthermore, the total value generated by an ecosystem depends on the activities of independent complementors. Those activities are not completely under the platform’s control, although the platform is required to establish and maintain the governance structures regulating access to and interactions around that ecosystem.

    Given this reality, a complete ban on self-preferencing may call the very existence of ecosystems into question, challenging their design and monetization strategies. Preferential treatment can take many different forms with many different potential effects, all stemming from platforms’ many different business models. This counsels for a differentiated, case-by-case, and effects-based approach to assessing the alleged competitive harms of self-preferencing.

    Antitrust law does not impose on platforms a general duty to ensure neutrality by sharing their competitive advantages with rivals. Moreover, possessing a competitive advantage does not automatically equal an anticompetitive effect. As the European Court of Justice recently stated in Servizio Elettrico Nazionale, competition law is not intended to protect the competitive structure of the market, but rather to protect consumer welfare. Accordingly, not every exclusionary effect is detrimental to competition. Distinctions must be drawn between foreclosure and anticompetitive foreclosure, as only the latter may be penalized under antitrust.

    In Antitrust & Competition, European Union, Exclusionary Conduct, Google, Platforms, Price Discrimination, Truth on the Market, Tying, United Kingdom , , , , , , , , , , , , , , , ,
    permalink