)
By Patricia De Moraes Paisani Matthey Claudet
At the beginning of July 2023, two important developments for European competition law application in digital markets provided valuable insights into the difficulties of addressing the restrictions on the processing of personal data in the data-driven business model of digital platforms. The first development was the long-awaited ruling by the European Court of Justice (ECJ) in the Meta Platforms case. In this ruling, the Court provided guidance on the interpretation of several aspects of the General Data Protection Regulation (GDPR) as well as the possibility of assessing data protection breaches committed by data-driven firms to investigate potential anticompetitive conduct in competition proceedings. The second one was Meta’s Threads, an application constructed for the exchange of text-based conversations and positioned by Meta to compete with ‘X’, the former Twitter application. Meta launched their new Threads in regions worldwide, excluding Europe. According to some inside sources, Meta alleged that the launch of their new service in Europe was delayed due to uncertainties concerning the application of the Digital Markets Act (DMA). This new European regulation focuses on decreasing obstacles and foreclosure to new entrants in digital markets and ensuring fair conditions for digital businesses and end-users. It establishes a list of forbidden conducts and obligations to be observed by digital undertakings in a market position that allows them to create barriers to entry or “bottlenecks” to new entrants in their core platform market (‘gatekeepers'). These two events, separated by only one day and not directly linked, brought to the stage one of the most salient and difficult questions for lawmakers and competition regulators: Can Europeans take full advantage of all the beneficial effects of the data-driven business model of digital firms while preserving their fundamental right to data protection? Can European regulation offer the best of these two worlds to consumers in a fair and contestable European Single Market? The answer to these questions is still far from conclusive.
In this context, the central issue of Meta’s decision to exclude Europe from the launch of Threads is the prohibition brought by Article 5 (2) of DMA on the possibility of a company classified as a ”gatekeeper”, combining personal data from the relevant platform service with personal data from any other core platform service or any other services provided by the gatekeeper or with personal data from third-party services, cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper including other core platform services and vice-versa; and sign-in end users to other services of the gatekeeper to combine personal data. According to the DMA, these forbidden conducts will not apply if the end-users have been notified about the gatekeeper’s intentions and have given their free and informed consent to them. All these restrictions, especially the one concerning sign-in end users to other services of the gatekeeper to combine personal data (Article 5(2) (d) DMA), apply to Threads since the sign-in of this application is made exclusively through Instagram, another Meta platform app, making possible the combination and aggregation of data between these two platforms. In digital markets, the combination and aggregation of personal data in multi-sided markets, in which firms act as platforms to approach and match the demand and supply side, is key to their business model. It enables the creation of extensive datasets that are at the core of personalised products and services, which in turn will bring more choice and quality for users. On one side, the efficiency of the multi-sided platforms business model depends on personal data availability to provide incremental consumer welfare. Restrictions on combining and aggregating data can decrease this efficiency and risk a detrimental effect on quality and broad choice for consumers. On the other side, however, digital gatekeepers, due to their economic power and ability to collect and process a massive volume of personal data among their multiple services and products, enjoy a significant business advantage that could enable them to foreclose the market and undermine competition. In addition, data protection breaches are frequently associated with the massive collection and processing of personal data undertaken by these gatekeepers. Despite these critical justifications for the ban on the combination of data by gatekeepers, it is important to stress s that DMA restrictions would not apply if the users were duly informed of the pursued data combination and gave their free and informed consent to it. Here is where the ECJ ruling in the Meta case assumes a substantial role.
The referred case pioneered in acknowledging the assessment of GDPR articles in competition proceedings by antitrust authorities, particularly those linked to the lawfulness in the processing of data and to the circumstances in which the consent was obtained by multi-platforms. Concerning this specific issue, the ruling expressly acknowledges that in ‘a circumstance must be taken into consideration in assessing whether the user of that network has validly and, in particular, freely given consent, since that circumstance is liable to affect the freedom of choice of that user, who might be unable to refuse or withdraw consent without detriment, as stated in recital 42 of the GDPR’ (paragraph 148). Thus, the circumstances in which the consent is obtained and the presence of concrete elements to attest the compliance with the GDPR requirements for a free and informed consent are key issues in assisting competition authorities to draw a line to differentiate abusive conduct from competition on merits.
As a result, the interplay between the DMA (imposing ex ante restrictions on the combination of data) and the GDPR (establishing the conditions for the application of exemption on these restrictions) potentially creates serious roadblocks for Meta’s business model, at a level sufficient to hinder the launch of a new service in the European Single Market. Therefore, it could deprive consumers of a new and improved product and the possibility of the European market offering an increment to the access of new entrant firms in this concentrated segment. This is what could be inferred by Meta’s reported claim concerning the exclusion of Europe in the launch of Threads worldwide.
Nonetheless, it is important to question whether this interpretation is accurate. Could these regulations, instead of concurrently bolstering consumer welfare and safeguarding
fundamental data protection rights, lead to an adverse outcome for consumers and competition, reducing the access of European consumers to new products and services and increasing the lack of new entrants in a concentrated segment in the digital economy, consequently interfering with the functioning of European Single Market?
The more likely response to those queries is no. At least, not definitively. The aforementioned events point out the need for competition regulators and commentators to carefully navigate the arguments and “business ultimatums” brought by Meta in the period in which the European Commission is acting on the first steps to implement the DMA and the ECJ ruling is forcing Meta to readjust its business model. As a consequence of the ECJ ruling, Meta is currently negotiating with the Bundeskartellamt (the German competition agency) possible alternatives to comply with the GDPR requirements for obtaining users’ consent concerning the processing of their personal data in Meta’s Facebook social network platform. In this discussion, instead of considering excluding Facebook from the European Single Market, Meta is presenting the potential adoption of a new accounts centre. This alternative would allow users to exercise a free and informed option on the type of account they would like to maintain within Facebook: one allowing the sharing and combination of personal data (including for advertising purposes) to enable additional functionalities (personalised offers and content, for example) or one that would allow the use of Meta’s different services separately. In this situation, if the user has a personal account within the Facebook social network, the personal data contained in this account would not be combined with other Meta services, such as Instagram, to generate additional functionalities. As can be noticed, the same alternative presented to the German competition agency could be employed by Meta to make Threads available to European users, instead of making the user’s sign-in into Threads available only through Instagram. In addition to that possibility, Privacy Enhancement Technologies even with some limitations, could also be used by Meta to avoid the combination of personal data between Instagram and Threads.
As we can see from above, Meta could have launched Threads in Europe alongside the compliance with the DMA and GDPR dispositions, benefiting consumers and competition in the European digital economy. Moreover, this could generate important data for empirical research on the beneficial or detrimental effects of both statutes on consumer welfare and competition in the regulation of digital markets. These empirical data would be key to the assessment of the effectiveness of these regulations or their unintended consequences, serving as reliable evidence for a future revision of these statutes.
Despite the common difficulties concerning the application of new legal statutes, Thread’s exclusion of European territory cannot be a threat to the effective implementation of the Digital Market Act.