How EU Competition Law Applies To Data Collection Issues

by Orrick, Herrington & Sutcliffe LLP
Contact

Law360, New York (June 18, 2013, 11:57 AM ET) -- The Internet has given rise to information-based businesses that create value by accumulating pools of data captured from many sources. Indeed, the collection and analysis of vast amounts of consumer data has become the engine driving significant innovation on the Internet. From search to social networks to shopping to gaming, the use of consumer-generated data is increasingly the way to monetize Web services. Internet companies amass vast amounts of new data by the second. These data are then used by them, and others, to generate advertising revenue and to develop new products.

For many companies, products derived from raw data will drive innovation. For example, access to personal data will help firms better understand consumers and how to meet their needs. Retailers maintain extensive data on their customers (tied either to a customer loyalty card, name, or physical or email address). Using demographic information and purchasing history, companies can determine — through the power of data analytics — shopping habits and can then develop targeted advertising. For example, companies can now use predictive analytics to identify potentially pregnant women. They then can use targeted advertising to suggest a new product purchase — baby products — when that customer orders cleaning supplies or groceries.[1]

As Internet firms grow ever larger and their stores of data grow exponentially, questions regarding the control of, and access to, these data have emerged. Firms seeking to gain or ensure continued access to these data have asserted antitrust theories as a basis for doing so, although no European court has yet to accept any such claim. In reality, such claims have been raised principally as a counterattack when firms with some degree of market power have sued third parties for violating terms of service and copyright by accessing data in an unauthorized manner. These types of counterclaims raise numerous questions — the most obvious of which is: Who owns the data anyway?

Even if, however, we were to posit that the data belong to the users and not the company controlling their data, how do we deal with requests for access to the compilation or aggregation of the data of many thousands or millions of users by companies claiming they need these data in order to compete?

A European Commission petition has very recently addressed the competition concerns involving personal data. The commissioner responsible for competition, Joaquin Almunia, stated in a speech in November 2012 that “today, personal data are a type of asset for companies. … Companies evidently try to use their access to personal data to gain commercial advantage vis-a-vis users. It is necessary to strike the right balance between regulation and competition policy enforcement.” As Almunia further observed, “competition policy is about actions by a dominant firm to exclude competitors by unfair means.”

So far, the European Commission has not reviewed a case where the accumulation or the manipulation of data was used to allegedly hamper competition.[2] The European Commission does, however, have the tools needed to address an alleged infringement to competition law in a case involving data collection. In doing so, it might rely on the classical analysis of “essential facility” doctrine that the commission developed beginning in the 1990s.

The essential facility theory originally comes from U.S. antitrust law[3] and was applied for the first time in 1993 by the European Commission in a case related to harbor infrastructures. The essential facility doctrine then was extended to matters related to nonmaterial facilities.

  • The Magill Case
  • The "Magill" case[4] in 1995 dealt with three broadcasting companies, the Irish State Broadcaster (RTE), ITV and the BBC. These three broadcasters, which each owned the copyright to its own lists of television programs, provided their program schedules free of charge to daily and periodical newspapers. Until 1985, no comprehensive weekly listing guide was provided.
  • In 1985, Magill decided to produce an Irish guide to all channels. He complained to the European Commission when the three broadcasters refused to license him to reproduce their weekly listings. In its decision, the commission found that there had been a breach of European competition law and ordered the three organizations to supply “third parties on request and on a nondiscriminatory basis with their individual advance weekly program listings” and to permit reproduction of those listings by such parties. The Court of Justice confirmed the decision.

The IMS Case

The "IMS" case[5] in 2004 involved IMS Health, the world’s largest supplier of information on sales of prescription pharmaceutical products. IMS Health had developed a successful system for compiling this information, the “1860 brick structure,” protected by copyright. Two other companies, NDC and AzyX, tried to launch a similar system, but failed as the brick structure devised by IMS had become the industry standard for those carrying out analysis of the German pharmaceutical markets. NDC asked IMS for a license to use the “1860 brick structure,” but IMS refused. NDC then accessed IMS’ data, and IMS brought an action before the local courts in Germany alleging that NDC’s data collection system had infringed IMS’ copyright.

The German court decided in favor of IMS, ruling that its “1860 brick structure” system for data collection was protected by copyright. However, the national court considered that IMS could not refuse to grant a license to NDC if that refusal constituted an abuse of a dominant position under EC law. The German court referred a number of questions to the ECJ on the circumstances under which such behavior constitutes an abuse of a dominant position.

In its ruling, the ECJ considered that the “refusal by an undertaking which holds a dominant position and owns an intellectual property right in a brick structure indispensable to the presentation of regional sales data on pharmaceutical products in a Member State to grant a license to use that structure to another undertaking which also wishes to provide such data in the same Member State, can constitute an abuse of a dominant position within the meaning of Article 82 EC” if certain conditions are fulfilled (see below).

The Microsoft Case

The Microsoft case[6] dealt with a complaint lodged by Sun Microsystems against Microsoft for not having provided complete information that would enable Sun’s operating system to interoperate with Windows operating systems. The commission initiated an investigation and found that Microsoft had abused its dominant position in client operating systems in two ways.

First, the commission found that since October 1998 Microsoft had unlawfully refused to provide certain computer protocols that would enable competing server operating system vendors to interoperate with Microsoft’s Windows client and server operating systems. This abuse focused on server operating systems that perform “work group” tasks and arose out of Sun’s initial complaint. Second, the commission found that since May 1999 Microsoft had tied Windows Media Player 7 to Microsoft’s Windows client operating system.

Is there a common thread to these cases?

The Court of Justice considers that the exclusive right of reproduction forms part of the rights of the owner of intellectual property, so that refusal to grant a license, even if it is the act of an undertaking holding a dominant position, cannot in itself constitute abuse of a dominant position[7].

Nevertheless, according to the Court of Justice, exercise of an exclusive right by the owner may, in “exceptional circumstances,” involve abusive conduct. These “exceptional circumstances” were analyzed for the first time in the “Magill” case, discussed above. Three circumstances may trigger a duty to deal:

  • Circumstance 1: Refusal is preventing the emergence of a new product for which there is potential consumer demand. In the IMS case, the Court of Justice stated that this circumstance relates “to the consideration that, in the balancing of the interest in protection of the intellectual property right and the economic freedom of its owner against the interest in protection of free competition, the latter can prevail only where refusal to grant a license prevents the development of the secondary market to the detriment of consumers.” The refusal by an undertaking in a dominant position to allow access to a product protected by an intellectual property right (where that product is indispensable for operating on a secondary market) may be regarded as abusive only where the undertaking which requested the license does not intend to limit itself essentially to duplicating the goods or services already offered on the secondary market by the owner of the intellectual property right, but intends to produce new goods or services not offered by the owner of the right and for which there is potential consumer demand.
  • Circumstance 2: Refusal is not justified by objective considerations. The Court of Justice has never provided a more complete definition or explanation of this circumstance.
  • Circumstance 3: Refusal is likely to exclude all competition in the secondary market. In the IMS case, the Court of Justice specified that the secondary market can include a potential or even hypothetical market. Exclusion of all competition in the secondary market is possible where the products or services are indispensable in order to carry on a particular business and where there is actual demand for them from undertakings which seek to carry on the business for which they are indispensable.

The European Commission addressed the issue of personal data and competition law in the 2008 Google/DoubleClick merger case. The deal involved a company that could collect a large amount of personal Web-browsing data (DoubleClick)[8] and another with the technology to target ads and monitor their performance (Google). Following an in-depth investigation, the commission concluded that the combination of data on search behavior and Web-browsing behavior would not give a competitive advantage in the advertisement business that could not be replicated by other players that have access to similar Web-usage data. It therefore cleared the transaction.

Some national courts have also considered data collection and competition law. The essential facility doctrine has been applied in France by both of the highest courts, the Conseil d’Etat and the Cour de Cassation. In its ruling of Dec. 4, 2001, the Cour de Cassation applied the doctrine by analyzing whether the plaintiff could have used comparable software for which access was being requested. The Cour de Cassation judged that the software used by France Telecom, the former monopolist in the French telecommunications market, was incomparable because of its completeness and its regular updates. The court considered that the software constituted an “essential resource” that should be accessible at a reasonable price.

The European Commission seems to be more and more conscious of the competition law issues raised by personal data collection. On the one hand, data collection can promote innovation, by allowing undertakings to obtain a better understanding of their clients and their needs. On the other hand, data collection by one single undertaking on a market may lead to an abuse of dominance when these data are excessively protected. In this regard, the essential facilities caselaw developed by the European Commission for the last 20 years with respect to nonmaterial facilities should enable it to take a balanced approach in evaluating these conflicting interests. That said, there are some risks for firms with market power who amass data and refuse to share it, and conversely companies that are unable to access such data may have tools at their disposal to try to obtain it.

---------------------------------

[1] Charles Duhigg, “How Companies Learn Your Secrets,” New York Times, Feb. 16, 2012.

[2] Joaquín Almunia, speech, Nov. 26, 2012 (Read it here: SPEECH/12/860).

[3] United States v. Terminal Railroad Ass’n of Saint Louis, 224 U.S. 383 (1912).

[4] Court of Justice, April 6, 1995, Radio Telefis Eireann (RTE) and Independent Television Publications Ltd (ITP) v. Commission of the European Communities, Joined cases C-241/91 P and C-242/91 P.

[5] Court of Justice, 29 avril 2004, IMS Health GmbH & Co. OHG v. NDC Health GmbH & Co. KG; C-418/01.

[6] Court of First Instance, 17 September 2007, Microsoft Corp., T-201/04.

[7] Court of Justice, 5 October 1988, Volvo, 238/87; Court of Justice, 6 April 1995, Joined cases C-241/91 P and C-242/91 P; Court of Justice, 26 November 1998, Oscar Bronner GmbH & Co KG, § 39; Court of Justice, 29 April 2004, IMS Health GmbH & Co. OHG v. NDC Health GmbH & Co. KG.

[8] DoubleClick mainly sells ad serving, management and reporting technology worldwide to web site publishers and to advertisers and agencies. Such technology allows internet publishers and advertisers to ensure that advertisements are posted on the relevant web sites and to report on the performance of such advertisements.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick, Herrington & Sutcliffe LLP | Attorney Advertising

Written by:

Orrick, Herrington & Sutcliffe LLP
Contact
more
less

Orrick, Herrington & Sutcliffe LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!