"The world's most valuable resource is no longer oil, but data" (The Economist, 6.5.2017). This catchy (albeit not quite accurate) comparison is likely to take the leading position among modern digital markets truisms. It is therefore hardly surprising that the German legislator has been inspired by it too. As part of the 10th amendment to the German Act against Restraints of Competition (ARC), which entered into force on 19 January 2021, the German parliament has introduced a new regulatory framework for access to commercial data under antitrust law. It does so in the form of not one, but two data access claims anchored in the abuse of dominance provisions of the ARC.
Why data access claims?
The underlying rationale goes somewhat like this: oil is a treasured natural resource, data is a treasured digital resource – and we need to open up the data treasure troves; the president of the Federal Cartel Office (FCO), Andreas Mundt, has publicly expressed his agreement with this sentiment. The new data access claims now reflect the clear political will to give interested companies access to commercial data which has been amassed by other companies. The motivation for this is an economic one – and not just on the micro, but on the macro level as well. Many of today’s business models are data driven. And so the logic is: if companies can get access to data, they can improve their products and business models – and thus increase the common good.
But the issue is tricky. Data access claims that go too far can distort economic incentives and, in the worst case, stifle innovation. From an economic point of view, de facto exclusivity over data creates an incentive for investment in high-quality data (and, above all, value-creating data processing and coupling) which is similar to the incentives that come with intellectual property rights. So it's a matter of finding the right balance. Will it work?
Data as an essential facility (Section 19(2) No. 4 ARC)
The first data access claim now available is stipulated in Section 19(2) No. 4 ARC and extends the pre-existing abusive denial of access to an “essential facility” to access to "data and interface information". According to the reasoning supplementing the new law, the refusal to license intellectual property rights is also to be covered by the provision. This is not entirely new in European antitrust law and has always been considered possible, at least for interface information and intellectual property rights. In German antitrust law, on the other hand, neither data nor intellectual property rights were previously considered infrastructure facilities within the meaning of Section 19(2) no. 4 ARC. So now for the first time ever, the ARC assigns data the same status as seaports, power grids or similar "bottlenecks" for supply and market access.
That said, the factual and legal prerequisites of any access claim under this provision are quite strict. First, the data owner must be dominant. This may be the case (possibly also due to the new concept of "intermediation power" introduced in Section 18(3b) ARC) in a product or service market, but also in a relevant data market. The latter would be conceivable, for example, for proprietary data and information necessary for the maintenance and repair of durable capital goods. However, having "data power" (i.e. a lot of data) does not necessarily translate to dominance. Rather, it is always necessary to examine in each specific case what relevance the data has in the context of the respective business model and what capabilities for data evaluation and analysis a company has.
The latter is crucial, since data can be reproduced at will and can therefore be made available several times; all data is, in economic jargon, "non-rivalrous". Accordingly, its intrinsic economic value is often "zero" which is why the oil analogy mentioned at the beginning of this article is not entirely accurate. In order to have economic value, data usually must be elaborately analyzed and structured. The possibility of granting or denying access to competition-relevant data is decisive for the assumption of market power based on "data power", although access to competition-relevant data alone does not in itself confer any particular "power". Instead, for dominance to exist based there must be additional circumstances which allow the company controlling the data to escape competitive pressure.
Another hurdle is that to establish an access claim under Section 19(2) No. 4 ARC, data access must be objectively necessary in order to operate on an upstream or downstream market. The mere desire to operate on the same market as the data owner is not enough. Neither is the subjective view of the access seeking company that it needs access to the data to be able to exercise effective competition. Rather, market activity must be impossible without data access, i.e., data access must be indispensable.
It is unclear if the access seeker must also demonstrate that refusal of access to the data would prevent the creation of a new or at least innovatively improved product (as required by European antitrust law for access to intellectual property rights and interface information). The wording of Section 19(2) No. 4 ARC does not include such a requirement, and the government’s supplementary reasoning is also silent on this point. However, the reasoning does point out that the amended provision is supposed to bring the legal standard into line with the developments under European competition law – which could indicate that the access seeker is indeed obliged to demonstrate that, absent the access, new or improved products will be kept from the market. The courts’ assessment of this question will be interesting to observe. What is certain in any case, is that the denial of data access must threaten to eliminate effective competition on the (upstream or downstream) market in question. Finally, even if an access claimer can establish these grounds for access, the data owner must grant it only in exchange for an appropriate fee – and may even refuse access altogether if there is an objective justification.
So, access seekers must jump through a whole lot of hoops. In the reasoning supplementing the legislation, there are two examples that indicate when this jump may work.
- One is the example of a dominant company controlling access to the usage data of a specific person or machine. If another company wants to offer maintenance and repair services or other innovative additional services e.g. for the operator of the machine or for the user of a service and it needs access to the individualized usage data for this purpose, such company may successfully invoke Section 19(2) No. 4 ARC. This example certainly does pack a punch. Business models for durable capital goods are often designed in such a way that a substantial part of profits stems from maintenance and repair works. Access claims under Section 19(2) No. 4 ARC may jeopardize such business models – notably including those from companies which are not "big tech" (a type of player which so far has taken the most prominent role in the public debate on the reform of the ARC). Rather, traditional "old economy" companies are targeted here as well.
- In another example mentioned in the reasoning, a company could claim access to the aggregated usage data of a large number of users or machines, for example to better predict malfunctions of a machine or user needs. Here, the legislator is apparently thinking of innovative business models in the context of so-called predictive maintenance, which enable cost-saving preventive maintenance strategies.
Data access in value chains (Section 20(1a) ARC)
The second data access claim is included in the revised Section 20 ARC. Notably, this provision does not require the data owner to have a dominant market position. Rather, it is sufficient that the company seeking access is dependent on the data owner because there are no sufficient and appropriate possibilities for it to switch to other companies and there is "a clear imbalance to the countervailing power" of the company in possession of the data, i.e., a power imbalance. According to the new Section 20(1a) ARC, such dependency can also result from the fact that the access seeker is dependent on the requested data access for its own business activities.
However, even then an access claim can only be established if the refusal of access is objectively unreasonable. Whether this is the case or not must be determined based on a comprehensive weighing of interests. According to the government’s reasoning, numerous different aspects must be considered in this process. These include, above all, the costs of providing the data for the data owner. Following a last-minute amendment tabled by the government on 12 January 2021 (which has now become the law), the data owner can in principle demand an appropriate fee for the provision of data. Also to be considered are (i) the impairment of incentives for the collection and maintenance of the data, (ii) the participation of the access seeker in the creation of the data, (iii) the question of whether secondary markets would be foreclosed by denying data access, and (iv) the potential of the data for additional and increased contributions to the value chain. In principle, the data owner's interest in denying access is likely to be weighted rather low if the data in question were generated "incidentally" as part of its normal business activities and without any major investment. Conversely, data streams generated by elaborate analysis processes will only have to be "sold dearly," if at all.
Importantly, it is irrelevant whether the data owner has thus far only used the data internally or whether it has already made the data available to third parties. In other words, it does not matter whether the data owner wants to use the data only for his own internal purposes or not. The standard thus clearly goes beyond previous access claims that might arise from the prohibition of discrimination under antitrust law, which were only possible if the data owner had already made the data in question available to third parties (and thus put them in "commercial traffic"). The legislator was probably also driven by the frequently reported discovery that 85% of all data collected by companies is not even used once (as pointed out a couple of years ago by Katrin Suder, Chairwoman of the German Federal Government's Digital Council).
According to the legislator, the new provision is primarily aimed at data access in existing contractual relationships within value chains (e.g. for IoT and aftermarkets). Conversely, the reasoning for the draft urges a cautious approach in situations where access to data is requested without palpable contributions to the value chain and without an existing contractual relationship. However, the wording does not reflect this distinction and therefore provides for a very broad scope of application. According to the reasoning, this was done deliberately in order to be able to catch new situations that are comparable in terms of the interests concerned and the economic assessment. So whether or not an access claim exists in a specific case will generally have to be assessed based on a comprehensive weighing of interests – which leaves the courts with a wide discretion for further development of the law.
In this context, it is finally important to note that Section 20(1a) ARC is, at least according to its wording, not an "anti-tech" provision either. The previous restriction in Section 20 ARC, according to which only small and medium-sized enterprises could assert (access) claims, has now been dropped. It can therefore not be ruled out that, for example, a company from Silicon Valley or the tech hubs of Israel may use the provision to enforce data access claims against, say, a German automaker...
Access to which data? And how, actually?
Another important aspect left for the legal practice to flesh out is the question of which data must be given access to.
It seems rather obvious that, generally, only access to raw data can be requested. Data that has already been processed or structured may often reflect the data owner's protected know-how – which does not have to be disclosed. However, it is unclear where the practical boundaries lie here and they will probably only be determined on a case-by-case basis. What about metadata, for example? Or data already aggregated by the data owner? And can real-time direct data access be demanded as well? The European Commission's proposal for a Digital Markets Act of 15 December 2020, provides for such a form of data access – albeit under narrowly defined circumstances – for commercial users of large online platforms which have been classified as "gatekeepers". These users may demand free access to the data generated by their activities on the platform (but not by the activities of third parties) in real time. Under the ARC’s new antitrust data access claims, on the other hand, such permanent real-time access is likely to be much more difficult to justify.
This is particularly true since, as the supplementary reasoning points out, the new regulations are not intended to undermine data protection law or the legal provisions on the protection of trade and business secrets. Antitrust access claims do not create a justification for processing personal data in a manner that would be impermissible under data protection law. Nor do they force the data owner to disclose trade and business secrets. And it should go without saying that competitively sensitive data does not have to be disclosed to a competitor either. However, to the extent that this is reasonable in the individual case, the data owner may have to disclose data after having removed trade and business secrets or personal data.
According to an infamous quote by German Chancellor Angela Merkel, not too long ago the Internet itself was "uncharted territory" as far as German politics were concerned. With the antitrust data access claims that have now entered into force, the venture into the unknown continues. The practical effectiveness of these provisions remains to be seen. As has been shown, a whole series of difficult issues will arise in their application – the crucial question of when a fee for data access (and in what amount) is appropriate being just one of them. Judging from the experience with a similar issue, i.e. the licensing of standard-essential patents on fair, reasonable and non-discriminatory terms (FRAND), which has been disputed in courts for years (and is currently perhaps more hotly debated than ever before), it seems likely that some time will pass before the new data access claims are given sharper contours in practice and specific claim types and assessment criteria will emerge. The legislator is aware of this but simply lacked a robust basis of legal precedents to shape the provisions more precisely. The development of this practice will be all the more interesting to observe.
The ball is now firmly within the practitioners’ court. We will keep you posted.