Taming Tech Giants: The Neglected Interplay Between Competition Law and Data Protection (Privacy) Law

Abstract

The debate about the economic power of large tech firms has led to the insight that due to the key role of personal data on large digital platforms competition and privacy issues are deeply intertwined. This leads also to a complex relationship between competition law and data protection (or privacy) law, and—also from an economic perspective—the need for policy-makers to take into account the interplay between both legal regimes. This article analyzes current discussions about (1) how to integrate privacy effects into traditional competition law and (2) the far-reaching reform discussions about taming the power of the large tech firms, for example, the Digital Markets Act in the European Union or the new antitrust discussion in the United States, with respect to the question whether and to what extent they take into account this interplay between competition policy and data protection (or privacy) law. It is surprising that also the second reform discussion, which directly intends to target the power of the large tech firms, does not take into account sufficiently this interplay and the ensuing need for a more collaborative approach between these policies. Therefore, the opportunities of developing a more effective joint strategy for achieving better both competition and privacy are still missed.

Keywords

competition law digital platforms data protection privacy law Digital Markets Act data collection

I. Introduction

The large tech firms with their digital platforms are transforming the entire economy and society in a deep and unprecedented way. From a competition and antitrust law perspective the huge economic power of these firms is currently in the center of policy discussions in the European Union, the United States, and many other countries.¹ Particularly important is that the market power of these firms is also deeply intertwined with the increasing threats to privacy through their vast collection and use of consumer data. This again is linked also to the additional market failure of information and behavioral problems of consumers regarding “notice and consent” solutions about their data, which is adding to their lack of control over their data.² The ensuing far-reaching control over consumer data by the large tech firms again strengthens and entrenches their economic power and control over digital markets and ecosystems. Therefore, from an economic perspective, two market failure problems, a competition problem and an information and behavioral problem of consumers, exist simultaneously with respect to the digital platforms of the large tech firms.

Already very early in the emerging discussions about Big Data, the European Data Protection Supervisor (EDPS) presciently recognized in a Preliminary Opinion in March 2014³ that the key role of digital platforms (with business models that capture the value of the vast amount of personal data of consumers that they collect as payment for “free” services) would be a challenge that is simultaneously relevant for several policies. In its report “Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy,” the EDPS did not only analyze the relevance of this problem for all these policies in the European Union, it additionally, emphasized the necessity (1) to analyze the interfaces between competition law, consumer protection, and data protection (with their “convergences and tensions”⁴) and (2) “to explore the scope of closer coordination between regulators.”⁵ The EDPS, in particular, claimed that

the lack of interaction in the development of policies on competition, consumer protection and data protection may have reduced both the effectiveness of competition rules’ enforcement and the incentive for developing services which enhance privacy and minimise potential for harm to the consumer.⁶

With this Opinion, the EDPS has developed a vision and a program for research and policy-making, which until today is highly relevant for current policy discussions about digital platforms and the economic power of large tech firms. Although there has been some discussion about a more integrative and collaborative approach between these policies,⁷ this paper claims that we are still at the beginning of understanding the interplay between these policies and of taking it properly into account in our discussions about policy-making with regard to digital platforms and personal data.

The objective of this article is to analyze current policy discussions about the relationship between competition law and data protection (or privacy) law and the economic power of the large tech firms with their digital platforms with respect to the question, whether they sufficiently take into account the interplay between both policies and the simultaneous existence of both types of market failures. The following two different current discussions can be distinguished:

(1) The first discussion refers to the question, whether and to what extent privacy aspects should also be taken into account in the application of traditional competition (or antitrust) law, for example, in merger cases. This has recently led to a broad and lively debate within the competition community about the increasingly complex relationship between competition law and data protection (or privacy) law,⁸ which has questioned the traditional approach of a strict separation of both legal regimes.⁹ Particularly important for drawing attention to this discussion was also the innovative Facebook case of the German Federal Cartel Office, in which certain privacy terms about the combination of personal data from different sources were prohibited as an abusive behavior of a dominant firm due to a violation of EU data protection law.¹⁰

(2) Parallel to this still nascent discussion within traditional competition law, an additional new and broad political debate has emerged both in Europe and the United States about the need for far-reaching reforms of competition policy, for example, through additional ex-ante regulatory solutions. This discussion has been triggered in particular by far-spread serious doubts about the suitability and effectiveness of traditional competition law for solving the new challenges by the economic power of the large tech firms.¹¹ The “Digital Markets Act” (DMA) proposal of the European Commission and various new antitrust bills in U.S. Congress are the most important of the many proposals that are currently discussed (or already enacted).¹²

This article is also based upon the results of previous research in economics that show that the claims of the EDPS about the necessity of analyzing (1) the interfaces between competition law, data protection law, and consumer law; (2) their interplay with respect to competition and privacy; and (3) the potential need for more coordination, can also be strongly supported from an economic perspective.¹³ The simultaneous existence of these two types of market failures on digital platform markets, where personal data are the key resource, can lead from an economic perspective to complex effects on both competition and privacy. Since the two market failures “market power” and “information and behavioral problems” of consumers can reinforce each other, their effects are not independent but deeply intertwined with each other. In such situations, a separate application of competition law and data protection law will lead to suboptimal results, if the interaction effects between these two market failures are not properly taken into account. In the same way also the effects of the application of competition law and data protection law on competition and privacy are not independent from each other. On digital markets, data protection law does not only have effects on privacy but can also have effects on competition, as well as, vice versa, competition law need not only have an impact on competition but can also have effects on privacy. For example, data-sharing remedies in competition law can help to protect competition but simultaneously also have negative effects on privacy. From an economic perspective, such effects of one policy on the objective of another policy can be understood as “externalities” of this policy.¹⁴ Without understanding these interaction effects and therefore the interplay between these market failure problems and policies, the application of these legal regimes can suffer from severe problems, partly in form of conflicts, but partly also in form of missing opportunities to use synergies between the policies for increasing the effectiveness of both policies, in order to achieve better both of their objectives (competition and privacy). Therefore, a more integrative and collaborative policy approach might be appropriate.

The analysis of the two above-mentioned discussions in this article, however, will come to the following results: (1) Although the discussion about considering privacy effects in traditional competition law can be seen as an important step forward for dealing with this new complex relationship with privacy law (also leading to new case groups in competition law), it still does not go far enough with respect to the interplay between both fields of the law. (2) It is surprising that also the new discussion about far-reaching reforms in competition policy with its willingness to use also new innovative approaches (like, for example, an ex-ante regulatory approach) does not address sufficiently this intertwinement of competition and privacy problems, although this reform discussion is particularly focused on the power of the large tech firms with their digital platforms. Therefore, the analysis will show that also the most recent policy discussions about dealing with the large digital platforms still do not take sufficiently into account the effects of the interplay between both legal regimes. As a consequence, the benefits from developing a more integrative and collaborative policy approach for addressing better the huge problems for competition and privacy in the current digital economy (as it was envisioned by the EDPS already in 2014) are still not realized,

This article is structured as follows: Section II offers a brief overview and analysis of the discussion within the competition community about how to include privacy effects into the application of traditional competition law. Section III analyzes the current reform discussions and policy proposals in the European Union and the United States, which try to deal with the economic power of the large tech firms with new approaches and legislative initiatives. A main focus will be laid on the DMA proposal in the European Union. The concluding Section IV will sketch the perspective of a more integrative and collaborative approach for developing better joint strategies for protecting competition and privacy in the digital economy.

II. Integration of Privacy Aspects into Traditional Competition Law: An Emerging Discussion

A. Introduction

Despite early contributions about the need for considering the collection of personal data and privacy effects in the application of competition and antitrust law,¹⁵ only recently, and also much propelled by the German Facebook case, a broader discussion has emerged about whether and how to include privacy effects in traditional competition law. The dominant view was (and to a large extent still is) that competition law should protect competition, and privacy concerns should be addressed by data protection law or consumer law.¹⁶ The latter is particularly relevant in the United States, where no general federal law for protecting data privacy exists, and therefore privacy issues have been addressed by the Federal Trade Commission (FTC) as part of consumer law.¹⁷ This approach of a strict separation between competition and data protection law has also been the dominant view in the European Union, including the European Commission, which has been very reluctant in considering privacy effects in EU competition law.¹⁸ Also the main critique of the German Facebook case was based upon the argument that dealing with privacy concerns and violations of data protection law is beyond the scope of competition law.¹⁹

In the recent discussions, however, it is increasingly acknowledged that the relationship between competition law and data protection (or privacy) law is much more complex, especially on digital markets, where personal data play a key role in many business models. In the meantime, a number of new interdependencies between competition law and data protection law have been identified, in which certain behavior of firms, particularly data-collecting practices, might be relevant both from a competition law and data protection law perspective. There are also increasingly discussions about potential conflicts between competition law and data protection law, for example, with respect to data access and data-sharing remedies in competition law²⁰ or privacy-enhancing behavior of platforms that impedes access of competitors to personal data with potentially anticompetitive effects.²¹ Vice versa, also potential synergies between both legal regimes are discussed, if, for example, privacy laws create effective rights for data portability that reduce lock-ins and facilitate switching between platforms and ecosystems.²² Important are also the discussions about the question whether stricter data protection laws (as EU data protection law with its opt-in consent) might have negative effects on competition.²³

B. Considering Privacy in Traditional Competition Law

Against the background of these discussions, a more integrative approach has been tried to develop within traditional competition law that focuses on the question whether and how data protection and privacy effects should be directly considered. The recent reports of the Organisation for Economic Co-operation and Development (OECD; 2020) and Douglas (2021) provide comprehensive analyses of this world-wide debate among competition scholars and the already existing cases and policy papers of competition authorities about this issue.²⁴ It is very important that this discussion is focused nearly entirely on the question how privacy effects can be considered within (the logic of) traditional competition law. It is therefore separate from the discussion in Section III, in which we focus on the new approaches (like ex-ante regulation) that also can go beyond traditional competition law and its well-established assessment concepts. This implies that the question has to be answered how the collection of personal data and privacy effects can be included into the well-established traditional approach of competition assessment with its economics based approach that is focused mainly on the effects on consumer welfare.

Both from a legal and economic perspective, it is not difficult to argue that competition law can and should also consider negative effects on privacy, if these effects can be interpreted as negative effects on consumer welfare (in a similar way as higher prices or lower quality). Therefore, data-collecting practices with their potential negative privacy effects were seen as a part of the non-price parameter “quality” of a product or service. This also allows to focus the analysis on the question whether a merger or a unilateral business practice would have negative effects on competition with this non-price parameter. In the meantime, the “privacy as quality” theory is the most accepted approach how to consider privacy effects in competition cases.²⁵ This is one way how at least certain privacy effects can be integrated into a traditional competition law assessment. In the following, a brief overview will be given about the more specific discussion regarding mergers, unilateral conduct, and agreements.

In the application of competition law, personal data and privacy effects have played a role so far mostly in merger cases (e.g. Google/Doubleclick, Facebook/WhatsApp, Microsoft/LinkedIn, and, most recently, Google/Fitbit).²⁶ Based upon the “privacy as quality” theory, both the EU Commission and the U.S. antitrust authorities have focused their analyses primarily on the question whether the merger would have negative effects on privacy as a parameter of competition. This, however, presupposes that privacy-related competition exists before the merger, which then is an issue that has to be assessed. One of the problems of this approach is that due to the second market failure “information and behavioral problems” of consumers, which hampers significantly the capabilities of consumers to assess and compare different data collection practices and privacy terms, competition with the parameter privacy might not work well or does not exist.²⁷ Overall, the agencies rarely found negative effects of mergers on privacy-related competition.

What is mostly rejected in this discussion is the consideration of not competition-related effects of mergers on privacy (so-called “pure” privacy harms), because this might lead to a dilution and confusion of antitrust law doctrine, and, therefore, those effects should be dealt with by privacy laws.²⁸ This specific theory about limiting also the consideration of privacy effects in competition law is, however, not a very consistent position. If a merger does lead to privacy harms, for example, additional risks for consumers, which can be interpreted economically as consumer harm, then it would be entirely compatible with the consumer welfare standard, if a competition authority would take them into account in its merger assessment.²⁹

Much easier to fit into traditional competition law assessments are merger cases, in which either the combination of data (which also can be personal data) lead to competitive advantages that create barriers to entry (or impede the expansion) of competitors or to an exclusive control over certain sets of data (foreclosure effects).³⁰ In these cases, direct data-related effects on competition can be identified, which consider personal data but do not directly focus on privacy effects. However, these cases are also interesting from a privacy perspective, because the prohibition of a merger due to its anticompetitive effects of data-collecting practices might also lead to positive privacy effects.³¹

Raising barriers to entry and foreclosing competitors can also be important theories of harm in cases of unilateral behavior of firms with market dominance (or monopolization cases) with respect to personal data. Exclusionary strategies that make it harder for competitors to collect personal data, for example, through exclusivity agreements, tying or bundling strategies, or denying access to “essential” data, can be an exclusionary abuse of a dominant firm in EU competition law. Whereas these theories about data-related practices fit well into traditional competition law, because they focus on the effects on competition,³² the case group of exploitative abusive behavior of dominant firms is much more controversially discussed. While a part of competition law regimes address exploitative behavior in their competition laws (as the European Union, Germany, and others), many others (like U.S. antitrust policy) do not. Theoretically, it is possible that privacy harms through excessive collection and use of personal data can be addressed as an exploitative abuse of dominant firms under EU competition law, although so far no such cases exist.³³ Similar to exploitative price abuse cases, the problem of a proper benchmark for its abusive character arises also with regard to data-collection and privacy.

In these analyses about integrating privacy in traditional competition law the German Facebook case is usually getting a prominent place, although it is seen as an outlier that goes far beyond this discussion. On one hand, this case fits into this discussion, because the German Federal Cartel Office (FCO) used the rules about the control of abusive behavior in traditional German competition law. On the other hand, the FCO focused primarily on such an exploitative (instead of exclusionary) abuse, which is rarely used in EU or German competition law. However, more important and innovative is the FCO’s use of the violation of EU data protection law as the crucial criterion for assessing Facebook’s behavior as abusive. With this controversial step, the FCO directly linked the application of competition law with EU data protection law,³⁴ and it required an additional consent for the combination of personal data as remedy in a competition case. The main argument of the FCO is that the users of the Facebook social media platform services do not have sufficient choice for ensuring that their “consent” can be seen as given “voluntarily.”³⁵ The legal proceedings about this case are ongoing. It was, however, very important that in an interim decision, the German Federal Court of Justice has strongly supported the FCO’s decision, albeit with a different reasoning. Instead of using a violation of EU data protection law as criterion for the abusive character, it argued that not giving this choice of an additional consent to the data combination would violate the constitutionally protected “basic value” of informational self-determination of the German citizens.³⁶ With this innovative approach, the FCO (and the Federal Court of Justice) has opened up the perspective that competition law can use the rules about abusive behavior of dominant firms also for protecting a minimum standard of choice for consumers vis-à-vis dominant firms like Facebook with regard to the collection and use of their personal data.³⁷

C. A Critical Assessment

How can we assess this discussion about integrating privacy and data protection into traditional competition law?

It is a big step forward for regarding the consideration of privacy effects in competition law, which also has led, and will do so much more in the future, to new case groups, which will be a part of the regular application of competition law by competition authorities. It will, however, be necessary, to develop for privacy effects also more specific concepts, methods, and theories of harm for assessing them in competition cases (as this has been done for price effects).³⁸

What is missing, however, is to take into account also a “realistic” notion of the effects of data protection (or privacy) law. One of the big problems of EU data protection law is its underenforcement, especially regarding the large tech firms.³⁹ Therefore, it was one of the mistakes of the European Commission to assume in its assessment of privacy and competition effects erroneously that data protection law would be capable of solving certain problems.⁴⁰ Defects in the effectiveness of data protection law is one of the interaction effects that should not be ignored in the application of competition law.

Although the second market failure, that is, the information and behavioral problems of the consumers regarding their data on digital markets, is regularly mentioned in this discussion as an additional problem,⁴¹ this problem remains on the sidelines despite its crucial role for the collection of personal data as a key resource in competition. Also here the danger emerges that it is viewed as a problem that should be solved by another policy, and can therefore be ignored in competition law (even if consumer or privacy law does not solve it).

For taking into account the interplay between competition law and data protection (or privacy) law, it is a big problem that this is still primarily a discussion only among competition scholars, in which privacy scholars and data protection authorities are not participating. This also leads to large uncertainties about how to deal with conflicts between competition and privacy. However, in this discussion, the awareness has increased about the importance of more dialogue and collaboration between competition law and data protection law (as well as consumer law) and their respective enforcement agencies.⁴²

Traditional competition law should perhaps be also much more open about using reasonings of exploitative abuse with respect to the collection of personal data by large tech firms, and not cling too closely to a (perhaps also too narrowly defined) concept of competition-related privacy effects. Both the German Facebook case with its focus on exploitative abuse and the recent rise of “fairness” (and therefore distributional concerns through power asymmetries) support a development in this direction. This, however, already leads to the new reform discussions in the following Section III.

III. New Approaches for Dealing with the Economic Power of the Large Tech Firms

A. Reform Discussion: The Reports

Whereas the discussion about integrating privacy in traditional competition law is a still emerging debate within a small group of competition scholars, the current discussion about new and partly fundamental reforms in competition policy for addressing the huge challenges of the large tech firms is in the center of the academic and public debates and the legislators in the European Union, the United States, and many other countries. It is still surprising how fast the majority opinion at the academic and political level has evolved from being (1) very cautious about policy interventions to (2) the insight that we have a big problem, and (3) that traditional competition (or antitrust) law might not be sufficient for solving this problem. As a consequence, a wide-spread opinion has emerged that (4) entirely new approaches can be necessary that also might have to break with well-established concepts of traditional competition law and economics. The large number of reports about the power of digital platforms, which have been published in the brief period between 2018 and 2020, have played a key role in this development.⁴³

This debate has led in the European Union to the currently discussed “DMA” (with its new ex-ante regulatory approach), the various proposals for new antitrust bills in U.S. Congress, and other far-reaching legislative proposals in other countries. The objective of this section is to analyze, whether and to what extent this policy debate and these proposals take into account also the problems of privacy and data protection that arise through the economic power of the large tech firms, and the interplay with data protection (and privacy) law.

All of these reports clearly emphasize the importance of the collection and use of huge amounts of personal data of consumers for the business models of large digital firms with their platforms and ecosystems. This refers not only to their use for targeted advertising (as the main source of profits in the business models of Google and Facebook) but also to the manifold other ways how comprehensive consumer profiles can be used in many different markets. All the reports agree that the main problem is the concentration tendencies through the economic characteristics of digital platforms with their large economies of scale and direct and indirect network effects. However, also the control over huge amounts of personal data through the large tech firms is seen as a key factor for the economic power of these firms, especially through raising barriers to entry and the manifold strategic options for using these data to leverage their market power into other markets. Therefore, the main focus in these reports was on the impact of this data collection on entrenching the market power of the large digital platforms, and, thus, on the effects on competition.

The effects of this economic power of large tech firms on the privacy (and informational self-determination) of consumers, for example, also with respect to excessive collection of personal data by the large digital platforms, was not part of these investigations and analyses. Also the lack of control of consumers over their data, especially through information and behavioral problems, has not been in the center of these reports, although they are often mentioned as an important additional problem. Therefore, neither the privacy problem nor the information and behavioral market failure problem have been targeted by these reports and the proposed policy solutions.⁴⁴ It is, however, interesting that in some of these reports, and in the ensuing more general discussion “fairness” considerations, and therefore distributional aspects have gotten more and more attention also for dealing with the power of the large digital platforms.⁴⁵

B. The Discussion in Europe: Digital Markets Act

1. Introduction

With regard to the economic power of the large tech firms, the policy proposal of the Furman report turned out to have been the most influential. It claimed that traditional EU competition law with its ex-post control of abusive behavior of dominant firms (Art. 102 TFEU) is too slow and not effective enough. It therefore recommended to introduce an ex-ante regulatory approach with an additional set of rules for this small group of firms (which were seen as having “strategic market status”).⁴⁶ This concept has been picked up very fast in Germany, and led to the much discussed section 19a in the recent amendment of German competition law.⁴⁷ Also, the planned “pro-competition regime for digital markets” in the United Kingdom is based upon the Furman proposal.⁴⁸

Most important, however, is that after long deliberations, this idea of an additional ex-ante regulatory approach was also used by the European Commission for its DMA proposal (published in December 2020). According to this DMA proposal, the EU legislator would subject gatekeepers that provide core platform services to overall eighteen (self-executing) obligations regarding their conduct. The decisive idea is that these gatekeepers have to comply directly with these “per se” rules without the need for investigations and decisions of the Commission. The hope is that such an approach can lead to a fast and effective enforcement of the obligations.⁴⁹ To what extent is the collection of personal data and the protection of privacy part of the DMA discussion? Does the DMA intend to protect also the privacy of the end users of the core platform services provided by the gatekeepers?

2. Analysis of Data Protection and Consumer Protection Issues in the DMA

Both the Commission and the broad majority of commentators view the DMA as a new regulatory instrument for solving competition problems regarding digital platform services and for protecting primarily business users of these platforms against unfair practices of the gatekeepers. Such a competition-oriented view, however, is not entirely consistent with the two objectives “contestability” and “fairness” of the DMA, and the explicit statement that the DMA pursues different legal interests than traditional EU competition law based upon Art. 101 and Art. 102 Treaty on the Functioning of the European Union (TFEU).⁵⁰ “Contestability” does not lead to the same assessment criteria than the well-established approach in traditional competition law to assess the effects on consumer welfare,⁵¹ and “fairness” is an open and multi-faceted concept, which so far has played only a very minor role in the practical application of EU competition law.⁵² The rejection of consumer welfare effects based justifications and of using the traditional concepts of market definition, market power, and market dominance in the DMA strongly suggests that the DMA has distanced itself to a large extent from traditional competition law and economics, albeit without providing a clear new approach how to assess whether certain conduct is effectively complying with the planned new obligations.⁵³ Therefore, the DMA differs significantly from competition law and also wants “more” than competition, but what this “more” is and how to operationalize it, is still unclear and open for debate.⁵⁴

How does “privacy” and “data protection” fit into the DMA and its discussion? Most important is that the collection of personal data and privacy effects of practices of digital platforms did not play any significant role in the discussion before the publication of the DMA proposal, and only a small role afterwards in the broad debate about the proposal.⁵⁵ This is the case despite the surprising emergence of the remedy of the German Facebook case as a new general obligation for all gatekeepers in Art. 5(a) DMA. This article obliges all gatekeepers to provide the end users of their core platform services with an additional choice for “consent,” if the gatekeepers want to combine personal data that they have collected from different sources. The basic idea, like in the German Facebook case, is that the end users (i.e. the consumers) can use the core platform services without having to agree to such a combination of personal data. Therefore, Art. 5(a) is the most interesting obligation from a privacy and data protection perspective.⁵⁶ However, the concomitant recital 36 in the DMA proposal states very clearly that this obligation for an additional consent intends to support contestability by reducing the data advantages of the gatekeepers through such data combinations.⁵⁷ In contrast to the German Facebook case, in which this additional consent is seen as a remedy against exploitative abusive behavior (and a violation of informational self-determination of the end users), the DMA only emphasizes the potential positive effects on competition (through reducing exclusionary effects of data combination).⁵⁸ The DMA proposal, however, does not suggest that having no choice regarding such a data combination might be an unfair behavior of the gatekeepers vis-à-vis the end users, and should therefore be prohibited (in order to protect their privacy and against excessive collection and use of their personal data).

Initially, the DMA proposal of the Commission has not intended to address the market failure of information and behavioral problems that consumers have vis-à-vis digital platforms. However, this problem has gotten much attention in the ensuing discussion about Art. 5(a). Very serious concerns were raised whether the consumers will have the same problems with this additional consent in Art. 5(a) as in many other situations, where they are overwhelmed by “notice and consent” solutions regarding their data, and are not capable of making decisions according to their privacy preferences. There are particularly large concerns that the gatekeepers can nudge the consumers to give consent for the data combination, also through behavioral manipulation (e.g. “dark patterns”). With these concerns, the issue of the market failure of information and behavioral problems and the lack of control of consumers over their personal data has slipped from the sidelines into the discussion about the DMA.⁵⁹ A broad range of proposals for solving this specific market failure problem in Art. 5(a) has emerged, and—based upon the current state of the legislative discussion—additional provisions for solving it can be expected in the final version of Art. 5(a) DMA.⁶⁰

It is, however, very unclear whether the obligation of offering an additional choice to the consumers is an effective remedy for protecting contestability and competition. If many consumers still give their consent (either because they really want to do it or are nudged into it), then the data advantages of the gatekeepers will not be reduced enough for mitigating the problems for competition. Then the entire competition rationale for Art. 5(a) breaks down, and it can only be defended by interpreting it as an obligation that wants to protect directly the end users against the economic power of the gatekeepers.⁶¹ Another (also discussed) option is the direct prohibition in Art. 5(a) of the combination of personal data from different sources without giving the gatekeepers the option to get consent for the data combination from the consumers.⁶² If the Commission has the main objective of solving the competition problem, then this classical competition remedy would be much more effective than the typical privacy remedy of requiring an additional choice for consent.

This brief analysis already shows some of the difficulties and the confusion that the Commission has produced by trying to integrate the remedy of the Facebook case in the DMA, while simultaneously insisting on a pure competition rationale, instead of acknowledging the objective of a direct protection of the choice of the end users against the economic power of the gatekeepers. Interpreting Art. 5(a) directly as an obligation that helps to protect informational self-determination and privacy protection, also by helping to solve the market failure of information and behavioral problems with this additional choice, is a much more logical and consequent rationale for this obligation, and would lead to a strengthening of the protection of personal data and privacy in the “DMA.”⁶³

Similar problems regarding the protection of choice also emerge in other obligations in the DMA. Several obligations protect the freedom of choice for business and/or end users against different kinds of tying and bundling practices, for example, also with respect to offering or using other services, uninstalling software or using third-party apps, or not imposing technical restrictions that impede switching and multi-homing of end users.⁶⁴ From a competition rationale, the protection of this freedom of choice of business and consumers can limit the use of tying practices for leveraging market power, can enable more switching and multi-homing, and helps to open the markets for new business opportunities for independent service providers. However, here the same two problems arise: (1) Also these choices of business and end users have to be protected against the market failure of information and behavioral problems, that is, the gatekeepers should not be allowed to mislead these users or nudge them through behavioral manipulation into accepting the tying of services or into not uninstalling pre-installed software and so on. In the discussion about the DMA, amendments were proposed that prohibit directly behavioral manipulation (e.g. through “dark patterns”) for all of these obligations as part of the anti-circumvention rules in the DMA.⁶⁵ (2) Should the protection of the freedom of choice in these obligations of the DMA only be seen as instrument for supporting contestability and enabling more competition, or should it be interpreted as instruments that also directly protect the choice of business and end users against unfair practices of the gatekeepers? In the latter case, the DMA with its “fairness” objective would also help to strengthen “consumer empowerment” and “consumer choice” and contribute to consumer protection.⁶⁶

The same questions can also be asked about the data portability right of end users in Art. 6(1)h DMA vis-à-vis gatekeepers with respect to data that the end users have generated on these platforms. This right goes far beyond the data portability right of Art. 20 General Data Protection Regulation (GDPR), because it refers also to aggregated data, and should enable also an effective continuous and real-time portability of these data.⁶⁷ Is this strengthening of the data portability right of end users only an instrument for facilitating switching and therefore competition, or is it also a provision for strengthening data protection and consumer choice? All these questions lead to the discussion, whether and to what extent the DMA also protects and empowers directly the consumers, which could be derived from the “fairness” objective of the DMA. Since the text of the DMA is unclear and inconsistent with respect whether primarily business users should be protected or also end users, amendment proposals, particularly from the European Parliament, try to strengthen also the protection of end users.

Not addressed in the DMA and its discussion, however, is the question, whether the DMA should also protect consumers against the excessive collection of personal data. It should be kept in mind that the already discussed Art. 5(a) against the combination of personal data without choice was derived from the German Facebook case with its exploitative abuse reasoning. This, however, only refers to the combination of collected data but not to the question, whether an excessive collection of personal data through core platform services of gatekeepers itself might be exploitative and unfair. Therefore, the question of exploitative abuse through excessive collection of personal data is not addressed in the DMA.⁶⁸ Also with regard to the choice that end users have about their personal data, the question can be asked, whether only having a choice regarding the combination of data (as in Art. 5(a) DMA) is enough, or whether more far-reaching options for choice should be granted to the end users of core platform services of gatekeepers (e.g. an option for using the service with a monetary payment without the need to provide personal data).⁶⁹

3. Conclusions

What does this imply for our research question? Both the Commission and the majority of commentators want to interpret the DMA proposal as a primarily competition-oriented regulatory approach, which through its ex-ante per-se rule regime should make enforcement much more effective and faster than the traditional ex-post control of abusive behavior of dominant firms (Art. 102 TFEU).⁷⁰ The DMA, however, is not seen as a regulatory approach that also should help to strengthen data protection and consumer protection vis-à-vis the economic power of these gatekeepers.⁷¹

The ensuing discussion (also in the European Parliament) and the analysis above, however, show that the DMA is much more complex. Not only the inclusion of the remedy of the German Facebook case as a general obligation for all gatekeepers has raised difficult questions about the relationship to data protection law and privacy, but also the data portability right of Art. 6(1)h and the protection of choice for end users in other obligations, as well as the ensuing necessity for introducing typical consumer policy rules for dealing with the market failure of information and behavioral problems on digital markets, show that the issues of data protection and consumer protection have slipped into the DMA, and cannot be avoided when dealing with the economic power of large digital platforms. Therefore, in the practical implementation of the DMA, the Commission will have to deal with data protection and privacy issues as well as with typical consumer policy problems like, for example, behavioral manipulation (“dark patterns”). In the initial proposal of the Commission, however, no provisions can be found that would support the dialogue and collaboration with data protection authorities or consumer protection agencies.⁷² It is very unclear, how the Commission will deal with these problems.⁷³

Although the DMA wants to target with its gatekeeper regulation the large tech firms with their digital platforms, it does not take into account the intertwinement between competition and privacy problems, the implications of the simultaneous existence of the two market failure problems, and the interplay between competition-oriented rules and data protection and consumer protection rules. It is a bit surprising that in the discussion about integrating privacy effects into traditional competition law (Section II), there is more awareness of the need for dialogue and a collaborative approach with data protection (and privacy) law than in the discussion about the ex-ante regulatory approach of the “DMA” in the European Union.

Therefore, it can be asked in a much more fundamental way whether the DMA as a regulatory approach that is targeting the economic power of the large tech firms should take into account much more explicitly also the objectives of data protection and consumer protection (e.g. through its objective of “fairness” of the gatekeepers vis-à-vis the end users). This would also allow a more explicit focus on the second-market failure of information and behavioral problems of consumers. Such an alternative vision of the DMA would allow to impose on gatekeepers not only an additional set of stricter rules for protecting contestability and competition but also stricter rules for data (and privacy) protection and consumer protection. The basic rationale of such a much broader “asymmetric regulation” of gatekeepers would be that through the huge power of these firms and the large dependence of the consumers on their core platform services, the potential harm for the end users can be much larger with respect to privacy, for example, also through information asymmetry and behavioral manipulation, than from other firms.⁷⁴ Such a broader regulatory approach could combine stricter rules for competition, data protection, and consumer protection in a much more sophisticated way for a more targeted and effective policy approach regarding those gatekeepers, or more generally, the large tech firms.⁷⁵

C. The Discussion in the United States

The debate about new far-reaching reforms of U.S. antitrust policy is very different from the discussion in other countries. Whereas in Europe, the specific characteristics of digital platforms are seen as the main cause of the ineffectiveness of traditional competition law, the current debate in the United States about the large tech firms is intermingled with (and only a part of) a much broader and fundamental discussion about the political and economic foundations of U.S. antitrust law. The “New Brandeisians” challenge the entire application of antitrust law of the last decades with its orientation on basic tenets of the Chicago school and the dominance of consumer welfare and economic efficiency in antitrust law.⁷⁶ Whereas many U.S. competition economists see a problem of underenforcement in U.S. antitrust law due to a too strong clinging of conservative U.S. courts to old Chicago positions, which do not reflect anymore the state of current economic research,⁷⁷ the “new progressives” in the antitrust discussion demand a “reinvigoration” of U.S. antitrust law by going back to its political roots as a law for limiting the economic and political power of big corporations.⁷⁸ Both the “New Brandeisians” and, at the political level, the Democratic Party see the problems of antitrust policy and its need for reform in a broader political context than the narrow focus on the consumer welfare standard as it is defended by the U.S. antitrust establishment. Despite their vehement critique of the consumer welfare standard, it has been claimed that most of the proposals of the “New Brandeisians” would still be compatible with a consumer welfare standard, although some of them go beyond that and focus on other public interests and political goals (like inequality, effects on wages and jobs, and others).⁷⁹ Privacy can be one of them but does so far not seem to be in the main focus of this new approach.

Beyond this very fundamental debate about antitrust policy, the specific discussion about the problems caused by the economic power of the large tech firms is, however, very close to the international discussion. Many questions that have emerged in Europe and elsewhere about self-preferencing, tying and bundling, and leveraging of market power to adjacent markets are similarly discussed.⁸⁰ Due to the greater role of courts in U.S. antitrust law and much skepticism whether current antitrust law can successfully deal with the problems, even if a more active policy is pursued by the U.S. competition authorities, the discussion focuses also much on new legislative initiatives in U.S. Congress.⁸¹ Partly with and without bipartisan support, a considerable number of different U.S. antitrust bills have been proposed in both Houses of Congress, which address a broad range of issues, and, partly, also the specific problems regarding the large tech firms. In contrast to Europe, the legislative process is still in its infancy, and it seems very open, which of these bills have a chance to be enacted. Before attempting to make a brief assessment whether these antitrust bills also take into account the collection and use of consumer data and privacy effects, it might be helpful to summarize the current state of data privacy law in the United States, which is very different from the human rights based approach of the GDPR in the European Union.

Although in the United States, no general federal data privacy law exists, for a long time sector-specific privacy regulation (e.g. for financial and health data) that deals with specific privacy harms has played an important role, and the states have started to enact general privacy laws (e.g. California with an approach that has some similarities with the GDPR in the European Union).⁸² Most important, however, is that with the emergence of the Internet the FTC has developed, within its mandate as consumer protection authority, an own “new common law of privacy,” and has therefore become the “de facto federal data regulator” in the United States.⁸³ The FTC uses section 5 of the FTC Act, which empowers it “to prevent unfair and deceptive acts or practices in the marketplace.”⁸⁴ This de facto privacy law that the FTC has developed in the last twenty-five years is therefore part of consumer policy. Since the FTC has used mainly the “deception” branch of section 5 FTC Act (and less the “unfairness” branch), it is very closely linked from an economic perspective to the solution of information and behavioral problems of consumers regarding their data. Therefore, the FTC policy can be directly relevant for dealing with the economic power of the large tech firms. Although the FTC was active in developing policies against deceptive and unfair practices of data collection, there is, however, much critique that the FTC has relied too much on recommendations and self-regulation, and also did not enough to monitor and police the consent decrees that have been issued after investigations against Facebook and Google.⁸⁵ Not only through the limitations of this FTC approach but also due to other reasons, in particular, the danger of an increasing fragmentation of privacy law in the United States through too many problem-specific privacy regulations and new state privacy laws, the issue of introducing a general federal privacy law is on the political agenda for some time.⁸⁶

To what extent do the current proposals for new antitrust bills in U.S. congress consider the collection of consumer data and privacy concerns? A part of the proposals in the U.S. antitrust bills does not address specifically the problems of the economic power of large tech firms and their digital platforms but attempts to fix what is seen as have gone wrong generally with antitrust law in the last decades, and led to the alleged underenforcement. This is particularly true for the “Competition and Antitrust Law Enforcement Reform Act” of Sen. Klobuchar,⁸⁷ which focuses on facilitating merger control (e.g. through shifting burden of proof) and prohibiting exclusionary conduct of dominant firms; it would overturn several landmark decisions of the Supreme Court, and increase the resources of the FTC and Department of Justice (DOJ). Other bills address directly specific problems of digital platforms with some similarities to the DMA proposal: The “American Choice and Innovation Online Act”⁸⁸ entails three general and ten specific nondiscrimination requirements regarding the conduct of digital platforms, and the “Augmenting Compatibility and Competition by Enabling Switching (ACCESS) Act”⁸⁹ focuses on data portability and interoperability. Taken together, these two bills cover many of those types of behavior, which are addressed by the eighteen obligations of the DMA.⁹⁰ One of the very few behaviors that are clearly not covered by these two U.S. bills is the combination of consumer data, that is, there is no equivalent to the obligation of Art. 5(a) DMA (discussed earlier in Section 2).⁹¹ Other U.S. antitrust bills address the much discussed issue of the acquisition of firms by the large tech firms.⁹² Some of these U.S. bills would allow also (much faster and easier than the DMA) structural remedies, or directly ban a platform operator to own or control another line of business (“Ending Platform Monopolies Act”).⁹³ The bills that address digital platforms are partly very far-reaching proposals, which can be expected to get discussed also very critically.⁹⁴ This brief analysis, however, shows that the collection of consumer data by digital platforms and privacy concerns do not seem to be one of the problems that is intended to be addressed by these U.S. antitrust bills.⁹⁵

In contrast to the European Union, where in this discussion a broad consensus still exists that data protection problems can be solved sufficiently through the existing GDPR and, therefore, reforms of EU data protection law are not on the political agenda, the already existing discussion about the need for a federal privacy law has led to a number of new privacy bills that were proposed in U.S. Congress. They partly also try to address directly privacy and data protection problems with regard to the large digital platforms. Particularly interesting might be the “Consumer Online Privacy Act,” “User Data Protection Act,” “Social Media Privacy Protection and Consumer Rights Act,” and the “Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act,” and the “Information Transparency & Personal Data Control Act.” Detailed analyses of these proposals are still lacking. As a European economist and competition scholar, I do not feel competent to analyze these privacy bills with respect to their potential relevance and contribution to the solution of the privacy problems of consumers in the United States, particularly with respect to the large digital platforms. It is, however, possible to raise some questions about this privacy bill discussion from the research perspective of this article, that is, with regard to the interplay between antitrust policy and privacy policy with respect to the economic power of the large digital platforms.

In addition to the most apparent question whether these privacy bills will help the consumers to make better decisions about their data and to protect their privacy, it would be particularly interesting to also ask about the effects of these bills on the economic power of the large tech firms with regard to competition, especially with regard to their control over consumer data. Or to put it differently, can these privacy bills also have positive effects on competition, for example, by limiting the data power of the large digital platforms, or might these privacy bills even lead to negative effects on competition, as it also has been claimed for EU data protection law?⁹⁶ What would be the impact of these privacy bills on the already much discussed conflicts between competition and privacy in the application of current antitrust law, for example, regarding privacy as a justification for a behavior that limits data-collection of other firms and, therefore, might also have anticompetitive effects?⁹⁷ Most interesting would also be the following question: What are the effects of the combination of the currently proposed antitrust bills and these new privacy bills on competition and privacy, particularly with respect to the economic power of the large tech firms? This is related to the question, whether both discussions are directly linked with each other, and whether the interplay between both policies does play a role in the current legislative debate. If the competition and privacy problems regarding the large digital platforms are intertwined with each other, as it was claimed in the introduction of this article, then it is particularly interesting to ask, which combination of new antitrust bills and new privacy bills might lead to a better achievement of the objectives of both policies. This refers to the question of synergy effects between both types of policies, and the idea of a coordinated approach of dealing with the economic power of large tech firms.

It is not possible to analyze the current antitrust and privacy policy discussions with respect to these questions here. Overall, it seems that these two policy discussions in the United States are still very separated, despite the fact that both policy discussions also partly focus on the large digital platforms. However, the recent discussions and the institutional preconditions in the United States might also offer interesting perspectives for a better consideration of the interplay between both policies. First, the current openness of the privacy law discussion in the United States can offer opportunities for taking this issue more into account. Second, despite all serious concerns about the antitrust approach of the “New Brandeisians,” their approach of broadening the discussion of the effects of (the behavior) the large tech firms also on the objectives of other policies, as, for example, the privacy of consumers, might make it easier to overcome the often narrow focus of the traditional policy silos and help to develop a more integrative and collaborative approach between these two policies. One interesting starting-point for such a broader approach might be, third, the institutional structure of the FTC, which already for a very long time has mandates for enforcing both consumer law and antitrust law. Through additional privacy bills, it also could get a separate additional mandate as a privacy regulator with more far-reaching powers. Such a combination of powers for enforcing antitrust, consumer and privacy law in one agency would offer—at least theoretically—the chance of better taking into account the interplay between these policies, and the exploitation of synergies between these policies, also with respect to the large digital platforms.⁹⁸

IV. Toward a More Integrative and Collaborative Policy Approach

The digitization of the economy—with the emergence of digital platforms and the key role of personal data for their business models—has led to the need of a deep change of the relationship between competition law and data protection (or privacy) law: As competition and privacy are getting deeply intertwined with each other on digital markets, so are also competition law and data protection law; and the old approach of a strict separation of both legal regimes does not work anymore in the digital economy. There is an increasing insight that the new problems through the economic power of the large tech firms with respect to competition, consumer protection, and privacy cannot be solved independently from each other but that a more coordinated strategy for these policies is necessary that takes into account the interplay of the different market failures and the effects of these policies. No single policy can solve the problems alone.⁹⁹ This was the early insight of the European Data Protection Supervisor about the implications of digital platforms and Big Data in 2014. This article tried to show that despite a lot of progress in our policy discussions in the last years, we are still far away of taking this insight into the importance of this interplay between these policies sufficiently into account.

In Section II, we have seen that, recently, a lively discussion has emerged within the competition community about how privacy effects can and should be taken into account in the application of traditional competition and antitrust law. New case groups have emerged, particularly also about potential conflicts between competition law and data protection (and privacy), and a number of open issues (e.g. also with respect to new methods) are discussed. Despite these important steps forward, this discussion has so far not sufficiently included the question what the effects of the combination of competition law and data protection law are on “both the effectiveness of competition rules’ enforcement and the incentive for developing services which enhance privacy and minimise potential for harm to the consumer.”¹⁰⁰ This discussion so far also does not focus enough on the question, how both legal regimes should evolve and be applied to deal better with conflicts and the potential synergy effects for achieving better both competition and the protection of the privacy of consumers, for example, by a more effective control over their personal data.

From that perspective, the broad and open reform discussion has to be welcomed, which has started in competition policy and triggered the development of entirely new policy approaches on how to address the economic power of the large tech firms. The analysis in Section III, however, has shown that also this reform discussion (despite its openness to go also beyond traditional concepts in competition law) has not analyzed sufficiently the effects of the interplay between competition law and data protection law on digital markets and the economic power of digital platforms. For example, the DMA proposal (despite its innovative ex-ante regulatory per-se rule approach) is still primarily seen as a pure competition policy instrument that does not intend to also address the negative effects of the economic power of the large tech firms on data protection and consumer protection. The DMA is still in danger of remaining stuck within the policy silo of competition policy, although our analysis in Section III. C has shown that dealing with data protection and consumer protection problems cannot be avoided in its practical implementation. In the United States, the policy discussions about antitrust and privacy regarding the large tech firms are, on one hand, much more open (i.e. offering also more opportunities); on the other hand, it is also much more unclear, if any of these many antitrust and privacy legislative projects will be enacted and implemented. However, both in the European Union and the United States, the broad reform discussions have not led to a stronger consideration of the interplay between these policies. As a consequence, policy-making still suffers from “the lack of interaction in the development of policies on competition, consumer protection and data protection.”¹⁰¹

What can be done for achieving a more integrative and collaborative policy approach? In Europe, there is some discussion among a small group of lawyers about a more holistic and collaborative approach between competition law, data protection law, and consumer law. This has also led to the initiative of the so-called “Digital Clearinghouse.”¹⁰² This development for more exchange and collaboration is, however, still in its infancy, and interagency co-operation between competition authorities and data protection authorities (or privacy regulators) is still very rare.¹⁰³ In the following, I briefly want to structure and sketch the tasks that should be worked on for making better progress with regard to such a more integrative and collaborative approach¹⁰⁴:

It is necessary to have much more research about the interplay between competition law, data protection law, and consumer law with regard to the effects of these policies on the competition and privacy problems in digital markets. This requires more legal analysis, but what is particularly missing is research about the effects (!) of the combination of these different legal regimes on competition and privacy. In that respect, from an economic perspective also the effects of the combination of these two types of market failures are important. However, also a normative discussion is necessary, for example, with respect to the role of the human rights based aspects of data protection and privacy. Based upon these analyses, it can be asked, with what combinations of policies these problems can be solved best, and what might be an appropriate “division of labor” between these policies, and to what extent collaboration is necessary. This requires an interdisciplinary cooperation between legal, economic, and tech experts but also a cooperation between the experts of these different fields of the law. Such a “multi-disciplinary” approach is necessary for coming to a common understanding of the problems that have to be solved, and how each of these policies can contribute to their solution.

Based upon these insights, it can be asked at the level of policy-making and legislation (or the legal interpretation of existing laws), whether and how these laws (or their interpretation) have to be changed and adapted for their better alignment with respect to solving these common problems. This would allow to deal better with emerging conflicts and so far unused opportunities to help each other achieving their objectives (synergies). The current reform discussion about competition (and antitrust) law shows that this can also include the (perhaps also painful) insight that existing legal regimes might not be suitable any more, and therefore major reforms are necessary for dealing better with these new challenges in the digital economy. It cannot be excluded that such critical discussions about the need of major reforms are also necessary with respect to data protection (or privacy) law. Another important option is to solve these problems through sector-specific legislation, which might allow to implement a well-targeted problem-specific regulatory regime with an effective combination of specific competition, data protection, and consumer protection rules and remedies.

The last group of tasks focuses on the level of the application of existing laws and refers to various forms of collaboration between the enforcement authorities of these different policies. Potential tasks refer to the solution of specific problems as conflicts, for example, regarding privacy problems through data sharing remedies in competition law, or how to deal with anticompetitive effects of allegedly privacy-enhancing practices of large tech firms. Inter-agency cooperation could also imply joint work on guidelines for such case groups or direct consultation and collaboration in individual cases, for example, also with respect to the combination of remedies. Depending on the institutional conditions, such a collaboration can face more or less difficult problems.

Footnotes

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

1.

For the market failure problem through the market power of the large digital platforms, see, for example, Jacques Crémer et al., Competition Policy for the Digital Era, Report to the European Commission (2019), https://ec.europa.eu/competition/publications/reports/kd0419345enn.pdf; Digital Competition Expert Panel, Unlocking Digital Competition, Furman Report (Mar., 2019), https://www.gov.uk/government/publications/unlocking-digital-competition-report-of-the-digital-competition-expert-panel; Stigler Committee on Digital Platforms, Final Report (2019), .

2.

For the discussion about this second market failure and the ensuing problems for “notice and consent” solutions regarding data, the privacy paradox, and behavioral manipulation through “dark patterns”, see Alessandro Acquisti & Jens Grossklags, Privacy and Rationality in Individual Decision Making, 3 IEEE Secur. Priv. 24 (2005); Patricia A. Norberg, Daniel R. Horne & David A. Horne, The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors, 41 .J Consum. Aff. 100 (2007); Daniel J. Solove, Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013); Spyros Kokolakis, Privacy Attitudes and Privacy Behavior: A Review of Current Research on the Privacy Paradox Phenomenon, 64 Comput. Secur. 122 (2015); Jamie Luguri & Lior Jacob Strahilevitz, Shining a Light on Dark Patterns, 13 J. Leg. Anal. 43 (2021); Alessandro Acquisti et al., Secrets and Likes: The Drive for Privacy and the Difficulty of Achieving It in the Digital Age, 30 J. Consum. Psychol. 736 (2020).

3.

European Data Protection Supervisor, Preliminary Opinion of the European Data Protection Supervisor—Privacy and Competitiveness in the Age of Big Data: The Interplay Between Data Protection, Competition Law and Consumer Protection in the Digital Economy (2014) https://edps.europa.eu/,data .

4.

Id. at 37.

5.

Id. at 38.

6.

Id. at 37.

7.

cf. Francisco Costa-Cabral & Orla Lynskey, Family Ties: The Intersection Between Data Protection and Competition in EU Law, 54 Common Mark. Law Rev. 11 (2017); Inge Graef et al., Fairness and Enforcement: Bridging Competition, Data Protection, and Competition Law, 8 Int. Data Priv. Law 200 (2018); Inge Graef & Sean van Berlo, Towards Smarter Regulation in the Areas of Competition, Data Protection and Consumer Law: Why Greater Power Should Come with Greater Responsibility, 12 Eur. J. Risk Regul. 674 (2020), .

8.

In this article, the terms “privacy law,” “data protection law” (as in the European Union), and “data privacy law” (as in the United States) will be used as synonyms.

9.

For comprehensive overviews see Organisation for Economic Co-operation and Development (OECD), Consumer Data Rights and Competition—Background Note (2020), https://one.oecd.org/document/DAF/COMP(2020)1/en/pdf; Erika M. Douglas, Digital Crossroads: The Intersection of Competition Law and Data Privacy, Report to the Global Privacy Assembly Digital Citizen and Consumer Working Group (July 2021), .

10.

Federal Cartel Office, decision no B6-22/16 of 6 February 2019; Marco Botta & Klaus Wiedemann, The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey, 64 Antitrust Bull. 428 (2019); Anne C. Witt, Excessive Data Collection as a Form of Anticompetitive Conduct—The German Facebook Case, 66 Antitrust Bull. 276 (2021).

11.

Digital Competition Expert Panel, supra note 1; Stigler Committee on Digital Platforms, supra note 1.

12.

European Commission, Proposal for a regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act); see for an overview on current proposals for new antitrust bills in the United States, below in Section C; other important new legislative projects exist in the United Kingdom or have already been enacted as, in particular, sect. 19a in German competition law (see below Note 47).

13.

For the following analysis, see Wolfgang Kerber & Karsten K. Zolna, The German Facebook Case: The Law and Economics of the Relationship between Competition and Data Protection Law, Eur. J. Law Econ. (2022), https://doi.org/10.1007/s10657-022-09727-8, where a theoretical framework based upon the economic theory of “second-best” can be found, Id. at 6–13; see also Wolfgang Kerber & Louisa Specht-Riemenschneider, Synergies Between Data Protection Law and Competition Law, Report for the German consumer association vzbv (2021), 17–50, ; Wolfgang Kerber, Competition Law in Context: The Example of its Interplay with Data Protection Law from an Economic Perspective, 7–8 Wirtschaft und Wettbewerb 400 (2021).

14.

For a deeper analysis of the empirical relevance of these (and additional) interaction effects on digital platform markets with many references, see Kerber & Zolna, supra note 13, at 10–12.

15.

Frank A. Pasquale, Privacy, Antitrust, and Power, 20 George Mason Law Rev. 1009 (2013); Maurice E. Stucke & Allen P. Grunes, Big Data and Competition Policy 368 (Oxford University Press 2016).

16.

Maureen K. Ohlhausen & Alexander P. Okuliar, Competition, Consumer Protection, and the Right (Approach) to Privacy, 80 Antitrust L.J. 121 (2015).

17.

cf. Erika M. Douglas, The New Antitrust/Data Privacy Law Interface, 130 Yale Law J. Forum 647 (2021).

18.

cf. Viktoria H.S.E. Robertson, Excessive Data Collection: Privacy Considerations and Abuse of Dominance in the Era of Big Data, 57 Common Mark. Law Rev. 161, 166 (2020).

19.

Pranvera Këllezi, Data Protection and Competition Law: Non-Compliance as Abuse of Dominant Position, sui-generis 343 (2019) ; Giuseppe Colangelo & Mariateresa Maggiolino, Antitrust über alles. Whither Competition Law after Facebook?, 42 World Compet. Law Econ. Rev. 355 (2019); Miriam Caroline Buiten, Exploitative Abuses in Digital Markets: Between Competition Law and Data Protection Law, 9 J. Antitrust Enforc. 270, jnaa041 (2020).

20.

Crémer et al., supra note 1, 104; BEUC, Access to Consumers’ Data in the Digital Economy, Position paper (2019) ; Erika M. Douglas, Monopolization Remedies and Data Privacy, 24(2) VR. J. L. Tech. 33 (2020).

21.

cf. for the discussion about potentially anticompetitive practices of Google and Apple Damien Geradin et al., Google as a de facto Regulator: Analyzing Chrome’s Removal of Third-Party Cookies from an Antitrust Perspective, TILEC Discussion Paper DP 2020-034 (2020), https://www.competitionpolicyinternational.com/google-as-a-de-facto-privacy-regulator-analyzing-chromes-removal-of-third-party-cookies-from-an-antitrust-perspective/; D. Daniel Sokol & Feng Zhu, Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates, USC Law Legal Studies Paper No. 21–27 (2021) .

22.

cf. for the discussion about data portability rights and their problems Alexandre de Streel et al., Making Data Portability More Effective for the Digital Economy, CERRE report (June 2020) .

23.

James Campbell et al., Privacy Regulation and Market Structure, 24 J. Econ. Manag. Strategy 47 (2015); Maureen K. Ohlhausen, Privacy and Competition: Friends, Foes, or Frenemies? CPI Antitrust Chron., February 2019, at 1–6; Michal Gal & Oshrit Aviv, The Competitive Effects of the GDPR, 16 J. Competition Law Econ. 349 (2020); OECD, supra note 9, at 42; for a critical analysis of the conclusions from these studies, see Kerber & Specht-Riemenschneider, supra note 13, at 34–42.

24.

OECD, supra note 9; Douglas, supra note 9.

25.

Douglas, supra note 9, at 67–74. However, similar to other non-price parameters, it is still a widely unsolved problem how the privacy effects can be analyzed and measured (Id. at 72).

26.

cf., for example, European Commission, Microsoft/LinkedIn, Case No. M.8124 C (June 12, 2016), .

27.

This is one of the examples of an interaction effect. Here this second market failure can directly lead to the non-existence of privacy competition, which again leads to the non-consideration of privacy in merger assessments, and therefore influences the application of competition law.

28.

Douglas, supra note 9, at 67 and 89; this is also linked to the discussion that antitrust law should not pursue other, non-economic objectives.

29.

In that case, the merger would have negative effects on consumer welfare (similar to higher prices). This would still be compatible with the “privacy as quality” theory but would not require a negative effect upon an existing form of competition.

30.

cf. OECD, supra note 9, at 25; Douglas, supra note 9, at 93–96.

31.

This is one of the examples, where a competition law decision has also an impact on privacy, which would be here a positive policy externality.

32.

cf. Douglas, supra note 9, at 106–17. However, in some case groups, remedies as mandatory access to personal data (“essential facility” doctrine) can then also lead to a direct conflict with privacy.

33.

cf. Giuseppe Colangelo & Mariateresa Maggiolino, Data Accumulation and the Privacy-Antitrust Interface: Insights from the Facebook Case for the EU and the U.S., 8 Int. Data Priv. Law 224 (2018); Robertson, supra note 18.

34.

For the controversial discussion about the German Facebook case see Maximilian Volmar & Katharina Helmdach, Protecting Consumers and Their Data Through Competition Law? Rethinking Abuse of Dominance in Light of the Federal Cartel Office’s Facebook Investigation, 14 Eur. Competition J. 195 (2018); Giulia Schneider, Testing Art. 102 TFEU in the Digital Marketplace: Insights from the Bundeskartellamt’s investigation against Facebook, 9 J. Eur. Compet. Law Pract. 213 (2018); Justus Haucap, Data Protection and Antitrust: New Types of Abuse Cases? An Economist’s View in Light of the German Facebook Decision, CPI Antitrust Chron., February 2019, at 1; Torsten Körber, Die Facebook-Entscheidung des Bundeskartellamtes—Machtmissbrauch durch Verletzung des Datenschutzrechts?, 4 Neue Zeitschrift für Kartellrecht 187 (2019); Colangelo & Maggiolino, supra note 19; Robertson, supra note 18; Kerber & Zolna, supra note 13; Witt, supra note 10; Rupprecht Podszun, Der Verbraucher als Marktakteur: Kartellrecht und Datenschutz in der “Facebook”-Entscheidung des BGH, 12 GRUR 1268 (2020); Oliver Budzinski et al., The Economics of the German Investigation of Facebook’s Data Collection, 5 Mark. Compet. Law Rev. 43 (2021); Botta & Wiedemann, supra note 10.

35.

Botta & Wiedemann, supra note 10, at 439.

36.

Federal Court of Justice. Order of 23.06.2020, Case KVR 69/19, 47–49; see for this decision Posdzun, supra note 36; Klaus Wiedemann, Zum Zusammenspiel von Datenschutzrecht und Kartellrecht in der Digitalökonomie, 6 CR 425 (2021).

37.

cf. Kerber & Zolna, supra note 13, at 24; Wiedemann, supra note 38.

38.

cf. Douglas, supra note 9, at 145–47.

39.

For this underenforcement problem, see Kerber & Specht-Riemenschneider, supra note 13, at 37–40, 103–108 (with many references).

40.

See the critique in OECD (supra note 9, at 26–29) that the European Commission has too much relied on the effectiveness of data protection law with respect to data portability and data combination in merger cases.

41.

cf. OECD, supra note 9, at 35–37; Douglas, supra note 9, at 55–62.

42.

cf. OECD, supra note 9, at 49–51; Douglas, supra note 9, at 26–29.

43.

cf. Heike Schweitzer et al., Modernisierung der Missbrauchsaufsicht für marktmächtige Unternehmen, Report for the German Ministry of Economic Affairs and Energy (2018) https://www.bmwi.de/Redaktion/DE/Publikationen/Wirtschaft/modernisierung-der-missbrauchsaufsicht-fuer-marktmaechtige-unternehmen.pdf?__blob=publicationFile&v=15; Crémer et al., supra note 1; Digital Competition Expert Panel, supra note 1; Stigler Committee on Digital Platforms, supra note 1; ACCC, Digital Platforms Inquiry—Final Report (2019), https://www.accc.gov.au/publications/digital-platforms-inquiry-final-report; Wettbewerbskommission 4.0, Ein neuer Wettbewerbsrahmen für die Digitalwirtschaft (September 2019), https://www.bmwi.de/Redaktion/DE/Publikationen/Wirtschaft/bericht-der-kommission-wettbewerbsrecht-4-0.html; for overviews, see Filippo Lancieri & Patricia Sakowski, Competition in Digital Markets: A Review of Expert Reports, 26 Stanf. J. Law Bus. Financ. 65 (2021); and Wolfgang Kerber, Updating Competition Policy for the Digital Economy? An Analysis of Recent Reports in Germany, UK, EU, and Australia (2019), .

44.

Important exceptions are the Stigler report (Stigler Committee on Digital Platforms, supra note 1, at 58–66), which also considered behavioral economics insights into consumer behavior and “dark patterns,” and the report of the German Wettbewerbskommission 4.0 (supra note 43, at 38–44), which addresses the market failure of information and behavioral problems, and demanded to explore policies for enhancing “consumer sovereignty” with regard to personal data, for example, through new data trustee solutions.

45.

cf., for example, the Furman report, which not only focused on abusive but also on unfair behavior of digital platforms (Digital Competition Expert Panel, supra note 1, at 46).

46.

For the Furman proposal about an additional “digital market unit” that can decide also on “codes of conduct” for digital platforms with a “strategic market status,” see Digital Competition Expert Panel, supra note 1, at 54–63.

47.

The new sect. 19a GWB introduces the possibility for the German Federal Cartel Office to impose additional behavioral rules on firms with “paramount significance for competition across markets.” See, for example, Jens-Uwe Franck & Martin Peitz, Digital Platforms and the New 19a Tool in the German Competition Act, 12 J. Eur. Compet. Law Pract.513 (2021), https://doi.org/10.1093/jeclap/lpab055. This provision targets especially the large tech firms. In the meantime, the German Federal Cartel Office has already initiated proceedings against Google, Apple, Amazon, and Facebook; with regard to the Google case see the press release (Jan. 5, 2022), https://www.bundeskartellamt.de/SharedDocs/Publikation/EN/Pressemitteilungen/2022/05_01_2022_Google_19a.pdf?__blob=publicationFile&v=2; for the new sect. 19a, see Gesetz gegen Wettbewerbsbeschränkungen (GWB), version of June 26, 2013 (BGBl. I S. 1750, 3245), last amended on January 18, 2021 (BGBl. I, S.2).

48.

CMA, A New Pro-Competition Regime for Digital Markets, Advice of the Digital Markets Taskforce (Dec. 2020) https://assets.publishing.service.gov.,uk https://assets.publishing.service.gov.uk/media/5fce7567e90e07562f98286c/Digital_Taskforce_-_Advice.pdf/media/5fce7567e90e07562f98286c/Digital_Taskforce_-_Advice.pdf. For a comparison of the approaches of the European Union, Germany, and the United Kingdom, see Anne Witt, Platform Regulation in Europe—per se Rules to the Rescue?, J Competition Law Econ. (2022)

49.

DMA, supra note 12; for overviews and critical discussions of the DMA proposal, see Cristina Caffarra & Fiona Scott Morton, The European Commission Digital Markets Act: A translation, Vox.eu (Jan. 6, 2021), https://voxeu.org/article/european-commission-digital-markets-act-translation; Luis Cabral et al., The EU Digital Markets Act. A Report from a Panel of Economic Experts, Joint Research Centre of the European Commission (JRC122910 2021) https://doi.org/10.2760/139337; Alexandre de Streel et al., Making the Digital Markets Act More Resilient and Effective, Centre on regulation in Europe (CERRE) Recommendations Paper (May 2021), ; Heike Schweitzer, The Art to Make Gatekeeper Positions Contestable and the Challenge to Know What is Fair: A Discussion of the Digital Market Act Proposal, 3 Zeitschrift für Europäisches Privatrecht 503 (2021); Daniel Zimmer & Jan-Frederick Göhsl, Vom New Competition Tool zum Digital Markets Act: Die geplante EU-Regulierung für digitale Gatekeeper, 19 Zeitschrift für Wettbewerbsrecht 29 (2021); Rupprecht Podszun et al., The Digital Markets Act: Moving from Competition Law to Regulation for Large Gatekeepers, 10 J. Eur. Consum. Mark. Law 60 (2021); Wolfgang Kerber, Taming Tech Giants with a Per-Se Rules Approach? The Digital Markets Act from the “Rules vs. Standard” Perspective, Concurrences 3, 28 (2021); Witt (2022), supra note 48.

50.

DMA, recital 10. Therefore, a broad consensus exists that the DMA is not competition law; legally it is based upon EU internal market law.

51.

From an economic perspective see Digital Regulation Project, Fairness and Contestability in the Digital Markets Act (Policy Discussion Paper No.3; July 6, 2021), 14–25, .

52.

For the discussion of “fairness” in the DMA, see de Streel et al., supra note 45, at 42–49; Podszun et al., supra note 49; Schweitzer, supra note 49; from an economic perspective, see Digital Regulation Project, supra note 51, at 6–14; Kerber & Specht-Riemenschneider, supra note 13, at 65–67.

53.

Kerber, supra note 49, at 33.

54.

The vagueness of and confusion about the objectives is one of the main concerns about the DMA.

55.

The consultations before the DMA (in June 2020) did not refer to data collection practices, privacy, or data protection issues.

56.

cf. for discussions about Art. 5(a) Rupprecht Podszun, Should Gatekeepers be Allowed to Combine Data? Ideas for Art. 5(a) of the draft Digital Markets Act, 2021, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3860030; de Streel et al., supra note 43, at 59; Inge Graef, Why End-User Consent Cannot Keep Markets Contestable (2021), ; Kerber & Specht-Riemenschneider, supra note 13, at 69–75.

57.

DMA, recital 36.

58.

This would correspond to a pure exclusionary effects reasoning in the German Facebook case.

59.

cf. again the references in supra note 2.

60.

Already the Commission claims in recital 36 that this consent “should be proactively presented to the end users in an explicit, clear and straightforward manner”; for more far-reaching solutions, see Podszun, supra note 56; see also the current amendment proposals 21, 23, 104, and 152 for the obligation of Art. 5(a) and anti-circumvention provisions of the European Parliament P9_TA(2021)0499. Digital Markets Act: Amendments by the European Parliament on December 15, 2021), and the amendments in recital 36, Art.5(a) and Art. 11 in the Compromise position paper of the Council of the European Union (November 16, 2021; Document 14172/20).

61.

Kerber & Zolna, supra note 13, at 25.

62.

For a direct prohibition of such data combinations as a remedy against the tying of privacy policies and their potential envelopment effects, see generally Daniele Condorelli & Jorge Padilla, Harnessing Platform Envelopment in the Digital World, 16 J. Competition Law Econ. 143 (2020); with respect to the Facebook case and the DMA, see Kerber & Zolna, supra note 13, at 26. Graef, supra note 56, and Kerber & Specht-Riemenschneider, supra note 13, at 75, propose to prohibit in Art. 5(a) DMA directly the data combination, for helping competition and privacy protection, also due to a much skepticism whether this additional choice can work for the consumers. In this context, very interesting and complex trade-off problems arise regarding competition and privacy (see Id. at 73–75).

63.

Kerber & Specht-Riemenschneider, supra note 13, at 72.

64.

See, in particular, the obligations in Art. 5(c), 5(e), 5(f), 6(1)b, 6(1)c, and 6(1)e DMA proposal.

65.

cf., for example, the amendment proposals 19 and 152 of the European Parliament, supra note 60.

66.

In the current competition-oriented mainstream interpretation of the DMA, these protections of the freedom of choice of business users in these obligations are seen as a direct protection of the “commercial opportunities” of business users against unfair practices of the gatekeepers, and are therefore derived from the objective of “fairness” in the DMA. See de Streel et al., supra note 49, at 44.

67.

cf. in more detail Kerber & Specht-Riemenschneider, supra note 13, at 81.

68.

cf. the critique of Caffarra & Scott Morton, supra note 49.

69.

Kerber & Specht-Riemenschneider, supra note 13, at 75–79, propose an additional obligation for gatekeepers to also offer a payment option for the core platform services, which would imply the possibility that consumers can use the core platform service also through a monetary payment without having to pay with their data. The reasoning of the decision of the German Federal Court of Justice in the Facebook case with its implication of a minimum standard of choice might support such solutions.

70.

In this interpretation, the objective of fairness should be understood narrowly and limited to the protection of business users of digital platforms. See, for example, de Streel et al., supra note 49, at 45.

71.

For an explicitly different interpretation of the DMA, see Podszun et al., supra note 49. Some aspects of consumer protection can, however, be found in the Digital Services Act proposal (Proposal for a Regulation of the European Parliament and of the Council on the Single Market for Digital Services (Digital Services Act) and amending Directive 2000/31/EC, doc. COM (2020) 825 final, December 15, 2020).

72.

In the legislative discussion, the European Parliament has made amendment proposals for introducing a European High-Level Group of Digital Regulators that also can encompass representatives of data protection and consumer protection authorities (European Parliament, supra note 60, amendments 208–210) and will have primarily an advisory role.

73.

Similar problems will emerge in the application of the new section 19a of German competition law, because both the choice about data combination and the protection of freedom of choice of business and end users are also issues that can be addressed by the German Federal Cartel Office according to section 19a (2) GWB.

74.

cf. with regard to consumer protection also Digital Regulation Project, Consumer Protection for Online Markets and Large Digital Platforms (Policy Discussion Paper No. 1; May 20, 2021), at 30, . Regarding EU data protection law, there is a discussion whether market power could also be a criterion in data protection law, that is, that firms with market power might have to comply with stricter rules than firms under effective competition. See Graef & Van Berlo, supra note 7; Orla Lynskey, Grappling with “Data Power”: Normative Nudges from Data Protection and Privacy, Theor. Inq. Law 20, 189 (2019).

75.

Kerber & Specht-Riemenschneider, supra note 13, at 93–95, and for this broad concept of asymmetric regulation Id. at 48–50.

76.

For the position of the “New Brandeisians” regarding the U.S. antitrust policy, see Lina Khan, The New Brandeis Movement: America’s Antimonopoly Debate, 9 JECLAP 131 (2018); Lina Khan, The Ideological Roots of America’s Market Power Problem, 127 Yale Law J. Forum 960 (2018); Lina Khan & Sandeep Vaheesan, Market Power and Inequality: The Antitrust Counterrevolution and Its Discontents, 11 Harv. Law Policy Rev. 235 (2017); for critical analysis, see Joshua D. Wright et al., Requiem for a Paradox: The Dubious Rise and Inevitable Fall of Hipster Antitrust, 51 ARIZ. ST. L. J. 293 (2019); Leon B. Greenfield et al., Antitrust Populism and the Consumer Welfare Standard: What Are We Actually Debating, 83 Antitrust L.J. 393 (2020).

77.

Carl Shapiro, Protecting Competition in the American Economy: Merger Control, Tech Titans, Labor Markets, 33 J. Econ. Perspect. 69 (2019); Carl Shapiro, Antitrust: What Went Wrong and How to Fix It, 35 Antitrust 33 (2021).

78.

Therefore, three groups can be distinguished in the U.S. antitrust discussion: the traditional Chicago School position, the “New Brandeisians,” and the “modernists”, who are critical to the Chicago position of many courts but also defend the economic approach with its consumer welfare standard against the “New Brandeisians”. See, for example, Shapiro (Antitrust), supra note 77, at 33. This discussion is also linked to empirical research about the long-term increase of firm concentration and price mark-ups, which has raised the question whether the rising income inequality in the United States can also have been caused by a long-term systematic underenforcement of antitrust law in the last decades. See as overview Shapiro (Protecting Competition), supra note 77, at 70–77.

79.

For a broad analysis of the proposals of the “New Brandeisians,” see Greenfield et al., supra note 76.

80.

Stigler Committee on Digital Platforms, supra note 1; Shapiro (Protecting competition), supra note 76; Jerrold Nadler & David N. Cicilline, Investigation of Competition in Digital Markets. Majority Staff Report and Recommendations, Subcommittee on Antitrust, Commercial and Administrative Law of the Committee on the Judiciary (2020)

81.

Particularly important were hearing and reports in the House and the Senate. See, for example, the House antitrust subcomittee report (Nadler & Cicilline, supra note 80). Both antitrust authorities FTC and DOJ and a number of states have initiated new legal antitrust proceedings against the large tech firms. For the general challenges, see Alison Jones & William E. Kovacic, Antitrust’s Implementation Blind Side: Challenges to Major Expansion of U.S. Competition Policy, 65 Antitrust Bull. 227 (2020).

82.

California Consumer Privacy Act of 2018, CAL. CIV. CODE § 1798.100 (West 2020).

83.

Douglas, supra note 17, at 651; Daniel J. Solove & Woodrow Hartzog, The FTC and the New Common Law of Privacy, 114 COLUM. L. REV. 583 (2014).

84.

15 U.S.C. § 45(a)(1) (2018).

85.

American Economic Liberties Project, The Courage to Learn. A Retrospective on Antitrust and Competition Policy during the Obama Administration and Framework for a New Structuralist Approach (Jan. 2021), at 98–108 https://www.economicliberties.,us;

86.

cf., for example, Maureen K. Ohlhausen, “Congress Needs to Enact a National, Comprehensive Consumer Privacy Framework,” Testimony, Senate Committee on Commerce, Science, and Transportation (Dec. 2019), ; for a more fundamental discussion about the introduction and design of federal privacy law, see Woodrow Hartzog & Neil Richards, Privacy’s Constitutional Moment and the Limits of Data Protection, 61 Boston Coll. Law Rev. 1689 (2020), and from a different perspective Acquisti et al., supra note 2, at 751.

87.

S.225:

88.

H.R.3816:

89.

H.R.3849:

90.

cf. Digital Regulation Project, International Coherence in Digital Platform Regulation: An Economic Perspective on the US and EU Proposals (Policy Discussion Paper No. 5; Aug. 9, 2021) , for a comprehensive comparison of these bills with the DMA proposal.

91.

Id. at 23.

92.

cf. the “Platform Competition and Opportunity Act” and the “Trust-Busting for the Twenty-First Century Act” of Sen. Hawley. The DMA in the European Union does not extend the merger control powers with respect to the gatekeepers and large tech firms.

93.

H.R.3825: . In the DMA proposal structural remedies are only an instrument of last resort.

94.

cf. Randy Picker, The House’s Recent Spate of Antitrust Bills Would Change Big Tech as We Know it (2021) https://promarket.org/2021/06/29/house-antitrust-bills-big-tech-apple-preinstallation/?mc_cid=030fe72189&mc_eid=52fc9f2911

95.

However, small references to privacy can be found in some of the antitrust bills. In the “American Choice and Innovation Online Act” “protecting user privacy” can be an affirmative defense with respect to the general or specific prohibitions of discriminatory behavior (H.R. 3816, at 4). Also in the “Augmenting Compatibility and Competition by Enabling Switching (ACCESS) Act” some references are made to privacy protection with regard to data portability and interoperability.

96.

Cf. Gal & Aviv, supra note 23.

97.

For a general analysis of data privacy protection as a procompetitive justification in U.S. antitrust law, see Erika Douglas, Data Privacy Protection as a Procompetitive Justification, Antitrust Mag. (Dec. 2021), at 1.

98.

It is noteworthy that in its recent report on privacy and security, the FTC emphasizes this advantage and makes the integrating of competition concerns one of its priorities in its policy about privacy. See Federal Trade Commission, FTC Report to Congress on Privacy and Security. A Report to Congress (Sept. 13, 2021)

99.

cf. also Douglas, supra note 9, at 3: “Data protection and antitrust authorities can no longer achieve their goals in isolation.”

100.

EDPS, supra note 3, at 37.

101.

EDPS, supra note 3, at 37.

102.

cf. Costa-Cabral & Lynskey, supra note 7; Graef et al., supra note 7; Graef & Van Berlo, supra note 7; for the Digital Clearinghouse, see

103.

For an overview about already existing initiatives and current activities, see Douglas, supra note 9, at 26. Particularly interesting is in the United Kingdom, the new “Digital Regulation Cooperation Forum” for more regulatory coordination between the CMA, the ICO, and Ofcom in digital markets (https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/896827/Digital_Regulation_Cooperation_Forum.pdf), and the ICN Steering Group Project—Competition law enforcement at the intersection between competition, consumer protection, and privacy ().

104.

See, for the following, also Kerber & Specht-Riemenschneider, supra note 13, at 111–16.