TechREG Talks… with Katharine Kemp, Philip Marsden & Jacqueline Downes

In this edition of CPI TechREG Talks, we have the pleasure of presenting a summary of a discussion with Philip Marsden and Allens partner Jacqueline Downes, moderated by Katharine Kemp. This discussion was hosted by the UNSW Allens Hub for Technology Law and Innovation in Sydney, Australia on August 10, 2022. We thank all the participants for contributing to this discussion for CPI.

1. 1. We see abuse allegations before regulators and courts against various tech companies, both exclusionary (notably Amazon in respect of its competition with merchants on its marketplace, Google allegedly giving itself advantages over other ad tech providers; Apple preventing app developers from using other in-app payment systems, and so on), and exploitative (e.g. Meta’s alleged excessive accumulation of consumer data as a condition of using their platform). In spite of all this activity, there is great dissatisfaction with competition litigation as a means of solving these issues.

Philip, by way of background, can you talk about what’s going on globally in response to that dissatisfaction, especially in proposals for ex ante or upfront regulation, particularly in the EU and the U.S.?

Philip Marsden

As regards the U.S. and the EU, the substantive rationale for ex ante regulation tends to be structural problems relating to network effects and data accumulation. These can give firms an opportunity to exert market power and use it in some way, to exclude or to exploit. And that’s substantially what the rationale is usually for enforcement action. But, one of the clear rationales for many governments getting involved in this now is also they feel that all of the many cases that have happened so far have either happened too slowly, or remedies have been completely ineffective or too late.

The intellectual market has moved on, so to speak. And so, this kind of surgical approach that competition authorities try to have with respect to ex post enforcement has been used as an excuse to say, “No, actually we’re not going to go surgical, we will go much broader and much much earlier.” And I think the biggest, best example of the broad, early approach (which I don’t agree with in its details though) is the European approach. I was very excited when the European Digital Markets Act or DMA was being proposed, but when you actually saw the provisions, it seemed that they were too general, and they didn’t seem to be self-executing at all.

By that, I mean I don’t think the platforms can understand what some of the provisions mean with respect to some of their business practices, and therefore you wouldn’t necessarily instill a culture of compliance in tech firms the EU. And therefore, that’s why I’ve said that I think that the European Commission is “coding for infringements” and therefore huge fines. And so just an extraction of rents from the platforms and then appeals. And then 18 years later, we may get a judgment that the actual conduct at issue was not illegal, or if so, there might not even be a means to prevent the conduct in some ways. So that approach, if I’m right, isn’t particularly effective, though it does mean that the legislature — and this might resonate in Australia — gets to say, we’ve done a bunch of studies, we’ve enacted a law, and look, we’ve had some violations, and the big fines that go to the Treasury. But the market hasn’t changed, then it’s been no improvement.

The U.S. approach is extremely politically driven, and they have a similar approach in that sense, but the legislative provisions being proposed are much more detailed. But because the U.S. is steeped in litigation, they have a tendency towards using litigation as a model of enforcement to really bolster the ex ante regulation, and especially class actions. Class actions are all over the place in the U.S. In the UK, there’s scores of them already that are starting up against all the big platforms. And I don’t think that’s been a particularly helpful model at all. It’s obviously something that can complement regulation or enforcement, but I think it’s, again, something that doesn’t necessarily change behavior.  It extracts rents or compensation.  I’m more interested in stopping the harm in the first place.

In the UK, we are thus trying a bespoke model: it is focused on the actual business operation or service that’s at the core of the platform, and that we are actually concerned about, as opposed to a general ban on self-preferencing, say, or a general mandating of data sharing by all platforms. We’re tackling each platform in a different way, whether it’s a commerce platform or communications or another kind of platform, and saying, we have a number of complaints in this area, a number of concerns, and what justifications might you have, and what can we together – government and business – do about it? And we’re hoping that, through a dialogue, we will discover that platforms might either say “we’re not even discussing that with you because that is core to our business model” or “actually, we’ve done that for many, many years, we’ve never had any complaints about it, but if you are so concerned, we could lose it.”

We’re trying to do this in a very hopeful, optimistic way. We think that, through dialogue, we can create a code for each platform’s business line that is relevant to our concerns, and then ideally instill a culture of compliance, because compliance officers will be appointed within each platform. And they would be responsible regarding a report about how they comply, signed off by the board ideally.

Of course, the immediate criticism would be that you’re going to get really nice compliance reports every year that say “everything’s fine at Amazon,” for example. And then, who’s going to judge whether it is or not? My plea for the CMA — and so far they’ve been doing this really well — is to hire scores of experts in data and data analytics, digital science, etc., to be able to help assess whether or not these compliance programs are legitimate, and whether or not the concerns have been addressed, because a lot of these issues are far too technical, with respect, even to lawyers and economists, and you need to actually have the tech people to judge the technical work.

I’m hoping that model will proliferate a little bit. I have a feeling that across the channel from the UK, there’s just going to be a per se prohibition resulting in tons of fines; that the businesses might adjust to that model; and the UK looks too soft. But of course a key finding of our Furman Report was that in moving in the direction of ex ante regulation, we’re trying not to kill innovation at the same time.

1. 2. Jacqui, to bring us back to Australia, these developments certainly haven’t gone unnoticed here. We’ve had the ACCC Digital Platforms Inquiry earlier, and various proposals and recommendations following on from that. Can you give us an outline of what’s happened locally and what you expect will happen from here?

Jacqueline Downes

The ACCC really kicked off this globally back in 2017 with its original inquiry into the impact of digital platforms on local media, and at that time really none of the overseas regulators were paying a lot of attention other than the Google Shopping case in the EU, certainly not from a legislative point of view, until this groundbreaking report. And of course, the result of that report was the implementation of the News Media Bargaining Code, which I’ll talk a little bit more about later. But what it also did was highlight a whole lot of other issues that the ACCC felt it needed time to explore.

And so that led in 2020 to a referral from the government to conduct a five-year six-monthly review of digital platforms. And effectively the way the ACCC has been approaching that over the last couple of years now is every six months to issue a new interim report dealing with a different type of digital platform or area of digital platform involvement. They’ve indicated they may come back and review those different areas as the five years rolls on. But so far, they’ve issued interim reports in online messaging, app stores, ad tech, web browsers and choice screens for example. What they’re doing this year is using their interim report for this six months to consider ex ante regulation. So, this report is due to be produced to government in September. We don’t yet know when it might be released publicly.

But it’s been reviewing this since February this year. And so the discussion paper this year seeks stakeholder views on the need for ex ante regulation, because of a perceived ineffectiveness of, as Philip as said, competition and consumer laws, really focusing on questions around the length of time it will take, and also that the number of different issues and the fact that taking a court case or opening a particular investigation by the ACCC really has to be quite fact-specific. I think the way in which the ACCC is seeing this, similar to overseas regulators, is there’s general trends that go through various different platforms, various different industries, and this is best dealt with by some form of ex ante regulation rather than picking issues off one by one.

So, it’s no surprise that it has taken a look at some of the overseas models that have already started to develop and asking stakeholder views on those models, including an outright prohibition in legislation of certain practices, similar to the Digital Markets Act and, and the American Online Choice and Innovation Online Act. This is the prescriptive approach which will just prohibit various forms of conduct, such as, data aggregation, self-preferencing, exclusivity, and so forth. They’ve asked for comments on that, and I am interested in Philip’s views around the challenges with that, because you can certainly see how that may also lead to a lot of litigation.

The other model they’re looking at is codes of practice. I think they feel they’ve had a fair degree of success with the News Media Bargaining Codes, so could something similar be developed perhaps also looking at the way in which they’re using codes in the UK to regulate practice? I suppose one concern is that if they are voluntary codes, if you’re requiring cooperation from the platforms, have we really seen evidence of willingness to cooperate to date? And so is that kind of wishful thinking, Philip? I’m interested in your views on that.

Rule-making powers is another area, similar to what we have in the energy space with the Australian Energy Regulator, having the power to develop and implement tailored rules specific to digital platforms. Of course, this gives the ACCC a lot of power, so there are concerns around that and there would certainly need to be some checks and balances. Measures to promote competition — another one that’s developed from the UK approach where the ACCC could potentially impose a specific measure on a platform following a finding of consumer harm — again, I think you really need to look at the checks and balances there.

And then the third is that because a lot of these platforms are considered to be essential facilities potentially, is a sort of an access regime type arrangement like we have for natural monopolies in Part III A and Part XIC of the Act. It’s unclear at this stage, the review is ongoing, and the ACCC has given some indication of some areas it’s really thinking of focusing on and they include anticompetitive conduct. It could be dealt with under the Competition Act and more specific measures be implemented in ex ante regulation to deal with issues such as self-preferencing, exclusivity, etc., measures to improve data advantage such as data interoperability and portability, protecting consumers. The ACCC has also been looking to enhance consumer protection for a while, specifically unfair dealing between the platforms and the buyers. These are pretty broad topics, but they seem to be the areas that the ACCC is focusing on. In addition, I read recently that the new competition minister, Dr Andrew Leigh, has suggested that the government might implement interim measures in relation to digital platforms. So, it’s safe to say the government is waiting on that report from the ACCC and it’s keeping an open mind on what might need to happen. So that’s where we are in Australia, Katharine.

1. 3. Philip, before we go on, you mentioned the UK proposals, and I wanted to get an update on the bill’s status in the UK, because I know that back in May, there was some controversy when there was a lot of anticipation around the time of the Queen’s Speech, but some disappointment about the progress of the UK Bill. Where are we at now and why?

Philip Marsden

I shouldn’t have faith in the current UK government necessarily for a range of reasons. But the actual civil service, the monolith itself below the political froth, is actually reasonably respectable and once it starts moving, it’s like the wheels of the gods, I mean, they grind slowly but they grind exceedingly fine. So, one of the things that I take comfort in is that when I saw the news report from the FT and then immediately rang my contacts and asked why there is a delay to our Digital Markets Unit? The clever response I had back was that there are five online harms related bills going through, dealing with extremely important sociological issues, and this one odd DMU draft bill that may appear to be related essentially to commerce on digital platforms.  So, politically, that looks like a dry, boring competition law and economics proposal, and there was a concern that politicians, when they get a hold of these many bills, will ask “What’s this DMU one? We don’t understand it really, let’s hive it off.” What they’ve decided to do, I’m told, is put the five really important ones through – the ones that actually deal with issues like platforms fanning teen anorexia and political revolt and all sorts of social problems and privacy breaches. The DMU bill is still moving forward in “draft.”  And because of that, the civil service is moving through drafting internal guidance, preparing the documents, preparing the codes, already talking with the platforms for some time about what these problems and solutions would look like.

I don’t even really think it’s a delay — as an eternal optimist — because they’d be doing that anyway. But the CMA has its dedicated unit. It’s been there in shadow form for a while. They’re going to be hiring scores of data scientists in the next year or two. It’s a big deal for a competition authority to be doing something like that. Usually, it’s a very tiny unit that exists, if at all. And they’re beefing up their remedies units. I think it’s all on track. The CMA is not like a cowboy shooting guns blindly: they’re actually going to look really carefully at who they will shoot.  (Laughter)

1. 4. At the moment, in the U.S., there’s a big ad campaign that’s under the banner of “Don’t Break What Works,” sponsored by “big tech” among others. It is essentially threatening that people might lose their two-day Prime delivery and Google Maps. We’ve similarly seen back when there was debate over the media bargaining code in Australia, certain threats or posturing by Google and Facebook.

Jacqui, what do you think about this kind of lobbying and strategic behavior? Do you think it is going to hobble or prevent the digital platform regulations that are being proposed?

Jacqueline Downes

There’s certainly no doubt that the large platforms are very good at intensive lobbying, and, and I think with mixed results. I’m not really sure that the actions they took in relation to the news media bargaining code did them much service in Australia. You might recall firstly, Google had ads every time you searched something which told you how outrageous it is, but then Meta decided to pull news for a couple of weeks, including public safety, educational pages, right in the middle of a pandemic. I think that this particular action, particularly by Meta, had more of an impact of harming their stance.

There were some further developments in the news media bargaining code after that, but ultimately the news media bargaining code was adopted. And the intention of the code was effectively fulfilled. Over $200 million of deals reported by the ACCC have been made under that code. The lobbying didn’t really have the desired effect. And I do think that there is a sense that the more we hear this from the large platforms, the more it undermines their position and makes regulators and government think there is something to be worried about here.

1. 5. Moving into the territory of privacy (and there is some crossover here between these types of regulation), what we’re tending to see in some cases with the platforms, is that they are essentially regulating privacy standards for other players in the market.

For example, we see Apple with its App Tracking Transparency framework, and its lack of access to contactless payments infrastructure on its iPhone on security grounds. And then Google, with the impending third-party “Cookie Armageddon” that is creating a lot of consternation among other players and a potential conflict between privacy interests and competition interests. How do you think we might address that potential conflict?

Jacqueline Downes

It’s a difficult question. I don’t purport to be a privacy expert, but I do see some difficulties in that intersection between protecting privacy and promoting competition. And I think we have seen examples where some of the larger platforms might use the privacy cloak, in fact, to protect their position. And so that, you know, it’s more difficult for others to compete.

One example of this is the way in which platforms offer consumers the ability to opt out of individual apps collecting data. That really denies those app developers the ability to obtain data that is useful in their own product development. But often times, the platform itself is still collecting that data. I think there are real issues that have to be determined around who owns the data. Is it the consumer? Should they have complete control over that data? Who has the ability to use the data? Is it the platform? Or is it the content developer that then has the ability to use that data?

These are really difficult questions because obviously, as consumers, we all believe that we should have a degree of control our data. But also, it’s in our interest to ensure there is a fair degree of competition. It’s a really difficult question, but I think one that regulators definitely need to be turning their minds to.

Philip Marsden

One of the things about managing a situation like that is you have to have simplicity. It boils down to simplistic choices, and that means there’s all sorts of gaming that can happen around how a given system is designed. But one of the things that we’ve learned in the EU is that competition officials thought the GDPR was not going to be very helpful from a competition point of view. I’m speaking as a competition official and almost every competition authority, as the GDPR was being drafted, observed that there was a range of areas here that might have odd consequences: you may actually entrench market power and entrench, certain privacy standards by a big player that may not be the best standards.

We’ve learned from that mistake. It’s not like the competition authority is pleading to have a say, rather that privacy people should now be obliged to check with the competition authority about whether a given measure could be implemented in the least anticompetitive manner possible.

1. 6. Another area where we need to look at potential overlap and even duplication — perhaps rather than conflict or tension — is between privacy regulation and consumer regulation. In the past couple of years, we’ve seen the ACCC taking enforcement action along the lines of the kind of proceedings that the U.S. FTC has brought over the years, alleging misleading conduct in respect of privacy notices, and some privacy settings. As no doubt, many of you will be aware, in the action against Google in the Federal Court, the privacy settings in respect of location tracking were found to be misleading.

The question is whether companies who are designing their privacy policies and privacy notices, should have to fit in with both the Privacy Act and the Australian Consumer Law says? Should it be enough that they have complied with the Privacy Act?

Jacqueline Downes

They’re both laws of the country. One of the interesting things is that the actions that you mentioned the ACCC has taken against, for example, Google and Meta and others, alleged misleading conduct in relation to the disclosure of private information and the extent to which data was collected. I think our view — and I’ve spoken to privacy experts on this — is that this case could have been taken as a privacy action. So there actually was a breach of both or, or potentially breach of both. What is interesting is the fact that we are seeing the ACCC being more active still in this area and taking these actions as consumer law contraventions when potentially they could have been brought as privacy breaches.

We know that the ACCC and the privacy regulator are talking a lot and working these things out. But I don’t think you’re going to see the ACCC backing down on this anytime soon. Companies still need to ensure that not only are they complying with privacy laws, but also that whatever disclosures they’re making, are complying with Australian Consumer Law.

1. 7. Philip, the CMA put out recently a report in respect to online choice architecture, and some of the concerns raised there included concerns about deceptive design or what is sometimes called “dark patterns”. Do you think that’s the best description for these terms and where is the CMA headed on these issues?

Philip Marsden

I do think “dark practices” is the best description of these terms, because essentially you can’t find your way out, you can’t even see there’s a problem, so it’s a dark pattern. You can’t find out how to decide or whether you even need to. Escape or switching for example is never one click away. I find it very interesting that no one has really complained too much yet that the CMA is actually getting quite close to product design here, which is what we’re not supposed to do, as a competition authority. And yet that’s the whole issue here.

There are complicated behavioral questions here. Look at your own behavior, whether it’s revealed preferences or your stated preferences: how are you responding to given offers? False urgency.   We’ve all felt this kind of frustration online. And there are, I think, some clear ways of resolving this, and this is why the competition authorities are negotiating with the platforms as to how this should be changed and what their concerns are. We need to remember that we’re rationally lazy. We need simple mechanisms. Otherwise it just won’t work.

This is an area where data teams are able to test in real time, using data sandboxes, to see what would happen if you set up a given remedy a certain way. This is not as possible in traditional markets, but in digital markets, if you get the platforms involved, it obviously is. We did this in open banking. Authorities can set up real-life A/B testing of algorithmic controls and remedies.  Even though this extremely important financial consumer data was protected by the FCA in their sandbox, we could do tests to see how our remedies would work.

Ironically, it takes a really humble authority to do that. An authority with existing powers would rather simply take an alleged infringer to court. That’s a very binary decision. It is very adversarial by definition, and it means you risk getting a remedy that might not actually work.

1. 8. For one final question. we’ve seen in Australia this year a Consumer Policy Research Centre report on “dark patterns” following the ACCC’s own report on choice screens. And the CPRC was pointing out various dark patterns, like the hidden costs or automatic additions to people’s online shopping carts, “Hotel California” cancellation designs – “you can check out any time you like, but you can never leave.”

Under Australian Consumer Law, some of these practices may be “unfair,” but not necessarily “misleading.” We’ve seen proposals for the introduction of an unfair practices prohibition in Australia to fill this gap. Jacqui, do you see that as necessary in this context.

Jacqueline Downes

Australia has very strong consumer laws already, and an extremely active regulator on the consumer front, unlike many other jurisdictions. And it rarely loses consumer cases in court. I don’t think we need more laws at this point around consumer law. If there are some new practices that are concerning, they can be tested under current laws. There are laws on unconscionable conduct, unfair terms, and a range of other more specific laws. There has been a debate raging for a few years now about unfair practices. There is a real issue with introducing a very broad concept of an unfair practice. The ACCC as I said, is already having a lot of success dealing with privacy issues and data issues with existing provisions. Before we introduce new provisions, I think perhaps if some of these practices are harming consumers, they should be tested under existing law.

Philip Marsden

And just in contrast, the U.S. has an extraordinary array of consumer protection laws. And yet I think one of the most interesting elements in the next 12 months will be the introduction of expanded rule-making powers under section 5 of the FTC Act, which directly address these issues. And the U.S. wouldn’t normally increase regulation or rule making or law making. That’s just not the way they do things unless they thought it was a real problem. It would be interesting to see whether the Australian approach goes that way or the American version or something else happens. I do think there is a role for rulemaking here. It may be that yours are sufficient and that’s fine, but the U.S. is definitely going to be taking a hard look at expanding the unfair practices legislation.