A crucial area of complementarity between competition and data protection law regimes is ensuring greater data mobility through data portability, interoperability, and open data standards in digital markets. The paper discusses how antitrust agencies would evaluate dominant platforms’ strategies to prevent data interoperability as an abuse of dominance violation. It delves into this topic against the backdrop of Brazilian experiences. It argues that the critical choices to be made by antitrust authorities in these cases blur the limits of the intervention over the design of digital products. Some guidance on how to set the legal standards for these behaviors is provided to help with this challenge.
By Victor Oliveira Fernandes[1]
I. Introduction
The interaction between data protection and antitrust laws has become a vital topic for competition law scholars in recent years, as several agencies’ reports have raised major concerns about reduced levels of data protection derived from market concentration.[2] Although antitrust and data protection regimes pursues different goals, which might even clash at their margins,[3] in some circumstances, both branches of law require convergence.[4]
A crucial area of complementarity between both regimes is ensuring greater mobility of data through data portability, interoperability, and open data standards in digital markets.[5] The creation of barriers to interoperability or data portability might at the same time constitute a violation of data protection legislations and an abuse of dominance under antitrust law.[6] Moreover, mandating interoperability is generally perceived as an effective antitrust remedy or regulatory measure to enhance competition in digital markets.[7]
But the perspective of complementarity around this topic still faces considerable challenges for antitrust authorities. Although the competitive implications of interoperability restrictions have been extensively explored, there is still very little guidance as to which legal standards should be adopted under the antitrust laws. This paper discusses how antitrust agencies would scrutinize impediments to interoperability or data portability as an abuse of dominance infringement. It delves into this topic against the backdrop of Brazilian competition and data protection law, given some insightful cases were brought under this jurisdiction in recent years.
In Brazil, the approximation of the two areas has been intensifying since the General Data Protection Law (Law no. 13,709) was issued in 2018. This law came into force in 2020 and is currently enforced by the National Data Protection Authority (“ANPD”) which has the full responsibility for applying administrative sanctions for non-compliance with the legislation.
After the adoption of the Brazilian general data protection law (”LGPD”), the Brazilian Competition Authority took relevant steps towards enhancing cooperation with the data protection watchdog. In May 2021, for example, CADE, ANPD, the Federal Prosecutor’s Office, and the National Consumer Secretariat issued a joint recommendation about how new privacy policy announced by WhatsApp for the instant messenger service posed risks for data protection rights and raise potential anticompetitive effects[8].
Also, after the LGPD was enacted, CADE ruled some relevant abuse of dominance cases involving the imposition of contractual or technical restrictions on data interoperability. Considering the Brazilian experience, this paper argues that the applicable legal standards for assessing this form of unilateral conduct should be eminently contingent upon the feasibility of the enforceable antitrust remedies.
The reason for this context-based approach lies in the ambiguous effects of interoperability measures on competition in digital markets. In circumstances where imposing interoperability proves futile to increase competition or even increase privacy and security risks, antitrust authorities should be cautious. In such cases, the applicable legal standards should require strong evidence of competitive harm.
On the other hand, where there are indications that interoperability and open data standards are not only beneficial for competition but also reasonably manageable, the antitrust authority should move the pendulum toward finding an abuse of dominance. In seeking to make this distinction, antitrust authorities are confronted with choices that can reshape the level of competition for digital product design.
In part II, we will briefly explain how Brazilian antitrust law leaves room for new theories of the harm of abuse of dominance in digital markets and how data portability and interoperability restrictions fit into these theories. In part III, we will discuss the dilemmas involved in imposing interoperability measures as antitrust remedies in digital markets.
II. DATA-RELATED ABUSE OF DOMINANCE THEORIES OF HARM UNDER BRAZILIAN COMPETITION LAW
Under Brazilian competition law, the prohibition of abuse of dominance is defined in art. 36 of the Competition Law in a generic way, as a prohibition of strategies by companies that may in any way threaten free competition, dominate relevant markets, or arbitrarily increase profits.
The notion of abuse of dominance is not restricted to economic relations based on monetary prices. Therefore, CADE has rendered important decisions in the control of unilateral conduct that reject the thesis that zero-price business models would have any kind of immunity.[9] Thus, digital platforms can be scrutinized as “antitrust markets” under the lens of Law 12,529 of 2011, as these platforms make economic exchanges based on data and attention costs.[10]
As in many digital markets the offering of products and services by advertising-based platforms does not involve monetary charges, one can assess the nature of economic exchanges between users and platforms by to simply replacing the unit “price” used in economic models of consumer surplus with other quantitative metrics that represents the respective costs related to the exchange of data between users and digital platforms.
Paragraph 2 of art. 36 of Law 12.529,2011 defines market power as the ability to “unilaterally or coordinately alter market conditions.” Under this broad perspective, digital platforms could exercise market power in very particular ways. Instead of setting monopoly prices, they can extract quantitatively more data, or limit costumer’s ability to share their data with other rivals.[11] In both cases, the platform’s ability to unilaterally impose significant and non-transitory increases on data-related costs signals the exercise of market power.[12]
New theories of harm for unilateral conduct can be drawn from addressing digital dominance under Brazilian competition law. Under an exploitative abuse of dominance perspective, major platforms can harm costumers by requiring quantitatively more data in exchange for digital services or imposing unfair terms of use and conditions.[13] As exploitative abuses have remained quite debatable under Brazilian competition law,[14] one arguably better approach is framing the abuse of dominant position of digital platforms through an exclusionary lens.
A dominant firm might be able to foreclose competition or raise rival’s costs through preventing its users from achieving data portability or imposing limitations on data interoperability across platforms.[15] The alleged non-rivalry and non-exclusivity of the data do not crowd out the merits of these theories of harm. Even if it is possible for the rival to achieve a minimum viable scale to operate its platform, impediments to data portability or interoperability can keep the monopoly power of dominant platforms unchallenged in a context of weak competition.[16]
Impediments on data portability or interoperability can take the form of contractual, behavior or even technological barriers.[17] These conducts can be framed under the examples contained in the non-exhaustive list of art. 36, § 3, items III and IV, of Law No. 12.529, 2011. Adopting terms that outright prohibit data transfer between platforms is a rare practice in most digital markets. However, dominant players may adopt some indirect practices aimed at restricting multihoming or switching between platforms. Some examples may include the implementation of cognitive barriers to data transfer from one platform to another, the bundling of complementary services around the dominant platform’s ecosystem, or the provisions of benefits to users who adopt “single-homing” behaviors.
III. ESTABLISHING APPROPRIATE LEGAL STANDARDS FOR RESTRICTIONS TO DATA PORTABILITY AND INTEROPERABILITY
Dominant digital platforms may violate both data protection and antitrust laws by imposing restrictions to data portability and interoperability. In Brazil, the LGPD sets forth the right to data portability upon express request of the user, commercial and industrial secrets observed, and in accordance with the regulations to be issued by the national data authority (article 18).
The legislation also assigns to the ANPD the legal power to define interoperability standards for the purposes of portability, free access to data and security (article 40). In some specific regulated sectors in Brazil, such as financial services and health care, there are additional rules on data portability which are sometimes aimed at promoting competition.
However, it is not straightforward to establish the conditions under which an impediment to data portability or interoperability constitutes an infringement. So far, there is a relevant scholarship suggesting that such conducts may fall under some mature categories of abuse of dominance. Contingent on how dominant platforms hinder competitors from gaining access to user data, their conduct can be framed as tying or bundling practices,[18] exclusive dealing[19] or refuse to deal.[20] When such parallels are drawn, antitrust agencies tend to focus on how the criteria established in case law for the assigned category of abuse should be translated to assess the practice adopted by the dominant platform. The categorical thinking though may thus handicap a more comprehensive competitive analysis.
We argue that impediments to data portability or interoperability must be primarily evaluated against the background of the relevance of interoperable data for competition in the markets affected by the unilateral conduct. Antitrust agencies should be aware that competition is ambiguously affected by data portability or interoperability measures.
Greater interoperability can enhance competition both in the same relevant market in which the dominant platform operates and in complementary markets.[21] Moreover, it can level the playing field in competition for the development of more privacy-friendly technologies.[22] However, there are some instances which may render the portability or interoperability of data superfluous or even detrimental for competition.[23] In practice, granting free flows of access to costumer’s data is not a silver-bullet for lowing barriers to entry, as many other factors may drive the choice of costumers of switching platforms.
Crafting data-sharing antitrust remedies requires then several factors to be weighed and balanced. The most relevant are the competitive importance of data, the innovation incentives, and the impacts of data-sharing measures on users’ rights.[24] Because of that, antitrust authorities should focus on abuse cases where data-sharing remedies can enhance competition in both effective and sustainable ways.
We propose a general framework for analyzing unilateral conducts conceived to that goal. First, platform dominance needs to be founded within the market structure. A general classification discerns horizontal interoperability from vertical interoperability. Horizontal occurs between competing networks, services, and platforms, as vertical has to do with complementary products and services.
This very classification can help assess dominance. The investigated platform must at least have a dominant position in either the “origin” market or the “target” market of the conduct. The dominance threshold eventually distinguishes antitrust and data protection interventions, as the data protection authorities’ enforcement is not confined to imposing regulatory measures on dominant firms.
Second, one must scrutinize if the dominant platform is capable of imposing restrictions on data portability or interoperability and if it has the economic incentives to do it. Even a dominant player may not be capable of preventing rivals from accessing relevant data for competition. That could be the case when regulatory open data standards are already in place, and rivals are not inherently dependent on the dominant platform.[25] Particularly puzzling then are situations where open data standards exist but are not being more effectively enforced. Competition authorities’ intervention may be even more crucial in these instances, and no antitrust immunity should be granted.
From the incentive’s standpoint, one should inquire whether such data being prevented from sharing is particularly relevant to competition. Refusing interoperability will be especially rewarding for the dominant platform when data access could help rivals to overcome network externalities or when the dominant platform aims to leverage market power to an adjacent market.[26] However, in some cases, the competitive advantage does not stem uniquely from the data directly provided by users but rather from the across-users set of data gathered within the platform.[27] In social networking markets, for example, there are significant doubts about whether the data potentially involved in interoperability measures would be relevant for competition.[28]
Third and finally, the economic justifications for the conduct must be carefully examined. Rationales should be assessed under two contextually based arguments, notably the incentives for innovation and risk and for privacy and safety. As regards innovation, in more mature markets where competition is primarily for low-differentiated services, restrictions on interoperability are hardly justifiable. But where competition for innovative features is strong, antitrust remedies can homogenize services and tip the market towards a dominant technological standard.[29] As for privacy issues, one should consider whether the ownership of the data subjected to mandatory imposition of interoperability is clear and definable.[30]
On top of that framework, the most critical aspect of the abuse of dominance review in these cases seems to regard the feasibility of applying interoperability antitrust remedies, both in design and administration. Some commentators have extensively discussed these challenges, attempting to pinpoint the scenarios where identifying and imposing these remedies would be best addressed via competition authorities or national regulators.[31]
Some practical examples from the Brazilian jurisdiction helps to understand these challenges. The first paradigmatic case worth mentioning is the antitrust probe launched in 2013 against Google for the so-called “AdWords Abuses.”[32] Google was accused of imposing technical and contractual restrictions on their AdWords API licensing. The investigated constraints were alleged to impede software developers from offering advertisers campaign management solutions. Campaign management software would be prevented from interoperating the data provided to AdWords platforms with rivals (such as AdBing).
When the case was tried in 2019, CADE’s Tribunal scrutinized the existing provisions in Google’s AdWords API licensing agreement, which had previously been amended after the signing of an antitrust settlement with the Federal Trade Commission (“FTC”) in the United States.[33] Google claimed in its defense that the licensing clauses of the AdWords API were essential to combat the so-called “lowest common denominator problem.” It maintained that if the input fields were standardized for online campaigns, Google AdWords’ features would be curtailed and deprecated just for compatibility with other rival platforms.[34] The vote-reporter accepted that defense and considered that “if the software undermined the input fields for this full compatibility with the most varied platforms, advertisers could have access to less complete services, which could be detrimental to their experience with the products developed by the platforms.”[35]
Another compelling investigation by CADE shows how limitations on interoperability can constitute antitrust law violations in the financial system. In 2019, CADE opened an investigation against a large Brazilian bank called Bradesco based on a complaint that the bank was preventing access to data by a firm that owns a smartphone app called Guiabolso.[36] In short, Guiabolso offers its users personal finance management tools and credit services within the app. Bradesco was accused of imposing technical difficulties for the bank’s customers to access Guiabolso. Bradesco implemented a token system with random double-check passwords in its internet banking application. Since this double password verification system was not available for the Guiabolso application, Bradesco customers were often unable to access the functionality of that app.
The case was closed at CADE in 2020 with the signing of a settlement agreement. Bradesco committed to “develop connection interfaces that allow Guiabolso to (i) offer and capture the consent of its users who are also customers of Bradesco; and (ii) access Bradesco’s systems, through previously established encrypted communication, allowing the collection of all data from users who provided consent.”[37] Thus, Bradesco would have to develop technical functionalities allowing its customers to manifest their consent to use Guiabolso. While Bradesco would be allowed to use the password generator token, this token technology could not prevent contracting financial services with rival firms.
When the two cases are compared, some insights emerge about antitrust remedies. When imposing interoperability mandates, antitrust authorities sometimes feel compelled to decide which market factors will be left entirely to competition and which factors should be neutralized as preconditions for rivals to operate. This decision implicates much more than considering whether reactive and proactive antitrust remedies. It involves, after all, deciding what aspect of the design of digital products should be subject to market contestability.
In the Google case, CADE chose not to engage in the redesign of the input channels for AdWords API advertising campaigns. One can assert that, in essence, the authority held that this degree of intervention could adversely interfere with competition for API design. However, CADE could have engaged in more discussion on how preponderant the innovation competition was in that market.
On the other hand, in the Guiabolso case, it seems that the security restrictions imposed by Bradesco were not regarded as an autonomous market competition parameter, at least not in the exact terms of the product design developed by Bradesco. The notion that customers’ safety could be guaranteed by other alternatives that were less harmful to competition seems to have played a decisive role in the case. This thinking though also pervades the product design evaluation from a competitive perspective.
IV. FINAL REMARKS
Assessing restrictions on data portability and interoperability as antitrust violations requires more than the categorical thinking that traditionally guides abuse of dominance. Depending on how these restrictions occur, they could be needlessly confused with exclusivity agreements, discriminatory practices, or refusals to deal. Putting the practices into these old boxes may be of little value to antitrust authorities.
The real critical choices to be made by antitrust authorities when imposing remedies blur the limits of the intervention over the design of digital products. Agencies should be cautious in cases where enforcing interoperability is of little use in enhancing competition. However, when ease design solutions are available, condemning unilateral conducts may be a particularly interesting way to foster both competition and data protection goals in digital markets.
[1] Commissioner of the Administrative Council for Economic Defense (“CADE”) in Brazil and professor of Competition Law at the Brazilian Institute for Teaching, Development and Research (“IDP”). The author holds a Ph.D. Degree in Commercial Law from the University of São Paulo (“USP”). The author’s opinions should does not represent the official positions of the institutions mentioned.
[2] For a comprehensive review of reports on competition policy in the digital economy, see Filippo Lancieri & Patricia Morita Sakowski, Competition in Digital Markets : A Review of Expert Reports, 26 Stanford Journal of Law, Business & Finance 65–170, 97–98 (2021) (showing that “multiple reports argue that lower privacy protections and increases in data collection are important forms of non-price competition that must be considered by antitrust regulators.”
[3] Erika M Douglas, The New Antitrust/Data Privacy Law Interface, 2280 The Yale Law Journal Forum 647–684, 658 (2021)
[4] Francisco Costa-Cabral & Orla Lynskey, Family ties: The intersection Between Data Protection and Competition in EU law, 54 Common Market Law Review 11–50, 21–22 (2017) and Maria Wasastjerna, Competition, Data and Privacy in the Digital Economy: Towards a Privacy Dimension in Competition Policy? 139 (Kluwer Law International) (2020).
[5] Maurice E. Stucke, Breaking Away: How to Regain Control Over Our Data, Privacy and Autonomy 157–165 (Oxford University Press) (2022) (discussing data portability, data openness, open standards and increased inter-operability as complementary policies to promote the flow of personal data in digital markets).
[6] Organization for Economic Co-operation and Development – OECD, Data Portability, Interoperability and Digital Platform Competition 28 (OECD Publishing) (2021).
[7] Stigler Committee on Digital Platforms, Stigler Committee on Digital Platforms Final Report 117 (Stigler Center for the Study of the Economy and the State) (2019); Competition and Markets Authority – CMA, supra note 2, at 24. See also Augmenting Compatibility and Competition by Enabling Service Switching (ACCESS) Act, H.R. 3849, 117th Cong. (2021)
[8] Administrative Council for Economic Defense (“CADE”). Cade, MPF, ANPD e Senacon recomendam que WhatsApp adie entrada em vigor da nova política de privacidade. Available at https://www.gov.br/anpd/pt-br/assuntos/noticias/cade-mpf-anpd-e-senacon-recomendam-que-whatsapp-adie-entrada-em-vigor-da-nova-politica-de-privacidade.
[9] For a review of CADE’s case law, see Victor Oliveira Fernandes, Direito da Concorrência das Plataformas Digitais: entre abuso de poder econômico e inovação 170–171 (Revista dos Tribunais) (2022).
[10] John M Newman, Antitrust in Zero-Price Markets: Applications, 94 Washington University Law Review , 72–73 (2016).
[11] Samson Y. Esayas, Competition in (data) privacy: ’zero’-price markets, market power, and the role of competition law, 8 International Data Privacy Law 181–199, 181 (2018) (“market power may be exerted by reducing the level of data privacy“).
[12] Jason Furman et al., Unlocking Digital Competition: Report of the Digital Competition Expert Panel 42 (2019).
[13] Viktoria H.S.E. Robertson, Excessive Data Collection: Privacy Considerations and Abuse of Dominance In The Era of Big Data, in Common Market Law Review, 1, 57 , 2020, pp. 161–190.
[14] Eduardo Pontual Ribeiro & César Mattos, The Brazilian Experience with Excessive Pricing Cases: Hello, Goodbye, Excessive Pricing and Competition Law Enforcement 173–188 (2018) (arguing that the non-autonomous nature of exploitative abuses infringements or its legal inefficacy led its removal as an abuse of dominance violation under the Law no. 12,529/2011).
[15] Organization for Economic Co-operation and Development – OECD, supra note 5, at 25–27 and Stigler Committee on Digital Platforms, supra note 6, at 43.
[16] Steven C. Salop, The Raising Rivalss Cost Foreclosure Paradigm, Conditional Pricing Practices and the Flawed Incremental Price-Cost Test, 81 Antitrust Law Journal 371–421, 392 (2017) (“A firm can achieve, enhance, or maintain monopoly power by raising the costs or restricting the output of rivals that remain viable, whether or not the rivals are able to reach the [Minimum Efficient Scale] MES level of output”).
[17] Daniel L Rubinfeld & Michal S Gal, Acess Barriers to Big Data, 59 Arizona Law Review 339–381, 366 (2017).
[18] Organization for Economic Co-operation and Development – OECD, Abuse of Dominance in Digital Markets 42 (OECD Publishing) (2020).
[19] Michael L. Katz, Exclusionary Conduct in Multi-Sided Markets, OCDE Rethinking Antitrust Tools for Multi-Sided Platforms 101–130, 114–115 (2018).
[20] Wolfgang Kerber & Heike Schweitzer, Interoperability in the Digital Economy, 8 Journal of Intellectual Property, Information Technology and E-Commerce Law 38–58, 51–52 (2017).
[21] Jan Krämer, Personal data portability in the platform economy: economic implications and policy recommendations, 17 Journal of Competition Law & Economics 263–308 (2022) (assessing data portability as a solution for lowering switching costs in networks markets).
[22] Stucke, supra note 5, at 162–163.
[23] Chris Riley, Unpacking Interoperability in Competition, in Journal of Cyber Policy, 1, 5, 2020, pp. 94–106 (discussing six different ways in which interoperability implies opportunities to promote or to impede competition); Organization for Economic Co-operation and Development – OECD, Data Portability, Interoperability and Digital Platform Competition, 2021, p. 22-24.
[24] Competition and Markets Authority – CMA, supra note 7, at 370.
[25] Stucke, supra note 5, at 163–165 (assessing the relevance of data openness for enhancing competition).
[26] Kerber & Schweitzer, supra note 20, at 51–52.
[27] Organization for Economic Co-operation and Development – OECD at 22 and Amelia Fletcher, Digital Competition Policy: Are Ecosystems Different?, OECD Hearing on Competition Economics of Digital Ecosystems , 4 (2020).
[28] Gabriel Nicholas & Michael Weinberg, Data Portability and Platform Competition: is user data exported from Facebook actually useful to competitors?, NYU School of Law Engelberg Center on Innovation Law and Policy (2019).
[29] Competition and Markets Authority – CMA, supra note 7, at 370.
[30] Nicholas & Weinberg, supra note 28, at 18.
[31] Filippo Lancieri & Caio Mario da Silva Pereira Neto, Designing remedies for digital markets : the interplay between antitrust and regulation, 1 Journal of Competition Law and Economics 1–57 (2021).
[32]Administrative Council for Economic Defense (CADE). Administrative Process nº 08700.005694/2013-19. Rapporteur vote of Commissioner Maurício Oscar Bandeira Maia (SEI no. 0628841), 2019.
[33] GILBERT, R. J. U.S. Federal Trade Commission Investigation of Google Search (2013). SSRN Electronic Journal, v. 1, n. 1, p. 2, 2017.
[34] CADE, supra note 38, paragraphs 123-124.
[35] CADE, supra note 38, paragraphs 125.
[36] Administrative Council for Economic Defense (CADE). Administrative Process nº 08700.004201/2018-38. Nota Técnica n°17/2019/CGAA2/SGA1/SG/CADE (SEI no. 0591539).
[37] Administrative Council for Economic Defense (CADE). Administrative Process nº 08700.004201/2018-38. Nota Técnica n° 22/2020/CGAA2/SG/CADE (SEI no. 0816090), paragraph 19.
