No less than seven out of world’s ten most valuable companies have data (and privacy) at the heart of their business model. Competition authorities across the globe are considering the role of this (big) data in merger control procedures. Over the last year, the EC has set new ground rules by virtue of its much-debated new Article 22 referral policy - broadening its ability to review mergers - and its biggest EU merger review decision in the data space so far, Google/Fitbit, which was cleared subject to conditions this time last year. In our contribution to GCR’s Digital Markets Guide 2021 “Data and Privacy in EU Merger Control” , we analyse these developments in detail. Here are five key takeaways:
1. Data features increasingly in merger review in a variety of sectors
As nearly every business collects and uses data, all mergers involve some form of data. The importance of that data varies however between markets and in merger control policy, data concerns are focused on markets where data is: (1) the product or a significant input or (2) strengthening the market power of the merged party. These concerns are not sector specific, because technological developments such as the rise of the IoT and AI affect many markets. Going forward data will therefore feature more heavily in the review of transactions in a wide variety of sectors.
2. Competition authorities looking for ways to review more deals in data-intensive markets
The concern that too many potentially harmful acquisitions of fast-growing, high-value firms with limited turnover in data-intensive markets fail to meet traditional turnover-based jurisdictional merger review thresholds, has led competition authorities to experiment with various approaches to capturing such deals for review.
Germany and Austria have added transaction value-based thresholds but they have only had limited effect in practice, while the success of the EC’s new Article 22 referral policy remains to be seen pending the Illumina test case. But one thing is certain: competition authorities are determined to find ways to review more deals in data-intensive markets.
3. A ‘quasi-horizontal’ theory of harm re data
The most striking aspect of the Google/Fitbit decision was the EC’s treatment of potential ‘horizontal’ effects from the merger that would strengthen Google’s market power in digital advertising, even though: (1) neither Fitbit nor Google made their data available to third parties, (2) Fitbit’s data was complementary, rather than substitutable to Google’s data and (3) Fitbit was not considered a potential entrant in the downstream market for digital advertising.
Based on this assessment the EC established a new ‘quasi-horizontal’ theory of harm, whereby acquiring complementary data can also strengthen an entity’s market power. This raises three important questions for merger control in data-intensive markets:
- Should relevant markets for such ‘untraded’ data be defined, and if so, how?
- Which conditions will give rise to such ‘quasi-horizontal’ concerns?
- How should post merger efficiencies be quantified and balanced against any such concerns?
In our contribution, we explain how these questions touch upon core steps in a traditional merger review process, in particular in relation to the burden of proof on both the authority and the undertakings concerned.
4. A new approach to the design of merger commitments.
In Google/Fitbit, the EC accepted a ‘data silo’ remedy in response to response to its quasi-horizontal theory of harm. Google committed to hold Fitbit’s health and fitness data separate from Google’s advertising business for an initial period of ten years. Such long term remedies will require ongoing monitoring by trustees.
While the EC has previously accepted “hold separate remedies” to address bundling concerns, using them to address (quasi-)horizontal concerns in relation to data is new. This precedent might set the scene for a more regular use of such “de facto structural remedies” (as coined by Commissioner Vestager) in future mergers involving the combination of complementary data sets. But when it comes to competing data sets, the EC’s recent conditional clearance of S&P’s takeover of IHS Markit (two important financial data providers), has shown that actual divestment remedies are still preferred.
Additionally, while not new as such, the EC’s choice to use mandatory access commitments to address its data access concerns, stands in stark contrast to the view of other major competition regulators, e.g. in Australia and the UK, who reject them as too behavioural and complex to properly monitor.
5. The role of privacy and data protection rules in merger reviews
Google/Fitbit has also shed significant light on the role of data protection rules in merger control review:
- The EC has significantly limited the relevance of privacy as a potential parameter of competition - underlining that commercial decisions concerning privacy would be subject to the GDPR, which “provides a high standard of privacy and data protection . . . and leaves little room for differentiation”.
- The EC assumes that data sets can be lawfully combined under data protection laws - sending a clear message to merging parties not to use data protection law constraints as a defence against competition concern allegations around the combination of data sets.
- Available remedies are limited by the need to comply with GDPR - it is the merging parties’ responsibility to ensure that any data access or interoperability remedies comply with data protection laws. Where personal data is involved this can limit the options for offering remedies as otherwise practical solutions.