Big Data: Italian Authorities Launch Inquiries on Competition, Consumer Protection and Data Privacy Issues

By Gabriele Accardo

On 30 May 2017, the Italian Competition Authority, the Italian Data Protection Authority and the Communications Authority opened a joint inquiry on “Big Data”.

 

Sector Inquiry

The joint sector inquiry by the Italian Competition Authority, the Italian Data Protection Authority and the Communications Authority will focus, respectively, on potential competition and consumer protection concerns, data privacy, as well as on information pluralism within the digital ecosystem.

First, based on the assumption that the collection of information and its use through complex algorithms have a strategic role for firms, especially for those offering online platforms, which use the collected data to create new forms of value, the inquiry will thus assess whether, and under which circumstances, access to “Big Data” might constitute a barrier to entry, or in any case facilitate anticompetitive practices that could possibly hinder development and technological progress.

Secondly, the use of such large amounts of information may create specific risks for users’ privacy given that new technologies and new forms of data analysis in many cases allow companies to “re-identify” an individual through apparently anonymous data, and may even allow them to carry out new forms of discrimination, and, more generally, to possibly restrict freedom.

A further risk for the digital ecosystem is linked to how online news is now commonly accessed. In fact, digital intermediaries employ users’ information forms of profiling and the definition of algorithms, which in turn, are able to affect both the preservation of the net neutrality principle, and the plurality of the representations of facts and opinions.

It may be expected that while the inquiry will focus on certain specific businesses (typically platforms-related), the authorities may send requests for information to all businesses that collect and make significant use of customer/user data.

Relatedly, on 10 May 2016, French and German Competition Authorities published their joint report on competition law and Big Data. Separately, the French Competition Authority announced the launch of a full-blown sector inquiry into data-related markets and strategies.

In recent months, data-related issues have been at the core of specific investigations by the Italian Competition Authority (against Enel, A2A and ACEA for an alleged abuse of dominance, and against Samsung and WhatsApp for unfair commercial practices), and the Italian Data Protection Authority (against WhatsApp), showing that Italian authorities are getting ready for the challenges that the data-driven economy brings.

 

Enel, A2A, and ACEA, ongoing investigations on alleged abuse of dominance

On 11 May 2017, following a complaint by the association of energy wholesalers, the Italian competition Authority (“ICA”) raided the business premises of Enel, A2A and ACEA in order to ascertain whether the energy operators may have abused their dominant positions in the electricity market in order to induce their respective customers (private individuals and small businesses) to switch to their market-based electricity contracts.

In particular, according to the ICA, each energy operator may have used “privileged” commercial information (e.g., contact details and invoicing data) about customers eligible for regulated electricity tariffs (so-called Servizio di maggior tutela), which was held in the capacity as incumbent operator(s) (at national level for Enel, and in the Milan and Rome areas for A2A and ACEA, respectively), as well as its dedicated business infrastructure to sell its market-price electricity supply contracts to private individuals and small business customers.

Enel may have also misled consumers by stating that it would be able to guarantee a more secure energy supply than Green Network in order to win-back “former” customers, and thus induce them to choose its contracts.

The investigation is similar to the one recently concluded by the French Competition Authority against energy operator Engie, which resulted in a fine of Euro 100 Million.

Interestingly, both investigations in Italy and France raise issues similar to those addressed in September 2015 by the Belgian Competition Authority against the Belgian National Lottery. The Belgian Authority held that the Belgian National Lottery used personal data acquired as a public monopoly to the market its new product Scooore! on the adjacent sports betting market. The Belgian Competition Authority found that such conduct constituted an abuse of dominance insofar as the information used by the infringer could not be replicated by its competitors in a timely and cost-effective manner.

 

Samsung – unfair commercial practices

On 25 January 2017, the Italian Competition Authority (“ICA”) levied a 3.1 Million Euro fine on Samsung in relation to two unfair commercial practices related to the marketing of its products, one of which concerned the forced transfer of personal information for marketing purposes.

In essence, Samsung promoted the sale of its electronic products by promising prizes and bonuses (e.g. discounts, bonus on the electricity bill, and free subscription to a TV content provider) to consumers. However, contrary to what the advertising promised, consumers could not get the prize or bonus when buying the product, but could only receive it at a later stage, following a complex procedure that was not advertised, but was only made available in the Terms and Conditions and to consumers who registered on Samsung People online. Besides, consumers were repeatedly requested to provide documents over and over again.

The ICA also found the practice of making discounts conditional upon registering with the company’s digital platform and giving consent to the processing of their data unfair and aggressive, insofar as consumers could not get the promised prize or bonus without giving their consent to the commercial use of their personal data, which were used by Samsung for purposes unrelated with the promotional offer of the product itself. The ICA thus found that the data requested by Samsung were irrelevant and unrelated to the specific promotion in question.

 

WhatsApp – unfair commercial practices and privacy issues

On 11 May 2017, the Italian Competition Authority (“ICA”) levied a 3 Million Euro fine against WhatsApp for having illegally forced its users to accept its new Terms of Use, and ultimately to share their personal data with Facebook.

This is yet another case concerning the forced transfer of personal information for marketing purposes, which followed the same lines of the Samsung case.

Preliminarily, the ICA held that data is a form of information asset, and that an economic value can be attached to it (e.g., Facebook would in fact be able to improve its advertising activity with more data). The ICA further found that a commercial relationship exists in all instances where a business offers a “free” service to consumers in order to acquire their data.

On that premise, according the ICA, WhatsApp induced users of its WhatsApp Messenger service to believe that without granting consent to share their personal data with Facebook, they would have no longer been able to use the service, in breach of the Italian rules on unfair commercial practices. In particular, the ICA held that users were actually forced de facto to accept in full the new Terms of Use of WhatsApp insofar as:

  • an in-app procedure for obtaining the acceptance of the new Terms of Use emphasized the need to subscribe to the new conditions within the following 30 days or lose the opportunity to use the service;
  • users were not provided with adequate information on the possibility of denying consent to share with Facebook their personal data on WhatsApp account;
  • the option to share the data was pre-selected (opt-in) so that, while users could in fact have chosen not to give their assent to the data sharing and still continue to use the service, such a possibility was not readily clear and in any event users should have removed the pre-selected choice;
  • finally, once the Terms of Use were accepted in full, it was extremely difficult to effectively opt-out option.

During the investigation, WhatsApp offered a set of remedies, but this offer was rejected by the ICA, based on the fact that, as a result of the methods used by WhatsApp to obtain customers’ consent to transfer their data to Facebook, the practice could be characterized as overtly unfair and aggressive, and as such deserved a fine (in any case WhatsApp halted the practice of sharing data with Facebook in light of ongoing discussions with national data protection agencies in Europe).

Interestingly, while the ICA decision is based on consumer protection grounds, last year the German Federal Cartel (FCO) Bundeskartellamt launched an investigation into similar conducts by Facebook, WhatsApp’s mother company, based on competition law grounds. Specifcally, the investigation was based on suspicions that with its specific terms of service on the use of user data, Facebook may have abused its alleged dominant position in the market for social networks. In particular, the presence of excessive trading conditions is the underlying theory of harm for the investigation launched by the FCO. In particular, the FCO is assessing whether Facebook’s position allows it to impose contractual terms that would otherwise not be accepted by its users.

Yet, consumer, competition law, and privacy considerations appear entangled in such cases, as shown by the investigation that Italian Data Protection Authority launched against WhatsApp in parallel with the ICA.

In fact, on 27 September 2016 the Italian Data Protection Authority took issue with the changes introduced by WhatsApp, this time in its Privacy Policy, which would have allowed WhatsApp to pass on to Facebook information on WhatsApp users’ accounts also for marketing purposes.

It is understood that while the investigation is still ongoing, the Italian Data Protection Authority requested WhatsApp and Facebook to provide information in order to assess the case thoroughly. In particular, the two companies were asked detailed information on:

  • data categories that WhatsApp would like to make available to Facebook;
  • arrangements that are in place to obtain users’ consent to disclose their data;
  • measures that have been taken to enable exercise of users’ rights under Italy’s privacy legislation, since the notice given to users on their devices would appear to only allow withdrawing consent and objecting to data disclosure for a limited period.

In addition, the Italian Data Protection Authority is seeking to clarify whether the data of WhatsApp users that do not use Facebook will be also disclosed to that company, insofar as no reference to marketing purposes was in the information notice provided initially to WhatsApp users.

 

Conclusion

Businesses are moving fast to figure out how to best harness the wealth of consumer’s data and make good commercial use of it. Authorities around the globe are putting together their toolkits to address emerging issues in the data-driven economy.

In this cops and robbers game, it appears clear that businesses are struggling to understand which set of rules may apply to their business models, either because there are multiple laws that could potentially apply or because the rules are indeed not readily foreseeable or clear. Obviously, if the same conduct can be caught from many angles, then there is something wrong that need to be addressed, if that can stifle innovation.

That said, the message for businesses sent by these mushrooming initiatives in Europe and around the world is clear: consumers’ freedom to choose whether or not to allow their data to be transferred to parties intending to use this information in order to generate a profit from it should be and will be protected. Enforcers will tackle conduct that unduly influences consumers’ ability to take informed and free decisions.

Advertisements