Big Data: Italian Authorities Published Guidelines and Policy Recommendation on Competition, Consumer Protection, and Data Privacy Issues

By Gabriele Accardo and Maria Rosaria Miserendino


On July 10, 2019, the Italian Competition Authority (“ICA”), the Authority for the Communications Guarantees (“AGcom”), and the Authority for the protection of personal data (the “DPA”, jointly the “Authorities”) published guidelines and policy recommendations for big data (“Guidelines” available here, only in Italian for the time being).

The Guidelines follow the inquiry opened jointly by the three Authorities in May 2017 aimed at a better understanding of the implications that developments in the digital economy have for privacy, regulation, antitrust, and consumer protection. The final report of the three Authorities will be published shortly.

This Article points out the main takeaways of the Guidelines in terms of the impact that big data may have on antitrust enforcement, including its interaction with privacy and consumer protection issues.



The use of big data is increasingly having a significant impact on the economy, and more generally on the entire society. Despite its positive consequences for companies and consumers, the use of big data also entails risks in terms of competition/consumer protection, data protection, and the pluralism of information. Indeed, access to a huge volume of data by (a small number of) large digital companies may give rise to “market power.”

Furthermore, the use of such an amount of information may increase privacy protection risks, owing to a lack of transparency and information asymmetry.


Big data and antitrust enforcement

The Guidelines clarify that antitrust enforcement of abusive conducts and anticompetitive agreements in the digital space is a priority for the ICA.

It appears that the ICA is willing to run the risk of “over-enforcement” if otherwise, a lack of enforcement may discourage innovation.

In this connection, the Guidelines anticipate that, in the light of the fact that digital players are often active in several markets, the way markets are defined to assess market power may need to take into account other criteria. Otherwise, there might be the risk that certain digital ecosystems may not be contestable due to their entrenched market power. The ICA’s approach appears somewhat in line with the one proposed in the European Commission report–it appears that, in such instances, more emphasis should be put on theories of harm and identification of anticompetitive strategies rather than on the market definition itself.[1]

Furthermore, the traditional antitrust analysis applied to “prices” and “output” should be extended to parameters such as “innovation,” “quality” and “fairness.”

In relation to the dominant position of such digital players, the Guidelines anticipate that the report will address two main issues: network effects that may increase the market power, and the obligation to grant data access where the data are considered indispensable and non-duplicable.

The ICA is currently carrying out two investigations against Amazon[2] and Google[3] that may test some new grounds. Specifically, the ICA is investigating whether Amazon discriminates on its e-commerce platform in favor of third-party merchants who use Amazon’s logistics services. Additionally, the ICA is assessing whether Google allegedly refused to integrate the app “Enel X Recharge” into its Android Auto environment.

The Guidelines further point out the risks of collusion in the context of price algorithms, as well as in agreements concerning the development of smart cities and the Internet of Things such as, for instance, those relating to the joint implementation and sharing of 5G networks.

Interestingly, the Guidelines also highlight the risk of illegal exchange of information among competitive companies in the cybersecurity sector, insofar as such agreements may restrict–by object or by effect–the cybersecurity of products for companies or end consumers.

Finally, the Guidelines envisage the necessity to review the merger control rules, in order to allow the assessment of transactions which currently do not reach the notification thresholds but may restrict potential competition and affect innovation, particularly as a result of the acquisition of data.

Indeed, most recently in the Apple/Shazam[4] case, the European Commission analyzed in-depth data-related issues with a specific focus on the assessment of data as input, the definition of the market, and the interconnection between competition and data privacy.



Big data and consumer protection: unfair commercial practices


First, the Guidelines also clarify that the Authorities shall seek to ensure better consumer protection, notably by reducing the information asymmetry between consumers and digital companies. More precisely, the Authorities should advocate for full transparency on the use of data and the necessity to transfer them from one platform to another. This is relevant especially for the use of certain apps where there is an inverse relationship between the price of the apps (often “free”) and the amount of data transferred.

In recent years, the ICA has tackled certain data-related issues under the unfair commercial practices rules. For instance, in the Facebook case[5], the ICA held that Facebook did not inform users adequately and immediately during the activation of their accounts of the collection and use of their data for commercial purposes. Moreover, the use of the social network was made subject to users granting their consent to the collection and use of all the information concerning them (information from their personal Facebook profiles, those deriving from the use of Facebook and from their own experiences on third-party sites and apps), in an unconscious and automatic way. The ICA also enforced the consumer protection rules in the WhatsApp case[6] which raised similar issues (see previous coverage in Newsletter No 3/2017, pages 30-34, for more background).

In this connection, the Guidelines stress that transparency is also a very relevant issue in B2B relationships, since transparent disclosure of the criteria used for the analysis and processing of data is important, for instance in relation to ranking and visibility in platforms. It is also relevant because of the goal of allowing the entrance of new intermediaries that can compete with the global platforms.

The European Commission has recently opened an investigation to assess whether Amazon’s use of competitively sensitive data from independent retailers who sell on its marketplace is in breach of EU competition rules. In a separate investigation, the Commission is assessing whether certain banks’ practices in Poland and the Netherlands may be in breach of the EU competition rules, insofar as they appear to be aimed at illegitimately excluding fin-tech players (i.e., non-bank providers of financial services) from accessing customers’ account data, despite the fact that customers have given their consent to such access.



Digitalization is having a huge and lasting impact on the economy, society, and daily life.

Like most authorities across Europe, the Italian Authorities have also been carefully studying the digital sector, and have considered possible changes in regulations, methodologies, and criteria to assess the conduct of companies and emerging issues in the digital economy.

The Authorities have envisaged some action points which will likely be at the center of the debate in the coming months.

It appears rather clear that antitrust and consumer protection issues will increasingly intersect with other important areas, most notably privacy rules.

In order to face these challenges, it is paramount to implement the cooperation among Authorities with the goal of bringing about effective enforcement and better consumer protection without stifling innovation.

[1] Competition Policy for the Digital Era, 2019

[2] See ICA’s decision in case A528 Amazon, of 16 April 2019.

[3] See ICA’s decision in case A529 Google, of 17 May 2019.

[4] See Commission decision in Case M.8788 Apple /Shazam, of 6 September 2018.

[5] See ICA’s decision in case PS 11112 Facebook, of 7 December 2018.

[6] See ICA’s decision in case PS WhatsApp, of 11 May 2017.