By Maria E. Sturm
On July 18, 2019, the EU Commission, the European antitrust supervisory body, fined Qualcomm Inc. for using predatory prices between 2009 and 2011. The EU Commission argued as follows:
- It explained that Qualcomm had a dominant position in the world market. This dominance is based on:
- Its market share of 60% and
- The high entry barriers: competitors are confronted with significant initial investments for research and development in this sector, as well as with obstacles regarding intellectual property rights.
- While it is not illegal to hold a dominant position, the EU Commission accuses Qualcomm of abusing such a position by using predatory prices for UMTS-chip sets. To prove this, the EU Commission used a price-cost test for the chipsets in question. In addition, it claimed to have qualitative evidence for anti-competitive behavior. Qualcomm used this problematic pricing policy when its strongest competitor, Icera, tried to expand on the market in an effort to hinder Icera from building up its market presence.
- Finally, the EU Commission argues that Qualcomm’s behavior could not be justified by potential efficiency gains.
This Commission decision is the latest, but presumably not the final point of a long case history. Already in 2015, the Commission has initiated a formal investigation and issued Statements of Objections against Qualcomm. In 2017, the Commission requested further information from Qualcomm. As Qualcomm did not respond to this request, the Commission made a formal decision which Qualcomm claimed to be void. Qualcomm filed for annulment of the decision and an application for interim measures. The latter was dismissed on July 12, 2017. Art. 278 TFEU establishes the principle that EU actions do not have a suspensory effect, because acts of EU institutions are presumed to be lawful. Thus, an order of suspension or interim measures is only issued in exceptional circumstances where it is necessary to avoid serious and irreparable harm to the applicant’s interests in relation to the competing interests. The cumulative requirements are:
- The applicant must state the subject matter of the proceedings.
- The circumstances must give rise to urgency.
- The pleas of fact and law must establish a prima facie case for the interim measures.
Qualcomm mainly brought forward two arguments for the urgency of the matter:
- The amount of work and cost for answering the questions would be too burdensome. In response, the Court stated that the damage would be only of a pecuniary nature. Such damage normally is not irreparable, because it can be restored afterwards. Qualcomm did not argue that its financial viability would be jeopardized before the final judgment would be issued, that its market share would be affected substantially, or that it was impossible to seek compensation.
- The enormous amount of work for the employees of the financial department would make it impossible for them to perform their regular tasks. However, Qualcomm mentioned itself that the burden would weigh particularly heavily on a limited number of employees in the financial department only. The Court held that if only some employees of only one department would be affected, the argument is not strong enough to justify urgency.
The latest decision in this case was issued on April 9, 2019, about Qualcomm’s claim for annulment. Qualcomm brought forward six pleas against the EU Commission, but all of them were dismissed:
- Infringement of the obligation to state reasons.
According to relevant case law, statements of reasons must be appropriate to the measure at issue and must disclose the reasons clearly and unequivocally. The Commission must show that the request is justified. The undertakings concerned must be able to assess the scope of their duty to cooperate and their right to defense must be safeguarded. However, the EU Commission is not obliged to communicate all information at its disposal, as long as it clearly indicates the suspicions. Since the Commission clearly indicated the products and the customers involved, as well as the suspicions of infringement, it fulfilled its obligation to state reasons.
- Infringement of the principle of necessity.
There must be a correlation between the request for information and the presumed infringement and the Commission must presume reasonably that the information will help determine whether the alleged infringement has taken place. Qualcomm accused the Commission of having expanded the scope of the investigation and contended that the required information was not necessary. Concerning the first point, Qualcomm mainly referred to the Statement of Objections and said the Commission must terminate its preliminary investigations before issuing such a document. However, according to the Court, the Statement of Objections is only procedural and preliminary, the Commission is thus free to continue with fact-finding afterwards. Concerning the second point, the Court grants the Commission broad powers of investigation, including the assessment of whether information is necessary or not. In particular, the Commission needed the information required from Qualcomm to avoid factual errors in calculating the price-cost test. The Commission had to request the information to keep up with its obligation to examine carefully and impartially.
- Infringement of the principle of proportionality.
Qualcomm argued that the information requested was disproportionate, because it was not legally obliged to keep documents for longer than three and a half years and that they did not organize their documents systematically. Here, the Court said that at least from the moment when Qualcomm learned about the Commission’s investigation, it should have been more careful and should have kept documents. Moreover, undertakings who keep their documents in an organized and systematic order cannot be penalized for that. Therefore, the unsystematic organization falls under Qualcomm’s responsibility. Furthermore, a significant workload is not per se disproportionate. One must consider it in relation to the investigated infringement. An alleged predatory pricing requires complex analyses of a large amount of data and is not disproportionate because of its nature.
- Reversal of the burden of proof.
This plea is, according to the Court, based on a misreading. Qualcomm was asked to neither audit financial accounts nor prove that they have conducted their business in accordance with the law. Rather, it was only asked to issue information for the Commission to conduct the price-cost test and internal documents pertaining to the relevant period.
- Infringement of the right to avoid self-incrimination.
Qualcomm claims that the Commission’s requests were beyond the scope of simply providing information. According to Regulation No 1/2003, undertakings cannot be forced to admit that they have committed an infringement, but they are obliged to answer factual questions and to provide documents, even if this information may be used to establish against them. Therefore, they do not have an absolute right of silence. On the contrary, in order to ensure the effectiveness of Regulation No 1/2003, the Commission is entitled to request all necessary information concerning relevant facts to prove the existence of anticompetitive conduct.
- Infringement of the principle of good administration.
Qualcomm claimed the required information was excessive and that the Commission abused its investigative power by prolonging a flawed investigation. According to the relevant case law, the principle of good administration requires EU institutions to observe the good guarantees afforded by the legal order. Those guarantees include the duty to examine carefully and impartially all the relevant aspects of the individual case. Here, the Court held that the Commission requested the information in question precisely to comply with its duty to examine carefully and impartially the arguments put forward by Qualcomm regarding the Statement of Objections.
On June 18, 2019, Qualcomm lodged an appeal for the annulment of the General Court’s judgment. The case is to be continued.
By Maria E. Sturm
The EU Commission, which is in charge of ensuring the application of the EU principles of competition, has fined Google for breaching Articles 101 and 102 of the Treaty on the Functioning of the European Union. It found that Google abused its market dominance to restrict search advertising.
The Commission Decision of March 2019 in Detail
Many websites, such as newspaper websites, have embedded search functions. Search results normally include advertisements. Google’s service AdSense for Search works as an intermediary between advertisers and websites. With a market share of over 70% from 2006 to 2016, the EU Commission regards it as dominant in this market.
As competitors cannot sell advertising space on Google’s own search engine result pages, it is crucial for them to get access to third-party websites to compete with Google. However, the EU Commission reviewed a substantial number of individually negotiated contracts between Google and publishers and found that they contain clauses that abusively restrict third-parties’ access to the market. These clauses are:
- “Exclusivity” clauses: publishers were prohibited from placing competitors’ adverts on their search result pages.
- “Premium Placement” clauses: publishers had to reserve the most profitable space for Google’s adverts.
- “Control” clauses: publishers had to inform Google before changing the placement of competitors’ adverts, which gave Google control with regard to interest and number of clicks for competitors’ adverts.
The EU Commission emphasizes that it is not forbidden to have a dominant position in the relevant market. However, it is forbidden to misuse this position. Google has a large market share and, according to the EU Commission, entry barriers to the market are high, due to the substantial investments new competitors must make. The above-mentioned clauses further exacerbate the situation. The clauses led to market restrictions that harmed consumers and competitors without creating efficiencies that would justify Google’s approach. The fine of 1.49 billion is based on 1.29% of Google’s turnover in 2018.
History: Google already fined in 2017
In June 2017, the EU Commission fined Google € 2.42 billion for giving an illegal advantage to its comparison shopping service. Google had a dominant position, as its search engine’s market share exceeded 90% EU-wide for nearly ten years. According to the Commission, market entry barriers are high due to network effects: the more users, the more attractive a search engine is to advertisers. Moreover, the more data the service generates, the better it can optimize its results. As already explained above, it is not forbidden to reach a dominant position, but it is forbidden to abuse it. General search engines and comparison shopping services belong to two different markets. Google used its dominant position in the former as leverage in the latter. For example, Google systematically placed its own comparison shopping service first among the search results, even if this was not how its own search algorithm would have ordered the results. Google also placed its major rivals’ services ‘artificially’ lower in the search results. Consumer behavior has shown that the entry rank – not the quality of the results – decides who receives the most clicks. The most relevant results receive less clicks when they are placed lower on the search results page. The order of search results are even more important on mobile devices, as they have much smaller screens than a computer.
Critique and open questions
As we can see, the EU Commission regarded Google as dominant in the relevant markets and applied the same criteria in both cases. However, some legal scholars have questioned whether the criteria commonly used in antitrust law really fit in the new internet economy. In particular, critics have scrutinized the idea of the dominant position in the relevant market:
- Relevant Market
To be able to confirm that a company has a dominant position, we must first define the relevant market. This can be difficult with regard to online platforms, as online markets are much harder to delineate. One could even argue that online markets bring more good than harm to consumers, because they significantly reduce transaction costs. In addition, the SSNIP test does not work in this economic area, as services are often offered free of charge. Additionally, SSNIP does not consider network effects. Apart from the difficulties in defining the market with regard to content, the geographical definition is challenging, too. Can the market be limited to one nation just by the language criterion? Should we consider that the internet works globally, with English as the international language? In particular, with the improvement of translation programs, language becomes less important as real barrier. A dominant position worldwide is much more difficult to reach and to prove.
- Dominant Position
Users have no contract with Google. In addition, users do not feel the same commitment to stay as they do with social media platforms. Finally, it is crucial to keep in mind the dynamics of the digital economy: monopolies can fail quicker than one might think, and even a market share of 90% is no guarantee of market dominance over the long-run. On the contrary, internet monopolies are primarily known as “contestable monopolies”. Some authors even argue – contrary to the EU Commission – that it is simply impossible to reach a dominant position in the internet economy, for the following reasons:
- Users can easily substitute services such as search engines
- Cost of substitution is low (nearly zero)
- Market entry barriers are low, because a new competitor does not need a lot of infrastructure to set up a new webpage or develop a new app
From my point of view, it is too early to decide where developments in the internet economy will take us. The EU Commission has to make decisions for today, not for the future. However, when applying established antitrust theories to the internet economy, one must pay particular attention to whether these antitrust theories are achieving the same goals in the context of the internet.
 Hoffer/Lehr, Online Plattformen und Big Data auf dem Prüfstand – Gemeinsame Betrachtung der Fälle Amazon, Google und Facebook, NZKart 2019, 10 (12).
 Ibid. 15
 Brauneck, Google: Machtmissbrauch marktbeherrschender Stellung durch Suchmaschinenbetrieb?, GRUR Int. 2018, 103 (104).
 Ibid. 107.
 Ibid. 108.
The European Commission Settles the Long-running Antitrust Case with Gazprom by Agreeing on Commitments
By Kristina Povazanova
After almost seven years, the European Commission (“Commission”) settled its long-running antitrust case with the Russian energy giant, PJSC Gazprom and its wholly-own subsidiary Gazprom Export LLC (“Gazprom”), concerning the abuse of a dominant position according to Article 102 Treaty on the Functioning of the European Union (“TFEU”) that may have hindered the free flow of gas at competitive prices in Central and Eastern European countries (jointly referred to as “CEE”).
On 24 May 2018, the Commission adopted a decision in accordance with Article 9(1) Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty, (“Regulation 1/2003”) making commitments offered by Gazprom legally binding. These are meant to facilitate the integration of CEE gas markets and to enable efficient cross-border gas flow in contrast to alleged abuse of Gazprom’s dominant position on those markets.
Procedural aspects of Gazprom case
From 2011 to 2015, the Commission undertook several investigative measures to assess the situation in CEE gas markets. These included on-the-spot inspections in accordance with Article 20(4) Regulation 1/2003 as well as various information inquiries. On the basis of these investigative steps, the Commission opened formal proceedings with an intention to adopt a decision under Chapter III of the Regulation 1/2003. In its Statement of Objections (“SO”) of 22 April 2015, the Commission came to a preliminary conclusion that Gazprom is a dominant player in CEE markets for the upstream wholesale supply of natural gas, and that it might have abused its dominant position due to three potentially abusive practices:
- Gazprom included territorial restrictions in its gas supply contracts with wholesalers and other customers. These restrictions comprised: 1) destination clauses that obliged wholesalers to use the purchased gas only in a specific territory; and 2) export bans that prevented the free flow of natural gas to other countries. Gazprom required the wholesalers to obtain its approval to export gas to other countries and obstructed the change of location to which the natural gas was being delivered (the so-called gas delivery points). The aim of such restrictions may have been to hinder the integrity of the internal market by supposedly re-instating CEE national borders for the gas flow in exchange for securing Gazprom’s pricing policy in CEE gas markets.
- According to the SO, territorial restrictions went hand-in-hand with an unfair pricing policy in several CEE countries. As a result of these practices, wholesalers were charged prices that were significantly higher than Gazprom’s comparable costs or benchmark prices. This may have been caused by Gazprom’s price formulae that linked the contractual gas prices to oil indexation disregarding prices in European liquid gas hubs.
- Last, but not least, the Commission pointed out that Gazprom leveraged its dominant position in relevant CEE gas markets by stipulating conditions for gas supplies and gas prices in Bulgaria and Poland that were dependent on obtaining unrelated infrastructure commitments, like investments in Gazprom’s pipeline projects (e.g. South Stream project).
It wasn’t long before Gazprom sent its reply to the SO, disputing the Commission’s preliminary assessment. As the world’s largest natural gas reserves holder and exclusive undertaking to export natural gas from Russia, Gazprom’s natural gas exports to Europe reached 194.4 billion cubic meters in 2017. The Commissioner, however, made it clear that all companies that operate in the European market have to comply with EU rules, notwithstanding their status.
Proposal of the First Commitments
To address the Commission’s antitrust concerns, Gazprom proposed the first set of commitments (“First Commitments”) to ensure the free flow of natural gas at competitive prices in CEE gas markets. However, one must bear in mind that Gazprom tried to challenge the Commission from the very beginning. In its First Commitments, Gazprom stated that “this proposal of Commitments does not constitute an acknowledgement that Article 102 TFEU or Article 54 EAA Agreement or indeed any other substantive rule of EU competition law has been breached.”
The First Commitments offered by Gazprom were regarded by the Commission as addressing competition concerns in CEE gas markets. Gazprom addressed all three issues, by ensuring that:
- It will refrain from using and will not introduce in the future any territorial restrictions, such as destination clauses and export bans or any other measures having equivalent effect, in their gas supply contracts, effect of which could be the limitation or prohibition of customer’s ability to resell natural gas supplied by Gazprom or to transfer the natural gas to another territory. With respect to market segmentation and specifically the isolation of Bulgarian gas market, Gazprom offered to change relevant gas supply and gas transport contracts to allow Bulgaria to conclude interconnection agreements with other EU Member States (mainly Greece). This commitment, together with the adjustment of the current gas allocation method, would enable the Bulgarian transmission system operator to gain full control of the gas flow in Bulgaria. In relation to gas delivery points that are considered as crucial for the free flow of gas in CEE gas markets, Gazprom committed to allow its CEE customers to request all or part of their gas volume to be delivered to Bulgaria or Baltic States instead of their delivery points.
- It will introduce the price revision clause in gas supply contracts to address the Commission’s unfair pricing This will apply to customers whose gas supply contracts do not contain a price revision clause. Otherwise, Gazprom committed to amend existing price revision clauses to enable its customers to request the price revision if either the economic situation in the European gas market is subject to change or the price does not reflect current trends and developments at liquid gas hubs in Western Europe. Gazprom proposed that its customers can request such a revision every two years. Importantly, Gazprom agreed that in case of the absence of mutual agreement on the revised price within 120 days, the conflict matter will be referred to arbitration.
- It will allow Bulgarian partners to leave the South Stream project and will refrain from claiming damages on the basis of this cancelation for the initial period of eight consecutive years. This commitment should have addressed the Commission’s concern that Gazprom gained unjustified advantages resulting from stipulating conditions for gas supplies and gas prices in Bulgaria dependent on obtaining unrelated infrastructure commitments.
On 16 March 2017, the Commission invited interested third parties to comment and submit their observation on the First Commitments, pursuant to Article 24(7) Regulation 1/2003. The Commission received forty-four responses from interested third parties that dealt with various aspects of the First Commitments, ranging from technical elements to substantive issues, such as: a) Gazprom’s responsibility for gas quality at entry points to either Bulgaria or changed gas delivery hubs, b) creation of bi-directional basis mechanism between gas delivery points of the Baltic States/Bulgaria and Central/Eastern Europe, or c) methodology behind the fee to be charged by Gazprom for a change of gas delivery point.
In response to these observations, Gazprom submitted a modified version of the First Commitments on 15 March 2018 (“Commitments”). It addressed various minor and major comments. Among the most important modifications, Gazprom agreed to:
- delete the reference that all commitments are only made for the duration of the Commitments;
- remain liable for the gas quality at the entry point to Bulgaria;
- offer the change of delivery points on a bi-directional basis in CEE gas markets;
- remain liable for non-delivery of gas to changed gas delivery points except of force majeure and maintenance;
- reduce the service fee for a swap-like operation including bi-directional flow;
- extend the scope of price revision clause by offering it to new customers as well;
- specify what are the benchmark prices for liquid hubs in continental Europe by listing TTF gas hub in the Netherlands and NCG hub in Germany;
- place the arbitration place for the price revision conflict matter within the EU;
- refrain from bringing any claims related to the South Stream project for a period of fifteen years.
Despite the strong opposition from few CEE Member States (e.g. Poland), the Commission is convinced that the Commitments impose positive forward-looking set of obligations on Gazprom to enable the free flow of gas in CEE gas markets at competitive prices. Their purpose is to bring Gazprom’s market behavior in compliance with EU competition rules and to allow customers to benefit from effective gas competition between various gas suppliers and supply sources. By adopting the decision in accordance with Article 9(1) Regulation 1/2003, the Commission made the Commitments legally binding on Gazprom and any legal entity that is directly or indirectly controlled by Gazprom for the period of eight years.
In case that Gazprom breaks the Commitments, the Commission can impose a fine of up to 10% of the company’s annual turnover, without having to prove an infringement of EU competition rules.
 Namely Bulgaria, the Czech Republic, Estonia, Hungary, Latvia, Lithuania, Poland and Slovakia.
 Case AT.39816 – Upstream Gas Supplies in Central and Eastern Europe  OJ C258/07
 Council Regulation (EC) No 1/2003 of 16 December 2002 on the implementation of the rules on competition laid down in Articles 81 and 82 of the Treaty; Official Journal L 001, 04/01/2003 P. 0001 – 0025
 Article 9(1) Regulation 1/2003 provides: “Where the Commission intends to adopt a decision requiring that an infringement be brought to an end and the undertakings concerned offer commitments to meet the concerns expressed to them by the Commission in its preliminary assessment, the Commission may by decision make those commitments binding on the undertakings.”
 The Commission opened proceedings on 31 August 2012.
 The first set of Commitments was submitted to the European Commission on 14 February 2017.
 Commitment Proposal – Non-confidential Version http://ec.europa.eu/competition/antitrust/cases/g2/gazprom_commitments.pdf (online; available on 20 July 2018)
 In the Czech Republic, Hungary, Poland and Slovakia the gas connecting infrastructure such as mechanisms for reverse flow and interconnectors has significantly improved. On the other hand, the Baltic States and Bulgaria are still very much isolated from the rest of CEE Member States.
 As regards the Yamal Pipeline, the Commission’s investigation showed that the situation cannot be changed by this antitrust procedure due to the impact of an intergovernmental agreement between Poland and Russia.
 E.g. PGNIG S.A.: ‘PGNiG S.A. observations on the commitments proposed by Gazprom on the basis of Article 9 of the Council Regulation (EC) No 1/2003 of 16th of December 2002 in Case AT.39816 — Upstream gas supplies in central and eastern Europe’ http://pgnig.pl/aktualnosci/-/news-list/id/oswiadczenie-pgn-1/newsGroupId/10184 (online; press release of 19 May 2017)
By Nicole Daniel
On 22 March 2018, in a court hearing in the Qualcomm case, Judge Koh expressed her concern over possible abuses in asserting legal privilege over certain documents.
In January 2017, the U.S. FTC sued Qualcomm, alleging that the company consistently refused to license its essential patents to competitors, thereby violating its pledge to standards organizations that it would license them on FRAND terms (fair, reasonable and non-discriminatory). Allegedly, Qualcomm also engaged in a policy of withholding processors unless its customers agreed to patent licensing terms favorable to Qualcomm. A trial is set for January 2019.
Furthermore, a class action alleged that Qualcomm’s behavior raised the prices of devices operating with its chips.
At the hearing, judge Koh said she is “deeply disturbed” by the very high percentage of privilege assertions by Qualcomm. However, Qualcomm continues to produce documents after reviewing them again and removing earlier assertions of privilege. Judge Koh expressed her concerns at the court hearing several times and said that she will allow witnesses to be redeposed, as often as necessary, until all documents are available before testimony.
This issue centers around documents from Apple and other customers which were gathered under an EU investigation into the baseband chipsets market. Even though the plaintiffs have already obtained a redacted version of the Commission’s January 2017 decision fining Qualcomm EUR 997 million, they ask for an unredacted version. In this decision, Qualcomm was fined for paying Apple to refrain from buying rival manufacturers’ chips.
The U.S. plaintiffs argue that Qualcomm should have simply asked for third parties’ permission to share the information given to the EU investigators. Qualcomm in turn argued that it cannot circumvent EU law by making the disclosures asked for and referred to the version of the decision to be published by the Commission. In the public version, the Commission makes its own redactions. The U.S. plaintiffs further argued that they contacted Apple, as well as its contracted manufacturers, and those parties do not object to disclosure. Qualcomm replied that they could simply ask them directly for the information. In sum, the U.S. plaintiffs called Qualcomm’s behavior unfair, as it prevents them from fully understanding the EU decision.
Until early May 2018, no public version of the Commission was available. The Commission and the companies involved are still in the process of deciding on a version of the decision that does not contain any business secrets or other confidential information.
By Catalina Goanta
2018 has so far not been easy on the tech world. The first months of the year brought a lot of bad news: two accidents with self-driving cars (Tesla and Uber) and the first human casualty, another Initial Coin Offering (ICO) scam costing investors $660 million, and Donald Trump promising to go after Amazon. But the scandal that made the most waves had to do with Facebook data being used by Cambridge Analytica.
Data brokers and social media
In a nutshell, Cambridge Analytica was a UK-based company that claimed to use data to change audience behavior either in political or commercial contexts. Without going too much into detail regarding the identity of the company, its ties, or political affiliations, one of the key points in the Cambridge Analytica whistleblowing conundrum is the fact that it shed light on Facebook data sharing practices which, unsurprisingly, have been around for a while. To create psychometric models which could influence voting behavior, Cambridge Analytica used the data of around 87 million users, obtained through Facebook’s Graph Application Programming Interface (API), a developer interface providing industrial-level access to personal information.
The Facebook Graph API
The first version of the API (v1.0), which was launched in 2010 and was up until 2015, could be used to not only gather public information about a given pool of users, but also about their friends, in addition to granting access to private messages sent on the platform (see Table 1 below). The amount of information belonging to user friends that Facebook allowed third parties to tap into is astonishing. The extended profile properties permission facilitated the extraction of information about: activities, birthdays, check-ins, education history, events, games activity, groups, interests, likes, location, notes, online presence, photo and video tags, photos, questions, relationships and relationships details, religion and politics, status, subscriptions, website and work history. Extended permissions changed in 2014, with the second version of the Graph API (v2.0), which suffered many other changes since (see Table 2). However, one interesting thing that stands out when comparing versions 1.0 and 2.0 is that less information is gathered from targeted users than from their friends, even if v2.0 withdrew the extended profile properties (but not the extended permissions relating to reading private messages).
Table 1 – Facebook application permissions and availability to API v1 (x) and v2 (y)
Cambridge Analytica obtained Facebook data with help from another company, Global Science Research, set up by Cambridge University-affiliated faculty Alexandr Kogan and Joseph Chancellor. Kogan had previously collaborated with Facebook for his work at the Cambridge Prosociality & Well-Being Lab. For his research, Kogan collected data from Facebook as a developer, using the Lab’s account registered on Facebook via his own personal account, and he was also in contact with Facebook employees who directly sent him anonymized aggregate datasets.
Table 2 – The History of the Facebook Graph API
The Facebook employees who sent him the data were working for Facebook’s Protect and Care Team, but were themselves doing research on user experience as PhD students. Kogan states that the data he gathered with the Global Science Research quiz is separate from the initial data he used in his research, and it was kept on different servers. Kogan’s testimony before the UK Parliament’s Digital, Culture, Media and Sport Committee does clarify which streams of data were used by which actors, but none of the Members of Parliament attending the hearing asked any questions about the very process through which Kogan was able to tap into Facebook user data. He acknowledged that for harvesting information for the Strategic Communication Laboratories – Cambridge Analytica’s affiliated company – he used a market research recruitment strategy: for around $34 per person, he aimed at recruiting up to 20,000 individuals who would take an online survey. The survey would be accessible through an access token, which required participants to login using their Facebook credentials.
On the user end, Facebook Login is an access token which allows users to log in across platforms. The benefits of using access tokens are undeniable: having the possibility to operate multiple accounts using one login system allows for efficient account management. The dangers are equally clear. On the one hand, one login point (with one username and one password) for multiple accounts can be a security vulnerability. On the other hand, even if Facebook claims that the user is in control of the data shared with third parties, some apps using Facebook Login – for instance wifi access in café’s, or online voting for TV shows – do not allow users to change the information requested by the app, creating a ‘take it or leave it’ situation for users.
Figure 1 – Facebook Login interface
On the developer end, access tokens allow apps operating on Facebook to access the Graph API. The access tokens perform two functions:
- They allow developer apps to access user information without asking for the user’s password; and
- They allow Facebook to identify developer apps, users engaging with this app, and the type of data permitted by the user to be accessed by the app.
Understanding how Facebook Login works is essential in clarifying what information users are exposed to right before agreeing to hand their Facebook data over to other parties.
Data sharing and consent
As Figure 1 shows, and as it can be seen when browsing through Facebook’s Terms of Service, consent seems to be at the core of Facebook’s interaction with its users. This being said, it is impossible to determine, on the basis of these terms, what Facebook really does with the information it collects. For instance, in the Statement of Rights and Responsibilities dating from 30 January 2015, there is an entire section on sharing content and information:
- You own all of the content and information you post on Facebook, and you can control how it is shared through your privacyand application settings. In addition:
- For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
- When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
- When you use an application, the application may ask for your permission to access your content and information as well as content and information that others have shared with you. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, including how you can control what information other people may share with applications, read our Data Policy and Platform Page.)
- When you publish content or information using the Public setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
- We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use your feedback or suggestions without any obligation to compensate you for them (just as you have no obligation to offer them).
This section appears to establish Facebook as a user-centric platform that wants to give as much ownership to its customers. However, the section says nothing about the fact that app developers used to be able to tap not only into the information generated by users, but also that of their friends, to an even more extensive degree. There are many other clauses in the Facebook policies that could be relevant for this discussion, but let us dwell on this section.
Taking a step back, from a legal perspective, when a user gets an account with Facebook, a service contract is concluded. If users reside outside of the U.S. or Canada, clause 18.1 of the 2015 Statement of Rights and Responsibilities mentions the service contract to be an agreement between the user and Facebook Ireland Ltd. For U.S. and Canadian residents, the agreement is concluded with Facebook Inc. Moreover, according to clause 15, the applicable law to the agreement is the law of the state of California. This clause does not pose any issues for agreements with U.S. or Canadian users, but it does raise serious problems for users based in the European Union. In consumer contracts, European law curtails party autonomy in choosing applicable law, given that some consumer law provisions in European legislation are mandatory, and cannot be derogated from. Taking the example of imposing the much lesser protections of U.S. law on European consumers, such clauses would not be valid under EU law. As a result, in 2017 the Italian Competition and Market Authority gave WhatsApp a €3 million fine on the ground that such contractual clauses are unfair.
Apart from problems with contractual fairness, additional concerns arise with respect to unfair competition. Set between competition law and private law, unfair competition is a field of law that takes into account both bilateral transactions, as well as the broader effect they can have on a market. The rationale behind unfair competition is that deceitful/unfair trading practices which give businesses advantages they might otherwise not enjoy should be limited by law. As far as terminology goes, in Europe, Directive 2005/29/EC, the main instrument regulating unfair competition, uses the terms ‘unfair commercial practices’, whereas in the United States, the Federal Trade Commission refers to ‘unfair or deceptive commercial practices’. The basic differences between the approaches taken in the two federal/supranational legal systems can be consulted in Figure 2 below:
Figure 2 – U.S. & EU unfair competition law (van Eijk, Hoofnagle & Kannekens, 2017)
Facebook’s potentially unfair/deceptive commercial practices
In what follows, I will briefly refer to the 3 comparative criteria identified by van Eijk et al.
The fact that a business must do something (representation, omission, practice, etc.) which deceives or is likely to deceive or mislead the consumer is a shared criterion in both legal systems. There are two main problems with Facebook’s 2015 terms of service to this end. First, Facebook does not specify how exactly the company shares user data and with whom. Second, this version of the terms makes no reference whatsoever to the sharing of friends’ data, as could be done through the extended permissions. These omissions, as well as the very limited amount of information offered to consumers, through which they are supposed to understand Facebook’s links to other companies as far as their own data is concerned, are misleading.
The second criterion, that of the reasonable/average consumer, is not so straight forward: the information literacy of Facebook users fluctuates, as it depends on demographic preferences. With the emergence of new social media platforms such as Snapchat and Musical.ly, Facebook might not be the socializing service of choice for younger generations. However, official statistics are based on data that includes a lot of noise. It seems that fake accounts make up around 3% of the total number of Facebook accounts, and duplicate accounts make up around 10% of the same total. This poses serious questions regarding the European standard of the average consumer, because there is no way to currently estimate how exactly this 13% proportion would change the features of the entire pool of users. There are many reasons why fake accounts exist, but let me mention two of them. First, the minimum age for joining Facebook is 13; however, the enforcement of this policy is not easy, and a lot of minors can join the social media platform by simply lying about their age. Second, fake online profiles allow for the creation of dissociate lives: individuals may display very different behavior under the veil of anonymity, and an example in this respect is online bullying.
Figure 3 – Distribution of Facebook users worldwide as of April 2018, by age and gender (Statista, 2018)
These aspects can make it difficult for a judge to determine the profile of the reasonable/average consumer as far as social media is concerned: would the benchmark include fake and duplicate accounts? Would the reasonable/average consumer standard have to be based on the real or the legal audience? What level of information literacy would this benchmark use? These aspects remain unclear.
The third criterion is even more complex, as it deals with the likelihood of consumers taking a different decision, had they had more symmetrical information. Two main points can be made here. On the one hand, applying this criterion leads to a scenario where we would have to assume that Facebook would better disclose information to consumers. This would normally take the form of specific clauses in the general terms and conditions. For consumers to be aware of this information, they would have to read these terms with orthodoxy, and make rational decisions, both of which are known not to be the case: consumers simply do not have time and do not care about general terms and conditions, and make impulsive decisions. If that is the case for the majority of the online consumer population, it is also the case for the reasonable/average consumer. On the other hand, perhaps consumers might feel more affected if they knew beforehand the particularities of data sharing practices as they occurred in the Cambridge Analytica situation: that Facebook was not properly informing them about allowing companies to broker their data to manipulate political campaigns. This, however, is not something Facebook would inform its users about directly, as Cambridge Analytica is not the only company using Facebook data, and such notifications (if even desirable from a customer communication perspective), would not be feasible, or would lead to information overload and consumer fatigue. If this too translates into a reality where consumers do not really care about such information, the third leg of the test seems not to be fulfilled. In any case, this too is a criterion which will very likely raise many more questions that it aims to address.
In sum, two out of the three criteria would be tough to fulfill. Assuming, however, that they would indeed be fulfilled, and even though there are considerable differences in the enforcement of the prohibition against unfair/deceptive commercial practices, the FTC, as well as European national authorities can take a case against Facebook to court to order injunctions, in addition to other administrative or civil acts. A full analysis of European and Dutch law in this respect will soon be available in a publication authored together with Stephan Mulders.
Harmonization and its discontents
The Italian Competition and Market Authority (the same entity that fined WhatsApp) launched an investigation into Facebook on April 6, on the ground that its data sharing practices are misleading and aggressive. The Authority will have to go through the same test as applied above, and in addition, will very likely also consult the black-listed practices annexed to the Directive. Should this public institution from a Member State find that these practices are unfair, and should the relevant courts agree with this assessment, a door for a European Union-wide discussion on this matter will be opened. Directive 2005/29/EC is a so-called maximum harmonization instrument, meaning that the European legislator aims for it to level the playing field on unfair competition across all Member States. If Italy’s example is to be followed, and more consumer authorities restrict Facebook practices, this could mark the most effective performance of a harmonizing instrument in consumer protection. If the opposite happens, and Italy ends up being the only Member State outlawing such practices, this could be a worrying sign of how little impact maximum harmonization has in practice.
New issues, same laws
Nonetheless, in spite of the difficulties in enforcing unfair competition, this discussion prompts one main take-away: data-related practices do fall under the protections offered by regulation on unfair/deceptive commercial practices. This type of regulation already exists in the U.S. just as much as it exists in the EU, and is able to handle new legal issues arising out of the use of disruptive technologies. The only areas where current legal practices are in need of an upgrade deal with interpretation and proof: given the complexity of social media platforms and the many ways in which they are used, perhaps judges and academics should also make use of data science to better understand the behavior of these audiences, as long as this behavior is central for legal assessments.
 Will Knight, ‘A Self-driving Uber Has Killed a Pedestrian in Arizona’, MIT Technology Review, The Download, March 19, 2018; Alan Ohnsman, Fatal Tesla Crash Exposes Gap In Automaker’s Use Of Car Data, Forbes, April 16, 2018.
 John Biggs, ‘Exit Scammers Run Off with $660 Million in ICO Earnings’, TechCrunch, April 13, 2018.
 Joe Harpaz, ‘What Trump’s Attack On Amazon Really Means For Internet Retailers’, Forbes, April 16, 2018.
 Carole Cadwalladr and Emma Graham-Harrison, ‘Revealed: 50 Million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach’, The Guardian, March 17, 2018.
 The Cambridge Analytica website reads: ‘Data drives all we do. Cambridge Analytica uses data to change audience behavior. Visit our political or commercial divisions to see how we can help you.’, last visited on April 27, 2018. It is noteworthy that the company started insolvency procedures on 2 May, in an attempt to rebrand itself as Emerdata, see see Shona Ghosh and Jake Kanter, ‘The Cambridge Analytica power players set up a mysterious new data firm — and they could use it for a ‘Blackwater-style’ rebrand’, Business Insider, May 3, 2018.
 For a more in-depth description of the Graph API, as well as its Instagram equivalent, see Jonathan Albright, The Graph API: Key Points in the Facebook and Cambridge Analytica Debacle, Medium, March 21, 2018.
 Iraklis Symeonidis, Pagona Tsormpatzoudi & Bart Preneel, ‘Collateral Damage of Facebook Apps: An Enhanced Privacy Scoring Model’, IACR Cryptology ePrint Archive, 2015, p. 5.
 UK Parliament Digital, Culture, Media and Sport Committee, ‘Dr Aleksandr Kogan questioned by Committee’, April 24, 2018; see also the research output based on the 57 billion friendships dataset: Maurice H. Yearwood, Amy Cuddy, Nishtha Lamba, Wu Youyoua, Ilmo van der Lowe, Paul K. Piff, Charles Gronind, Pete Fleming, Emiliana Simon-Thomas, Dacher Keltner, Aleksandr Spectre, ‘On Wealth and the Diversity of Friendships: High Social Class People around the World Have Fewer International Friends’, 87 Personality and Individual Differences 224-229 (2015).
 UK Parliament Digital, Culture, Media and Sport Committee hearing, supra note 8.
 This number mentioned by Kogan in his witness testimony conflicts with media reports which indicate a much higher participation rate in the study, see Julia Carrie Wong and Paul Lewis, ‘Facebook Gave Data about 57bn Friendships to Academic’, The Guardian, March 22, 2018.
 Clause 18.1 (2015) reads: If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited.
 Clause 15.1 (2015) reads: The laws of the State of California will govern this Statement, as well as any claim that might arise between you and us, without regard to conflict of law provisions.
 Italian Competition and Market Authority, ‘WhatsApp fined for 3 million euro for having forced its users to share their personal data with Facebook’, Press Release, May 12, 2018.
 Rogier de Vrey, Towards a European Unfair Competition Law: A Clash Between Legal Families : a Comparative Study of English, German and Dutch Law in Light of Existing European and International Legal Instruments (Brill, 2006), p. 3.
 Nico van Eijk, Chris Jay Hoofnagle & Emilie Kannekens, ‘Unfair Commercial Practices: A Complementary Approach to Privacy Protection’, 3 European Data Protection Law Review 1-12 (2017), p. 2.
 Ibid., p. 11.
 The tests in Figure 2 have been simplified by in order to compare their essential features; however, upon a closer look, these tests include other details as well, such as the requirement of a practice being against ‘professional diligence’ (Art. 4(1) UCPD).
 Patrick Kulp, ‘Facebook Quietly Admits to as Many as 270 Million Fake or Clone Accounts’, Mashable, November 3, 2017.
 Italian Competition and Market Authority, ‘Misleading information for collection and use of data, investigation launched against Facebook’, Press Release, April 6, 2018.
 This discussion is of course much broader, and it starts from the question of whether a data-based service falls within the material scope of, for instance, Directive 2005/29/EC. According to Art. 2(c) corroborated with Art. 3(1) of this Directive, it does. See also Case C‑357/16, UAB ‘Gelvora’ v Valstybinė vartotojų teisių apsaugos tarnyba, ECLI:EU:C:2017:573, para. 32.
By Giuseppe Colangelo
Almost ten years have passed since the Commission began its proceeding against Intel. However, the lawfulness of Intel’s practices remains inconclusive. In its recent judgment (Case C-413/14 P), the Grand Chamber of the Court of Justice of the European Union (CJEU) set aside a previous ruling in which the General Court affirmed the decision of the Commission to prohibit Intel’s practices, and referred the case back to the General Court.
The judgment turns on efficiency-enhancing justifications. The Grand Chamber of the CJEU, just as in Post Danmark I (Case C-209/10), reiterates that antitrust enforcement cannot disregard procompetitive effects even in the case of unilateral conduct, such as loyalty rebates. Although Article 102 does not reproduce the prohibition-exemption structure of Article 101, for the sake of consistency there must be room to allow unilateral practices as well. Therefore, like agreements restrictive by object, unilateral conduct which is presumed to be unlawful, as loyalty rebates are, can also be justified and rehabilitated because of the efficiency and consumer welfare benefits it can produce. The General Court’s formalistic approach towards Intel’s rebates demonstrated the need for the CJEU to clarify the role that assessing procompetitive effects must play in the analysis of dominant firms’ practices.
To this end, the CJEU suggests ‘clarifying’ the interpretation of Hoffman-La Roche (Case 85/76), one of the totems of EU antitrust orthodoxy. Unfortunately, it accomplishes exactly the opposite. Intel clearly supports the economic approach by denying a formalist, or per se, shortcut to the authorities. The abusive character of a behavior cannot be established simply on the basis of its form.
In Hoffman-La Roche, the CJEU pronounced that it considered any form of exclusive dealing anathema. To make the link to the exclusive dealing scenarios depicted in Hoffman-La Roche apparent, the General Court introduced a class of ‘exclusivity rebates’ in its ruling on Intel’s pricing practices. This is a new category of discounts different from the previously defined classes of quantity and fidelity rebates.
However, in its judgment the CJEU offers a different interpretation of the law on fidelity rebates. For those cases where dominant firms offer substantive procompetitive justifications for their fidelity rebates, the CJEU requires the Commission to proffer evidence showing the foreclosure effects of the allegedly abusive practice, and to analyze: (i) the extent of the undertaking’s dominant position on the relevant market; (ii) the share of the market covered by the challenged practice as well as the conditions and arrangements for granting the rebates in question, their duration and their amount; (iii) the possible existence of a strategy aimed at excluding from the market competitors that are at least as efficient as the dominant undertaking. As expressly acknowledged by the CJEU, it is this third prong – that is, the assessment of the practice’s capacity to foreclose – which is pivotal, because it “is also relevant in assessing whether a system of rebates which, in principle, falls within the scope of the prohibition laid down in Article 102 TFEU, may be objectively justified.”
The Intel ruling is also a significant step towards greater legal certainty. In addition to being able to effectively assert efficient justifications to overturn the presumption of anti-competitiveness, firms also know that for the CJEU the ‘as efficient competitor test’ (AEC test) represents a reliable proxy (although not the single or decisive criterion) of analysis that cannot be ignored, especially when used by the Commission in its evaluations.
The application of the effect-based approach to all unilateral conduct of dominant firms brings the European experience closer to the rule of reason analysis carried out under Section 2 of the Sherman Act. As indeed is explained by the Court of Appeals in Microsoft [253 F.3d 34 (D.C. Circuit 2001)], when it comes to monopolistic conduct, where the task of plaintiffs complaining about the violation of antitrust law is to show the exclusionary effects of the conduct at stake and how this has negatively affected consumer welfare, the task of the dominant firm is to highlight the objective justifications of its behavior.
U.S. District Court Grants a Preliminary Injunction Allowing Data Harvesting on LinkedIn’s Public Profiles
By Valerio Cosimo Romano
On 14 August 2017, the U.S. District Court for the Northern District of California (“Court”) granted a motion for a preliminary injunction against the professional social networking site LinkedIn (“Defendant”), enjoining the company from preventing access, copying, and use of public profiles on LinkedIn’s website and from blocking access to such member public profiles.
HiQ Labs (“Plaintiff”) is a company which sells information to its clients about their workforces. This information is gathered by analyzing data collected on LinkedIn users’ publicly available profiles, which are automatically harvested by Plaintiff. HiQ is entirely dependent from LinkedIn’s data.
Plaintiff resorted to this legal action after Defendant attempted to terminate the Plaintiff’s ability to access the publicly available information on profiles of Linkedin users (after years of apparently tolerating hiQ’s access and use of its data). Plaintiff contends that Defendant’s actions constitute unfair business practices, common law tort and contractual liability, as well as a violation of free speech under the California Constitution.
Irreparable harm and the balance of hardships
First, the Court evaluated the existence of a potential irreparable harm for the parties. The Court concluded that, without temporary relief, hiQ would go out of business and that LinkedIn does not have a strong interest to keep the privacy of its users, who made their respective profiles publicly available on purpose. Therefore, the court recognized that the balance of hardships weighs in hiQ’s favor.
Likeliness to prevail on the merits
The Court went on to establish the parties’ respective likeness to prevail on the merits. It considered four claims.
Computer Fraud and Abuse Act (“CFAA”)
LinkedIn argued that all of hiQ’s claims failed because hiQ’s unauthorized access to LinkedIn violates the CFAA. The CFAA establishes civil and criminal liability for any person who intentionally accesses a computer without authorization or exceeds authorized access and thereby obtains information from any protected computer. Defendant explicitly revoked the Plaintiff’s permission to acquire data on its systems. According to Defendant, the CFAA is violated when permission has been explicitly revoked by the data’s provider. Plaintiff contended that applying the CFAA to the access of public websites would expand its scope well beyond what was intended by the Congress at the time it enacted the statute since, under Defendant’s interpretation, the CFAA would not leave any room for the consideration of either a website owner’s reasons for denying authorization or an individual’s possible justification for ignoring such a denial.
The Court sided with hiQ, asserting that the CFAA is not intended to police traffic to publicly available websites. According to the Court, a broad reading of the Act would set aside the legal evolution of the balance between open access to information and privacy. Given that the CFAA was enacted well before the advent of the internet, the Court refused to interpret the statute in that manner. The Court further clarified that this does not impair the possibility for a website to employ measures aimed at preventing harmful intrusions or attacks on its servers.
According to Plaintiff, LinkedIn also violated California’s constitutional provisions on free speech, which confer broader rights than those provided by the First Amendment. In Pruneyard Shopping Center v. Robbins, the California Supreme Court held that the state free speech right prohibited private owners from excluding people from their property when their property is an arena where constitutionally valuable actions take place, like engaging in political speech or sharing fundamental parts of a community’s life. The internet, hiQ contends, can be therefore interpreted as a “public space”, and thus be subject to such doctrine.
However, The Court found that no court had expressly extended Pruneyard to the internet. Thus, it concluded that no serious question had actually been raised with regard to constitutional rights under the California Constitution.
Unfair competition law
HiQ also argued that Defendant’s actions had the anticompetitive purpose of monetizing the data with LinkedIn’s competing product and that this conduct amounted to unfair competition under California’s unfair competition law, which broadly prohibits “unlawful, unfair or fraudulent” practices, including those practices that do not explicitly violate antitrust laws, but threaten the spirit of such laws.
According to Plaintiff, Linkedin is violating the spirit of antitrust laws in two ways: first, it is leveraging its power in the professional networking market to secure advantage in the data analytics market. Secondly, it is violating the essential facilities doctrine, which precludes a monopolist or attempted monopolist from denying access to a facility it controls that is essential to its competitors, by precluding them to enter the market.
The Court concluded that Plaintiff had presented some evidence supporting its assertions, but also remarked that during the proceedings LinkedIn may well be able to prove that its actions were not motivated by anticompetitive purposes.
The Court did not recognize any basis for a further common law promissory estoppel claim based on an alleged promise made by Defendant to make the data as public as possible and even available to third parties.
According to the court, there was no proof of such a promise and Plaintiff did not cite any authority applying promissory estoppel made to someone other than the party asserting that claim.
Lastly, the Court considered the public interest. Plaintiff argued that a private party should not have the unilateral authority to restrict other private parties from accessing information that is otherwise available freely to all. Defendant, in contrast, argued that if the users knew that this data was freely available to unrestricted collection and analysis by third parties for any purposes, they would be far less likely to make the information available online.
The Court concluded that granting blanket authority to platform owners to block access to information publicly available on their websites may pose a serious threat to the free and fair flow of information on the Internet and that the questions related to antitrust enforcement leaned further in favor of granting the motion for the preliminary injunction.