By Nicole Daniel
On 22 March 2018, in a court hearing in the Qualcomm case, Judge Koh expressed her concern over possible abuses in asserting legal privilege over certain documents.
In January 2017, the U.S. FTC sued Qualcomm, alleging that the company consistently refused to license its essential patents to competitors, thereby violating its pledge to standards organizations that it would license them on FRAND terms (fair, reasonable and non-discriminatory). Allegedly, Qualcomm also engaged in a policy of withholding processors unless its customers agreed to patent licensing terms favorable to Qualcomm. A trial is set for January 2019.
Furthermore, a class action alleged that Qualcomm’s behavior raised the prices of devices operating with its chips.
At the hearing, judge Koh said she is “deeply disturbed” by the very high percentage of privilege assertions by Qualcomm. However, Qualcomm continues to produce documents after reviewing them again and removing earlier assertions of privilege. Judge Koh expressed her concerns at the court hearing several times and said that she will allow witnesses to be redeposed, as often as necessary, until all documents are available before testimony.
This issue centers around documents from Apple and other customers which were gathered under an EU investigation into the baseband chipsets market. Even though the plaintiffs have already obtained a redacted version of the Commission’s January 2017 decision fining Qualcomm EUR 997 million, they ask for an unredacted version. In this decision, Qualcomm was fined for paying Apple to refrain from buying rival manufacturers’ chips.
The U.S. plaintiffs argue that Qualcomm should have simply asked for third parties’ permission to share the information given to the EU investigators. Qualcomm in turn argued that it cannot circumvent EU law by making the disclosures asked for and referred to the version of the decision to be published by the Commission. In the public version, the Commission makes its own redactions. The U.S. plaintiffs further argued that they contacted Apple, as well as its contracted manufacturers, and those parties do not object to disclosure. Qualcomm replied that they could simply ask them directly for the information. In sum, the U.S. plaintiffs called Qualcomm’s behavior unfair, as it prevents them from fully understanding the EU decision.
Until early May 2018, no public version of the Commission was available. The Commission and the companies involved are still in the process of deciding on a version of the decision that does not contain any business secrets or other confidential information.
Qualcomm’s Acquisition of NXP Receives Antitrust Clearance by the European Commission, Subject to Commitments
By Kletia Noti
On 28 April 2017, the European Commission (“Commission”) received, pursuant to the EU Merger Regulation, notification of a proposed concentration involving the acquisition, within the meaning of Article 3(1)(b) of the EU Merger Regulation, of NXP Semiconductors N.V., a Dutch global semiconductor manufacturer headquartered in Eindhoven, Netherlands, by Qualcomm Incorporated, a United States company world leader in 3G, 4G and next-generation wireless technologies, through its indirect wholly owned subsidiary Qualcomm River Holdings B.V..
On 9 June 2017, the Commission announced that it was launching an in-depth market investigation (Phase II review). The investigation rests, at least in part, on the basis of conglomerate theories of harm (as will be better seen infra) that resulted from the Commission’s initial market investigation during Phase I. To do away with the Commission’s concerns, Qualcomm submitted a series of commitments (see infra).
On 18 January 2018, the Commission announced that it would clear the proposed transaction, as modified by the commitments, on the ground that it would no longer raise competition concerns. The Commission’s clearance decision is conditional upon Qualcomm’s full compliance with the commitments.
At present, Qualcomm has already received approval from eight of nine required global regulators to finalize the acquisition of NXP. The only exception is China, where clearance is currently pending, amid USA-China trade tensions. Should all the regulatory approvals not be in place by the deadline of 25 July, 2018, Qualcomm’s holding company, Qualcomm River Holdings B.V., will pay NXP a termination fee.
A background: the companies
Qualcomm Incorporated (Qualcomm) is engaged in the development and commercialization of a digital communication technology called code division multiple access (CDMA). Qualcomm is mostly known for mainly developing and supplying baseband chipsets for smartphones, i.e. chips that allow smartphones to connect to cellular networks.
Qualcomm is divided into two main segments: (i) Qualcomm CDMA Technologies (‘QCT’) and; (ii) Qualcomm Technology Licensing (‘QTL’). QCT is a supplier of integrated circuits and system software based on CDMA, Orthogonal frequency-division multiple access (OFDMA), one of the key elements of the LTE standard, and other technologies for use in voice and data communications, networking, application processing, multimedia and global positioning system products. QTL grants licenses or otherwise provides rights to use portions of Qualcomm Incorporated’s intellectual property portfolio, which, among other rights, includes certain patent rights essential to and/or useful in the manufacture and sale of certain wireless products.
NXP Semiconductors N.V. (NXP) is active in the manufacturing and sale of semiconductors, in particular integrated circuits (‘ICs’) and single unit semiconductors. NXP sells broadly two categories of products, standard products and high performance mixed signal (“HPMS”) devices. NXP’s HPMS business includes application-specific semiconductors and system solutions for: (i) Automotive; (ii) Secure Identification Solutions; (iii) Secure Connected Devices; and (iv) Secure Interfaces and Power. The semiconductors supplied by NXP, including near-field communication (NFC) and secure element (SE) chips for smartphones, are chips enabling short-range connectivity, which are used in particular for secure payment transactions on smartphones.
NXP has also developed and owns MIFARE, a leading technology used as a ticketing/fare collection platform by several transport authorities in the European Economic Area (EEA).
On October 2016, Qualcomm and NXP announced a definitive agreement, unanimously approved by the boards of directors of both companies, under which Qualcomm would acquire NXP by way of a share purchase acquisition carried out through Qualcomm River Holdings B.V. On May 11, 2018, Qualcomm Incorporated announced that Qualcomm River Holdings B.V. has extended the offering period of its previously announced cash tender offer to purchase all of the outstanding common shares of NXP Semiconductors N.V. (NASDAQ: NXPI) until May 25, 2018.
The Commission’s concerns and the in-depth investigation
Following its initial market investigation, the Commission had several concerns about semiconductors used in mobile devices and the automotive industry.
Concerns in the markets for chipsets used in mobile devices
Conglomerate effects’ theory of harm
More specifically, the Commission’s market investigation showed that, since the merged entity would hold strong market positions within both baseband chipsets (mainly developed and supplied by Qualcomm) and near field communication (NFC)/secure element (SE) chips (supplied by NXP), it would have had the ability and incentive to exclude Qualcomm’s and NXP’s rival suppliers from the markets (through practices such as bundling or tying).
Concerns in the merged entity’s licencing practices related to parties’ significant intellectual property portfolios
Since the merged entity would have combined the two undertakings’ significant intellectual property (IP) portfolios, in particular with respect to the NFC technology, the Commission was additionally concerned that, post-merger, the Commission would have had the ability and incentive to modify NXP’s current IP licensing practices, in relation to NFC’s technology, including by means of bundling the NFC IP to Qualcomm’s patent portfolio.
According to the Commission, this could have caused the merged entity to avail itself of a stronger buying power vis-à-vis customers than absent the transaction. The Commission opined that this would have led to anticompetitive effects in the relevant market, including by means of higher royalties for the NCF patent licences and/or competitors’ foreclosure.
Concerns in the markets for semiconductors used in the automotive sector
An additional Commission concern was that the merged entity resulting from the proposed acquisition would have removed competition between in the markets for semiconductors used in the automotive sector, and, more specifically, the emerging Vehicle-to-Everything (“V2X”) technology, which will play an important role in the future development of “connected cars” (through which cars can “talk” to other cars).
Phase II investigation
On 21 June 2017, the Commission launched its Phase II market test.
The Commission’s in-depth market investigation during Phase II of the merger review confirmed some of its initial concerns.
Concerns related to MIFARE
One of the Commission’s concerns was that the merged entity would have had the ability and incentive to make it more difficult for other suppliers to access NXP’s MIFARE technology (a contactless security technology platform used as a ticketing/fare collection platform by EEA transport authorities) by possibly raising licencing royalties and/or refusing to licence such technology, thus resulting in potential anticompetitive foreclosure effects for competitors.
Concerns related to interoperability
In addition, the Commission also noted that, due to Qualcomm’s strong position in the supply of baseband chipsets and NPX’s strong position in the supply of near field communication (NFC)/SE chips, the merged entity would have had the incentive and ability to reduce interoperability of such chipsets with those of rival supplies. The Commission feared that this, in turn, could have resulted in competitors’ foreclosure.
Concern related to the merged-entity’s licencing practices
Finally, the in-depth investigation also confirmed concerns that the merged entity would have had the ability and incentive to modify NXP’s current IP licensing practices for NFC technology, which could have led the merged entity to charge significantly higher royalties.
By contrast, the Commission’s initial concerns concerning the markets for semiconductors in the automotive sector were not confirmed.
Concerns related to MIFARE
As seen above, some of the Commission concerns related to possible rivals’ foreclosure effects through actual or constructive refusal to supply of the MIFARE technology.
To address the Commission’s concerns, Qualcomm committed “from the Closing Date and for a period of eight (8) years thereafter, upon written request by any Third Party, to grant any such Third Party a nonexclusive MIFARE License also involving the use of MIFARE Trademarks on commercial terms (including with regard to the fee, scope and duration of the license) which are at least as advantageous as those offered by NXP in existing MIFARE Licenses on the Effective Date”.
Qualcomm also committed “to offer to MIFARE Licensees, on commercially reasonable and nondiscriminatory terms, the extension of the MIFARE Licenses for MIFARE Implementation in an Integrated Secure Element.”
Concerns related to interoperability
A second element of the Commission’s concerns related to the merged entity’s ability and incentive to degrade interoperability of Qualcomm’s baseband chipsets and NPX’s products.
In this respect, Qualcomm also undertook “from the Closing Date, on a worldwide basis and for a period of eight (8) years thereafter to ensure the same level of Interoperability, including, but not limited to, functionality and performance, between: (a) Qualcomm Baseband Chipsets and NXP Products, and the Third Party’s NFC Chips, Secure Element Chips, Integrated Secure Element or NFC/SE or Secure Element Technology; and (b) NXP Products and the Third Party’s Baseband Chipset or Applications Processor as will exist at any point in time between Qualcomm’s Baseband Chipsets and NXP’s Products, unless Qualcomm demonstrates to the Commission by means of a reasoned and documented submission to the Trustee that there are technical characteristics of the Third Party’s products that do not allow Qualcomm to achieve the same level of Interoperability, such as generational differences between Qualcomm’s and the Third Party’s respective chips”.
Concern related to the merged-entity’s licencing practices
The market analysis confirmed the Commission’s initial competition concerns with respect to the licensing of NXP’s NFC patents as a result of the transaction, as seen supra.
Qualcomm committed to not acquire NXP’s NFC standard-essential patents (SEPs) as well as certain of NXP’s NFC non SEPs. NXP undertook to transfer the abovementioned patents that Qualcomm commits not to acquire to a third party, which would be under an obligation to grant a worldwide royalty free licence to such patents for a period of three years. At the same time, with respect to some of NXP’s NFC non-SEPs that Qualcomm would have acquired, in order to do away with the Commission’s concerns, Qualcomm committed, for as long as the merged entity would own these patents, not to enforce rights with respect to these patents vis-à-vis other parties and to grant a worldwide royalty licence with respect to these parties.
On 18 January 2018, the Commission rendered public its decision to clear the proposed transaction, as modified by the commitments submitted by Qualcomm, on the grounds that such commitments would suffice to do away with its competition concerns.
The Commission’s clearance decision is rendered conditional upon Qualcomm’s full compliance with the commitments. A Monitoring Trustee, namely one or more natural or legal person(s) who is/are approved by the Commission and appointed by Qualcomm, has the duty to monitor Qualcomm’s compliance with the obligations attached to this Decision.
Pending sign-off from China’s regulator, the transaction remains incomplete. At Qualcomm, hopes remain high that the situation will be finalized soon.
 Council Regulation (EC) No 139/2004 of 20 January 2004 on the control of concentrations between undertakings (the EU Merger Regulation) (Text with EEA relevance) Official Journal L 024 , 29/01/2004 P. 0001 – 0022. Under Article 4(1), It is mandatory to notify concentrations with an EU dimension to the European Commission for clearance.
 See prior notification of a concentration (Case M.8306 — Qualcomm/NXP Semiconductors), OJ C 143, 6.5.2017, p. 6–6.
 After notification, the Commission has 25 working days to analyze the deal during the Phase I investigation. If there are competition concerns, companies can offer remedies, which extends the phase I deadline by 10 working days. At the end of a phase I investigation: (a) the merger is cleared, either unconditionally or subject to accepted remedies; or
(b) the merger still raises competition concerns and the Commission opens a Phase II in-depth investigation. If Phase II is opened, the Commission has 90 further working days to examine the concentration. This period can be extended by 15 working days when the notifying parties offer commitments. With the parties’ consent, it can be extended by up to 20 working days.
Brussels, 18 January 2018, press release, “Mergers: Commission approves Qualcomm’s acquisition of NXP, subject to conditions”, available at: http://europa.eu/rapid/press-release_IP-18-347_en.htm
Under Article 6(2) EUMR, “Where the Commission finds that, following modification by the undertakings concerned, a notified concentration no longer raises serious doubts within the meaning of paragraph 1(c), it shall declare the concentration compatible with the common market pursuant to paragraph 1(b). The Commission may attach to its decision under paragraph 1(b) conditions and obligations intended to ensure that the undertakings concerned comply with the commitments they have entered into vis-à-vis the Commission with a view to rendering the concentration compatible with the common market.”
On request of China’s commerce ministry (MOFCOM), just days before the regulator’s April 17, 2018 deadline to decide on whether to clear the transaction expired, Qualcomm withdrew its earlier application to MOFCOM on April 14, 2018, and, in concomitance with such withdrawal, it re-filed a new application to obtain clearance of the proposed transaction. See M.Miller, April 16, 2018, Qualcomm to refile China antitrust application for $44 billion NXP takeover: sources, available at: https://www.reuters.com/article/us-china-qualcomm-antitrust/qualcomm-to-refile-china-antitrust-application-for-44-billion-nxp-takeover-sources and Qualcomm Press Release, Qualcomm and NXP Agree, at MOFCOM Request, to Withdraw and Refile Application for Chinese Regulatory Approval, April 16, 2018: https://www.qualcomm.com/news/releases/2018/04/19/qualcomm-and-nxp-agree-mofcom-request-withdraw-and-refile-application.
 A. Barry, “Stock Selloff Hurts Arbitrage Traders”, 3 May 2018, https://www.barrons.com/articles/stock-selloff-hurts-arbitrage-traders-1525369030
 Qualcomm Press Release, Qualcomm and NXP Agree, at MOFCOM Request, to Withdraw and Refile Application for Chinese Regulatory Approval, April 16, 2018: https://www.qualcomm.com/news/releases/2018/04/19/qualcomm-and-nxp-agree-mofcom-request-withdraw-and-refile-application.
 Qualcomm Press Release, Qualcomm to acquire NXP, 27 October 2016, available at: https://www.qualcomm.com/news/releases/2016/10/27/qualcomm-acquire-nxp.
 Qualcomm Press Release, Qualcomm extends cash tender offer for all outstanding shares of NXP, May 11, 2018, available at: https://www.qualcomm.com/news/releases/2018/05/11/qualcomm-extends-cash-tender-offer-all-outstanding-shares-nxp
 See, for a non-confidential interim text of the commitments, Case M.8306 – QUALCOMM / NXP SEMICONDUCTORS, Commitments to the European Commission, published on 24 January 2018, available at: http://ec.europa.eu/competition/mergers/cases/additional_data/m8306_3395_3.pdf
Brussels, 18 January 2018, press release, “Mergers: Commission approves Qualcomm’s acquisition of NXP, subject to conditions”, available at: http://europa.eu/rapid/press-release_IP-18-347_en.htm
See above, foonote 4.
 Under Article 6(2) EUMR, “Where the Commission finds that, following modification by the undertakings concerned, a notified concentration no longer raises serious doubts within the meaning of paragraph 1(c), it shall declare the concentration compatible with the common market pursuant to paragraph 1(b). The Commission may attach to its decision under paragraph 1(b) conditions and obligations intended to ensure that the undertakings concerned comply with the commitments they have entered into vis-à-vis the Commission with a view to rendering the concentration compatible with the common market.”
By Giuseppe Colangelo
The online sales phenomenon – and all the issues deriving from vertical restraints – has attracted significant attention in recent years in several EU Member States. This attention arises mainly from a question regarding the extent to which restrictions limiting the ability of retailers to sell via online marketplaces are compatible with competition rules.
The findings of the recent E-commerce Sector Inquiry [COM (2017) 229 final] indicate that absolute marketplace bans should not be considered to be hardcore restrictions within the meaning of Article 4(b) and Article 4(c) of the Vertical Block Exemption Regulation (330/2010). However, as recalled by the Commission, this approach has been affirmed pending the CJEU’s decision in the Coty Prestige case. Indeed, the Higher Regional Court of Frankfurt am Main essentially asked the EU Court of Justice (CJEU) whether a ban on using third party platforms in a selective distribution agreement is compatible with Article 101(1) TFEU and whether such a restriction constitutes a restriction of competition by object.
No wonder Coty was so anticipated. The judgment is expected to shape the future of EU e-commerce affecting online markets, the luxury industry and Internet platforms.
The request for a preliminary ruling has been submitted in the context of a dispute between a supplier of luxury cosmetics (Coty Germany) and its authorized distributor (Parfümerie Akzente), concerning the prohibition, under the selective distribution agreement, of the use of third-party undertakings for Internet sales. In particular, Parfümerie Akzente distributes Coty goods both at its brick-and-mortar locations and over the Internet. In the latter case, sales are carried out partly through its own online store and partly via the Amazon platform.
According to Coty, the selective distribution system is required in order to support the luxury image of its brands. In this respect, the selective distribution agreement, as it pertains to Internet sales, provides that the authorized retailer is not permitted to use a different name or to engage a third-party undertaking which has not been authorized. The dispute at issue arose when Parfümerie Akzente refused to sign amendments regarding Internet sales activity. They prohibited the use of a different business name and the recognizable engagement of a third-party undertaking which is not an authorized retailer of Coty Prestige. Thus, according to these amendments, the authorized retailer is prohibited from collaborating with third parties if such collaboration is directed at the operation of the website and is affected in a manner that is discernible to the public.
In response to the action brought by Coty to prohibit Parfümerie Akzente from distributing products via Amazon, the German court of first instance found that, in accordance with Pierre Fabre ruling (C-439/09), the objective of maintaining a prestigious image of the mark could not justify the introduction of a selective distribution system which restricts competition. Further, according to the national court, the contractual clause at issue constituted a hardcore restriction under Article 4(c) of the Regulation. It did not meet the conditions for an individual exemption, since it has not been shown that the general exclusion of Internet sales via third-party platforms entails efficiency gains that offset the disadvantages for competition that result from the clause. Moreover, the court considered such a general prohibition unnecessary, since there were other equally appropriate but less restrictive means, such as the application of specific quality criteria for the third-party platforms.
In these circumstances, the Oberlandesgericht Frankfurt am Main requests a preliminary ruling asking: (i) whether selective distribution networks aimed at preserving the image of luxury goods are caught by the prohibition laid down in Article 101(1) TFEU; (ii) whether, in the same context, Article 101(1) precludes a contractual clause which prohibits authorized distributors from using, in a discernible manner, third-party platforms for Internet sales, without consideration of whether there is any actual breach of the legitimate requirements of the manufacturer in terms of quality; (iii and iv) whether Article 4(b) and (c) of the Regulation must be interpreted as meaning that such a third-party platform ban constitutes a restriction by object of the retailer’s customer group or of passive sales to end users.
The questions reflect the diverging interpretations of Pierre Fabre by the national competition authorities and courts. Thus, the case provides the CJEU with the opportunity to clarify the meaning of Pierre Fabre.
Sidestepping Pierre Fabre
By answering the first question, the CJEU recalls that since Metro (C-26/76 and C-75/84), the Court has recognized the legality of selective distribution networks based on qualitative criteria. Notably, according to the conditions set by the case law to ensure the compatibility of a selective distribution network with Article 101(1) TFEU, resellers must be chosen on the basis of objective criteria of a qualitative nature, which are determined uniformly for all potential resellers and applied in a non-discriminatory manner; the characteristics of the product necessitate such a selective distribution network in order to preserve its quality and ensure its proper use; the criteria defined must not go beyond what is necessary.
In the context of luxury goods, it follows from the case law that, due to their characteristics and their nature, those goods may require the implementation of a selective distribution system in order to preserve their quality and to ensure that they are used properly. Indeed, as highlighted by the Copad judgment (C-59/08), the quality of luxury goods is not just the result of their material characteristics, but also of their allure and prestige. As prestige goods are high-end goods, the aura of luxury they emanate is essential in that it enables consumers to distinguish them from similar goods and, therefore, an impairment to that aura is likely to affect the actual quality of those goods. For these reasons, the characteristics and conditions of a selective distribution system may preserve the quality and ensure the proper use of luxury goods. The CJEU in Copad held that the establishment of a selective distribution system which seeks to ensure that the goods are displayed in sales outlets in a manner that enhances their value contributes to the reputation of the goods, and therefore contributes to sustaining the aura of luxury surrounding them.
Therefore, once the Metro criteria are met, a selective distribution system designed primarily to preserve the luxury image of those goods is compatible with Article 101(1) TFEU. This outcome is not challenged by Pierre Fabre. The assertion contained in paragraph 46 of that case (“The aim of maintaining a prestigious image is not a legitimate aim for restricting competition and cannot therefore justify a finding that a contractual clause pursuing such an aim does not fall within Article 101(1) TFEU”) is confined to the context of that judgment and consequently does not alter the settled case law. Notably, that assertion is related solely to the goods at issue (“the goods covered by the selective distribution system at issue in that case were not luxury goods, but cosmetic and body hygiene goods”) and to the contractual clause in question in Pierre Fabre (a general and absolute ban on Internet sales). Therefore, the selective distribution system in its entirety was not at issue.
The same line of reasoning guides the CJEU’s answer to the second question, which is related to the lawfulness of a specific clause prohibiting authorized retailers from using, in a discernible manner, third-party platforms for Internet sales of luxury products.
The contractual clause must be evaluated in light of the Metro criteria. The CJEU recalls that it indisputable that the clause at issue: i) pursues the objective of preserving the image of luxury and prestige of the contractual goods; ii) is objective and uniform; iii) is applied without discrimination to all authorized retailers. Therefore, the lawfulness of the third-party platforms prohibition is a matter of proportionality. Hence, an assessment is required as to whether such a prohibition is appropriate for preserving the luxury image of the contractual goods and whether it goes beyond what is necessary to achieve that objective.
As regards the appropriateness of the prohibition at issue, the CJEU considers the contractual clause justified by the need to preserve the luxury image of the products in light of three arguments. Indeed, the third-party platforms ban is coherent with the aim of: i) guaranteeing that the contract goods will be exclusively associated with authorized distributors; ii) monitoring the qualitative criteria according to which the products are sold (the absence of a contractual relationship between the supplier and third-party platforms prevents the former from being able to require compliance with the quality conditions imposed on the authorized retailers); iii) contributing to the high-end image among consumers (those platforms constitute a sales channel for goods of all kinds, while the chief value of a luxury good lies in the fact that it is not too common).
With regard to the question of whether the prohibition goes beyond what is necessary to achieve the objective pursued, the clause at issue is clearly distinguished from the one sanctioned in Pierre Fabre, since it does not contain an absolute prohibition on online sales. Indeed, authorized retailers are allowed to distribute the contract goods online via their own websites and third-party platforms, when the use of such platforms is not discernible to consumers.
The CJEU also relies on this argument to answer the third and fourth questions raised by the referring court. Even if the clause at issue restricts a specific kind of Internet sale, it does not amount to a restriction within the meaning of Article 4(b) and (c) of the Regulation, since it does not preclude all online sales, but only one of a number of ways of reaching customers via the Internet. Indeed, the contractual clause even allows, under certain conditions, authorized retailers to advertise on third-party platforms and to use online search engines. Moreover, it is not possible ex ante to identify a customer group or a particular market to which users of third-party platforms would correspond. Therefore, the content of the clause does not have the effect of partitioning territories or of limiting access to certain customers.
In summary, in line with the position expressed by the Commission in the Sector Inquiry, the CJEU states that absolute marketplace bans should not be considered as hardcore restrictions since, contrary to the restriction at stake in Pierre Fabre, they do not amount to prohibition on selling online and do not restrict the effective use of the Internet as a sales channel.
Some open issues
Despite the clarity of the CJEU’s findings, there is a matter of interpretation related to the potential limitation of the judgment solely to genuine luxury products. Indeed, the CJEU also distinguishes Coty from Pierre Fabre on the grounds that the latter did not concern a luxury product: “the goods covered by the selective distribution system at issue in [Pierre Fabre] were not luxury goods, but cosmetic and body hygiene goods. … The assertion in paragraph 46 of that judgment related, therefore, solely to the goods at issue in the case that gave rise to that judgment and to the contractual clause in question in that case”.
In that respect, the wording of the CJEU is unfortunate. First, the proposed exclusion of cosmetic and body hygiene products from the luxury landscape is far from convincing. Further, the uncertainty about the scope of the ruling may generate litigation over the prestige of some goods, since national enforcers may adopt different approach and manufacturers would seek protection against online marketplace sales for products whose luxury features are questionable. Indeed, the CJEU does not define the notion of luxury, but relies on Copad, stating that the quality of such goods is not just the result of their material characteristics, but also of the allure and prestigious image which bestow on them an aura of luxury. That aura is essential in that it enables consumers to distinguish them from similar goods.
A few days after the Coty judgement, the German Federal Court of Justice, in evaluating ASICS’s online restrictions, stated that sports and running shoes are not luxury goods. Previously, on 4 October 2017 the District Court of Amsterdam, referring to the Opinion of Advocate General Wahl in Coty, reached a different conclusion about Nike shoes and ruled in favor of Nike in an action against a distributor (Action Sport), which had not complied with the selective distribution policy.
A narrow interpretation of the Coty judgement would be at odds with the settled case law, which holds that it is the specific characteristics or properties of the products concerned that may be capable of rendering a selective distribution system compatible with Article 101(1) TFEU. As pointed out by the Advocate General, the CJEU has already made clear that irrespective even of whether the products concerned are luxury products, a selective distribution system may be necessary in order to preserve the quality of the product. In the same vein, according to the Commission’s Guidelines, qualitative and quantitative selective distribution is exempted regardless of both the nature of the product concerned and the nature of the selection criteria as long as the characteristics of the product necessitate selective distribution or require the applied criteria. It is the properties of the products concerned, whether they lie in the physical characteristics of the products (such as high-quality products or technologically advanced products) or in their luxury or prestige image, that must be preserved.
However, the mentioned ambiguity does not seem to have a significant impact in practice. Indeed, whether or not an online marketplace ban should be considered as hardcore restrictions within the meaning of Article 4(b) and (c) of the Regulation does not depend on the nature of products. Since, according to the CJEU’s finding, absolute marketplace bans are not hardcore restrictions, a case-by-case analysis of effects will be required for both luxury and non-luxury goods.
 Coty Germany GmbH v. Parfümerie Akzente GmbH (C-230/16).
 Case KVZ 41/17.
 Case C/13/615474 / HA ZA 16-959.
By Nicole Daniel
On 13 March 2018 Teva appeared at a closed-doors antitrust hearing in Brussels to contest EU pay-for-delay charges (COMP/39.686).
In April 2011 the European Commission opened an investigation against Teva and Cephalon, both pharmaceutical companies, for a 2005 pay-for-delay agreement. This investigation was a consequence of the 2009 sector inquiry of the pharmaceutical sector which had resulted in an EU policy of penalizing pay-for-delay settlements. This sector inquiry identified structural issues and companies’ practices that led to competition distortions. The Commission also recommend a stronger enforcement of patent settlements. Accordingly, these settlements are now monitored by the Commission on an annual basis.
Furthermore, this is the fourth pay-for-delay antitrust case opened after the sector inquiry. In Lundbeck (COMP/39.226), Servier (COMP/39.612) and Johnson & Johnson (COMP/39.685), the respective pharmaceutical companies were fined by the Commission. On 8 September 2016 the General Court upheld the Lundbeck Commission decision, thereby confirming the Commission’s finding that pay-for-delay agreements are a restriction by object, i.e. treating such an arrangement as infringement regardless of whether it has an anticompetitive effect. In the Servier case, the appeal to the General Court is still pending. The Johnson & Johnson case was not appealed.
The Teva case regards modafinil, a sleep-disorder drug. The patents for modafinil and its manufacture were owned by Cephalon but after certain patents expired, Teva entered the market with its generic version for a few months. A lawsuit for alleged patent infringement followed and the litigation in the UK and the U.S. was settled with a world-wide pay-for-delay agreement. In 2005 Teva received $ 125 million to delay the sale of generic modafinil. The agreement saw Teva taking modafinil off the market until October 2012. In the meantime, Cephalon became a subsidiary of Teva.
In the U.S. the same deal was also investigated by the authorities; this probe, however; was concluded with a $ 1.2 billion settlement.
On 17 July 2018 Teva received a Statement of Objections from the Commission. At that time Teva commented that it “strongly disagreed” with the Commission’s approach to patent settlements in the pharmaceutical industry. The Commission’s view is that substantial harm to health service budgets and EU patients may have been caused by the agreement, since it led to higher prices for modafinil.
It is possible for companies to respond in writing and in person to a Statement of Objections. On 13 March 2018 Teva therefore attended a closed-doors hearing in Brussels to respond to the allegations above.
It should be noted that since Teva had already started marketing its generic version of modafinil, this aspect could be an important element in deciding whether the market suffered due to that agreement. In other pay-for-delay cases, the pharmaceutical companies often argued that there was no anticompetitive intent or effect since no generic version, i.e. a rival product, had launched. However, this line of defense might not be applicable here.
It remains to be seen how the Commission will respond to Teva’s arguments.
By Martin Miernicki
On 20 December 2017, the Court of Justice of the European Union (CJEU) handed down its decision in Asociación Profesional Élite Taxi v. Uber Systems Spain SL (C-434/15), holding that Uber’s services, in principle, constitute transportation services and thus remain regulated by national legislation. On 10 April 2018, the court essentially confirmed this ruling in Uber France SAS v. Nabil Bensalem (C-320/16).
Background of the cases
Both cases centered on the legal classification of the services provided by Uber under EU law. In the first case, the Asociación Profesional Elite Taxi – a professional taxi drivers‘ association – brought action against Uber before the national (Spanish) court, stating that the company infringed the local rules on the provision of taxi services as well as the laws on unfair competition. The national court observed that neither Uber nor the non-professional drivers had the licenses and authorizations required by national law; however, it was unsure whether the services provided by Uber qualified as “information society services” within the meaning of article 2(a) of Directive 2000/31/EC (E-Commerce Directive) or rather as a “service in the field of transport”, thereby being excluded from said directive as well as the scope of article 56 TFEU and article 2(2)(d) of Directive 2006/123/EC (Services Directive). The second case revolved around a similar question against the background of a private prosecution and civil action brought by an individual against Uber under French law.
Decisions of the court
The CJEU considered Uber’s service overall and not merely its single components, characterizing Uber’s business model as providing, “by means of a smartphone application, […] the paid service consisting of connecting non-professional drivers using their own vehicle with persons who wish to make urban journeys, without holding any administrative licence or authorisation.” (C-434/15, para 2). The CJEU held that Uber offered not a mere intermediation service which – as inherently linked to smartphones and the internet – could, seen in isolation, constitute an information society service. Rather, Uber provides an integral part of an overall service “whose main component is a transport service”. Thus, Uber’s services qualified as “services in the field of transport”, thereby rendering the E-Commerce Directive, the Services Directive and Art 56 TFEU inapplicable. Relying heavily on these findings, the court reached a similar conclusion in the subsequent case and essentially confirmed its prior ruling.
Meaning of the decisions and implications
The judgements are a setback for Uber and services alike, because – both being qualified as transportation services – they cannot rely on the safeguards and guarantees provided for by EU law (especially the freedom to provide services). On the contrary, the CJEU confirmed that transport services remain a field which is still largely in the member states’ domain. This is especially challenging for companies which, like Uber, specialize in a field where the regulatory requirements differ widely, also within the borders of one single member state. It should, however, be noted that the court gave its opinion on the service as described above; one might reach a different conclusion should Uber adapt or restructure its business model.
The dispute in the Uber cases can be seen in the larger context of “sharing economy” business models. Another example for a company active in this field would be Airbnb, for instance. European policy makers are aware of this emerging sector and have launched several initiatives to tackle the issue at the EU level. Among these are the Communication from the Commission on a European agenda for the collaborative economy (COM(2016) 356 final) and the European Parliament resolution of 15 June 2017 on a European Agenda for the collaborative economy (2017/2003(INI)).
By Jonathan Cardenas
On 8 March 2018, the European Commission (“Commission”) introduced its FinTech Action Plan, a policy proposal designed to augment the international competitiveness of the European Single Market in the financial services sector. Together with the FinTech Action Plan, the Commission introduced a proposal for a regulation on European crowdfunding services providers (“Proposed Regulation on Crowdfunding”). Both of these proposals form part of a broader package of measures designed to deepen and complete the European Capital Markets Union by 2019. This article briefly summarizes both the FinTech Action Plan and the Proposed Regulation on Crowdfunding.
- FinTech Action Plan
With the goal of turning the European Union (“EU”) into a “global hub for FinTech,” the FinTech Action Plan introduces measures that build upon several of the Commission’s prior initiatives, including the regulatory modernization objectives set forth by the Commission’s internal Task Force on Financial Technology, the capital market integration objectives identified in the Commission’s Capital Markets Union Action Plan, and the digital market integration objectives identified in the Commission’s Digital Single Market Strategy. Responding to calls from the European Parliament and European Council for a proportional, future-oriented regulatory framework that balances competition and innovation while preserving financial stability and investor protection, and also drawing upon the conclusions of the March–June 2017 Public Consultation on FinTech, the FinTech Action Plan consists of a “targeted,” three-pronged strategy, that sets out 19 steps to enable the EU economy to cautiously embrace the digital transformation of the financial services sector.
- “Enabling Innovative Business Models to Reach EU Scale”
The first prong of the FinTech Action Plan is focused on measures that will enable EU-based FinTech companies to access and scale across the entire Single Market.
Recognizing the need for regulatory harmonization, the Commission calls for uniformity in financial service provider licensing requirements across the EU to avoid conflicting national rules that hamper the development of a single European market in emerging financial services, such as crowdfunding (Step 1). With crowdfunding specifically in mind, the Commission has proposed a regulation on European crowdfunding service providers (“ECSPs”), which, as discussed in further detail below, would create a pan-European passport regime for ECSPs that want to operate and scale across EU Member State borders. In addition, the Commission invites the European Supervisory Authorities (“ESAs”) to outline differences in FinTech licensing requirements across the EU, particularly with regard to how Member State regulatory authorities apply EU proportionality and flexibility principles in the context of national financial services legislation (Step 2). The Commission encourages the ESAs to present Member State financial regulators with recommendations as to how national rules can converge. The Commission also encourages the ESAs to present the Commission with recommendations as to whether there is a need for EU-level financial services legislation in this context. Moreover, the Commission will continue to monitor developments in the cryptocurrency asset and initial coin offering (“ICO”) space in conjunction with the ESAs, the European Central Bank, the Financial Stability Board and other international standard setters in order to determine whether EU-level regulatory measures are needed (Step 3).
Recognizing the importance of common standards for the development of an EU-wide FinTech market, the Commission is focused on developing standards that will enhance interoperability between FinTech market player systems. The Commission plans to work with the European Committee for Standardization and the International Organization for Standardization to develop coordinated approaches on FinTech standards by Q4 2018, particularly in relation to blockchain technology (Step 4). In addition, the Commission will support industry-led efforts to develop global standards for application programming interfaces by mid-2019 that are compliant with the EU Payment Services Directive and EU General Data Protection Regulation (Step 5).
In order to facilitate the emergence of FinTech companies across the EU, the Commission encourages the development of innovation hubs (institutional arrangements in which market players engage with regulators to share information on market developments and regulatory requirements) and regulatory sandboxes (controlled spaces in which financial institutions and non-financial firms can test new FinTech concepts with the support of a government authority for a limited period of time), collectively referred to by the Commission as “FinTech facilitators.” The Commission specifically encourages the ESAs to identify best practices for innovation hubs and regulatory sandboxes by Q4 2018 (Step 6). The Commission invites the ESAs and Member States to take initiatives to facilitate innovation based on these best practices, and in particular, to promote the establishment of innovation hubs in all Member States (Step 7). Based upon the work of the ESAs, the Commission will present a report with best practices for regulatory sandboxes by Q1 2019 (Step 8).
- “Supporting the Uptake of Technological Innovation in the Financial Sector”
The second prong of the FinTech Action Plan is focused on measures that will facilitate the adoption of FinTech across the EU financial services industry.
The Commission begins the second prong by indicating that its policy approach to FinTech is guided by the principle of “technology neutrality,” an EU regulatory principle that requires national regulators to ensure that national regulation “neither imposes nor discriminates in favour of the use of a particular type of technology.” In this regard, the Commission plans to setup an expert group to assess, by Q2 2019, the extent to which the current EU regulatory framework for financial services is neutral toward artificial intelligence and distributed ledger technology, particularly in relation to jurisdictional questions surrounding blockchain-based applications, the validity and enforceability of smart contracts, and the legal status of ICOs (Step 9).
In addition to ensuring that EU financial regulation is fit for artificial intelligence and blockchain, the Commission also intends to remove obstacles that limit the use of cloud computing services across the EU financial services industry. In this regard, the Commission invites the ESAs to produce, by Q1 2019, formal guidelines that clarify the expectations of financial supervisory authorities with respect to the outsourcing of data by financial institutions to cloud service providers (Step 10). The Commission also invites cloud service providers, cloud services users and regulatory authorities to collaboratively develop self-regulatory codes of conduct that will eliminate data localization restrictions, and in turn, enable financial institutions to port their data and applications when switching between cloud services providers (Step 11). In addition, the Commission will facilitate the development of standard contractual clauses for cloud outsourcing by financial institutions, particularly with regard to audit and reporting requirements (Step 12).
Recognizing that blockchain and distributed ledger technology will “likely lead to a major breakthrough that will transform the way information or assets are exchanged,” the Commission plans to hold additional public consultations in Q2 2018 on the possible implementation of the European Financial Transparency Gateway, a pilot project that uses distributed ledger technology to record information about companies listed on EU securities markets (Step 13). In addition, the Commission plans to continue to develop a comprehensive, cross-sector strategy toward blockchain and distributed ledger technology that enables the introduction of FinTech and RegTech applications across the EU (Step 14). In conjunction with both the EU Blockchain Observatory and Forum, and the European Standardization Organizations, the Commission will continue to support interoperability and standardization efforts, and will continue to evaluate blockchain applications in the context of the Commission’s Next Generation Internet Initiative (Step 15).
Recognizing that regulatory uncertainty and fragmentation prevents the European financial services industry from taking up new technology, the Commission will also establish an EU FinTech Lab in Q2 2018 to enable EU and national regulators to engage in regulatory discussions and training sessions with select technology providers in a neutral, non-commercial space (Step 16).
- “Enhancing Security and Integrity of the Financial Sector”
The third prong of the FinTech Action Plan is focused on financial services industry cybersecurity.
Recognizing the cross-border nature of cybersecurity threats and the need to make the EU financial services industry cyberattack resilient, the Commission will organize a public-private workshop in Q2 2018 to examine regulatory obstacles that limit cyber threat information sharing between financial market participants, and to identify potential solutions to these obstacles (Step 17). The Commission also invites the ESAs to map, by Q1 2019, existing supervisory practices related to financial services sector cybersecurity, to consider issuing guidelines geared toward supervisory convergence in cybersecurity risk management, and if necessary, to provide the Commission with technical advice on the need for EU regulatory reform (Step 18). The Commission also invites the ESAs to evaluate, by Q4 2018, the costs and benefits of developing an EU-coordinated cyber resilience testing framework for the entire EU financial sector (Step 19).
- Proposed Regulation on Crowdfunding
In line with the Commission’s Capital Markets Union objective of broadening access to finance for start-up companies, the Proposed Regulation on Crowdfunding is aimed at facilitating crowdfunding activity across the Single Market. The proposed regulation plans to enable investment-based and lending-based ECSPs to scale across Member State borders by creating a pan-European crowdfunding passport regime under which qualifying ECSPs can provide crowdfunding services across the EU without the need to obtain individual authorization from each Member State. The proposed regulation also seeks to minimize investor risk exposure by setting forth organizational and operational requirements, which include, among others, prudent risk management and adequate information disclosure.
 COM (2018) 109/2 – FinTech Action plan: For a more competitive and innovative European financial sector. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 COM (2018) 113 – Proposal for a regulation on European Crowdfunding Service Providers (ECSP) for Business. Available at: https://ec.europa.eu/info/law/better-regulation/initiative/181605/attachment/090166e5b9160b13_en.
 COM (2018) 114 final – Completing the Capital Markets Union by 2019 – time to accelerate delivery. Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52018DC0114&from=EN.
 European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 European Commission Banking and Finance Newsletter, Task Force on Financial Technology, 28 March 2017. Available at: http://ec.europa.eu/newsroom/fisma/item-detail.cfm?item_id=56443&utm_source=fisma_newsroom&utm_medium=Website&utm_campaign=fisma&utm_content=Task%20Force%20on%20Financial%20Technology&lang=en. See also European Commission Announcement, Vice President’s speech at the conference #FINTECHEU “Is EU regulation fit for new financial technologies?,” 23 March 2017. Available at: https://ec.europa.eu/commission/commissioners/2014-2019/dombrovskis/announcements/vice-presidents-speech-conference-fintecheu-eu-regulation-fit-new-financial-technologies_en. See also European Commission Blog Post, “European Commission sets up an internal Task Force on Financial Technology,” 14 November 2016. Available at: https://ec.europa.eu/digital-single-market/en/blog/european-commission-sets-internal-task-force-financial-technology.
 COM/2015/0468 final – Action Plan on Building a Capital Markets Union. Available at : http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0468&from=EN.
 COM(2015) 192 final – A Digital Single Market Strategy for Europe, 6 May 2015. Available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0192&from=EN. See also COM (2017) 228 final – Mid-Term review on the implementation of the Digital Single Market Strategy: A Connected Digital Single Market for All, 10 May 2017. Available at: http://eur-lex.europa.eu/resource.html?uri=cellar:a4215207-362b-11e7-a08e-01aa75ed71a1.0001.02/DOC_1&format=PDF.
 European Parliament Committee on Economic and Monetary Affairs, Report on FinTech: the influence of technology on the future of the financial sector, Rapporteur: Cora van Nieuwenhuizen, 2016/2243(INI), 28 April 2017. Available at: http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A8-2017-0176+0+DOC+PDF+V0//EN.
 EUCO 14/17, CO EUR 17, CONCL 5, European Council Meeting Conclusions, 19 October 2017. Available at: http://www.consilium.europa.eu/media/21620/19-euco-final-conclusions-en.pdf.
 European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union, “Summary of contributions to the ‘Public Consultation on FinTech: a more competitive and innovative European financial sector,’” 2017. Available at: https://ec.europa.eu/info/sites/info/files/2017-fintech-summary-of-responses_en.pdf.
 FinTech Action Plan.
 European Commission Press Release, “FinTech: Commission Takes Action For a More Competitive and Innovative Financial Market,” 8 March 2018. Available at: https://ec.europa.eu/info/sites/info/files/180308-action-plan-fintech_en.pdf.
 EBA/DP/2017/02 – Discussion Paper on the EBA’s approach to financial technology (FinTech), 4 August 2017. Available at: https://www.eba.europa.eu/documents/10180/1919160/EBA+Discussion+Paper+on+Fintech+%28EBA-DP-2017-02%29.pdf.
 FinTech Action Plan, p. 8.
 Directive 2002/21 on a common regulatory framework for electronic communications networks and services (Framework Directive)  OJ L108/33. Available at: https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32002L0021.
 FinTech Action Plan, p. 12.
 Capital Markets Union Action Plan.
By Catalina Goanta
2018 has so far not been easy on the tech world. The first months of the year brought a lot of bad news: two accidents with self-driving cars (Tesla and Uber) and the first human casualty, another Initial Coin Offering (ICO) scam costing investors $660 million, and Donald Trump promising to go after Amazon. But the scandal that made the most waves had to do with Facebook data being used by Cambridge Analytica.
Data brokers and social media
In a nutshell, Cambridge Analytica was a UK-based company that claimed to use data to change audience behavior either in political or commercial contexts. Without going too much into detail regarding the identity of the company, its ties, or political affiliations, one of the key points in the Cambridge Analytica whistleblowing conundrum is the fact that it shed light on Facebook data sharing practices which, unsurprisingly, have been around for a while. To create psychometric models which could influence voting behavior, Cambridge Analytica used the data of around 87 million users, obtained through Facebook’s Graph Application Programming Interface (API), a developer interface providing industrial-level access to personal information.
The Facebook Graph API
The first version of the API (v1.0), which was launched in 2010 and was up until 2015, could be used to not only gather public information about a given pool of users, but also about their friends, in addition to granting access to private messages sent on the platform (see Table 1 below). The amount of information belonging to user friends that Facebook allowed third parties to tap into is astonishing. The extended profile properties permission facilitated the extraction of information about: activities, birthdays, check-ins, education history, events, games activity, groups, interests, likes, location, notes, online presence, photo and video tags, photos, questions, relationships and relationships details, religion and politics, status, subscriptions, website and work history. Extended permissions changed in 2014, with the second version of the Graph API (v2.0), which suffered many other changes since (see Table 2). However, one interesting thing that stands out when comparing versions 1.0 and 2.0 is that less information is gathered from targeted users than from their friends, even if v2.0 withdrew the extended profile properties (but not the extended permissions relating to reading private messages).
Table 1 – Facebook application permissions and availability to API v1 (x) and v2 (y)
Cambridge Analytica obtained Facebook data with help from another company, Global Science Research, set up by Cambridge University-affiliated faculty Alexandr Kogan and Joseph Chancellor. Kogan had previously collaborated with Facebook for his work at the Cambridge Prosociality & Well-Being Lab. For his research, Kogan collected data from Facebook as a developer, using the Lab’s account registered on Facebook via his own personal account, and he was also in contact with Facebook employees who directly sent him anonymized aggregate datasets.
Table 2 – The History of the Facebook Graph API
The Facebook employees who sent him the data were working for Facebook’s Protect and Care Team, but were themselves doing research on user experience as PhD students. Kogan states that the data he gathered with the Global Science Research quiz is separate from the initial data he used in his research, and it was kept on different servers. Kogan’s testimony before the UK Parliament’s Digital, Culture, Media and Sport Committee does clarify which streams of data were used by which actors, but none of the Members of Parliament attending the hearing asked any questions about the very process through which Kogan was able to tap into Facebook user data. He acknowledged that for harvesting information for the Strategic Communication Laboratories – Cambridge Analytica’s affiliated company – he used a market research recruitment strategy: for around $34 per person, he aimed at recruiting up to 20,000 individuals who would take an online survey. The survey would be accessible through an access token, which required participants to login using their Facebook credentials.
On the user end, Facebook Login is an access token which allows users to log in across platforms. The benefits of using access tokens are undeniable: having the possibility to operate multiple accounts using one login system allows for efficient account management. The dangers are equally clear. On the one hand, one login point (with one username and one password) for multiple accounts can be a security vulnerability. On the other hand, even if Facebook claims that the user is in control of the data shared with third parties, some apps using Facebook Login – for instance wifi access in café’s, or online voting for TV shows – do not allow users to change the information requested by the app, creating a ‘take it or leave it’ situation for users.
Figure 1 – Facebook Login interface
On the developer end, access tokens allow apps operating on Facebook to access the Graph API. The access tokens perform two functions:
- They allow developer apps to access user information without asking for the user’s password; and
- They allow Facebook to identify developer apps, users engaging with this app, and the type of data permitted by the user to be accessed by the app.
Understanding how Facebook Login works is essential in clarifying what information users are exposed to right before agreeing to hand their Facebook data over to other parties.
Data sharing and consent
As Figure 1 shows, and as it can be seen when browsing through Facebook’s Terms of Service, consent seems to be at the core of Facebook’s interaction with its users. This being said, it is impossible to determine, on the basis of these terms, what Facebook really does with the information it collects. For instance, in the Statement of Rights and Responsibilities dating from 30 January 2015, there is an entire section on sharing content and information:
- You own all of the content and information you post on Facebook, and you can control how it is shared through your privacyand application settings. In addition:
- For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
- When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).
- When you use an application, the application may ask for your permission to access your content and information as well as content and information that others have shared with you. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information. (To learn more about Platform, including how you can control what information other people may share with applications, read our Data Policy and Platform Page.)
- When you publish content or information using the Public setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
- We always appreciate your feedback or other suggestions about Facebook, but you understand that we may use your feedback or suggestions without any obligation to compensate you for them (just as you have no obligation to offer them).
This section appears to establish Facebook as a user-centric platform that wants to give as much ownership to its customers. However, the section says nothing about the fact that app developers used to be able to tap not only into the information generated by users, but also that of their friends, to an even more extensive degree. There are many other clauses in the Facebook policies that could be relevant for this discussion, but let us dwell on this section.
Taking a step back, from a legal perspective, when a user gets an account with Facebook, a service contract is concluded. If users reside outside of the U.S. or Canada, clause 18.1 of the 2015 Statement of Rights and Responsibilities mentions the service contract to be an agreement between the user and Facebook Ireland Ltd. For U.S. and Canadian residents, the agreement is concluded with Facebook Inc. Moreover, according to clause 15, the applicable law to the agreement is the law of the state of California. This clause does not pose any issues for agreements with U.S. or Canadian users, but it does raise serious problems for users based in the European Union. In consumer contracts, European law curtails party autonomy in choosing applicable law, given that some consumer law provisions in European legislation are mandatory, and cannot be derogated from. Taking the example of imposing the much lesser protections of U.S. law on European consumers, such clauses would not be valid under EU law. As a result, in 2017 the Italian Competition and Market Authority gave WhatsApp a €3 million fine on the ground that such contractual clauses are unfair.
Apart from problems with contractual fairness, additional concerns arise with respect to unfair competition. Set between competition law and private law, unfair competition is a field of law that takes into account both bilateral transactions, as well as the broader effect they can have on a market. The rationale behind unfair competition is that deceitful/unfair trading practices which give businesses advantages they might otherwise not enjoy should be limited by law. As far as terminology goes, in Europe, Directive 2005/29/EC, the main instrument regulating unfair competition, uses the terms ‘unfair commercial practices’, whereas in the United States, the Federal Trade Commission refers to ‘unfair or deceptive commercial practices’. The basic differences between the approaches taken in the two federal/supranational legal systems can be consulted in Figure 2 below:
Figure 2 – U.S. & EU unfair competition law (van Eijk, Hoofnagle & Kannekens, 2017)
Facebook’s potentially unfair/deceptive commercial practices
In what follows, I will briefly refer to the 3 comparative criteria identified by van Eijk et al.
The fact that a business must do something (representation, omission, practice, etc.) which deceives or is likely to deceive or mislead the consumer is a shared criterion in both legal systems. There are two main problems with Facebook’s 2015 terms of service to this end. First, Facebook does not specify how exactly the company shares user data and with whom. Second, this version of the terms makes no reference whatsoever to the sharing of friends’ data, as could be done through the extended permissions. These omissions, as well as the very limited amount of information offered to consumers, through which they are supposed to understand Facebook’s links to other companies as far as their own data is concerned, are misleading.
The second criterion, that of the reasonable/average consumer, is not so straight forward: the information literacy of Facebook users fluctuates, as it depends on demographic preferences. With the emergence of new social media platforms such as Snapchat and Musical.ly, Facebook might not be the socializing service of choice for younger generations. However, official statistics are based on data that includes a lot of noise. It seems that fake accounts make up around 3% of the total number of Facebook accounts, and duplicate accounts make up around 10% of the same total. This poses serious questions regarding the European standard of the average consumer, because there is no way to currently estimate how exactly this 13% proportion would change the features of the entire pool of users. There are many reasons why fake accounts exist, but let me mention two of them. First, the minimum age for joining Facebook is 13; however, the enforcement of this policy is not easy, and a lot of minors can join the social media platform by simply lying about their age. Second, fake online profiles allow for the creation of dissociate lives: individuals may display very different behavior under the veil of anonymity, and an example in this respect is online bullying.
Figure 3 – Distribution of Facebook users worldwide as of April 2018, by age and gender (Statista, 2018)
These aspects can make it difficult for a judge to determine the profile of the reasonable/average consumer as far as social media is concerned: would the benchmark include fake and duplicate accounts? Would the reasonable/average consumer standard have to be based on the real or the legal audience? What level of information literacy would this benchmark use? These aspects remain unclear.
The third criterion is even more complex, as it deals with the likelihood of consumers taking a different decision, had they had more symmetrical information. Two main points can be made here. On the one hand, applying this criterion leads to a scenario where we would have to assume that Facebook would better disclose information to consumers. This would normally take the form of specific clauses in the general terms and conditions. For consumers to be aware of this information, they would have to read these terms with orthodoxy, and make rational decisions, both of which are known not to be the case: consumers simply do not have time and do not care about general terms and conditions, and make impulsive decisions. If that is the case for the majority of the online consumer population, it is also the case for the reasonable/average consumer. On the other hand, perhaps consumers might feel more affected if they knew beforehand the particularities of data sharing practices as they occurred in the Cambridge Analytica situation: that Facebook was not properly informing them about allowing companies to broker their data to manipulate political campaigns. This, however, is not something Facebook would inform its users about directly, as Cambridge Analytica is not the only company using Facebook data, and such notifications (if even desirable from a customer communication perspective), would not be feasible, or would lead to information overload and consumer fatigue. If this too translates into a reality where consumers do not really care about such information, the third leg of the test seems not to be fulfilled. In any case, this too is a criterion which will very likely raise many more questions that it aims to address.
In sum, two out of the three criteria would be tough to fulfill. Assuming, however, that they would indeed be fulfilled, and even though there are considerable differences in the enforcement of the prohibition against unfair/deceptive commercial practices, the FTC, as well as European national authorities can take a case against Facebook to court to order injunctions, in addition to other administrative or civil acts. A full analysis of European and Dutch law in this respect will soon be available in a publication authored together with Stephan Mulders.
Harmonization and its discontents
The Italian Competition and Market Authority (the same entity that fined WhatsApp) launched an investigation into Facebook on April 6, on the ground that its data sharing practices are misleading and aggressive. The Authority will have to go through the same test as applied above, and in addition, will very likely also consult the black-listed practices annexed to the Directive. Should this public institution from a Member State find that these practices are unfair, and should the relevant courts agree with this assessment, a door for a European Union-wide discussion on this matter will be opened. Directive 2005/29/EC is a so-called maximum harmonization instrument, meaning that the European legislator aims for it to level the playing field on unfair competition across all Member States. If Italy’s example is to be followed, and more consumer authorities restrict Facebook practices, this could mark the most effective performance of a harmonizing instrument in consumer protection. If the opposite happens, and Italy ends up being the only Member State outlawing such practices, this could be a worrying sign of how little impact maximum harmonization has in practice.
New issues, same laws
Nonetheless, in spite of the difficulties in enforcing unfair competition, this discussion prompts one main take-away: data-related practices do fall under the protections offered by regulation on unfair/deceptive commercial practices. This type of regulation already exists in the U.S. just as much as it exists in the EU, and is able to handle new legal issues arising out of the use of disruptive technologies. The only areas where current legal practices are in need of an upgrade deal with interpretation and proof: given the complexity of social media platforms and the many ways in which they are used, perhaps judges and academics should also make use of data science to better understand the behavior of these audiences, as long as this behavior is central for legal assessments.
 Will Knight, ‘A Self-driving Uber Has Killed a Pedestrian in Arizona’, MIT Technology Review, The Download, March 19, 2018; Alan Ohnsman, Fatal Tesla Crash Exposes Gap In Automaker’s Use Of Car Data, Forbes, April 16, 2018.
 John Biggs, ‘Exit Scammers Run Off with $660 Million in ICO Earnings’, TechCrunch, April 13, 2018.
 Joe Harpaz, ‘What Trump’s Attack On Amazon Really Means For Internet Retailers’, Forbes, April 16, 2018.
 Carole Cadwalladr and Emma Graham-Harrison, ‘Revealed: 50 Million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach’, The Guardian, March 17, 2018.
 The Cambridge Analytica website reads: ‘Data drives all we do. Cambridge Analytica uses data to change audience behavior. Visit our political or commercial divisions to see how we can help you.’, last visited on April 27, 2018. It is noteworthy that the company started insolvency procedures on 2 May, in an attempt to rebrand itself as Emerdata, see see Shona Ghosh and Jake Kanter, ‘The Cambridge Analytica power players set up a mysterious new data firm — and they could use it for a ‘Blackwater-style’ rebrand’, Business Insider, May 3, 2018.
 For a more in-depth description of the Graph API, as well as its Instagram equivalent, see Jonathan Albright, The Graph API: Key Points in the Facebook and Cambridge Analytica Debacle, Medium, March 21, 2018.
 Iraklis Symeonidis, Pagona Tsormpatzoudi & Bart Preneel, ‘Collateral Damage of Facebook Apps: An Enhanced Privacy Scoring Model’, IACR Cryptology ePrint Archive, 2015, p. 5.
 UK Parliament Digital, Culture, Media and Sport Committee, ‘Dr Aleksandr Kogan questioned by Committee’, April 24, 2018; see also the research output based on the 57 billion friendships dataset: Maurice H. Yearwood, Amy Cuddy, Nishtha Lamba, Wu Youyoua, Ilmo van der Lowe, Paul K. Piff, Charles Gronind, Pete Fleming, Emiliana Simon-Thomas, Dacher Keltner, Aleksandr Spectre, ‘On Wealth and the Diversity of Friendships: High Social Class People around the World Have Fewer International Friends’, 87 Personality and Individual Differences 224-229 (2015).
 UK Parliament Digital, Culture, Media and Sport Committee hearing, supra note 8.
 This number mentioned by Kogan in his witness testimony conflicts with media reports which indicate a much higher participation rate in the study, see Julia Carrie Wong and Paul Lewis, ‘Facebook Gave Data about 57bn Friendships to Academic’, The Guardian, March 22, 2018.
 Clause 18.1 (2015) reads: If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited.
 Clause 15.1 (2015) reads: The laws of the State of California will govern this Statement, as well as any claim that might arise between you and us, without regard to conflict of law provisions.
 Italian Competition and Market Authority, ‘WhatsApp fined for 3 million euro for having forced its users to share their personal data with Facebook’, Press Release, May 12, 2018.
 Rogier de Vrey, Towards a European Unfair Competition Law: A Clash Between Legal Families : a Comparative Study of English, German and Dutch Law in Light of Existing European and International Legal Instruments (Brill, 2006), p. 3.
 Nico van Eijk, Chris Jay Hoofnagle & Emilie Kannekens, ‘Unfair Commercial Practices: A Complementary Approach to Privacy Protection’, 3 European Data Protection Law Review 1-12 (2017), p. 2.
 Ibid., p. 11.
 The tests in Figure 2 have been simplified by in order to compare their essential features; however, upon a closer look, these tests include other details as well, such as the requirement of a practice being against ‘professional diligence’ (Art. 4(1) UCPD).
 Patrick Kulp, ‘Facebook Quietly Admits to as Many as 270 Million Fake or Clone Accounts’, Mashable, November 3, 2017.
 Italian Competition and Market Authority, ‘Misleading information for collection and use of data, investigation launched against Facebook’, Press Release, April 6, 2018.
 This discussion is of course much broader, and it starts from the question of whether a data-based service falls within the material scope of, for instance, Directive 2005/29/EC. According to Art. 2(c) corroborated with Art. 3(1) of this Directive, it does. See also Case C‑357/16, UAB ‘Gelvora’ v Valstybinė vartotojų teisių apsaugos tarnyba, ECLI:EU:C:2017:573, para. 32.