Trends: anti-trust, consumer and privacy regulation increasingly converge

Competition law and consumer protection law are increasingly, and arguably irreversibly, intertwined. Undistorted competition on price and quality leads to lower prices, better choice and incentives to innovate. Similarly, consumer protection law guarantees that the choice created by competition law, is a real choice. For example, once a consumer has found the lowest price as the result of price competition, consumer protection law requires that price to be correct, without unexpected surcharges. Failure to uphold this principle of transparency has led to considerable enforcement, for example:

• by the Italian competition authority in relation to low-cost airline companies’ surcharges for cabin baggage;
• by the Dutch competition authority for hidden surcharges for tool rental; and
• by the UK competition authority on unavoidable surcharges instigated by car-hire companies.

Consumer protection law also requires quality and safety standards to be met, as seen in the case of a tour operator that did not offer a guarantee, or a car manufacturer (in this case Volkswagen) that failed to fulfil a promise to manufacture more environmentally-friendly diesel cars (Diesel-gate).

Combining enforcement of consumer protection and competition law

Geo-blocking is a prime example of where consumer protection and competition law meet. For example, a consumer finds a product online for a better price in another EU-member state, but is automatically redirected to his or her home state website to buy the product at the domestic price – this consumer is unable to benefit from competition in the internal market.

When geo-blocking is the result of a bilateral agreement between a supplier and a retailer obliging the retailer to only sell to its national market and not to consumers outside its country, this falls foul of competition law, such as in the recent cases concerning Guess, Nike, film studios and video games. If geo-blocking is the result of a trader’s unilateral decision, the Geo-Blocking Regulation applies to prohibit such independent geo-blocking behaviour. The legal basis for the enforcement of the Regulation in the Netherlands is consumer protection law, since it regulates the interaction between a trader and its consumers. Consumers experience the same harm, irrespective of whether geo-blocking occurs as a result of unilateral or bilateral behaviour, but the legal instruments against that harm, differ. In our view, this explains why the authorities have a tendency to enforce consumer protection laws and competition law in parallel.

The same goes for the renewed Payment Service Directive (PSD2). The aim of this Directive is to increase innovation and competition in the financial sector creating “more choice and a better offer for consumers”. The Dutch competition authority is entrusted with part of the enforcement of PSD2. It enforces the prohibitions to charge or surcharge consumers for using certain payment methods as a means of consumer protection. In addition, the ACM is also surveying third-party access to bank accounts and payment systems, in order to prevent the foreclosure of competitors. This shows that compliance requires at least a two-fold approach, when it comes to doing business with consumers.

Privacy protection via consumer protection and competition law

When it comes to consumers’ data, compliance may even require a three-pronged approach. If data is being used within a commercial context, it is protected under privacy protection rules, consumer protection and competition law. With the growing importance of data to survive in a competitive market place (as concluded in the the recent report for the European Commission on Competition policy for the digital era), the enforcement in these three fields of law regarding the use of data increases as well.

For example,

• the Italian Competition Authority fined Facebook EUR 10 million for using its subscribers’ data for commercial purposes, which it considered an unfair commercial practice under consumer protection law.
• the German competition authority held that Facebook abused its dominant position by collecting data from its own users and visitors of third-party websites which used Facebook interfaces without the voluntary consent of users.
• In the UK, Facebook was fined by the Data Protection Authority for the unfair processing of personal data since Cambridge Analytics used the information without proper consent of Facebook’s subscribers.

Another example, is the recent request by 27 national consumer authorities to both Apple and Google to change their app stores so that app providers can inform consumers what happens to their data. This request was based on consumer protection law with the intention to protect privacy.

Not only are large online platforms facing this kind of enforcement. There are also examples which concern the use / storage of consumer data within large databases, such as Engie in France, and Italian energy companies.

This shows how interwoven privacy, consumer protection and competition law are when it comes to both the use and protection of personal data. We envisage that this trend is only set to continue, with enforcers finding more bespoke ways to tackle issues relating to consumer harm with an ever broader tool-kit.