Addressing Anticompetitive Data Aggregation: a Comment to Bundeskartellamt Decision B6-22/16

Data aggregation, understood as the process of gathering and combining data in order to prepare datasets that might be useful for specific business or other purposes, is not per se forbidden. However, some forms of it can be considered anticompetitive. In the Decision B6-22/16 of the German Federal Cartel Office (Bundeskartellamt) data aggregation, which included the collection of data from sources outside of Facebook’s social network (from Facebook-owned services such as WhatsApp and Instagram and from third party websites or mobile applications) and their combination with the information connected with a particular Facebook user account without that user’s consent, constituted an abuse of Facebook’s dominant position on the German market for social networks. The Bundeskartellamt found that the processing of user’s personal data by Facebook has, to some extent, been carried out in a way which infringed GDPR provisions. In the same decision, the Bundeskartellamt also identified the exclusionary nature of Facebook’s anticompetitive behaviour. According to the Bundeskartellamt, the illegal data aggregation formed a barrier to entry for Facebook’s competitors which, through compliance with data protection standards, found themselves in a worst position. Facebook, through its inappropriate data aggregation gained a competitive advantage. The Bundeskartellamt’s decision is, therefore, reflecting the anticompetitive dangers that data aggregation might pose. Nevertheless, it is debated whether the Bundeskartellamt, as a competition authority, is competent to determine the compliance or lack of compliance of business terms with the provisions of the GDPR. This paper analyzes the Bundeskartellamt’s decision as to where an anticompetitive nature of data processing has been identified, and tries to answer the question why it is problematic that it was the Bundeskartellamt and not a data protection supervisory authority that has issued such a decision.

Download Full-text

Digital Tracing and Malaysia's Personal Data Protection Act 2010 amid the Covid-19 Pandemic

Asian Journal of Law and Policy ◽

10.33093/ajlp.2021.3 ◽

2021 ◽

Vol 1 (1) ◽

pp. 47-62

Author(s):

Olivia Tan Swee Leng ◽

Rossanne Gale Vergara ◽

Shereen Khan

Keyword(s):

Data Protection ◽

Mobile Applications ◽

Personal Information ◽

Effective Means ◽

Personal Data ◽

Third Party ◽

Contact Tracing ◽

State Agencies ◽

Personal Data Protection ◽

And Control

Digital tracing is a proven effective means for the Malaysian government to trace and control the spread of COVID-19. However, the process of tracing and tracking in order to manage the spread of the pandemic have in many ways compromised personal information to third party applications. Malaysia is not the only country that uses digital tracing to manage the spread of the pandemic. Various countries have chosen different methods for digital contact tracing to manage the spread of COVID-19 and some are less respectful of privacy than others. This paper analyses Malaysia’s Personal Data Protection Act 2010 (PDPA) and its effectiveness in protecting personal data during the pandemic as Malaysians continue to utilise the contact tracing mobile applications such as MySejahtera and SELangkah. The researchers applied doctrinal research method and analysed the current Malaysian legislation on data protection. It should be noted that the PDPA does not apply in the case of government collection and would not require federal and state agencies to be transparent in their data management.

Download Full-text

Digital Economy, Big Data and Competition Law

Market and Competition Law Review ◽

10.7559/mclawreview.2019.315 ◽

2019 ◽

Vol 3 (1) ◽

pp. 53-89

Author(s):

Roberto Augusto Castellanos Pfeiffer

Keyword(s):

Big Data ◽

Data Protection ◽

Personal Data ◽

Competition Law ◽

Digital Economy ◽

Data Driven ◽

Dominant Position ◽

Privacy Concerns ◽

Sense Data ◽

Abuse Of Dominant Position

Big data has a very important role in the digital economy, because firms have accurate tools to collect, store, analyse, treat, monetise and disseminate voluminous amounts of data. Companies have been improving their revenues with information about the behaviour, preferences, needs, expectations, desires and evaluations of their consumers. In this sense, data could be considered as a productive input. The article focuses on the current discussion regarding the possible use of competition law and policy to address privacy concerns related to big data companies. The most traditional and powerful tool to deal with privacy concerns is personal data protection law. Notwithstanding, the article examines whether competition law should play an important role in data-driven markets where privacy is a key factor. The article suggests a new approach to the following antitrust concepts in cases related to big data platforms: assessment of market power, merger notification thresholds, measurement of merger effects on consumer privacy, and investigation of abuse of dominant position. In this context, the article analyses decisions of competition agencies which reviewed mergers in big data-driven markets, such as Google/DoubleClick, Facebook/ WhatsApp and Microsoft/LinkedIn. It also reviews investigations of alleged abuse of dominant position associated with big data, in particular the proceeding opened by the Bundeskartellamt against Facebook, in which the German antitrust authority prohibited the data processing policy imposed by Facebook on its users. The article concludes that it is important to harmonise the enforcement of competition, consumer and data protection polices in order to choose the proper way to protect the users of dominant platforms, maximising the benefits of the data-driven economy.

Download Full-text

The HES-code and the data protection during COVID-19 pandemic in Turkey

Bioethica ◽

10.12681/bioeth.28163 ◽

2021 ◽

Vol 7 (2) ◽

pp. 69

Author(s):

Sabah Mine Cangil

Keyword(s):

Data Protection ◽

Mobile Applications ◽

Personal Data ◽

Health Data ◽

Fundamental Rights ◽

Legal Issues ◽

Legal Problems ◽

Fundamental Rights And Freedoms ◽

The Individual

Mobile applications are a beneficial tool to fight the coronavirus. With the mobile tracing applications, it became easier to cut the chain of transmission of the virus and reduce the number of daily cases. Many countries developed their applications and made them available to their citizens. While using these applications, it is necessary to protect the fundamental rights and freedoms of the individual. This frequent processing of individuals' health data has created legal problems regarding the protection of personal data. The purpose of this paper is to present a study on the Turkish Covid-19 tracing application “Hayat Eve Sığar-HES” and the legal issues behind the application.

Download Full-text

5. The data protection principles

10.1093/he/9780198787556.003.0005 ◽

2017 ◽

Author(s):

Ian J. Lloyd

Keyword(s):

Data Protection ◽

Data Use ◽

Personal Data ◽

Third Party ◽

Security Measures ◽

Data Controller

This chapter focuses on the data protection principles under the Data Protection Act 1998. It considers to what extent and under what conditions a data controller may lawfully process personal data. Use may take a variety of forms and will include disclosure of data to a third party. It also looks at the operation of the principle requiring users to adopt appropriate security measures.

Download Full-text

Data Protection and Competition Law Enforcement in the Digital Economy: Why a Coherent and Consistent Approach is Necessary

IIC - International Review of Intellectual Property and Competition Law ◽

10.1007/s40319-021-01090-6 ◽

2021 ◽

Author(s):

Klaus Wiedemann

Keyword(s):

Data Protection ◽

Consumer Choice ◽

Business Models ◽

Online Advertising ◽

Personal Data ◽

Competition Law ◽

Third Party ◽

Starting Point ◽

Recent Developments ◽

Consumer Autonomy

AbstractThis contribution argues that a coherent and consistent interpretation of data protection and competition law is both possible and adequate. To illustrate this need, the ongoing abuse-of-dominance investigation by the French Autorité de la Concurrence against Apple is analysed. Representatives of the online advertising industry lodged a complaint against the introduction of Apple’s “App Tracking Transparency framework”. The latter includes a de facto obstacle to third-party tracking which shuts down advertisers’ access to those precious personal data that can be used for online advertising. With the Apple case in mind and by way of example, this paper argues that the regulation of consent to the processing of personal data under the GDPR serves as a dogmatic link between data protection and competition law, as this legal basis is at the heart of many digital business models. The GDPR provides a normative framework to determine when consent has been “freely given”. This can be a fruitful starting point for a competitive assessment, too, as both legal regimes pursue the objective of protecting consumer autonomy and consumer choice. The paper finishes by finding that its dogmatic approach corresponds to recent developments within competition law legislation and enforcement.

Download Full-text

THE EFFECTIVENESS OF THE MINISTER OF COMMUNICATION AND INFORMATICS REGULATION NUMBER 20 OF 2016 ON THE PROTECTION OF PERSONAL DATA IN ELECTRONIC SYSTEMS

Yustisia Jurnal Hukum ◽

10.20961/yustisia.v0ixx.28346 ◽

2019 ◽

Vol 8 (1) ◽

pp. 119

Author(s):

Fadhilah Pijar Ash Shiddiq ◽

Sinta Dewi Rosadi ◽

Rika Ratna Permata

Keyword(s):

International Law ◽

Data Protection ◽

Personal Data ◽

Information Privacy ◽

Third Party ◽

Electronic Systems ◽

Personal Data Protection ◽

Positive Law ◽

Sim Card ◽

The Right

<p>Privacy, as a part of Human Rights, is the right of freedom of private matters. The basic concept of privacy is “the right to be let alone” which state that every individual have the right to have his own solitude without intervention. One of the most important information which also can be associated with Information Privacy is Personal Data that shall be protected as a form of protection to the privacy itself. Some of the personal data has been used as the requirements of the SIM Card Registration, thus making new problems regarding its personal data protection since the comprehensive regulation still covered only by the Ministral Regulation. Research method used in this paper is Descriptive Analytic in which the writer analyze the research object by explaining the situation and the condition of the personal data protection obtained from literatures on the facts that can be associated with the implementation of SIM Card Registration Policy according to Indonesia’s Positive Law and International Law. According to the result of the study, the Ministral Regulation already covered most of the basic data protection needed in the SIM card registration policy, however the protection provided by the Ministral Regulation still has not covered the third party involved. The Involvement of this third party is inevitable and should be protected immediatelyin order to prevent any abuse of personal data.</p>

Download Full-text

Gütesiegel in der Markt-, Medien- und Sozialforschung

10.5771/9783748902119 ◽

2019 ◽

Author(s):

Franziska Speck

Keyword(s):

Data Protection ◽

Social Research ◽

Personal Data ◽

Special Consideration ◽

Willingness To Participate ◽

Web Surveys ◽

German Market ◽

Research Organisations ◽

Theoretical Foundations

The objective of this study is to examine the effect of data protection-specific quality seals on trust, willingness to participate and voluntary submission of data in web surveys. In this regard, it makes their commercial benefit transparent in the context of German market, media and social research. As in this market there are primarily small and medium-sized research organisations, the study gives special consideration to their economic concerns. Overall, it addresses a new field of research due to the sector’s special connection to German market, media and social research. Against this background, it considers the subject’s conceptual and theoretical foundations, which exist for the use of quality seals in e-commerce, in a new light. In this regard, this work’s special feature is that it deals with the voluntary submission of personal data based on intrinsically motivated factors.

Download Full-text

Acquisitions in the third party tracking industry: competition and data protection aspects

10.31228/osf.io/fe8u7 ◽

2018 ◽

Author(s):

Reuben Binns ◽

Elettra Bietti

Keyword(s):

Mergers And Acquisitions ◽

Data Protection ◽

Large Scale ◽

Personal Data ◽

Consumer Welfare ◽

Fundamental Rights ◽

Third Party ◽

Digital Data ◽

The Third ◽

The Third Party

Amid growing concern about the use and abuse of personal data over the last decade, there is an emerging suggestion that regulators may need to turn their attention towards the concentrations of power deriving from large-scale data accumulation. No longer the preserve of data protection or privacy law, personal data is receiving attention within competition and antitrust law.Recent mergers and acquisitions between large digital technology platforms have raised important questions about how these different areas intersect and how they can complement one another in order to protect consumer welfare while ensuring competitive markets. This paper draws attention to one particularly complicated kind of digital data-intensive industry: that of third party tracking, in which a firm does not (only or primarily) collect and process personal data of its own customers or users, but rather collects and processes data from the users of other ‘first party’ services.Mergers and acquisitions between firms active in the third party tracking industry raise unique challenges for privacy and fundamental rights which are often missed in regulatory decisions and academic discussions of data and market concentration. In this paper, we combine empirical and normative insights to shed light on the role of competition regulators in addressing the specific challenges of mergers and acquisitions in the third party tracking industry. After critically assessing some of the US and EU case law in this area, we argue that a bolder approach is needed; one that engages in a pluralist analysis of economic and noneconomic concerns about concentrations of power and control over data.

Download Full-text

A Decentralized Personal Data Store based on Ethereum: Towards GDPR Compliance

Journal of Communications Software and Systems ◽

10.24138/jcomss.v15i2.696 ◽

2019 ◽

Vol 15 (2) ◽

Cited By ~ 3

Author(s):

Marco Alessi ◽

Alessio Camillò ◽

Enza Giangreco ◽

Marco Matera ◽

Stefano Pino ◽

...

Keyword(s):

Data Sharing ◽

Data Protection ◽

Service Providers ◽

Personal Data ◽

End Users ◽

Third Party ◽

Smart Devices ◽

Sensitive Data ◽

Data Store ◽

Mandatory Requirement

Sharing personal data with service providers is a fundamental resource for the times we live in. But data sharing represents an unavoidable issue, due to improper data treatment, lack of users' awareness to whom they are sharing with, wrong or excessive data sharing from end users who ignore they are exposing personal information. The problem becomes even more complicate if we try to consider the devices around us: how to share devices we own, so that we can receive pervasive services, based on our contexts and device functionalities. The European Authority has provided the General Data Protection Regulation (GDPR), in order to implement protection of sensitive data in each EU member, throughout certification mechanisms (according to Art. 42 GDPR). The certification assures compliance to the regulation, which represent a mandatory requirement for any service which may come in contact with sensitive data. Still the certification is an open process and not constrained by strict rule. In this paper we describe our decentralized approach in sharing personal data in the era of smart devices, being those considered sensitive data as well. Having in mind the centrality of users in the ownership of the data, we have proposed a decentralized Personal Data Store prototype, which stands as a unique data sharing endpoint for third party services. Even if blockchain technologies may seem fit to solve the issue of data protection, because of the absence of a central authority, they lay to additional concerns especially relating such technologies with specifications described in the regulation. The current work offers a contribution in the advancements of personal data sharing management systems in a distributed environment by presenting a real prototype and an architectural blueprint, which advances the state of the art in order to meet the GDPR regulation. Address those arisen issues, from a technological perspective, stands as an important challenge, in order to empower end users in owning their personal data for real.

Download Full-text

Data Protection, Genetics and Patents for Biotechnology

European Journal of Health Law ◽

10.1163/092902707x199113 ◽

2007 ◽

Vol 14 (2) ◽

pp. 177-187 ◽

Cited By ~ 3

Author(s):

Deryck Beyleveld ◽

Mark Taylor

Keyword(s):

Data Protection ◽

Biological Samples ◽

Personal Data ◽

Fundamental Principle ◽

Patent Law ◽

Third Party ◽

Court Of Justice ◽

European Court ◽

Ec Law ◽

The Eu

AbstractThis paper has three parts. In Part One, we argue that while biological samples and genetic information extracted from them are not (in terms of Directive 95/46/EC) personal data in and of themselves, each is capable of being personal data in appropriate contexts. In Part Two, we argue that if this is correct, then the requirement for sources of human biological samples to give informed consent for any use of their samples (which the European Court of Justice has maintained to be a fundamental principle of EC law but not one to be enforced via patent law) must be enforced by data protection law in the EU. Finally, in Part Three, we consider the implications of our position for the capacity of Directive 95/46/EC to adequately protect third party interests given the shared nature of genetic data.

Download Full-text