Can consumers pay too much when they pay nothing? The question might seem absurd, but a recent investigation by the Bundeskartellamt raises the question: it is accusing Facebook, which offers its services for free, of an infringement that looks a lot like excessive pricing. In this blog post, I unpack the Facebook case by explaining the social network’s business model, analyzing the Bundeskartellamt’s preliminary assessment and looking at broader developments.
Facebook’s business model
Facebook is a social networking site with 2 billion active users. Those users do not have to dig up their credit card to use the social network, something Facebook prides itself on: its homepage reads ‘It’s free and always will be.’ However, ‘free’ is used here in the strict sense. Indeed, Facebook does not charge you any money, but this does not mean that you are not giving Facebook anything in return. In fact, you are giving Facebook two valuable things: your information and your attention. EU Competition Commissioner Vestager said as much in a speech:
Social networks let people keep in touch with friends, wherever they are in the world. And they don’t pay a single penny for those services. Instead, they pay with their data. That doesn’t have to be a problem, as long as people are happy that the data they share is a fair price to pay for the services they get in return. Personal data has become a valuable commodity.
Indeed, personal data has become so valuable it is being referred to as ‘the oil of the digital era’. The oilrigs of this new era are online platforms. From a consumer perspective, data is also being pointed to as ‘the currency of the 21st century’. In other words, when consumers ‘only’ hand over data to use a service, they are paying something. More specifically, it is useful to distinguish between information and attention costs—a taxonomy suggested by Newman.
The information cost for users consists in handing over their personal data such as name, gender, e-mail address, phone number, etc. This data is surrendered consciously to gain access to certain free services. However, many information costs are more subtle: for example, you tell Google what you are looking for by typing in a search query, and you signal Facebook your preferences by liking certain pages or posts. Moreover, many apps track their users’ location.
Companies put this data to a variety of uses, the most benign one being the improvement of its products. More profitably, however, data is used to target consumers with advertising. This is where attention costs come into play. Sometimes these costs will be quite tangible. Think, for example, of the advertisement you have to sit through before you can watch certain content on Youtube. At other times, such as when you are scrolling through your Facebook newsfeed glossing over advertisement after advertisement, the cost is subtler. In any case, according to Newman, ‘costs arise because advertisements take time to watch, view, or hear.’ In this sense, time is quite literally money.
The Bundeskartellamt’s case against Facebook
So can a social network demand too much information and attention costs from the consumer, or in other words, can it set its zero-price too high? At least when it comes to information, this appears possible. In March 2016, the Bundeskartellamt (German Competition Authority) broke the news that it was initiating proceedings against Facebook—a more elaborate preliminary assessment and complementary background paper followed in December 2017. So what exactly does the authority take issue with?
First of all, the Bundeskartellamt shows a thorough understanding of Facebook’s business model, which is not surprising: it has been researching platforms in depth for the past couple of years, publishing reports on, inter alia, their market power and their use of data. The authority describes Facebook’s two-sided business model as follows: ‘On the one hand the social network offers a free service, on the other it offers attractive advertising space, which is so valuable because Facebook has huge amounts of personalized data at its disposal.’
The proceedings concern an alleged abuse of dominance, so the Bundeskartellamt takes care to define the market and establish Facebook’s dominant position on it. The authority considers the relevant market that of social networks in Germany, excluding professional networks such as Linkedin, messaging services such as Snapchat, or other social media such as Youtube or Twitter. Facebook’s market power is then explained by its high market shares and the characteristics that are typical for online platforms, i.e. (in)direct network effects, high barriers to entry, user lock-in, economies of scale and ‘access to competitively relevant data’.
The abuse allegations concern the way in which Facebook acquires this data. The authority notes that this acquisition, in principle, does not raise competition concerns; after all, ‘users have to expect a certain processing of their data if they use such a free service.’ Therefore, the Bundeskartellamt is explicitly not examining the acquisition of data generated by the use of Facebook’s social network itself (which it labels ‘on Facebook’). Instead, it focuses on user data obtained from third-party sources (labeled ‘off Facebook’). In the words of the authority:
Facebook is abusing [its] dominant position by making the use of its social network conditional on its being allowed to limitlessly amass every kind of data generated by using third-party websites and merge it with the user’s Facebook account. These third-party sites include firstly services owned by Facebook such as WhatsApp or Instagram, and secondly websites and apps of other operators with embedded Facebook APIs.
Thus, two sorts of data are relevant: the data gathered from Facebook-owned services WhatsApp and Instagram on the one hand, and the data collected through websites and apps that make use of the Facebook API on the other. Let us consider each in turn.
The first kind of data has a history to it. In October 2014, the Commission gave the green light for Facebook’s $19 billion acquisition of messaging service WhatsApp. Facebook thus paid $55 for each user of a service that was suffering significant losses. One theory of harm investigated by the Commission was whether Facebook could start collecting data from WhatsApp users to better target ads on Facebook (for those WhatsApp users that are also Facebook users). However, this would require matching WhatsApp with Facebook accounts, and Facebook declared that ‘there are major obstacles thereto.’
In August 2016, WhatsApp announced it would start linking WhatsApp user phone numbers with Facebook user identities in order to display more relevant advertising on WhatsApp users’ Facebook accounts. As this move contradicted statements made by Facebook during the acquisition process, it was served with a statement of objections. In May 2017, the Commission then fined Facebook 110 million EUR for providing misleading information. Specifically, the Commission found that, contrary to Facebook’s statements, it was already aware of the technical possibility of automatically matching Facebook and WhatsApp users’ identities during the merger review process.
The second kind of data concerns those collected through the use of Facebook’s API (or application programming interface). Many websites and apps offer the option to like or share their content on Facebook, which is made technically possible by using the Facebook API. However, when users visit websites or apps that have embedded this API (even without pressing the ‘like’ or ‘share’ button), their data is transmitted to Facebook, which then processes it to target advertising. Contrary to data generated on the social network itself, ‘users cannot expect data which is generated when they use services other than Facebook to be added to their Facebook account to this extent.’
Facebook is thus collecting data from related services (WhatsApp and Instagram) and unrelated websites (that use the Facebook API). How does this constitute an abuse of dominant position? The Bundeskartellamt takes issue with Facebook’s all-or-nothing approach: users can either accept ‘the whole Facebook package’, extensive data collection included, or they can go look for a different social network. The authority qualifies this behavior as an exploitative (as opposed to an exclusionary) abuse. German competition law recognizes two kinds of exploitative abuse: excessive prices and unfair business terms. As users ‘pay’ for Facebook with their data, one might expect that demanding too much data is a form of excessive prices. However, the authority qualifies Facebook’s data grab as a case of unfair business terms, which may have something to do with the high bar set by the excessive pricing doctrine.
Coming up with an effective theory of harm is more difficult, given that users do not pay for Facebook. The Bundeskartellamt tries to tackle this objection by acknowledging that Facebook’s offers its services for free, and its users therefore do not suffer a direct financial loss due to the exploitative business terms. However, the Bundeskartellamt argues that ‘the damage for the users lies in a loss of control: they are no longer able to control how their personal data are used.’ Additionally, the Bundeskartellamt notes that as a consequence of the abuse, Facebook is becoming more and more indispensable for advertising customers. It therefore believes there is also ‘potential for competitive harm on the side of advertising customers who are faced with a dominant supplier of advertising space.’
This brings us back to the initial question: can consumers pay too much when they pay nothing? The Bundeskartellamt’s answer is positive, with two nuances. First, consumers do not exactly pay nothing. Rather, they pay with their information and attention, although the authority has not put it this way explicitly yet. Secondly, the authority chooses not to go with ‘too much’ or ‘excessive’, but rather with ‘unfair’—a broad term that is becoming more and more popular in European competition enforcement.
It will be interesting to see how the Bundeskartellamt specifies its theory of harm, as the current ‘loss of control’ over data appears quite vague. More fundamentally, there is the question of how to square this case with the Commission’s position that ‘any privacy-related concerns […] do not fall within the scope of the EU competition law rules but within the scope of the EU data protection rules.’ The decision itself, which is expected in summer 2018, may bring clarification.