Since the beginning of the 21st century, most people’s daily lives cannot be separated from Internet services, which often require the exchange of personal data. If you don't choose to surrender your privacy, you may be unable to move in this world- everyone seems to be forced to "run naked." Internet service providers unscrupulously track users and steal personal data in order to push targeted advertisements. Financial institutions use personal information collected from various channels to evaluate their customers' loan qualifications. Even the supermarkets that visit daily have to step in and quietly record customers' daily payment information and shopping records... Data privacy infringement has long been pervasive.
A huge wave of data privacy infringement has struck, and consumers have been struggling for a long time. People are strongly dissatisfied with the overlord clause that gives up data privacy in exchange for the right to use the Internet platform, and the introduction of stronger data privacy protection measures cannot be delayed.
In the field of data privacy protection, a number of measures have been implemented one after another, one of which is protection through antitrust measures. The principle is that monopoly companies are often the culprits of data privacy infringements. These companies abuse their dominant market position to force users to agree to the overlord clause of data privacy exchange. Through the implementation of antitrust measures such as splitting, on the one hand, it can promote market competition and give users more options to avoid being forced to hand over personal information to use necessary services. On the other hand, it can ensure that monopolistic enterprises are subject to visual supervision, and effectively stop their misleading users and fraudulently obtaining personal information, thereby realizing data privacy protection.
However, from the perspective of its own and market limitations, the implementation of antitrust measures has an important effect on privacy protection, but it is not a perfect solution. First, there are three main limitations of its own: (1) Huge sunk costs need to be invested in the early stage; (2) Lack of effective supporting laws and regulations for follow-up support; (3) Non-monopoly companies may slip through the net. Second, from the perspective of market limitations, on the one hand, since the Internet market is a bilaterally open market, the provision of related services is inseparable from user data. Increasing competition will make companies need to use more data to gain a competitive advantage, driving them to carry out data infringement. On the other hand, for users, due to the concealment of data acquisition, cognitive limitations, and excessive sensitivity to product prices, it is difficult for users to choose a company with a higher degree of privacy protection due to sufficient competition.
It is precisely because of the limitations of antitrust measures themselves and market competition that it is difficult to achieve the effect of enhancing privacy protection only through antitrust laws. More effective comprehensive measures are urgently needed to adapt to market development and the general public demand.
Limitations of antitrust measures
In the US market where market concentration, privacy infringement and data leakage crises are intensifying, especially in the data communications and Internet markets, the call for increasing government antitrust enforcement has been ongoing for a long time. In theory, a complete set of antitrust measures can effectively curb vicious market competition and protect user privacy data. However, from the actual effect, this view seems to lack strong support.
Currently, the limitations of antitrust measures in terms of privacy protection can be summarized as the following three points:
1. Huge sunk costs and slim expected results
One of the limitations of antitrust measures is that their implementation is often inseparable from continuous energy investment, strong political support, and a large amount of financial support, but their ultimate effectiveness is full of uncertainty. This makes many countries, especially small and medium-sized countries, inevitably encounter strong practical resistance in the process of implementing antitrust measures.
Taking the antitrust experience of developed countries in Europe and the United States as an example, according to an antitrust follow-up investigation report of a US law firm:in 2017, the average investigation period for major anti-concentration cases in the United States was as long as ten months, and the EU was roughly the same in this regard. In some cases involving aircraft carrier-class enterprises, this period tends to last longer. For example, the trial of the well-known Microsoft antitrust case in the United States took as long as six years.
More importantly, making a judgment on monopolistic behavior is only the first step on the long road to antitrust. After the relevant agreements or court decisions are made, the state still needs to continue to carry out follow-up supervision and control, such as formulating supporting regulations, but changes in the political environment often interrupt these processes.
2. Lack of a complete legal system
Many privacy protection advocates have discovered that without the support of a complete legal and regulatory system that can achieve the bottom-of-the-bottom salary, antitrust measures can only be fish farming in water tanks-keeping alive without keeping long does not really play a role in privacy protection.
For example, for some giants that pose a serious threat to personal privacy, one of the main measures currently taken by the antitrust agencies of various countries is to split them. However, what antitrust agencies can often do is to split a large company that threatens privacy into several smaller companies that also threaten privacy. Due to the lack of follow-up support from a complete supporting legal system, there is no effective solution for how to continue to supervise these small companies after the split.
3. Regulatory loopholes for small companies
While antitrust measures ensure market competition and prevent a dominant one, they also generate more forces that steal personal privacy and cannot be effectively controlled. However, the size of a company is not the only factor that determines the damage of its infringement. Small companies can also carry out privacy infringements, and the consequences of damage are often the same as those of giants. At present, especially in the absence of comprehensive privacy protection regulations and guidelines, antitrust agencies in various countries still mainly carry out privacy protection tracking for major giants, and have no time to take into account the "small fish and shrimp" hidden behind them. This regulatory loophole undoubtedly creates an opportunity for some small and medium-sized companies that have infringed on personal privacy for a long time.
Although calls for strengthening government antitrust law enforcement to curb Internet privacy infringements are declining, we still cannot ignore its limitations. Even in the first half of the 20th century, when the antitrust boom was most prevalent, governments still needed to formulate effective legal systems and other measures to assist antitrust enforcement. The famous American "Sherman Act" was born at that time.
Why can't data privacy protection be considered only from the perspective of competition?
Modern antitrust laws are built on the theory of a contestable market. In traditional antitrust law theories, the analysis dimensions of competition are mainly focused on factors such as product price, quality, and innovation, and are rarely related to privacy protection. Take the core concept of "market power" in the antitrust law as an example. Market power usually refers to the ability of an enterprise to continuously raise prices above the level of competition and make profits. The "monopolist" usually referred to is the price setter, not the receiver of market prices, that is, the operators who can increase prices by controlling output.
In addition, a large number of analysis tools in the antitrust field are also based on price, such as SSNIP testing. The most basic idea of antitrust law enforcement is to determine market power based on the ability of price control, measure whether a monopoly is constituted based on market power, and then decide whether to implement antitrust measures.
In addition, according to the US antitrust law, single-firm conduct, that is, a company that achieves "market power" and has a dominant market position, does not necessarily constitute a "monopoly" as long as its dominant position is not achieved through obvious illegal means. This will inevitably bring about two problems: first, the size of market power will affect the level of competition, but it will not determine the ability of companies to infringe on data privacy. Can the antitrust measures still play a role for those small businesses that do not have the ability to determine prices, do not have strong market power, and thus do not constitute a monopoly, but steal user data, or those that do not constitute a monopoly in one area, but use the data stolen in other business areas? Second, for those companies that have reached "market power" and are in a dominant position in this field, if they cannot be identified as "monopoly", will the antitrust law enforcement fail when they steal user data?
Limitations of market competition under the privacy paradox
In the traditional antitrust law theory, the analysis dimension of competition does not include "privacy protection". Does this mean that as long as privacy protection is included in the analysis factors for consideration, antitrust law enforcement measures can play an effective role in privacy protection alone? The answer seems to be no at present, which is mainly due to the existence of the "privacy paradox".
The "privacy paradox" refers to the privacy contradictions caused by the digital existence of users in the context of the Internet-individuals need to spread information and self-presentation through the Internet, while also hoping to protect their privacy from leakage and infringement. But in the real environment, users and Internet companies have reached an unwritten exchange condition, that is, users must tolerate some advertisements and a certain amount of data collection in exchange for these "free" online services or content. Based on a significant preference for zero prices, users actually made a choice that is more inclined not to pay monetary costs. The privacy paradox shows the complexity of user behavior in the real environment, and to a large extent illustrates the limitation of competition in promoting privacy protection.
Limitations of market competition under the privacy paradox
In the traditional antitrust law theory, the analysis dimension of competition does not include "privacy protection". Does this mean that as long as privacy protection is included in the analysis factors for consideration, antitrust law enforcement measures can play an effective role in privacy protection alone? The answer seems to be no at present, which is mainly due to the existence of the "privacy paradox".
The "privacy paradox" refers to the privacy contradictions caused by the digital existence of users in the context of the Internet-individuals need to spread information and self-presentation through the Internet, while also hoping to protect their privacy from leakage and infringement. But in the real environment, users and Internet companies have reached an unwritten exchange condition, that is, users must tolerate some advertisements and a certain amount of data collection in exchange for these "free" online services or content. Based on a significant preference for zero prices, users actually made a choice that is more inclined not to pay monetary costs. The privacy paradox shows the complexity of user behavior in the real environment, and to a large extent illustrates the limitation of competition in promoting privacy protection.
1. The principle of self-use by users
Users have absolute control over their personal information. Internet service providers are also obliged to protect personal information while authorizing access to personal information. When a personal information leakage incident occurs, the Internet service provider should be regarded as the directly responsible party and must take necessary measures to prevent the loss from expanding.
2. The principle of differential treatment
Nowadays, people are conducting information transactions all the time, but the manifestations of transactions are different. Internet service providers and market regulators should also provide differentiated protections for different transaction situations. For example, in the transaction situation of signing privacy clauses in exchange for services, users are often in a passive and weak position, and legislation should give special protection.
3. The principle of backward compatibility
Take the United States as an example. In the current U.S. judicial system, special provisions for privacy protection are rare. Although the number is limited, these laws cover a wide range of fields, involving medical and health, finance, the Internet, and other fields, and they are effective. They have created a good foundation for the establishment of the US anti-privacy infringement legal system. The next privacy protection legislation should be built on the basis of the existing framework to achieve "reverse compatibility."