Explainer: Competition, Data and Interoperability in digital markets
Interoperability: what does it mean and why should we care?
- Interoperability is the ability to exchange data and functionality across platforms
- It is considered a remedy to market dominance
- Interoperability measures, even in their most effective and radical forms, must be combined with other regulation including data protection, radical transparency and strong oversight
The lead author of this piece is Elettra Bietti, a doctoral student at Harvard Law School and volunteer for Privacy International
Social media companies and other digital business models are driven by so-called network effects. A network effect (also called a network externality) is a service’s propensity to improve functionally as the number of people using it and the amount of data collected through it increases. For example, as the number of Facebook users increases, Facebook increases in value for shareholders, for advertisers and also for users themselves who have more friends to connect to. Google search, similarly, increases in value the more it is used, i.e. the more people enter search data into the search box, and the more links become available to be searched on the web. These network reinforcement dynamics lead to a monopolistic virtuous cycle for platforms: the more a platform is successful, the more likely it is to become successful. To the point of being inevitable. Networks, in other words, accentuate “winner-take-all” dynamics, leading to a concentration of users, data and functionality into the hands of a few platform owning companies.
Interoperability: What is it?
To break the cycle that comes with network effects and avoid the concentration of personal data, digital content and value in the hands of a few platform owners, experts have been raising interoperability as a solution, in various forms. According to Urs Gasser, interoperability is “the ability to transfer and render useful data and other information across systems, applications, or components.” Interoperability, in other words, is about making different systems or infrastructures compatible with one another by making them mutually legible and able to interconnect. In relation to digital platforms in particular, the UK Competition and Markets Authority (CMA) has defined “platform interoperability” as “the ability of platforms to exchange data and different forms of functionality across their services.”
Interoperability is not a new idea. It has existed as a remedy in antitrust law at least since 1912, when the US Supreme Court required a group of railroad companies that jointly owned a bridge across the Mississippi River to give competing railroad companies fair access to the bridge and the ability to interconnect on both sides of it. The rationale for that remedy was that, although maintaining rail lines over a bridge was costly and could be considered a natural monopoly, denying access to that monopoly constituted a restraint of trade.
Under EU competition law, the European Commission can impose remedies such as interoperability on dominant undertakings that abuse their dominance by foreclosing access to essential facilities. Interoperability is also a regulatory measure pervasive in the telecommunications industry. The telephone, for example, relies on numerous interoperability standards that make interconnection at local, regional and global levels possible, as mandated for example by the US Telecommunications Act of 1996 or by EU Directive 2002/19 on the interconnection of electronic communication networks. The European Commission is currently considering introducing sectoral ex ante measures which may include sui generis interoperability requirements in order to promote a healthier platform ecosystem as part of its Digital Services Act package.
Four types of interoperability
Any consideration of interoperability standards requires a specific case-by-case consideration of privacy and data protection implications.
In its Competition for the Digital Era report, which explores how competition policy should evolve and continue to promote pro-consumer innovation in the digital age, the European Commission distinguishes between four types of interoperability:
- Protocol Interoperability ensures that two or more complementary services can interoperate. It is a vertical remedy that is imposed in competition law cases (see e.g. the Microsoft case below), that allows different upstream or downstream services to connect to one same essential infrastructure or facility. As part of the essential facilities doctrine in competition law, an interoperability (or “mandatory access”) remedy of this kind is imposed when a dominant firm refuses to deal with a competitor and/or denies them access to an essential facility or service they control, thus foreclosing their ability to compete.
- Full Protocol Interoperability ensures that two or more substitute services can fully interoperate and become integrated, so that moving from one provider to the other entails no difference in terms of delivery and access to a service. This is the case of email, the telephone or SMS services. Differently from protocol interoperability, which ensures the integration of complementary services and is often enforced under competition law, full protocol interoperability generally requires a more comprehensive sectoral regulatory regime.
- Data Portability is the capacity of a data subject to port his or her data from one service (e.g. Facebook) to another service (e.g. Twitter). Under Article 20 of the GDPR, a data subject has an individual right to receive their personal data in a specific machine-readable format. This means that they have the right to receive the data directly, e.g. by downloading it and porting it to a different service, or to have Facebook, for example, transfer their data directly to another (social media) platform.
- Data Interoperability entails continuous and real time access to data by competing services. This can be achieved technically through APIs, standardization, and other options, such as data pools. These strategies are different from mere data portability and can have significant privacy and data protection implications. Unless technical measures – such as encryption and differential privacy – or legal restrictions can ensure data minimization and GDPR-compliant data sharing, data interoperability seems limited as a means of addressing abuses of market power in digital markets without interfering with the rights of EU citizens.
Interoperability in practice: digital markets
In practice, we need to approach interoperability with care when looking at the social media industry and personal data in digital markets. There are at least three separate areas of application: competition, data protection, and infrastructural regulation and design.
Competition Law and Protocol Interoperability
European competition law recognizes interoperability as a behavioural remedy that can counter abuses of market dominance. In 2004, the European Commission, for example, found Microsoft in violation of competition law because of its refusal to supply information to competitors on how to design competing work group server operating systems that would be interoperable and compatible with Microsoft’s larger software ecosystem. The Commission imposed on Microsoft a duty to disclose interoperability information to its competitors, and a correlative right to request payment for licensing its IP. Similar questions are currently raised in relation to the EU Investigation of Apple Pay as well as the EU Commission sector inquiry into smart devices and the Internet of Things.
When it comes to present day social media platforms, the imposition of interoperability remedies is complicated by the fact that these platforms control not only software infrastructure, but also users’ personal data which is subject to privacy and data protection regulation. If a social media company is found to violate competition on the market for social media services, for instance because it excludes competitors from other essential connected services (such as identity or payment services), European competition authorities have the power to impose an interoperability remedy such as competitor access to the network’s software functionality through an API.
Competition authorities however cannot enable the movement of personal data from one platform to another unless it complies with GDPR, is necessary and proportionate and/or occurs through a valid exercise of a data subject’s data portability right. This also means that in the EU, antitrust authorities must communicate with data protection authorities before imposing interoperability remedies that could violate data protection law.
Data Protection and Data Portability
Although it enables elements of individuals’ data protection rights, data portability falls short as an enabler of greater competition and diversity in digital markets. The EU General Data Protection Regulation under Article 20 provides individual data subjects with a right to transfer a significant part of their data from one service to another. It is a right to obtain data in a machine-readable format.
It is a limited right when it comes to addressing market power, 39 Telecommunications Policy 2015). Importantly, it is limited to the data that a user voluntarily consented to sharing with a platform, and does not provide data subjects with the ability to transfer metadata or other inferred data about them that platform owners have access to and that is a significant source of market power (see, e.g., Inge Graef on data portability and competition law). Also, it does not entail an automatic right to have two or more competing services rendered fully compatible or interoperable, nor the ability on the part of European consumers to access a plurality of equivalent services on equal terms.
While Facebook, Google, Microsoft, Apple and Twitter have engaged in a joint effort to create a Data Transfer infrastructure to enable data portability across their services, this effort still seems opportunistic on the part of dominant players. This is because it is an effort largely controlled by dominant players, it is rarely if ever used and efforts addressed to data subjects explaining how to request a data transfer are largely missing. The initiative is also portrayed as a limited exception and does not have sufficient teeth to make a difference on the concentrated markets for social media and messaging services in Europe and beyond.
Full Protocol Interoperability
Just as telecommunications regulations in Europe and the US require structural interoperability, a more ambitious attempt at rendering the social media ecosystem more interoperable may be required. This would go beyond what competition or data protection authorities are able to achieve on their own and would require a very significant restructuring of the way social media is understood to work today.
There are already numerous independent efforts to develop protocols and interoperability standards for social media, including Mastodon, Diaspora, the MIT project GOBO, and others. Some of these protocols, such as ActivityPub standard, used among other by Mastodon, Nextcloud, Peertube, are even recommended by the World Wide Web Consortium (W3C). In December 2019, Twitter founder Jack Dorsey also announced the Bluesky project that seeks to develop decentralization standards for social networking. Dorsey’s project has been criticized for seeking to “reinvent the wheel” and also for subjecting decentralization efforts to Twitter’s pre-existing commercial interests.
In parallel to efforts aimed at creating a decentralized social media ecosystem, there are also a number of efforts aimed at creating interoperable protocols for handling data in arguably more human-centered ways, including for example the Solid/Inrupt initiative that aims at separating the market for data collection, storage and use from the provision of web services. This and other similar projects are investigating the use of encrypted protocols to create asymmetric data access. The idea behind many of these projects is to enhance user empowerment by enabling better choices as to how data is handled by service providers.
While many of these efforts and projects are interesting and laudable, their scope remains limited insofar as interoperability standards are not legally mandated and remain an exception in a concentrated winner-take-all market. Few established businesses – Twitter being a tentative exception - have an interest in pushing competition and interoperability on markets which they dominate. If enforced through law, therefore, some of these structural interoperability attempts could make a real difference to the structure and competitiveness of digital markets. In this sense, the increasing institutional interest in mandated standardization and interoperability in social media and platform-based digital markets is welcome. Evidence of this growing interest can be found in the CMA Online platforms and digital advertising market study which highlights the benefits of interoperability and data mobility, but also in the EU Digital Services Act consultation, and recent EU investigations such as the sector inquiry into IoT devices.
These institutional efforts have limits, too, though those limits are less alarming than big tech claims them to be. An important disadvantage is that they fix and limit technological and commercial possibilities reducing them to a common standard or lowest common denominator. They are often criticised as being in tension with innovation. This dichotomy between interoperability and innovation is largely overplayed: more often than not a more interoperable market enables greater innovation in various neighbouring markets.
Another limit is that many existing decentralization and interoperability-based projects remain techno-solutionist and rely on idealistic notions of individual control and free competition in a technological environment that is characterized by pervasive network effects, structural concentrations of power and information asymmetries that cannot be designed away through mere technical protocols. Put simply, the individual rarely has control, and it’s not clear that control is ever within their grasp. While a purely technical infrastructural overhaul might enable fairer competition and more diversity on digital markets, full protocol interoperability is unlikely to entirely do away with the dependency of users on exploitative business models, dark patterns and collusive and opaque dynamics of data exploitation.
Interoperability measures, even in their most effective and radical forms, must be combined with other regulation including data protection, radical transparency and other market and independent public utility oversight mechanisms. Special attention must be paid by regulators to questions of privacy and data protection when it comes to interoperability measures that entail the transfer of personal data. Interoperability can only be effective in fighting market concentration and data exploitation if users and citizens are involved not as mere consumers of products on digital markets, but are involved as participants who have a say in the construction of a technological landscape aimed at the common good.