Samson Yoseph Esayas successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Monday, the 20th of April 2020 and will be awarded the degree of Doctor of Philosophy.
The title of his thesis is “Data Privacy and Competition Law in the Age of Big Data. The Commercialization of Personal Data and Its Implications for the Foundations and Policy Boundaries of Data Privacy and Competition Law” and the given topic for his trial lecture was “The Interface between Data Protection Rules and Competition Law”.
In recent years, we have seen the emergence of companies where the core of business models is built around monetization of users’ personal data. At the forefront of this effort, we find companies such as Google and Facebook, which collect and analyze huge amounts of consumer data – where they are, what devices they use, what they buy and various categories of their online behavior. The availability of such huge amounts of data allows these companies to deliver accurate online advertising. This ad-based business model has enabled these companies to climb to the top of the hierarchy of the most valuable businesses.
The commercialization of personal data drives companies to expand the scope and scope of data collection, which in turn creates significant challenges for the application of EU privacy rules. Google’s aggressive expansion into a number of new product areas is a case in point, as the company collects and combines personal information from more than 100 consumer-focused services.
The thesis argues that such a development gives rise to two important challenges – one institutional and the other material. The institutional challenge is related to the difficulty of applying current rules as companies begin to collect and combine data across hundreds of services – that is, a scaling issue. This is because the application of the rules is based on the possibility of separating the various services for which the data is collected (processing activities) and relating each individual personal data to one specific service (processing activity). The material challenge is linked to the inadequacy of current rules when dealing with emergent privacy risks, such as overexposure of the individual and loss of practical access barriers. These risks are “emergent” in the sense that the sum, that is, the data aggregated from the numerous services contains risks not found in the individual data sets (treatment activities). In light of these challenges, the dissertation emphasizes the need for a holistic approach that considers imposing increased responsibilities on some entities, taking into account the totality of the processing activities and the practice of data aggregation.
With the commercialization of personal data, competition supervision in the EU and the US has begun to recognize privacy as a competitive parameter that is not about price. Despite this recognition, there is little general theoretical literature on this topic. The dissertation seeks to fill this void by outlining various claims theories to incorporate privacy as a non-price element into merger assessments, and to discuss various anti-competitive practices affecting privacy.
Privacy cartels: At the center of the competition rules is the ban on cartels – rival companies are prohibited from entering into price agreements. However, price as a competitive parameter is largely absent in many digital services, where users often “pay” by handing over their personal information. The question is whether users’ privacy can become the new arena for cartel agreements. The answer is yes, it can be – and it has been. The agreement between Google and Eyeo, the company that owns the Adblock Plus anti-tracking and ad blocking software, is a good example. Google paid Eyeo millions for Eyeo agreeing to curtail ad blocking activity and scale down investment in the market. The German and Austrian Competition Authority decided that the agreement was anti-competitive.
The thesis makes use of elements of system theory, in particular the concept of emergent properties to answer the research questions. In particular, two lessons learned from emergent properties are worth highlighting: first, although the idea of ”one thing at a time” is a useful guiding principle in life, it may not be appropriate in a world where the line between one thing and another is unclear. Even more important is that the law in general, but the privacy and competition law in particular, recognizes the possibility that the sum of fully lawful behaviors can nevertheless create behaviors that are not in compliance with the law or that violate the intent of the law.
The following committee has been appointed to evaluate his thesis, trial lecture and defense:
- First external opponent: Professor Björn Lundqvist, Stockholm University, Sweden.
- Second external opponent: Professor Orla Lynskey, London School of Economics and Political Science, UK.
- Internal member: Professor Eirik Østerud, University of Oslo.
- Head of defence: Deputy Dean Tarjei Bekkedal
Samson Yoseph Esayas carried out his PhD work at the Department of Private Law, University of Oslo.
His main supervisor was Professor Lee Andrew Bygrave, Department of Private Law, University of Oslo and co-supervisor Professor Inger Ørstavik, Department of Private Law, University of Oslo.