COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER
U.S. Department of Justice and the Federal Trade Commission
On Request for Comment Regarding Draft Merger Guidelines
September 18, 2023
By notice published on Wednesday, July 19, 2023, the Department of Justice (DOJ) and the Federal Trade Commission (FTC) released revised draft Merger Guidelines for public comment. The draft Guidelines use modern frameworks and market realities to consolidate and replace other versions of Merger Guidelines currently in effect. Within the Guidelines’ catalog of analytical methods, “the Agencies assess any relevant and meaningful evidence to evaluate the effect of a merger[.]”. The Electronic Privacy Information Center (EPIC) submits these comments to encourage the DOJ and FTC to consider data protection and consolidation in merger reviews.
EPIC is a public interest research center in Washington, D.C., established in 1994 to focus public attention on emerging civil liberties issues and to secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation. For over two decades, EPIC has urged the FTC to assess consumer privacy impacts when reviewing proposed mergers between companies that engage in data collection activities. In today’s increasingly data-driven economy, mergers and acquisitions frequently involve the consolidation of commercial and proprietary data sets. Mergers implicating the consolidation of personal data can entrench a firm’s dominant market position, raise barriers to entry for new and smaller firms, and exacerbate the effects of harmful consumer data practices.
I. Merger Guidelines Should Consider Data Protection
In revising the Guidelines, the DOJ and FTC focused on three core goals, including “provid[ing] frameworks that reflect the realities of our modern economy and the best of modern economics and other analytical tools.” In 2023, the collection and monetization of personal data fuels the modern economy in a wide range of markets. Businesses’ mass accumulation of personal data produce anticompetitive effects that pose acute risks to consumer privacy, undermines data security, and subverts consumer choice. Data aggregation and consumer privacy are central to many modes of merger analysis outlined in the thirteen draft Merger Guidelines. In particular, Agencies must include data protection as a material consideration when evaluating how a merger could lessen competition (Guideline 5); entrench, or extend a dominant position (Guideline 7); impact barriers for potential entrants (Guideline 4); and impact concentration in markets (Guideline 1). Moreover, Agencies must be mindful of the ways that a business’s aggregation of and control over personal data contribute to an analysis of market definition and market power.
Across the economy, data-driven competition and the “power gained by digital platforms through their control and accumulation of data” inflict anticompetitive harms. Mergers that involve the “control and accumulation” of data can implicate market concentration or further entrench a firm’s dominant position, reinforcing or creating barriers for potential entrants. For example, firms engaging in surveillance-based advertising and profiling have been able to entrench their dominance through their access and use of consumer data. The broader commercial surveillance system incentivizes firms to extract large amounts of personal data to build detailed profiles, aggregate behavioral insights, or otherwise sell consumer data for targeted advertising or other purposes. In a vicious cycle, “dominant firms continue to extract more data and profit from trapped users, while raising barriers to entry that serve to further deprive those users of viable alternatives.”
II. Consumer Choice and Privacy in Merger Guidelines
The Artificial Intelligence (AI) market—particularly generative AI—is already experiencing anticompetitive practices that entrench market power within a select few leading AI companies. Generative AI tools require a tremendous amount of money, resources, and data to develop, use, and maintain. The dominance of a handful of companies like OpenAI “in not only developing generative AI but also providing the underlying tools and services that generative AI requires, further concentrates a market that, despite promoting ‘open source’ technologies, is captured by a few powerful companies with opaque AI development methods[.]”. The more data that an AI developer obtains—whether through direct web scraping, user solicitations, data broker sales, or other methods—the more powerful its AI model can be, and mergers can be one of the most efficient ways for increasing the amount of training data available to an AI firm. Similar to other online business models, generative AI services like ChatGPT and DALL-E require copious amounts of consumer data to function and compete, and consumers have little control over which companies have access to their data or how that data is used. Therefore, merger evaluations between any digital platforms or firms that amass consumer data must necessarily account for consumer privacy and security.
Competition drives innovative privacy policies and protections that benefit consumers, whereas “recent characterizations of digital market power and abuse of dominance . . . link the decline of competition with the erosion of data privacy.” In the context of mergers, consolidation can threaten consumer privacy when companies that protect user privacy absorb companies that fail to protect privacy. As we have previously warned, “If the largest internet firms continue to buy up new market entrants and assimilate their users’ data into the existing platforms then there will be no meaningful opportunity for firm to compete with better privacy and data security practices.”
A competitive market benefits consumer data privacy and security by incentivizing strong privacy and data security policies and enabling consumer choice. As consumer data continues to fuel our data-driven economy, it is critical that the Draft Merger Guidelines include privacy considerations to ensure that both competition and consumers are protected in merger reviews. If you have any additional questions, please contact EPIC Law Fellow Suzanne Bernstein at [email protected].
See Draft Merger Guidelines, supra note 1 at 3-4 (Guidelines 1, 2, 4, 5, 6, 7, 8, 10).
 Elettra Bietti, Data, Context and Competition Policy, UChicago Booth Stigler Center: Promarket (Mar. 13, 2023), https://www.promarket.org/2023/03/31/data-context-and-competition-policy/ (“[A]gencies are recognizing that the ability to control, collect and use data contributes to a firm’s market power. Data provides market actors with knowledge about their customers, users and competitors. This knowledge can lead to unfair and exclusionary market practices.”)