An American Tech Company in King Brussels’ Court: A Cautionary Tale
The European Union’s antitrust regulator recently imposed a record €2.42 billion fine against Google, finding that the company had “abused its market dominance as a search engine by giving an illegal advantage to another Google product, its comparison shopping service.” In announcing the fine, the EU alleged that Google’s algorithms systematically promoted Google’s own comparison shopping service to receive higher priority in Google search results than competitor shopping services. According to the EU regulators, that strategy “relied on Google’s dominance in general internet search, instead of competition on the merits in comparison shopping markets,” and, therefore, illegally restricted competition.
This theory sounds eerily familiar to those of us who recall United States v. Microsoft, wherein the US Department of Justice took the position that Microsoft’s inclusion of Internet Explorer in Windows 95 was an impermissible attempt to use its market power in operating systems to monopolize the nascent web browser market.
In both cases, the antitrust regulators argued that adding functionality to a market-dominant product was illegal, even if the additional features are cost-free to end-users and alternative (also cost-free) options remained available. At best, this position strikes us as an aggressive reading of the antitrust laws. At worst, it seems to suggest that any attempt to bundle functionality with a market dominant product is an antitrust violation, a stance that would severely stifle innovation to the detriment of consumers. One only has to consider “smart” devices—TVs, phones, watches and now even kitchen appliances—to see how converging functionality is a leading source of innovation and benefit to consumers.
But setting aside the merits (or lack thereof) of the Google ruling, it highlights a larger point. As we have written previously, there is an emerging pattern in EU law that indicates a hostility to US-based tech companies and an attempt to level the tech “playing field” by regulation rather than innovation. Whether it’s perpetual litigant Max Schrems’ challenges to Safe Harbor and model clauses, the pending challenge to Privacy Shield, the Ireland-Apple “tax subsidy” case, or this antitrust ruling, the takeaway for US tech companies is clear: Do not expect any leniency from EU courts or regulators.
This posture should be particularly concerning for US-based companies who process the personal data of EU residents. With the EU’s General Data Protection Regulation (and its attention-getting monetary fines) coming into effect in May 2018, it is imperative that affected US-based companies begin preparing for compliance now. If your GDPR compliance plan is to wait until you get into trouble and then throw yourself on the mercy of an EU court (or regulator), you will likely find that mercy is in very short supply—especially if you’re an American tech company.
Saad Gul and Mike Slipsky, editors of NC Privacy Law Blog, are partners with Poyner Spruill LLP. They advise clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. Saad (@NC_Cyberlaw) may be reached at 919.783.1170 or email@example.com. Mike may be reached at 919.783.2851 or firstname.lastname@example.org.