Challenging the Google-Fitbit Merger through Competition Law

By Ioannis Kouvakas, 17th September 2020

At Privacy International, we’re concerned by the market trend of companies accumulating vast amounts of data for exploitation by buying other companies that already have vast amounts of data primed for exploitation.

This allows these larger firms to further entrench their market dominance, and to dictate future innovation built upon the exploitation of our data. Fortunately, competition regulators are starting to agree with us.

In November 2019, Google announced their plan to acquire Fitbit, a company that produces and sells health tracking technologies and wearables.

The proposed acquisition raised a series of concerns with regard to its implications for consumers’ data privacy rights, considering the vast amounts of sensitive personal data held by Fitbit, which can include details of individuals’ heartbeats, calorie intake, walking distances, sleeping patterns, and health conditions.

…the vast amounts of sensitive personal data held by Fitbit can include details of individuals’ heartbeats, calorie intake, walking distances, sleeping patterns, and health conditions

At the same time, the transaction poses the more general question of whether data should form part of competition regulators’ assessment of acquisitions.

Two regulators, the Australian Competition and Consumers Commission (ACCC) and the European Commission’s Directorate-General for Competition, have indicated in their preliminary findings that they agree there is indeed a strong interplay between data and competition.

How Fitbit data boosts Google’s services – and their power

The exploitable value of personal data increases as more and more data is combined.

This incentivises companies to pursue business strategies aimed at collecting as much data as possible.

The acquisition of vast quantities of data is what allows companies like Google to make billions of dollars each year via targeted advertising. In 2019, for example, Google’s parent company, Alphabet, generated 83% of its $161.86 billion in revenue from targeted advertisements to users of their consumer-facing services, including the Android operating system, Google Search, YouTube, and many others.

A big part of Fitbit’s value is said to lie in the quality of the health data it possesses. The company’s technologies can track individuals’ daily steps, distance walked or travelled, calories burned, sleep patterns and heart rate. In 2018, Fitbit also introduced ‘female health tracking’ to track menstruation cycles and fertility windows.

A big part of Fitbit’s value is said to lie in the quality of the health data it possesses

Recently, Fitbit further increased its health-related database and tracking capabilities by acquiring a number of other actors on the health tracking and wearables market, including FitStar, Pebble, Vector and Twine Health. Some of these acquisitions include partnerships with health insurers.

The importance of such a vast data holding is very well-recognised by tech giants like Google, who consistently seem to regard consumers’ data as a business asset.

This asset is all the more valuable when a digital service provider is able to combine data from multiple sources, including across multiple services or platforms. For example, a 2018 paper by academics at the University of Oxford outlined the prevalence of third-party trackers on almost 1 million apps from the US and UK Google Play stores. The researchers found that most apps contain third party tracking, with Google present on 87.57% of apps tested.

The researchers found that most apps contain third party tracking, with Google present on 87.57%

Taking into consideration both the amount and sensitivity of Fitbit’s data, the proposed acquisition would further entrench Google’s existing significant market power in, among others, the search and digital advertising markets. This could be achieved by potentially merging Fitbit’s customer data and/or datasets with the ones held by Google, allowing the latter to enrich the extensive datasets and detailed consumer profiles it holds with sophisticated real time data about individuals’ health conditions and needs, as well as general information about their daily behaviour and bodily rhythms.

In other words, the Fitbit data would provide Google with an opportunity to, among other things, better map general search queries originating, for instance, from an extremely specific geographic area/location, or be able to offer advertisers ever more valuable insights into specific audiences by allowing the targeting of the latter based on health conditions, activity level, and emotional attributes.

Assessing a company’s data holding is therefore not solely a matter for data protection regulators, it also needs to be considered by competition regulators in their assessment of mergers in the digital economy sector.

The interplay between data and competition

While concentrations of data might traditionally have been seen as falling outside of competition regulators’ remit, we are part of a new emerging consensus that it should belong within the scope of an assessment of an undertaking’s market dominance. As the German competition authority (Bundeskartellamt) noted in the first decision of this nature, in February 2019, against Facebook:

Monitoring the data processing activities of dominant companies is […] an essential task of a competition authority, which cannot be fulfilled by data protection officers.

The German Federal Court of Justice (Bundesgerichtshof), which upheld the Bundeskartellamt‘s findings in its judgment of 23 June 2020, found that Facebook abuses its dominant position by withholding options for users to limit the use of their data for personalisation of both Facebook content and advertisements on third-party websites that use Facebook’s digital advertising tools. As such, privacy is explicitly recognised as a parameter of competition; effective competition in the social media network market would result in privacy safeguards for users, and it is within the remit of a competition authority to act in response to anticompetitive and privacy-infringing conduct.

…effective competition in the social media network market would result in privacy safeguards for users

In the context of its review of the Google/Fitbit merger, in June 2020, the ACCC published its Statement of Issues (SOI) outlining preliminary competition concerns. The SOI suggests that the vast amounts of personal data Google would be getting access to was one of the key factors considered by the regulator. For example, underlining the unique and sensitive nature of the data held by Fitbit, the ACCC notes:

The accumulation of additional, individual user data via this transaction in an entity which already benefits from substantial market power in multiple markets may contribute to reduced competitive outcomes in the future.
 

A similar approach, when it comes to the importance of personal data in assessing the implications of the merger, is followed by the European Commission. Following the end of its initial investigation of the proposed acquisition, on August 4, the EU regulator announced the opening of a more extensive, in-depth review of the transaction. Among their primary concerns was the fact that by relying on Fitbit data, Google would be gaining “an important advantage in the online advertising markets”.

The way forward: advancing digital rights through competition law

The announcements by the two competition regulators discussed above should be welcomed as a progressive step to adapt competition law frameworks to digital economies of scale.

More importantly, these decisions could, first, pave the way towards a competition regime that can better encompass people’s rights, by, for example, ensuring that effective competition exists also when it comes to privacy standards offered by companies.

In data-intensive digital markets, companies that occupy dominant positions have very little incentive to adopt business models or practices that enhance consumers’ privacy.

…companies that occupy dominant positions have very little incentive to adopt business models or practices that enhance consumers’ privacy

Google’s acquisition of Fitbit would further reduce any competitive pressure on Google to compete on these non-price (i.e. quality, privacy) aspects, since the acquisition would further entrench Google’s dominance and preclude the possibility of competition from another entity acquiring or partnering with Fitbit to compete with Google in this space. A competition intervention in this case could potentially prevent any data exploitation practices (e.g. through the use of so-called “dark patterns“, namely features meant to trick users into privacy-intrusive settings) that would impose more intrusive terms as regards data collection and have negative connotations for consumers.

Second, the approaches adopted by the ACCC and the European Commission might signal further opportunities for civil society to intervene and support regulators with their digital rights expertise. Such opportunities, arising also in the context of the Google/Fitbit merger, were actively discussed during DFF’s June 2020 virtual event, which focused on competition law and actions involving data.

Civil society involvement is contributing to the outcome of this debate. Privacy International has made submissions before both the ACCC and the European Commission, and has been granted interested third person status by the latter. Similarly, in July 2020, IDEC, the Brazilian Institute of Consumer Protection, officially requested that the Brazilian Antitrust Authority (CADE) formally scrutinize this merger in Brazil.

We welcome the opportunity to assist regulators in their review of a merger. We are hopeful that they will seize the unique opportunity they have to also advance peoples’ rights by sending a strong message against data exploitation practices that seek to harm consumers’ well-being in the digital age.

Google-Fitbit is just another instance of what otherwise will be a growing trend. Both the ACCC and the European Commission are expected to announce their decision by 9 December 2020. We have a lot of work to do between now and then.

Ioannis Kouvakas is a legal officer at Privacy International (PI). He also leads PI’s work on challenging data dominance.

Photo by Morning Brew on Unsplash

Here We Go Again: Our COVID-19 Litigation Fund Takes Two

By Thomas Vink, 16th September 2020

A smartphone that displays DFF Covid-19 litigation fund is surrounded by floating viruses.

As the pandemic blazes on, DFF has reopened applications for its COVID-19 Litigation Fund.

The second round comes on the heels of the first, which saw applicants seeking to challenge digital rights violations across the spectrum, from the growing use of thermal scanners to the security of tracing apps.

In June 2020, DFF launched the COVID-19 Litigation Fund. The fund supports strategic litigation that challenges digital rights violations committed in the context of the COVID-19 pandemic.

We established this fund as it became increasingly evident that the pandemic was not only a public health crisis, but also a crisis for digital rights. The scope and nature of the digital rights violations that have been caused by responses to the COVID-19 pandemic are unprecedented and need to be challenged as a matter of urgency.

The scope and nature of the digital rights violations that have been caused by responses to the COVID-19 pandemic are unprecedented and need to be challenged as a matter of urgency

The fund aims to ensure that activists and litigators have the resources to start bringing legal challenges now to halt or limit the impact of digital rights-infringing measures during this time.

What cases are we supporting?

The cases we are currently supporting under the fund include challenges to the growing use of thermal scanning technology in the UK, data protection and privacy claims against the rolling out of COVID-19 apps across Europe, and litigation on the right of women to have access to online sexual and reproductive health information and services in Spain.

Check out the case study page on our website to find out more about the different cases we are supporting through the COVID-19 Litigation Fund.

Although many governments have ended the most restrictive lockdown measures, ongoing responses to the pandemic continue to threaten our digital rights. The list of these threats is long, but includes the growing use of facial recognition technology, the roll out of immunity passports and travel apps, the use of tools to recognise whether people are wearing masks, the use of algorithms to prioritise hospital appointments, and tools to monitor quarantine breaches.

Although many governments have ended the most restrictive lockdown measures, ongoing responses to the pandemic continue to threaten our digital rights

Strategic litigation is an important tool for upholding people’s right to privacy and data protection, ensuring equality of access to information online and pushing back when technology does not meet human rights standards.

Early litigation successes include the banning of surveillance drones in France and preventing the tracking of cell phones in Israel. More recently, in the UK, the threat of legal action helped force the government to scrap an unfair grading algorithm that was being used to provide students with academic qualifications in the absence of exams. In Brazil and Slovakia there have been important court rulings that limit the sharing of telecommunications data to track contacts of people infected with the virus.

A second call for applications

To help support more organisations in taking legal action against digital rights violations exacerbated by the pandemic, we have launched a second call for applications under the COVID-19 Litigation Fund. The second call will be open until 30 September, and grants will be contracted with successful applicants by December 2020.

Recognising that responses to the pandemic can have a particularly severe impact on groups that are already experiencing discrimination and marginalisation, DFF will prioritise applications that focus on addressing the negative impact felt by the most vulnerable groups in society.

DFF will prioritise applications that focus on addressing the negative impact felt by the most vulnerable groups in society. Funding is not limited to digital rights organisations

Funding is not limited to digital rights organisations. We also encourage applications from other organisations, where digital rights violations have occurred in the context of other work, such as health, social justice or welfare.

If you have a case challenging digital rights violations related the COVID-19 pandemic, we encourage you to apply.

An Important New Node in the Digital Rights Network

By Wouter de Iongh, 7th September 2020

The external evaluation of DFF’s pilot phase 2018-2020 shows its relevance and effectiveness while identifying ways to further enhance its functionality to the digital rights community.

The Digital Freedom Fund (DFF) has existed since 2017, with its first 3-year strategy going into effect in 2018. During this period, DFF has attracted funding, built a team and organisation, has put in place systems to process grant requests, some of which have already led to high-profile rulings, and has organised a variety of meetings with stakeholders in the field of digital human rights. As its strategy 2018-2020 is approaching its end, DFF – supported by its seed funders – commissioned an independent external evaluation of what has been referred to as DFF‘s “pilot phase”.

The evaluation was conducted by a team of senior consultants from the non-profit consultancy ODS, between February and June 2020 through a combination of desk research, meetings with over 50 stakeholders including DFF’s leadership, grantees, meeting participants and external experts, and round tables with the DFF team and its donors.

The evaluation was conducted by a team of senior consultants from the non-profit consultancy ODS

The evaluation focused on whether DFF’s Theory of Change (ToC) was (still) valid and relevant to the digital rights community. In order to assess that, the evaluators tested the theory and reviewed how far DFF has progressed towards the impact it aims to achieve, and tracked how effective and efficient DFF has been in putting this theory into practice. This resulted in an analysis of the current situation as well as a set of strategic and operational recommendations for DFF’s next phase and strategic period.

In its ToC, DFF has as its overarching objective to “further human rights in digital and networked spaces by increasing the number of successful strategic litigation cases and by supporting the contribution of such cases to wider public debates, policies and practices”. In addition, the ToC holds that a condition for success in achieving that goal is that actors involved in strategic litigation should be sustainable and stronger.

This leads DFF to work towards these goals through two broad workstreams: litigation support, consisting of providing grants to strategic litigation projects and the promotion of pro-bono support, and field building, which involves capacity building, networking, knowledge sharing and strategy development.

The evaluation looked at DFF’s positioning in the field of digital rights, the consistency and balance within its ToC, and the strength of the ToC. The assessment of the evaluators is that DFF is very strong in all these areas.

First, the combination of grantmaking and fieldbuilding with strategic litigation is unique in the field of digital rights and DFF is seen as an important added value to the field. This can be attributed to the strength of the ToC but also to DFF’s practice of continuous horizon scanning and consultation with a diverse group of actors, which allows it to adapt to changing circumstances.

…the combination of grantmaking and fieldbuilding with strategic litigation is unique in the field of digital rights

Secondly, the connection between DFF‘s interventions and goals is convincing and strong. Strategic litigation is important for furthering digital rights and was underutilised in the digital rights field, partly due to a lack of capacity and partly due to a lack of resources. DFF has worked to remedy these limitations by offering actors in the field who are interested in or embarking on strategic litigation access to funds, advice and support in the course of the grant applications, as well as opportunities to learn and network in strategic, thematic and capacity building meetings. Finally, the activities and outcomes in the ToC are also credible and sufficient to achieve the outcomes DFF works towards.

DFF has also been highly successful if measured against its own quantitative goals of providing at least 20 grants, promoting pro-bono support towards at least 75% of applicants and a satisfaction of at least 75% of participants in field building activities. While more difficult to measure, the evaluation also found that the more qualitative metrics around increases in the quality of applications, more collaboration on these applications and more strategic alignment of actors in the digital rights field, have been met as well.

These metrics themselves however, are not sufficient to understand how far DFF has progressed towards its outcomes in the ToC or towards actual societal impact. This is not a problem for now, as two to three years is too short to measure impact in most cases, and this evaluation focused on the conditions for success and progress towards impact. A next strategy, however, would need to bring the metrics in line with the ToC, which is something DFF is in fact working on together with a Monitoring & Evaluation expert.

In providing strategic litigation support, and in the grant application process in particular, DFF has encountered some pushback from the field which was confirmed during the interviews. While all interviewees appreciated the professionalism of and support from DFF’s team and the clarity of its communications, they also indicated that the application process was too intensive and came at too high a cost in relation to the size of the eventual grant. To understand this view, the evaluators traced DFF’s grantmaking process from:

  • communication of the aims and conditions of DFF’s support,
  • the application requirements
  • application assessment
  • the conditions of the grant itself.

In doing so, it became clear that while minor improvements could be made to the way DFF communicates and to the application requirements and forms, these were in fact already quite streamlined, clear and, in the case of the application, reasonable in length and detail.

The way DFF assessed the applications and the limited flexibility in the size and conditions of the eventual grant, did lead to some applicants questioning whether they would apply for a grant again in the future. The application of DFF’s own grantmaking guidelines was reviewed at two levels.

One area for improvement would be to reduce the many iterations through which DFF assesses applications, with the team, a Panel of Experts, and the Board all offering their views, sometimes in multiple rounds. The other is more substantive in that the existing rules are applied quite strictly and in the same way for all applicants regardless of the type or organisation or case. This is understandable in a pilot phase as DFF needed to put in place mechanisms to ensure accountability towards its donors, and thus does not lead to a negative assessment of that pilot phase. The evaluators do think that going forward a more tailored approach would be beneficial.

One area for improvement would be to reduce the many iterations through which DFF assesses applications

On the conditions of the grant itself, the challenge has been that during the pilot phase, DFF was unable to commit to the type of longer-term grant that a case spanning multiple instances would require. In addition, a number of costs were excluded (adverse costs in particular) or limited (advocacy costs, legal fees and operational costs).

In addition, the possibility to combine more than one type of grant – single instance, research, emergency – was not widely known with grantees. Increasing the length and scope of the grant would change the cost-benefit analysis of the application and DFF is already developing procedures to do this. It is planning to add the possibility to include adverse costs under certain conditions, and will start offering grants over multiple instances (known as ‘track support’). More flexibility in the costs covered and the application process would in the view of the evaluators also offer DFF and the applicants additional leeway in making strategic decisions on timing, collaboration and jurisdiction for cases they are considering.

….the possibility to combine more than one type of grant – single instance, research, emergency – was not widely known with grantees

In its coordination and field building work, DFF has exceeded the outcomes that were expected and could reasonably have been expected, especially through the meetings it has organised. DFF’s practice of consultation on its strategies; consultation on the agenda of every meeting; its active push to broaden and deepen the group of participants in meetings; the open way in which the meetings are organised and facilitated; and the issues that are being discussed; all contributed to the evaluators’ assessment that DFF has had a positive impact on the field. This stems from an overall active strategy to broaden the field geographically, thematically and in terms of the people and groups who are given a voice in the field of digital human rights. The inclusive principles behind this approach are now being further developed through a decolonising strategy which has the potential to solidify and expand DFF’s impact in this regard.

Some elements could be further strengthened. As the demands on the field increase and DFF’s network grows, strategic meetings may need to be broken up into themes and the annual broad strategic meeting may need to become biannual, something DFF is already considering. The meeting format itself as well as the facilitation could – while generally appreciated – benefit from more diversification to better fit all participants, the specific themes discussed or the purpose of a meeting.

The inclusive principles behind this approach are now being further developed through a decolonising strategy

Regarding the use of pro bono support, this has not been taken up by the field even though DFF has promoted it consistently. This means that DFF could reconsider what it offers in order to facilitate pro or low bono support, as well as how it communicates about it towards those grantees who might benefit from it.

Finally, DFF could leverage its knowledge of the field and the issues more, to bring together different actors proactively, to support each other on issues outside of DFF’s mission, to work on themes or applications or represent the field in certain fora, or to find additional resources. DFF‘s position in between donors, digital rights community, legal experts and policy makers offers it a unique opportunity to add additional value by being more intentional in offering insights or suggestions to the field. While DFF should remain at somewhat of a distance so as not to take up the space of its grantees or partners, its role as facilitator could also be seen as a way to place partners more front and center, by asking them to develop themes or represent the field in certain fora.

Overall, the conclusion of this evaluation is unequivocally that DFF’s ToC is relevant, that the goals it set at the beginning of the pilot phase have been met, and that it has done so in an efficient way.

With that, the progress towards impact is impressive and impact is likely in the near future, while its impact on the field through its approach to field building is already noticeable. The impact of grants on specific cases is clear but the longer-term impact of these cases on policies, attitudes and case law are not yet known.

Going forward, DFF does need to evolve to remain as relevant as it is and to ensure that the field continues to be interested in applying for grants. This evolution should be geared towards remaining attractive as a grantmaker and becoming more intentional and dynamic by increasing the options it has in its grantmaking work (both in the application process and the grant itself), diversifying its meetings, and facilitating connections between actors more proactively.

DFF does need to evolve to remain as relevant as it is

As DFF is already moving ahead in all these areas, and has the appropriate systems and organisation in place, the evaluators are confident that this evolution is possible and likely. The evaluator’s strategic recommendations are targeted towards this as well:

  1. Broaden the focus on what is considered strategic in litigation to include organisational strength, timing, location, i.a.;
  2. Become more proactive in connecting digital rights actors, leveraging DFF’s unique position in the field;
  3. Roll out the decolonising approach and mainstream it in all aspects of the work and towards donors;
  4. Consider adapting the litigation support practice along three avenues:
    – Limit iterations during the application process
    – Increase the value of a grant for applicants through long-term grants covering multiple instances and funding adverse costs where necessary
    – Integrate fieldbuilding work and grantmaking to further support applicants;
  5. Experiment with additional formats, styles and subjects for DFF’s field building meetings.

The external evaluators are grateful to all who took the time to provide input, think with us and connect us to other sources, in the course of the evaluation process. We especially wish to thank the DFF team for supporting us in facilitating the data collection in the current challenging circumstances and for being open and transparent in sharing information about their work.

Wouter de Iongh is Partner at ODS, a cooperative consultancy working exclusively with non-profit causes and organisations on Organisational Development, Monitoring, Evaluation & Learning, Strategy Development & Advice and Action Research.