For the longest time, businesses have used information to design and implement their strategy. In recent years though, new technologies have enabled companies to rely increasingly on “data”, another way to refer to any kind of information which is represented, stored, processed and exploited in unprecedented volumes, varieties and degrees of sophistication. As such, “data” has indisputably emerged as a new, highly valuable, asset class capable of providing significant competitive advantage. Data fosters innovation, creates new business opportunities, and contributes to developing target-oriented business models which are the way of the future.
As a result, antitrust authorities are increasingly factoring in data in their competitive analysis of business practices. This is the case for businesses which have data as their core business (eg, search, social networking) but also, traditional industries for whom efficient data collection and processing can give a clear advantage (eg, healthcare, financial institutions). First, data can be a source of market power, particularly in sectors where access to large volumes of data, scale and network effects create entry barriers. Second, data can increase transparency in certain sectors (price comparators; online market places); the impact on competition resulting from expanded data collection and sharing in the price discovery process is still unclear. Finally, as businesses seek ever greater access to data, they may engage in data-driven strategies that could be analysed as anti-competitive. By way of example, they may refuse access to their data to third parties; use data to implement price discrimination; leverage their data-based power to gain access to new markets; enter into exclusive contracts foreclosing rivals from access to key data; agree not to compete on privacy settings, knowing these are an increasing differentiating factor for consumers.
The issue is further complicated by the fact that data, when it contains personal information, also touches on individual rights and freedom. To safeguard these rights, regulators around the world have adopted often far reaching data privacy laws; data use and handling now exposes businesses to significant risks. In Hong Kong, the notion of personal data encompasses any information which is capable of identifying directly or indirectly a living individual, and the improper use, transfer or loss of such data can expose a company to substantial fines and serious reputational damage.
In this new order, direct conflicts can arise between these laws. For instance, an antitrust authority may request information which the company is not allowed to transfer under applicable privacy laws in the same, or another jurisdiction: this could include employee personal data or financial data, subject to privacy laws or blocking statutes. In the current situation, global businesses lack sufficient legal certainty. It is time for regulators and policy-makers to cooperate more, across specialties and internationally.