MPI Studies on Intellectual Property and Competition Law 28 Mor Bakhoum · Beatriz Conde Gallego Mark-Oliver Mackenrodt Gintarė Surblytė-Namavičienė Editors Personal Data in Competition, Consumer Protection and Intellectual Property Law Towards a Holistic Approach? Max Planck Institute for Innovation and Competition More information about this series at http://www.springer.com/series/7760 MPI Studies on Intellectual Property and Competition Law Volume 28 Edited by Josef Drexl Reto M. Hilty Joseph Straus Mor Bakhoum • Beatriz Conde Gallego • Mark-Oliver Mackenrodt • Gintarė Surblytė-Namavičienė Editors Personal Data in Competition, Consumer Protection and Intellectual Property Law Towards a Holistic Approach? Editors Mor Bakhoum Beatriz Conde Gallego Max Planck Institute for Innovation and Max Planck Institute for Innovation and Competition Competition Munich, Germany Munich, Germany Mark-Oliver Mackenrodt Gintarė Surblytė-Namavičienė Max Planck Institute for Innovation and Faculty of Law Competition Vilnius University Munich, Germany Vilnius, Lithuania ISSN 2191-5822 ISSN 2191-5830 (electronic) MPI Studies on Intellectual Property and Competition Law ISBN 978-3-662-57645-8 ISBN 978-3-662-57646-5 (eBook) https://doi.org/10.1007/978-3-662-57646-5 Library of Congress Control Number: 2018955625 © Springer-Verlag GmbH Germany, part of Springer Nature 2018 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer-Verlag GmbH, DE part of Springer Nature. The registered company address is: Heidelberger Platz 3, 14197 Berlin, Germany Contents Introducing a Holistic Approach to Personal Data . . . . . . . . . . . . . . . . . . . 1 Mor Bakhoum, Beatriz Conde Gallego, Mark-Oliver Mackenrodt, and Gintarė Surblytė-Namavičienė Part I F undamentals of Personal Data: Between Personal Property Rights and Regulation The Golden Age of Personal Data: How to Regulate an Enabling Fundamental Right? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Manon Oostveen and Kristina Irion From Personality to Property? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Andreas Sattler The Failure of Control Rights in the Big Data Era: Does a Holistic Approach Offer a Solution? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Helena Ursic The Ambivalence of Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Philipp Hacker Part II P ersonal Data and Competition Law Blurring Boundaries of Consumer Welfare . . . . . . . . . . . . . . . . . . . . . . . . . 121 Inge Graef The Rise of Big Data and the Loss of Privacy . . . . . . . . . . . . . . . . . . . . . . . 153 Anca D. Chirita Big Data, Open Data, Privacy Regulations, Intellectual Property and Competition Law in an Internet-of-Things World: The Issue of Accessing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Björn Lundqvist v vi Contents A Competition-Law-Oriented Look at the Application of Data Protection and IP Law to the Internet of Things: Towards a Wider ‘Holistic Approach’ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Jacopo Ciani Part III Personal Data, Civil Law and Consumer Protection Proprietary Rights in Digital Data? Normative Perspectives and Principles of Civil Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 Lennart Chrobak Personal Data After the Death of the Data Subject—Exploring Possible Features of a Holistic Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273 Mark-Oliver Mackenrodt The General Data Protection Regulation and Civil Liability . . . . . . . . . . . 303 Emmanuela Truli Protecting Children Online: Combining the Rationale and Rules of Personal Data Protection Law and Consumer Protection Law . . . . . . . . . 331 Milda Mačėnaitė Personal-Data and Consumer Protection: What Do They Have in Common? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377 Matilde Ratti Part IV P ersonal Data, IP, Unfair Competition and Regulation The Right to Data Portability and Cloud Computing Consumer Laws . . . 397 Davide Mula The Interface Between Data Protection and IP Law: The Case of Trade Secrets and the Database sui generis Right in Marketing Operations, and the Ownership of Raw Data in Big Data Analysis . . . . . . . . . . . . . . . . 411 Francesco Banterle Data as Digital Assets. The Case of Targeted Advertising . . . . . . . . . . . . . . 445 Guido Noto La Diega Binding Corporate Rules As a New Concept for Data Protection in Data Transfers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Bianka Maksó The Power Paradigm in Private Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527 Heiko Richter Introducing a Holistic Approach to Personal Data Mor Bakhoum, Beatriz Conde Gallego, Mark-Oliver Mackenrodt, and Gintarė Surblytė-Namavičienė Personal data and their use constitute a fundamental building block of the digital economy. An increasing number of business models rely on personal data as a key input. In exchange for sharing their data, users benefit from personalized and inno- vative services. At the same time, firms’ collection, processing and use of personal data pose questions about privacy and fundamental rights. Moreover, given the great commercial and strategic value of personal data, their accumulation, control and use may raise competition concerns and negatively affect consumers. It is, thus, a chal- lenging task to develop a legal framework that ensures an adequate level of protec- tion of personal data while at the same time providing an open and level playing field for businesses to develop innovative data-based services. Beyond being subject to the application of the data protection rules, the handling of personal data can be affected and, thereby, be directly and indirectly regulated by dif- ferent fields of law like competition law, unfair competition law, consumer protection Dr. Mor Bakhoum, LL.M. (Chicago-Kent), LL.M. (Lausanne), is an Affiliated Research Fellow, Max Planck Institute for Innovation and Competition, Munich. Dr. Beatriz Conde Gallego, LL.M. (Würzburg), is a Senior Researcher, Max Planck Institute for Innovation and Competition, Munich. Dr. Dr. Mark-Oliver Mackenrodt, LL.M. (NYU), Attorney at Law (New York), is a Senior Researcher at the Max Planck Institute for Innovation and Competition, Munich. Dr. Gintarė Surblytė-Namavičienė, LL.M. (München), Lecturer, Vilnius University, Faculty of Law, Lithuania. She was a Senior Research Fellow at the Max Planck Institute for Innovation and Competition in Munich from June 2011 till June 2017. M. Bakhoum · B. C. Gallego · M.-O. Mackenrodt (*) Max Planck Institute for Innovation and Competition, Munich, Germany e-mail: [email protected] G. Surblytė-Namavičienė Faculty of Law, Vilnius University, Vilnius, Lithuania © Springer-Verlag GmbH Germany, part of Springer Nature 2018 1 M. Bakhoum et al. (eds.), Personal Data in Competition, Consumer Protection and Intellectual Property Law, MPI Studies on Intellectual Property and Competition Law 28, https://doi.org/10.1007/978-3-662-57646-5_1 2 M. Bakhoum et al. law and IP law. To what degree and why are different fields of law particularly blind or sensitive to personal data? Are there conflicts between the objectives of the dif- ferent legal areas and data protection? How can the specific approach of one area of law to personal data inspire or complement other fields of law? How can a holistic legal approach to personal data be developed? Under the guidance of these over- arching questions, the contributions of this book examine the significance and legal treatment of personal data in different areas of law, seeking to identify shortcomings and common principles and exploring ways to develop an integrated legal approach to personal data. Starting with the fundamentals of personal data, Manon Oostveen and Kristina Irion (University of Amsterdam) highlight the constitutional dimension of the pro- tection of personal data and the character of the data protection right as an enabling right for other fundamental rights such as the right to privacy. Approached as an enabling right, EU data protection law protects against short- and long-term effects of the kinds of processing of personal data that are prevalent today. The constitu- tional underpinnings of the protection of personal data should be perceived as going beyond what is expressly codified in the European General Data Protection Regulation (EU GDPR). In this regard, the authors argue that alternative legal approaches for the protection of individual rights and freedoms should be explored. Helena Ursic (Leiden University) shows how the EU GDPR already reflects con- cepts from other legal fields such as the data subjects’ rights to data portability, the right to be forgotten and the right to information. This approach of the EU GDPR shows the potential to build at the EU level a holistic approach in relation to the protection of personal data which takes into account the required balance between data subjects’ rights and the need to build a data-driven economy. In complement to the idea of a more integrated regulatory approach, Andreas Sattler (Ludwig Maximilians University, Munich) argues for an empowerment of data subjects by introducing “a right to one’s data”. This would result in a right of dual character as it would be property-like while integrating strong aspects of a personality right. Philipp Hacker (European University Institute, Florence) discusses the legitimacy and pitfalls of a regulatory approach where the legislature analyses the individual citizen’s behaviour by using algorithms in order to create a personalized law. While personalized law may mitigate “digital market failures” resulting from the use of behavioural algorithms, it also raises legitimacy issues. Focusing on competition law and personal data, Inge Graef (KU Leuven) stresses the complementarity of competition, consumer protection and data protection in as far as these fields of law promote different aspects of consumer welfare. In line with the investigation of the German Bundeskartellamt in its Facebook case she favours the use of data protection and consumer law principles as benchmarks for analysing whether an abuse of dominance under competition rules exists. Anca Chirita (Durham University) provides a detailed examination of the privacy policies of some of the most relevant online platforms and argues in favour of a competition law intervention to tackle price discrimination based on data misuse as a particular form of abuse of dominance. Moreover, while still immersed in the effort to create a coherent legal framework for the digital economy, policy makers and enforcers are Introducing a Holistic Approach to Personal Data 3 facing new challenges arising from rapid and novel technological developments. With the advance of the Internet of Things (IoT), sensor-enabled devices increas- ingly collect data—many of them personal—about their environment. Privacy con- cerns that are already present today will be amplified in the IoT scenario of the future, which will test the adequacy of the traditional “notice and consent” data protection model. Likewise, new data-related IoT business models are deeply changing the dynamics of competition. Jacopo Ciani (University of Milan) and Björn Lundqvist (Copenhagen Business School) in their contributions elaborate on the manifold and complex legal issues raised by the emerging IoT. Lennart Chrobak (University of Zurich) opens his study by classifying data and information and by discussing data as an economic input factor and as a legal input factor. He then analyses how personal data are approached by the existing civil law rules and finds substantial differences between the different fields of civil law. For example, the applicability of property law to personal data is determined to be very limited due to the quite strict interpretation of the fundamental property law prin- ciples of numerus clausus, specificity and publicity. By contrast, he finds the law of obligations widely applicable to personal data cases, as many imbalances between the rights and the duties of the contracting parties can be found. In conclusion, Chrobak points to recent legal and technological approaches which seek to diminish deficiencies in the treatment of data as a new kind of legal object. Mark-Oliver Mackenrodt (Max Planck Institute for Innovation and Competition, Munich) exam- ines the legal treatment of personal data after the death of the data subject by differ- ent fields of law, including inheritance law, contract law, intellectual property law, privacy law, the right to personality and telecommunications law, in order to explore and identify possible features of a holistic approach to personal data. Emmanuela Truli (Athens University for Economics and Business) examines the conditions under which a plaintiff who has suffered harm from a breach of the data protection rules can sue for private law damages according to the new EU GDPR. In compari- son with the old Data Protection Directive, she finds that the GDPR entails an expansion of the rights of the plaintiff and seeks to address divergences between the pre-existing rules in the Member States, in particular with regard to moral damage, data processor liability, joint liability and representation rights of associations. Milda Mačėnaitė (Tilburg University) focusses on the child-specific rules of the EU GDPR and compares these newly created norms with the existing legal rules for the protection of minors in EU consumer law. She identifies the well-established con- cepts, justifications and instruments for the protection of minors in EU consumer law and points to possible lessons for the interpretation of the rules in the GDPR. Matilde Ratti (University of Bologna) identifies common features of the regulatory techniques used in data protection and in consumer protection law. Both fields of law seek to protect the weaker subject: they attribute specific rights like the right to withdrawal to the weaker subject and create litigation rules in their favour. However, it should be taken into account that the consumer protection rules aim to balance the contractual interests of the parties while the data protection rules seek to protect a fundamental right.
Description: