Data (as The New Oil), Privacy, and Competition Policies

The International Association of Privacy Professionals (IAPP) had its European Congress in Brussels, on 20 – 21 November 2019. The highest profile key note speaker of the Congress was the European Commissioner for Competition, Mrs. Margrethe Vestager, who spoke to the Congress on 21 November (source –

IAPP is a nonprofit, non-advocacy membership association founded in 2000, which provides a forum for privacy professionals to share best practices, track trends, advance privacy management issues, standardize the designations for privacy professionals, and provide education and guidance on career opportunities in the field of information privacy (source – Wikipedia).

The highlights of Mrs. Vestager’s speech were not particularly indicative of new competition policies in regard of data privacy; it however offered a courteous review of how competition rules and enforcement serve to enhance consumers’ expectations of privacy. Here are some of her strong points:

Data is indeed the new oil; however, as such, it may be used to distort markets – or even to shut out competition completely. Hence, it features high on Commission’s target.

The flood of new technologies did not (yet) resulted into creation of new set of values; old values are still the vital refference points, helping us to keep our bearings at a time when data is being collected and used in so many new ways.

Data flows both ways in the realm of the Internet. When we buy a product online, we share data about our interests. When we chat on social media, advertisers build a profile of us. And whenever we search Google, Google is also searching us. Not having control of our data makes us vulnerable. It allows businesses and politicians to understand us better – but it also gives them new opportunities to learn to manipulate us.

Competition puts consumers in control. It can be used to demand a better deal on anything that we care about – including our privacy. But competition only works when we can actually compare what different companies are offering, and pick the one that meets our needs, which can be difficult when companies are secretive are vague about what they plan to do with our data (as they usually are).

Strong privacy rules, like the GDPR, can help because they help consumers to know what data is being collected, and what it’s going to be used for. But even then, it’s not always easy for consumers to stay on top of the complex privacy policies of the dozens of websites and apps that we use each day.

As long as we keep our markets open for competition, there will be room for Europe’s businesses to come up with new services that can make it easier to control what’s happening with our data. That could mean keeping an eye on who has that data, and what they’re doing with it.

Competitive markets can be so creative because they let us tap into the ideas and imagination not just of one or two people, but of a whole ecosystem of innovative businesses.

But competition enforcement can never be the whole answer, when it comes to making digitisation work for everyone.

We should never have to bargain for the fundamental standards of privacy, but instead we need rules and regulations that set the framework for the market and strict adherence of every business to those fundamental standards.

The privacy rules in the GDPR give Europeans control of their data – and they’re inspiring many other countries around the world.

But rights aren’t worth much, unless you can enforce them. So it’s also important that Europe’s data protection authorities  have the powers and resources they need to effectively enforce these rules.

To tackle the challenges of the data economy, we need both competition rules and privacy regulation. Neither of those things can take the place of the other.

Digitisation affects so many different parts of our lives, that all of our policies and our actions are intertwined. And it’s only by taking a unified view that we can hope to face up to the challenges of a digital world.

(read whole speech at ).