final logo red (RGB)

Revised transcript of evidence taken before

The Select Committee on the European Union

Sub-Committee on Internal Market, Infrastructure and Employment

Inquiry on

 

Online platforms and the EU digital single market

 

Evidence Session No. 1                            Heard in Public                             Questions 1 - 10

 

 

 

 

Monday 12 October 2015

2.15 pm

Witnesses: Agustín Reyna, Jason Freeman, Professor Annabelle Gawer and Joe McNamee

 

 

 

 

USE OF THE TRANSCRIPT

This is a corrected transcript of evidence taken in public and webcast on www.parliamentlive.tv.

 


Members present

Lord Whitty (Chairman)

Lord Aberdare

Baroness Donaghy

Lord Freeman

Lord German

Lord Green of Hurstpierpoint

Lord Liddle

Lord Rees of Ludlow

_______________________

Examination of Witnesses

Agustín Reyna, Chief Legal Officer, BEUC, Jason Freeman, Director, Consumer Law at the Competition and Markets Authority, Professor Annabelle Gawer, Associate Professor in Strategy and Innovation at the Imperial College Business School, and Joe McNamee, Executive Director, EDRi

 

Q1   The Chairman: Welcome everybody. Thanks very much for taking the time to give us some evidence in this area right at the beginning of our inquiry. We need, frankly, quite a lot of guidance from people who are more expert in those areas.

Before we start, if any member of the Committee has an interest specific to this session, could they declare it before they intervene? To our guests I should say that this is a formal evidence-taking session. A full note will be taken and put on the public record. I hope that does not inhibit you too much. Nevertheless, that is the situation, and we will send you a copy of the transcript. The session is also webcast. The acoustics are probably okay in this room. If they are not, I will interrupt you rudely and ask you to speak up.

I think you have had notification of the questions. The first question is specifically for Professor Gawer and is to give us the background: what online platforms are; why the European Council is interested in them; what kind of regulation the Commission is thinking about; and whether it makes sense for us to look at a whole range of platforms, from Google through to Facebook, Uber and smaller, more specialist, platforms. If you could you give us a tour d’horizon of the whole issue, that would set us off very well.

Professor Annabelle Gawer: Thank you, Chairman, and good afternoon everybody. I am Annabelle Gawer, and I am an associate professor of strategy and innovation at Imperial College Business School. I have spent the last 15 years working on digital platforms, publishing, studying and working with companies that have failed and succeeded in this area.

I shall briefly explain what online platforms are. They are also called digital platforms. In particular I will briefly explain how they create value and for whom, and how they grow. I will clarify quickly their dynamics and how they scale, how they become dominant and why they become hard but not impossible to dislodge through a competitive process. Very simply, online platforms are technologies that can be products or services. Sometimes we confuse them with the companies that develop them. They create value mainly in two ways. First, they facilitate transaction and exchange between a large number and sometimes different types of individuals and organisations that would otherwise have difficulty finding each other or exchanging or transacting with each other. Examples that we all know about are Uber, Google Search, Amazon Marketplace and Facebook. They use the capture and transmission of data, including personal data, over the internet. These are transaction platforms.

There are also innovation platforms, which are also digital platforms. Here we are talking about technological building blocks that are used as a foundation on top of which a large number of innovators can develop complementary services or products. An example is the iPhone, which has hundreds of thousands of applications. Those applications are developed by innovators all over the world, who use technology that is Apple’s and which Apple makes available through connectors that are sometimes called APIs—application programming interfaces—or using software developers’ kits, which will in effect stimulate and facilitate innovation from ecosystems. Some companies offer both kinds of platforms: the transaction platforms and the innovation platforms. Google has Google Search and Google Play, which is a store. Apple has Apple iOS and Apple Store. Facebook has Facebook, the transaction exchange, and Facebook Connect, which allows developers to build web services on top of Facebook.

These platforms generate value and growth thanks to what we call network effects: that is, they become more valuable as more users use them. We can see that with Facebook: every new member of Facebook brings in 200 friends on average. It is important to understand that the scale is both the outcome of the successful platform and the engine for the further growth of platforms. Network effects existed before online platforms: think of the railway work. But in the world that we live in today, where individuals, users, citizens have access to pervasive connectivity that is facilitated by pervasive internet—there are 7 billion mobile phones in the hands of users—this pervasive connectivity has accelerated the network effects. The scale creates value, and it creates exponential growth—for some platforms but not all: we insist on that. We see the very successful platforms; we do not see those that fail. This creates a self-sustaining momentum of growth.

You asked why the Commission is interested in these platforms. I am not part of the Commission, but I can say why I believe the Commission is interested in them. I think it is interested in them because of the salient dominance of a small number of platforms. A number of digital platforms, but not all, have become extremely successful, with hundreds of millions of users. The marketplace valuation of these firms is enormous: trillions of dollars. Some of these platforms have dominant market share: Google has over 90% market share in Search alone in Europe. Along with this very high market share comes the question of dominance. In particular, there are concerns about the abuse of dominance. Dominance in and of itself is not unlawful, but the abuse of dominance, from a small number of such platforms, is. So dominance is one reason.

The other reason is data protection, the privacy of consumers and citizens and questions of data protection. Data privacy has become salient and come to the fore, especially as a lot of these platforms utilise personal data in ways that are not always transparent to the end users. This data is transferred, captured, monetised, which gives rise to a lot of concerns about the rights of consumers to all these transactions.

There have also been complaints from a number of smaller businesses that are also consumers, although not individual consumers—they are consumer organisations—of some of these platforms, claiming that they have been treated unfairly or that their business has been hurt by a platform. It is fair to say that every time there is technological change it is likely that incumbent firms will not immediately adapt or will not even survive waves of technological change. We saw that in the Industrial Revolution, and when fridges and similar appliances came in; the ice harvesting industry completely disappeared. So it is fair to bear in mind that just the signal of existing, incumbent firms complaining does not necessarily mean that something untoward is happening, and we need to be careful about complaints about institutions that have collective welfare at the heart of their objective being instrumentalised by basically disgruntled incumbent firms that have a hard time adapting. I am not suggesting that this is what is happening; I am just putting it into perspective.

There has also been some public concern about certain fiscal issues and taxes being unpaid by some of these digital platforms, but all multinationals play that game, so to speak; it is not specific to digital platforms, and we need to focus on what is specific.

This is a context in which Europe is definitely lagging behind, so there is an industrial policy concern on the part of some parties, but again I strongly suggest that we need to keep it separate and not bundle all the issues together.

With regard to regulation, does it makes sense to group together businesses as different as Google, Amazon, Facebook and Uber? Obviously these are different businesses; they offer different kinds of services. However, they have something fundamental in common: they are all based on digital data capture, so they are digital engines, and they are all subject to strong network effects, so they are all digital platforms. Profits are generated on the basis of individual personal information data being captured, exchanged and monetised, and the use of this personal data has so far lacked transparency. The users are not being made aware of how their data is used, so that is a common problem that justifies a common regulatory answer. If we go in the direction of regulation, there is a reason at least for putting them into the same category. However, it is also important not to mix up the issues. I am a French citizen and I know that there has been an outcry among taxi drivers in France about Uber in particular and concerns about these new digital platforms. It is important to recognise that whenever there is technological change, incumbent firms might find themselves in an inferior competitive position when faced with new business models. I will stop there.

The Chairman: Thank you, that is very helpful. Unless there are any immediate questions for Professor Gawer, I shall move on to the next question, which relates to the consumer impact.

Q2   Lord Aberdare: I think that this question might initially be addressed to Mr Reyna. It is really a portmanteau question. Given the number of people who use these platforms, often without charge and often without them seeing that use as a direct transaction, can you describe what you see as the main benefits of platforms from the consumer point of view? On the other side of the coin, what are some of the problems that might arise, again from the consumer perspective?

Agustín Reyna: Thank you. Indeed, I disagree that these platforms are provided to consumers for free. Although no economic transaction takes place, consumers pay through their personal data or by being exposed to advertising. Across Europe there are several examples where the national consumer associations in member states such as France and Germany and in Norway have taken action against social networks because they were advertising their services as being free, when in fact consumers pay for access to a social network with their personal data. Of course, these platforms are valuable to consumers because they do not have to make a monetary payment, but it is important to assess how the existing legislation, particularly on consumer protection, applies in regard to this type of business model.

There are several questions in this area and we can touch on those concerns now, if you like.

The Chairman: Do you want to say a little more about the balance between the benefits and the problems for consumers? The benefit is in one sense obvious because it is free, while a lot of consumers will not actually know that the problems are there.

Agustín Reyna: Again, it depends a lot on the different types of business model. A platform such as Facebook does not raise the same concerns as one like Uber or Skype. It really depends on the different type of platform or the kind of service being provided.. However, depending on how it is defined are perhaps three types of concern in common across all digital platforms. One is the collection and processing of personal data. This is partly due to the different approach taken on each side of the Atlantic: that is, in the US and in the EU with regard to data protection. Other concerns relate to issues around competition - is the business in a dominant position[1] ? Or they can be related to commercial agreements in terms of distribution channels[2]. Finally, we have the application of existing EU and national consumer laws, which have mainly been tailored for the physical world. The challenge now is to see how they apply to these new types of digital products.

The Chairman: I wonder if Mr McNamee would like to comment from the regulatory point of view on the consumer protection side.

Joe McNamee: Building on what Agustín has said, one of the central benefits of online platforms like Facebook is also increasingly one of its biggest downsides. A service like Facebook creates a new public space, a new way of communicating and campaigning, and a new way of selling and buying. It is potentially a new foundation for citizens’ rights. But unlike our traditional public spaces, it is one that is entirely privately owned, and the laws are not the laws of the land. The laws are whatever the terms of service say that they are. For example, Facebook has a rule known as the real name policy: you have to use your official name. This is perfectly fine for a lot of people, but there are those who are fleeing domestic violence or people who are transsexual who have had their service unilaterally cut because, strictly speaking, they were not complying with the terms of service. As time goes on, the attitude of companies that have no competition becomes more arbitrary. Not so long ago, Facebook had simultaneous policies that it was permissible to upload a video of a beheading if it was surrounded by appropriate commentary, but it was not permissible to upload something that depicted a female, but not a male, nipple. This public space is quite unpredictable from a citizen’s perspective, and it is becoming more challenging as Governments increasingly see opportunities to pressure platforms into interpreting their terms of service in particular ways. Why does Facebook not do more to deal with hate speech, terrorism, copyright or whatever it might be—not based on the law or on what lawmakers have decided the law should be but on what sort of flexibility can be read into the terms of service. Indeed, tomorrow there will be a vote in the European Parliament on a resolution on radicalisation. One of the amendments put forward is that a state body should be set up to point out potential breaches of terms of service to companies like Facebook in order for them to apply their terms of service in the way the state wants, and not the law.

Lord Liddle: Can I follow up on that for a moment? A newspaper or the BBC has obligations as a publisher to ensure that they stick within certain rules. People must not be slandered or upset. What is the argument put forward by people like Facebook for saying that they should not be under similar obligations?

Joe McNamee: I do not think they do put forward the argument that they are necessarily not subject to any law. United Kingdom libel law is well known globally. The person responsible for the libel can be held responsible. The question is whether Facebook should be monitoring a billion users in order to make sure that those billion users do not do anything that infringes any law in any country. If they do, whose responsibility is it? Is it the state’s responsibility to prosecute the breach of the law or is it Facebook’s responsibility? This is a complex issue.

Lord Liddle: It is indeed.

Lord Green of Hurstpierpoint: I am trying to understand whether this is a problem of the intrinsic difficulty of legislating for the digital space, given the geographic fragmentation of the legislative process, or whether it is the fact that the industry is too fast moving, so that even if you did legislate, the law would be out of date within weeks. Which kind of problem is it, or is the answer that it is both?

Joe McNamee: The answer is that it is both. The problem we have is that from the political perspective it is often too easy to say, “Why don’t they do more?. Three or four years ago I was at a notice and takedown event in the European Commission. A representative of the Dutch police said, “There are examples that are completely obvious, such as beheading videos, where the content is definitely illegal, and in that circumstance the platform should react”. A representative from the Home Office said, “Yes, but the legislature in my country has not ruled on this, so it is not actually illegal”. Another question is whose fault is it: is it Facebook’s fault that it is not removing content that is reprehensible or, dare I say and with all due respect to our hosts, does the fault lie elsewhere?

Lord Aberdare: I am wrestling with two issues. The first is that given that there is such a variety of platforms that are all different, is it possible to decide on the criteria for determining whether a particular platform needs to be tackled with some sort of governmental or legislative action? Is that a concern? I was interested in what Mr Reyna said about the common characteristics and whether those might be the criteria to be used.

The second issue is that while you have some criteria, presumably there is then a question of thresholds: when are things serious or concerning enough that they need to be acted on? I do not know if this is more of a comment than a question, but does anyone have any comments to make in return about how one might turn this into an approach that says, “This is how we decide which platforms need to be addressed and this is the point at which they become of concern”?

Professor Annabelle Gawer: That is an excellent question, because it is important to zoom in on the right levers of action. The commonality that we are talking about here is not that of the platforms but of data. There are more successful and less successful platforms. Firms may have a product today that they decide to turn into a platform tomorrow by changing an element of the software around it, along with their pricing business model. Some companies have business units that can make a platform service, but others do not, so if we start regulating platforms, that will soon be completely impractical. However, let us think about the digital infrastructure for what it is. It is just like water, electricity and highways. It touches on and joins together people’s livelihoods by giving them the security of access to basic services and fundamental services such as health and education. In the early years of the internet the emergence of platforms created a lot of value and there was a link to the “Wild West”, but there is now increasing concern that we are getting to a point where a number of these issues are becoming salient and are gathering momentum.

It is clear that the European Commission really wants to regulate; that is rather inevitable. The challenge for Europe is that of protecting and stimulating the vibrancy of digital platforms and the growth in the jobs and value that they create while protecting consumers and citizens from the power that stems from their growth. There is a risk that Europe will fall behind if it resorts to a kneejerk reaction, so the regulatory framework that we might want to put in place should recognise that in the European Commission we have to play by the rules. One of those is about data; it should not be about platforms, but about data. It is not so much about the platforms themselves, rather it is about regulating the transfer, capture, use, monetisation and ownership rights of data.

The Chairman: Can we focus on the data and their effect on consumers? I am sorry, we have namesakes here. I am inviting Lord Freeman to cast a question in the general direction of Mr Freeman.

Q3   Lord Freeman: Can I pursue what we have just been talking about, in particular the current data protection model and its imminent updating? Could we have your advice and comments about, first, the existing model, and then more particularly about the proposed updating?

Jason Freeman: Earlier this year the Competition and Markets Authority, for whom I work, sent out a call for information on the commercial use of consumer data. One of the issues we identified is quite a difficult one: that is, the level of consumer engagement with what happens to their data. There seems to be a disconnect between consumers’ stated concerns about privacy and their data and how they actually behave in practice. I am not suggesting that a regulatory solution is necessary, but any such solution would need to overcome that. The issue is how to get people to engage with what happens to their data. There are several parts to the problem. One is around constraining, if it is appropriate to do so, the level of data that is being collected. What constrains data collection? There are perhaps three factors that could constrain it. One is consumer constraint, where a consumer says, “I don’t want to give my data to that particular person”, or “I don’t want my data used for that purpose”. The second one is a competition constraint—the two are connected—where businesses compete over the amount of data that they collect and what they going to do with it. The third is a data protection regulatory constraint where businesses do not want to collect data or do not use it in a certain way because either they cannot do so or there is a difficulty around it.

It is important to think not just about the data protection regime, but about the market for data and how it can work well. Intrinsic to this is consumer trust. Consumers engage with platforms and other operators who collect data, and very often they benefit significantly. It is important that we do not underestimate the benefits. There are very significant benefits that people currently receive by paying for services that they value with some level of data disclosure. But there is the important aspect of trust. We identified that consumer trust is to some extent fragile, and the risk is that consumers will disengage from data collection and the market then does not grow in a way it could or should grow because consumers fear what is going to happen. They become suspicious, and therefore they do not download an app that they would really like to download because they are unclear about what data it is going to be collecting.

We think there are three areas where the market can be improved. One is around transparency: that is, businesses being clearer to consumers about what it is they do with their data. However, privacy policies are notorious for being difficult to read, lengthy and potentially incorrect. There should be transparency about what is being collected, by whom and for what purpose. The second area is choice: can consumers exercise any effective choice about what is collected or not? There should be some form of actual consent to the transaction. The third area is control: can consumers exercise control over what data they are disclosing and sharing? We think that if these factors are present, the market will work well, and then we would not need to concentrate too much on the data protection regulatory space because the market would be working effectively. In our experience, where there is principles-based legislation that is effectively enforced, markets work well, rather than having prescriptive legislation that in a fast-moving economy can rapidly become out of date.

Lord Freeman: I think what you are saying is that it is up to the individual consumer, which I quite understand, to seek protection in terms of what information is disclosed. Are you saying that there is no case for any external protection coming from regulation?

Jason Freeman: No, I would not say that there is no case for external regulation, but it needs to be treated with care. At the moment there are constraints around, for example, sensitive personal data, so sensitive personal data that is being collected or processed in that way should not come back to bite the consumer in some way; they should not be identified as people of a certain sexual preference or people with a particular illness. The law constrains, which is entirely appropriate, and we have decided as a society that we want that level of constraint, but we have to be careful before we start to expand the areas of prescriptive legislation, both because it is hard to future-proof that sort of legislation and because it can have a detrimental effect on the development of markets. You can constrain in such a way that hinders innovation in a way that you have not thought about, because we do not know what people are going to do in one, two or even six months’ time, and as the timescales get longer it is even harder to predict what is going to happen. So we have to be careful before we go down a prescriptive regulatory route.

Lord Green of Hurstpierpoint: I can see why you would set out the principles of transparency, choice and consumer control as the ideal building blocks of this principle’s approach to the regulation and control of the use of consumer data. We all know, and you alluded to it, that these statements that you have to sign, usually without even reading them before you can go any further, are very long and opaque. But I imagine that if you looked at it from the other end of the telescope, the corporations would say that the reason for that is because they have had to put them in the hands of their corporate lawyers, who do what they always do with that kind of statement because of the risk of subsequently being sued. How do you cut through that?

Jason Freeman: It is important to bear in mind that these are consumer transactions and that there is a panoply of consumer legislation, which again is principles-based, that already applies to all these transactions. There are the unfair terms provisions of what is now the Consumer Rights Act, which were set out in the Unfair Terms in Consumer Contracts Regulations until the start of October. They implement a European Directive that requires that the terms should be sufficiently clear and transparent and that they should not be unfair; essentially, they should not be unfairly biased against the consumer’s interests. That is an important legal protection that already exists, and it exists across many sectors and thus would apply to privacy policies in so far as those are contractual terms that regulate how people engage with websites. The Consumer Rights Act now clearly applies to notices; whether not they are contractual terms, they are notices that apply to consumer transactions, so that piece of law already means that privacy policies should be fair.

There is also consumer protection from unfair trading regulations that requires that commercial practices should not be misleading, aggressive or contrary to the requirements of professional diligence. Again, that is a European Directive that is a full harmonisation Directive that applies right across the European Union. It means that people should not be misled by, for example, what is going to happen to their data. If someone makes the statement, “We take particular care of your personal data and we will not let anyone else see it,” and that is not true because they are in fact selling it to many third parties or the data is not sufficiently secure so that they cannot guarantee that it is not going to be leaked to someone else, then potentially they will have committed an offence under those regulations. So a lot of legislation already exists in this area that is principles-based, cross-sectoral and, we would say, effective when it is properly enforced. The biggest challenge for us as enforcers is to consider how the legislation applies to fast-moving, factual situations—new business models. We must ask whether there are loopholes that we need to identify and whether we need to make a particular interpretation that may be less conservative. There are different things that we need to think through as different factual situations present themselves. But, importantly, we have to consider whether actual harm is taking place. From our perspective, that would be harm to a consumer’s economic interests. We would not be concerned so much with other issues to do with morality or people’s opinions about how things should be. We are thinking about economic harm.

Lord Rees of Ludlow: I can see that when dealing with a company like Amazon, what data it is gathering and what it uses the data for is fairly clear, but what about the more difficult question of data on Facebook or Google? We do not know what those companies themselves might do with the data using advance data trawling, face recognition techniques and all that. Do we have any way of controlling that and of reassuring the public about that sort of thing? I refer not to a third party but to the actual companies themselves making use of data and aggregating it in new ways.

Jason Freeman: I shall say just one thing on that. Clearly they would be constrained by what they have told people they will do with their data as set out in their privacy policies. They will be constrained by the law and by enforcement by, for example, colleagues at the Information Commissioner’s Office. That is all I would say from the regulatory perspective.

Joe McNamee: One thing that is interesting in this context is to note that pieces of data are no longer pieces of data. They are very fertile creatures. You can put two pieces of data together and a short time afterwards you will get a third piece of data, because you can make assumptions based on what you know—and Facebook knows a lot. Quite recently, Facebook undertook an experiment to see if it could shape the mood of its users.

Lord Rees of Ludlow: Likes and dislikes and things of that sort.

Joe McNamee: Yes. Facebook was able to show that by manipulating the feeds that people were seeing ever so slightly, it could get reactions in line with its expectations. This is where it gets interesting. Facebook did this on the basis of a phrase in its 9,000-plus word terms of service that states that the company can use the data for research purposes. This, it decided, was research.

Slightly more interesting is that there is a discussion at the European level, in the context of the data protection regulation, about whether research and statistical analysis should be a legal basis of its own on which to process data. In the current framework, which is not very well implemented, you have the principle of data minimisation that would be overturned by this, purpose limitation that would be overturned, access and rectification that would be overturned, and the notion of consent as a separate legal basis being overturned. You have data protection and trust when people feel that there is a link between what is being done and what they expected. When that link is broken, you are breaking trust, and when you are breaking trust you have both social consequences and economic consequences. At the moment in the European draft, particularly when it comes to profiling, we are losing all control and predictability by the individual over their data. This is the most serious challenge facing the data protection regulation.

Q4   Baroness Donaghy: Coming back to the rapid growth of some of these platforms to the extent that they have become dominant, I understand what Mr Freeman has been saying about the disconnect between consumers feeling empowered by the information, while at the same time feeling rather powerless about some of the things that Mr McNamee has just referred to. Who is going to define “harm” and “good” for consumers? In the future, will that be left to the consumer, or will the state ever have a role that it can keep up with? I am conscious that France and Germany seem to be very concerned about these issues, while the UK seems to be slightly more laidback. That appears to be slightly more than just an attitude; it is more about the issue of trying to keep up, which is what some of you were saying earlier.

Agustín Reyna: Thank you for your question. The enforcers play a fundamental role in this debate in order to assess whether because we check whether a specific company is complying with the existing legislation that covers, for example, competition rules, data protection rules and consumer protection rules. Of course these have to be assessed on a case-by-case basis. When we think about a company like Google, BEUC as a complainant in the ongoing anti-trust case that the European Commission is carrying out has to assess the consumer harm from the point of view of reduction of choice. When a market player is in a dominant position, from that dominant position it can commit abuses[3] in the sense that certain results are favoured over other results of competitors, thus restricting access for consumers to what is available in the market. If a company does not appear in Google , it basically does not exist in the online market. That presents problems for consumers, because, first, they do not get access to a wide choice of products and they might not necessarily get the offer they are looking for: that is, for an offer that is better adjusted to their own preferences or search parameters.

The Chairman: Can we move on to Lord Rees’s question, to which Professor Gawer has already referred?

Q5   Lord Rees of Ludlow: I want to focus on Uber as a particularly topical case where there is concern of two kinds. One is that there is just one type of company like that operating, and the other is the tension between it and the traditional operators, which we know is a generic case. However, it is especially acute in the case of Uber. Perhaps you or another witness would like to comment a little further on how this might play out and what we should do.

Professor Annabelle Gawer: Is your question precisely about how Uber relates to the general discussion that we have had so far? 

Lord Rees of Ludlow: Yes, the focus is on the particular case where there is tension between the traditional operators and Uber, and there might also be a separate issue over whether Uber will attain too much dominance of the mobile phone market for taxis.

Professor Annabelle Gawer: I will put Uber into the category which some people call the sharing economy. The most famous companies in that space are Uber and Airbnb. These companies have attained enormous business valuations in recent months. The sharing economy or the sharing platforms are simply a subset of online platforms; in particular, they are a subset of transaction platforms. What is specific to them is that they facilitate exchanges or transactions between users without the platform itself owning the assets. We can think of Uber as a taxi company, but really it is facilitating access by end users to other people who have cars. Airbnb facilitates access by people to other people who have rooms. These business models are creating a lot of value. From the financial perspective, companies that do not own the asset but generate a lot of revenue are very attractive. These companies employ only a small number of people and can command valuations at astronomical levels.

That being said, Uber is an example of a new business model that raises a lot of concern among the incumbents. In this particular case it is the taxi business, an industry that has been around for a long time and therefore has also been regulated for a long time. On the one hand it can be said that Uber is a welcome new injection that creates new value. Perhaps it would make sense to make sure that from the safety and insurance perspective, some regulation should be demanded for this new category of exchange and service. I think it is fair to say that. On the other hand, we need to be careful, because there is an established group of companies that have benefited from a particular way of doing business for a very long time, and their incentive is to offer their services and to perpetuate their way of working. These issues need to be balanced.

Q6   The Chairman: Can I ask whether our two consumer organisation representatives have any views on the consumer reaction to, for example, Uber as against the traditional form of taxi company?

Agustín Reyna: The whole discussion about the sharing economy is around its emergence as a response to failures in the traditional markets. People were not happy about how traditional markets in financial services, transportation and accommodation were working. That has represented a huge source of opportunities for these kinds of platform to develop. They are definitely a positive development in the sense that the new business model makes the traditional markets more competitive and pushes traditional operators to improve their services if they want to continue being in the market. But from the consumer perspective, when we look at this new business model we must ask whether the services are being provided under safe conditions and whether there are clear rules about who is responsible for what. This is a fundamental question, because when we look at the terms of reference for many of these companies we can see that they are not responsible for anything. So if something goes wrong, to whom can the consumer turn to seek redress? This applies across different sectors, including accommodation, transportation in the case of Uber, and even financial services in the form of crowdfunding and investment platforms. If the consumer trusts the platform or the third party that is providing a service through that platform but suffers a financial loss, who is responsible for that?

Joe McNamee: Just to clarify, we are a civil liberties organisation rather than a consumer organisation, so I have no comment to make at this point.

The Chairman: Okay, thank you. Let us take a slightly wider question from Lord German.

Q7   Lord German: I want to look at the whole digital economy single market strategy of the European Commission, and at the scope of the inquiry that it is undertaking. Does it have any gaps in it, or does it have a comprehensive perspective? In other words, is anything missing from the consumer’s perspective that it should be looking at but is not doing so or has not yet put its mind to?

Professor Annabelle Gawer: The inquiry is looking at a number of relevant points, but one thing that may be missing—building on the point made by Mr Jason Freeman—is the relationship between the competition authority and its role in regulating and monitoring the use of data. Let me clarify what I am trying to say. We have existing competition rules set by competition authorities. For example, a European competition authority dealing with all aspects of competition and anticompetitive behaviour, whether digital or not, has a role to play and it is not worthwhile reinventing that. But what I think is missing so far in the position taken by the European Commission is clarification that there have to be three distinct and independent roles but they must communicate with each other. One would be that of a European digital data regulator that would monitor, co-ordinate and oversee all the different aspects of data use. I should say here that I slightly disagree with Mr Freeman that we can just let the market deal with it, for the very simple reason that Governments themselves are looking at citizens’ data, and sometimes doing so without good cause. Are we supposed to let the market sort this out? That would not be appropriate. I think a digital data regulator would ensure consumer protection against commercial abuse and criminality, as well as ensuring that consumers are protected against Governments who might abuse their data.

I would suggest that every new regulation would have to be submitted to and cleared by the European competition authority so that there is not too much prescriptive regulation. A cost-benefit analysis should be made of any new regulation to make sure that it does not duplicate or actually harm what already exists from the competition authority. There then has to be a third function of industrial policy, which must be separate. It is important to ensure that not only is it separate but that it is perceived as being so. The United States is looking at Europe and saying, “All this talk about regulating platforms is just a covert industrial policy by European countries that are lagging behind in the competition for the digital space. They are trying to slam on Google and on Facebook because they are American companies”. In the UK and Europe, people have concerns about consumer rights. If these things are perceived as being bundled, that could weaken the consumer rights agenda, and therefore it is important to have these three goals. I would suggest that we have a digital data regulator at the European level, a competition authority at the European level, and an industrial policy function that is clearly separated from the other two.

Lord German: Can I be clear about what you have just said? You are looking at the interface between those three issues and you are saying that the current described European digital single market strategy and the current described way of looking at that strategy does not encourage people to actually look at that relationship.

Professor Annabelle Gawer: The document that has been shared is about the issues. It tries to identify the problems. The problems that are being put forward are not industrial policy problems, rather they are consumer problems and competition problems. Some companies feel that the behaviour of the big platforms is unfair, so the issues are ripe. The documents and the current state of the work at the European level are not yet at the point of saying which institutions will deal with this. I am proposing here an institutional way of dealing with these questions that recognises that they are interdependent but are dealt with in a separate way to ensure that the incentives are not mixed up. The decisions must be seen as legitimate and they therefore carry weight with other countries and citizens in order to build trust.

Q8   Lord Liddle: These are very complex issues and the question is how we define the public interest in this area. Is it simply a question of competition and consumer rights, or is it broader than that?

Professor Annabelle Gawer: That is absolutely right. It is broader than that.

Lord Liddle: When we look at the different examples of online platforms, can you point to certain ones that you think deal with these issues in a comprehensive and coherent way? Have they thought about them deeply and come up with good answers?

Joe McNamee: I could give a slightly ironic answer to that question. The European Commission held one of the most exemplary, intelligent and balanced consultations that I have seen in my time in Brussels on the responsibility of intermediaries and how the e-commerce Directive should be implemented. It was extremely good because it was thorough and complete. The consultation finished shortly before the last European Parliament elections, and now we have the same issue again in the platforms consultation. It was done well. We now have in the consultation issues around illegal content. The definition of illegal content actively covers content that is legal. It editorialises about what the answers should be, even though that is clearly inappropriate in a consultation. Questions were asked that mixed fundamentally different types of platform, such as news aggregators and video-sharing websites, to which a sensible answer cannot be given because it asks that two different things be mixed at the same time. That is an example of what the Commission has done well, but snatching defeat from the jaws of victory, it is what it is now doing badly, having done it well.

Q9   Lord Green of Hurstpierpoint: Earlier one of you alluded to the difference in attitude between various member states. Baroness Donaghy said that we seem to be more laidback in this country about issues around data usage and privacy. Do you think that is true, or is it merely that we have not woken up to what is really going on? Do you think it is helpful to take a more laidback attitude? The French and the Germans are notoriously in the headlines as worrying a great deal about this. Are they obsessing too much? What is your real sense, from the point of view of the consumer in 99% of cases? We are not talking about issues of egregious criminality or abuses of data in the examples quoted by Mr Freeman where a company promises not to sell data and then proceeds to do so. That is egregious. Is this working satisfactorily, and how much do consumers really need to care?

Jason Freeman: It is important to bear in mind the many benefits which the digital economy and indeed the platform economy bring to consumers. It is important not to overlook those benefits in this discussion by focusing on particularly dystopian views that could be possible in one world but have not necessarily happened. There are constraints that businesses operate under, not least their commercial reputation, which exercises constraint. There is a legal framework that I have already emphasised and I will not go into it again. A focus on the benefits is very important in this discussion, because at the moment people are getting benefit from the sharing economy and from the platform economy. Any intervention therefore needs to think carefully about where the harm is and where the problem is arising. There are some potential areas of detail that one could consider further. For example, on the sharing economy, what is the nature of the rights and responsibilities that you have with the person you are dealing with? It is an important topic that, as the sector grows, could become one of great significance. If you are dealing with someone who does not treat you as if they are a professional traderthat is, they treat you as if it is just a casual relationshipthat could cause problems down the line. It is important to connect any intervention with an assessment of whether there is a problem. Is there harm? Traditionally, we have focused on consumer complaints, and we try to do that in sophisticated ways so that we can find consumer complaints. But if they are not complaining about something and are instead benefiting from it, it is important that we do not assume that they should be complaining about something which actually they are not worried about.

Joe McNamee: Perhaps I can come in here very briefly. There is a big difference between a consumer right and a fundamental or human right, and you cannot easily play one off against the other. We have seen from the Cambridge and Stanford study on profiling that the amount of new data that can be generated is scary even with a small amount of Facebook data. Facebook recently applied for a patent to assess your creditworthiness on the basis of your friends’ creditworthiness. You might not have known that that is how your data can be used; I certainly would not have guessed that my data could subsequently be used like that. We have the mood manipulation study that I alluded to earlier. We had the balanced Facebook initiative of a little flag saying, “I voted last time round,” but what if the “I voted” flag just went in the direction of some people wanting to vote one way rather than the other? The people who would not get the news stream would be the ones most likely to complain about it, yet it would be invisible to them.

That comes back again to the pillars of predictable data protection. Data minimisation is not a radical or extreme suggestion; it is in both UK and European law. Purpose limitation is not an extreme notion, and consent is not an extreme notion. If we can get the principles into the legislation so that regardless of whether it is Uber, British Telecom, Facebook or whoever it might be, we will have a framework that actually makes sense. The danger now is that not only is the profiling article, Article 20 of the regulation, being watered down to an excessive degree in the negotiations, but all the pillars on which that would be based are also being undermined. If things continue as they are, we will risk having a regulation that generates paper and revenue for lawyers—and they are worth it—but we will not get the predictable framework that we need.

Agustín Reyna: I might add that the enforcement dimension from the European perspective is fundamental to this. You might have heard that last week the European Court of Justice ruled that the safe harbour agreement is illegal. For 15 years other national data protection authorities were not able to investigate, despite the fact that they considered that they had evidence from their consumers showing that some companies have been misusing their own citizens’ personal data. We have had to wait 15 years for the court to declare that this agreement was illegal, despite the fact that public opinion, civil groups and consumer associations all considered that it did not match the necessary requirements to protect Europeans’ personal data. The timing is perfect because we are now discussing within the frame of the General Data Protection Regulation the implementation of an enforcement scheme that allows all national authorities, when they consider that the rights of their citizens have been violated, to act. There will be a scheme that enables co-operation between different national authorities, which did not exist in the past. Only now are we really starting to see that this is an opportunity for enforcement by the data protection authorities and in which the state can play a role in the protection of citizens’ data.

Q10   The Chairman: We have come to the end of the questions. Do any of you want to tell us what you really think the Commission should do now?

Professor Annabelle Gawer: It is important to keep a balanced view and not get pulled too much into advocacy one way or another. I think that the European Commission should be very careful about making a balanced and proportionate response, and creating the institutions to address these important issues.

Agustín Reyna: Something that is important for the European Commission, as we know very well, is subsidiarity. What are the issues that are relevant to the single market? The platform consultation is only one piece of the Digital Single Market strategy. From an economic consumer perspective, there is something that is perhaps even more important: the e-commerce inquiry[4]. We are trying to define at the European level whether, for example, a consumer in Lithuania is able to access content from a platform in the UK. Currently that is impossible because of the famous geoblocking, which under EU competition law is likely to be illegal because it amounts to a restriction to the so-called “passive sales”. But this is even more important from the point of view of consumers in, say, Eastern Europe who do not have access to legal offers. On the one side, let us take as an example the case of a platform like Netflix. I was in Lithuania last week where there is no access to any type of online audio-visual content for the Lithuanian market. They cannot access it from another country or Member State.[5]. And, on the other side, we are discussing at the European level the enforcement of intellectual property rights, including copyright. We cannot allow people to download illegally, but we do not give them the choice or the possibility to buy legally. This is a question that must be addressed from the European perspective. 

The Chairman: That is an important point. We have to focus specifically on a part of the digital single market strategy, and we have decided that we will focus on platforms. However, these wider issues are very important for European consumers and impinge to some extent on the platform issue.

Thank you all very much. You have given us a lot to think about, and should any of you feel inclined to add to what you have said today in writing to the Committee, we will obviously take that into account. We will also try to keep you up to date as we proceed with our inquiry over the next few months. Again, thank you.

 


[1] The witness wished to insert: “and is it abusing its market position?”

[2] The witness wished to insert: “for example whether there are contractual restrictions impeding consumers in certain countries to access products available through platforms in other Member States.”

[3] Witness wished to insert: “like favouring its own services over those of competitors”

[4] Witness wished to insert: “and the associated legislative initiatives.”

[5] The witness wished to insert: “Consumers in that country are blocked if they want to access this platform in other member state thus those consumers have to turn to unauthorised sources to watch those audio-visual contents.”