German Merger Control Rules to Include Transaction-Value Threshold to Catch Data-Focused Internet Mergers — EU May Consider Following

Introduction

The German government has announced that it intends to extend German merger control thresholds to take account of transactional value. The change is intended to allow the German Federal Cartel Office (FCO) to increase its scrutiny of mergers and acquisitions in digital online markets. The change is to be introduced as part of the ninth revision of the German Act on Restraints of Competition (ARC). A draft of the changes is expected in the course of this year.

At the EU level, Competition Commissioner Margarethe Vestager has recently floated the possibility of similar changes for similar reasons to EU merger control thresholds.

Background

Under current German merger control rules, transaction must be notified to the FCO for prior clearance if the turnover of the merging parties meets certain thresholds. However, in online markets, these thresholds increasingly fail to catch acquisitions, where the turnover of the parties is low due to limited sales, but where the transactions still have significant economic impact due to the non-monetized activities of the parties. A key concern is the acquisition of digital economy startups with high market potential by more established internet operators. Such transactions often have a high value – due to the vast amounts of commercially valuable data being transferred – but are not caught by the current notification thresholds due to lack of sales and therefore low turnover figures. This also applies to other data-reliant internet business models, such as online sales platforms.

In a 2014 report, the German Monopolies Commission (GMC), an independent advisory body on competition law, identified these issues as “gaps” in existing merger control law and recommended “additional notification requirements based on the transaction volume." According to the GMC, in digital markets, the purchase price would often better reflect the economic impact of a transaction. This view has been supported by FCO President Andreas Mundt, who, in 2015, also called for legislation to help authorities address the risk of monopolies in online markets.

European Perspective

Similar concerns arise in relation to EU merger control which also relies on turnover thresholds. A prominent example was the acquisition of WhatsApp by Facebook, Inc. in 2014, which was not caught by EU turnover thresholds and might not therefore have been reviewed by the European Commission if the parties has not actively sought an EU level review.

Now this week (on March 10), Commissioner Vestager delivered a speech in which she expressed concerns about turnover thresholds, stating that turnover “wasn’t always the best way to judge the size and impact of a transaction” and that the Commission “might [therefore] be missing some important deals that [it] ought to review”.

The Commission has already started to gather information on the functioning of e-commerce markets in order to identify possible competition law concerns by way of its e-commerce sector inquiry, launched in May 2015 which forms part of the European Commission’s Digital market strategy.

Relationship with Privacy Laws

As well as attracting competition scrutiny, the collection by companies of large amounts of personal data can also raise issues under EU and national data protection laws. This was highlighted by the GMC in its 2014 report, where it noted that a certain level of protection already exists under current data protection laws with regard to the commercial use of data. However, according to GMC “it is still undecided whether and to what extent an individual is entitled to exercise any rights over … the use and exploitation of such data … The [creation of] undisputed, absolute rights would be advisable." The GMC went on by stating that “to enable users to have more effective control of their data, the legislature could consider more frequent utilization of the opt-in approach [under which] companies would have to obtain users' explicit consent in order to store and evaluate (personal) data.”

The current reform of European Data Protection Law rules, in particular the new General Data Protection Regulation (GDPR) which aims to create a single set of EU data protection rules, instead of 28 different national rules, could be an important step in this regard. The GDPR, which was agreed in principle in December 2015, is likely to be adopted this year and to come into effect in 2018. While aiming to facilitate the free flow of data in a ‘digital single market’, the Regulation may also strengthen the rights of individuals, among others by increasing requirements for explicit consent (as proposed by the GMC).