ANALYSIS: Is Data Security a New Antitrust Shield?
Data security has evolved from a best practice to a required practice in many instances, but it may also factor as a business justification in the ever-growing antitrust frenzy against Big Tech. In last year’s forecast, I discussed bipartisan rancor brewing against tech giants, particularly in the areas of privacy and antitrust. That unrest picked up steam in 2021, with the introduction of more bills, investigations, and enforcement actions.
The ire, however, is not limited to legislators and regulators purportedly battling on behalf of Davidesque entrepreneurs and small business rivals. Indeed, the fight against Big Tech also includes corporate giants, like Epic Games Inc. Notably, Epic filed an antitrust suit against Apple last year, alleging that Apple’s “monopolistic” control over its “walled garden”–i.e., Apple’s mobile device operating system (iOS)–violated federal and state antitrust laws as well as California’s unfair competition law (UCL).
Specifically, Epic claimed that by requiring iOS developers like itself to distribute their apps through the App Store, and by further requiring developers to use Apple’s payment system for in-app purchases, Apple violated Sections 1 and 2 of the Sherman Act. In a decision issued Sept.
10, Judge Yvonne Gonzalez Rogers of the Northern District of California agreed that Apple’s app distribution and payment processing restrictions had some anticompetitive effects, but Apple cited several procompetitive business justifications. Principal among them: security.
Noting that privacy and security have been a competitive differentiator for Apple, Judge Rogers found Apple’s security justification to be a “valid and nonpretextual” business reason for restricting app distribution. The judge likewise found that Apple’s competitive advantage on security issues would be undermined by any loosening of its payment processing restrictions. While Apple was not wholly successful in the suit–Epic succeeded on its UCL claim–the assertion of security as a justification for allegedly monopolistic actions is a relatively new byproduct of privacy-focused corporate environments, such as those in Big Tech.
Apple invested heavily in creating a software development kit (SDK) and application programming interfaces (APIs) that allow developers to create apps that work on iOS. Moreover, Apple proactively requires developers to include measures to protect data security, privacy, data collection, and storage. Its success is arguably attributable to its investment in the reliability and security of its walled garden.
Given the expectations on businesses, large and small, to employ reasonable security practices, it would be interesting to see if security could be raised as a factor favoring a merger, for example, in future antitrust probes. Could an acquiring company’s ability to absorb the security costs of a fledgling start-up potentially outweigh concerns of market consolidation? Possibly.
A widespread benefits-to-scale argument could be made. Data protection and privacy laws are arguably so burdensome that small firms can’t manage them. That could lead to an argument that a company must grow–through merger, for example–to manage those costs.
But it’s questionable whether an argument like that would win the day. Of course, enhanced security measures could also be interpreted as evidence of market dominance. If tech titans are the only ones with the resources to invest in security, it’s possible that their use of such resources could prohibit new entrants into the market.
The battle against Big Tech is far from over, and the skirmish over security has just begun. Access additional analyses from our Bloomberg Law 2022 series here, including pieces covering trends in Litigation, Regulatory & Compliance, Transactions & Contracts, and the Future of the Legal Industry. Bloomberg Law subscribers can find related content on our Practice Centers for Antitrust and Privacy & Data Security.
If you’re reading this on the Bloomberg Terminal, please run BLAW OUT <GO> in order to access the hyperlinked content, or click here to view the web version of this article.