Data-driven Business Models: Privacy and Marketing

Given efficient tax planning and the size of big tech-actors much focus has—for good reasons—been on tax law and competition law (‘antitrust’/‘monopoly’). Consumer protection law, including data protection law in this context, has the advantage that—in contrast to competition law—it applies to traders regardless of market power. Even if there existed real competition among providers of e.g., search and social media (think of a market with a few Googles and Facebooks), there are still intrinsic parts of data-driven business models that are likely to infringe on privacy and distort the economic interests of consumers.1 Our focus is primarily on data protection law that aims to protect the privacy of citizens (the data subject) and marketing law that aims to protect the economic interests of consumers. The use of personal data for marketing purposes is also likely to affect the economic interests of consumers. Likewise, commercial practices in data-driven business models are also likely to affect the privacy of citizens (acting in their capacity as consumers). Arguments from consumer protection law may play a role in data protection law, as the latter requires the processing of personal data to be ‘fair’ and ‘lawful’. The reverse is also true as consumer protection law aims at striking a ‘fair balance’ between traders and consumers; a balance that can be affected by the trader’s processing of personal data. Thus, data protection law constitutes an important pillar of consumer protection law.2 The terms ‘user’, ‘consumer’, ‘citizen’ and ‘data subject’ are used interchangeably. The same is true for ‘service provider’, ‘trader’ and ‘data controller’.