EDPS-BEUC Conference on Big Data, Brussels, 29 September 2016

"Check against delivery"

Introduction

Ladies and gentlemen

I want to thank both the European Data Protection Supervisor and BEUC for inviting me to be with you today.

Because I think Mr Buttarelli is right when he says in his opinion that we all have something in common. We all care about fairness. And the rules on data protection, on competition and on consumer protection all play a part in making that fairness a reality.

And there's something else that we have in common. When it come to big data, each of us can help to build people’s trust. Because big data has enormous potential. But it won't achieve that potential unless people are confident that their rights are protected.

And that matters, because we need the things big data can do for us.

We need all the help we can get to stop climate change getting out of hand. So if big data can help us to get more electricity from our wind farms, and help us to use less fossil fuels, that's a pretty important contribution.

We need ways to make our economy work better for everyone. If big data can help to understand what individuals really need, then we can all hope for better services. I’m talking of more accurate recommendations from an online shop. But I'm also talking about personalised medical treatments, which really work for us.

But this will be much harder to do if people see big data as a threat.

So the future of big data is not just about technology. It's about things like data protection, consumer rights and competition. Things that give people confidence that big data won't harm them.

Privacy

Above all, people need to know that their personal data will stay private.

I don't need to tell you about how important that is. Both BEUC and the EDPS have made the point many times. And I think the new EU data protection rules will help to build that confidence.

One way they do that is with the principle of data protection by design. That means privacy can no longer be an afterthought. If you want to use personal data, you need to think from the start about how to keep it safe. How to encrypt it to avoid hacking, or make it anonymous so it can't be traced back to us.

And I think the same goes for competition as well. Companies need to think from the start about how to use data without hurting consumers. And if they do, there's no reason why big data and competition should conflict.

Data as an asset

For example, companies need to make sure they don't use data in a way that stops others competing.

But that doesn't mean there’s a problem, just because you hold a large amount of data.

After all, the whole point of big data is that it has to be big. Because, with the right tools, you can find patterns in a large set of data that you just wouldn't see in a smaller one. And we don't want to discourage companies from putting in the effort to collect that data.

So it's important to be clear about this. We don't just assume that holding a large amount of data lets you stop others competing. After all, it might not be difficult for other companies to get hold of the same data, by collecting it from their own users or even buying it in. Or the data we’re talking about might not be all that important in order to compete.

So when the Commission looked at Google’s purchase of DoubleClick, in 2008, one question was how important access to DoubleClick’s data was for companies to compete. And in that particular case, the Commission found no concerns, so the merger was approved.

But it's possible that in other cases, data could be an important factor in how a merger affects competition. A company might even buy up a rival just to get hold of its data, even though it hasn't yet managed to turn that data into money. We are therefore exploring whether we need to start looking at mergers with valuable data involved, even though the company that owns it doesn't have a large turnover. That Mr Buttarelli raises this point in his opinion is obviously a very welcome contribution to our reflections.

Data pooling

Collecting a lot of data is one way to get the most out of it. Another could be for companies to share data between them.

Because if bigger is better, then combining companies’ data into a single, big pool might give you insights that you couldn't get from each one on its own.

Take connected cars, for instance.

The cars we drive are becoming as digital as our smartphones. They have dozens of sensors that measure the car’s performance. And they can report that information to the cloud through their own Internet connections.

So just imagine if they could combine all that information, from each different make of car. That might help car companies build better cars – or even help teach self-driving cars to operate independently.

And there’s no reason why that should harm competition. As long as companies make sure they do it the right way.

In fact, data pooling might even help competition.

For example, a big online bookstore can use its data from billions of purchases, to work out which books I might want to buy. But smaller rivals, without so much data, might not be able to give me such good recommendations.

So if smaller shops pool their data – in a way that complies with the privacy rules – that could help them compete. And that could be good for us all.

That was the Commission’s conclusion in 2010, when Microsoft bought Yahoo!'s search business. Far from undermining competition, that merger actually had the capacity to make the market more competitive, by increasing Microsoft’s scale – and the amount of data it had  – and improving its chance to compete with Google in that market.

Data pooling and competition

So we welcome that sort of pooling of data, as long as companies do it in a way that protects people’s privacy, and doesn't hurt competition.

That doesn't have to be difficult. Our guidelines on horizontal cooperation shed light on how to share data in a way that doesn't harm competition. Because we don't want valuable cooperation to hit a problem just because of the way it's designed.

So companies have to make sure that the data they pool doesn't give away too much about their business. Otherwise, it might become too easy for them to coordinate their actions, rather than competing to cut prices and improve their products.

One way to do that is by sharing information anonymously. Companies could send their data to a platform, and get back aggregate data with no indication of which company it comes from. That would still give companies information that would help build better cars or make existing ones run better -  it just wouldn't undermine competition.

Or companies might limit the type of information they share. So car companies might decide not to share information that would tell rivals too much about their technology. Online shops might share data without saying when products were bought, or for how much.

And companies also need to be sure that pooling data doesn't become a way to shut rivals out of the market. It's one thing to decide who you want to cooperate with. But that decision shouldn't deny the others a chance to compete.

Because a world of self-driving cars is quite appealing. It offers the promise of  less pollution, fewer accidents,  better mobility for people with disabilities. But it's hardly progress if that means reducing competition, and making people pay too much for their cars.

Of course, the competition rules weren't written with big data in mind. But the issues that concern us haven't changed.

We’re not here to get in the way of innovative ideas. If companies need to collect large sets of data, or share data with their rivals to build better products, we don't object to that. As long as they don't hurt consumers in the process, by undermining competition.

Effective enforcement

Of course, If companies do break the competition rules, we may need to take action. And that means that Europe’s competition enforcers need to work together on big data – not just the Commission, but the national competition authorities as well.

Many of them are already doing that. Our French colleagues have launched a sector inquiry on big data. And the German authority is looking at whether Facebook may have misused its power to impose unfair privacy terms.

But if we want to be able to deal with big data issues throughout the EU, then every national authority has to have the tools it needs to enforce the rules.

In the last few months, we've been talking to those national authorities, to understand what powers they need.  We've also been discussing with business and consumer groups – including BEUC. And all those sources have told us we could do more to help national authorities do their job.

I think there's a strong case for new EU rules as part of the answer.

Of course, each authority has its own national traditions. So the best type of legislation may be a directive, not a regulation.

We’ll know more when we’ve finished our impact assessment. And if we do find that new EU legislation is the best way forward, I hope to put a proposal on the table early next year.

Conclusion

Because if we want big data to fulfil its promise, then we need to enforce the rules effectively.

Already, people are worried about how big data will affect them. The benefits it has to offer can seem far away – almost like science fiction. But people's sense that they’ve lost control of their personal data, the sense that data is making companies so powerful that no one can control them – these things are very immediate.

Those who work with big data need to take this seriously. It's up to them to convince people that they will use data properly. That they can be trusted to keep people’s personal data safe from hackers. And that they won't use it to stifle competition.

But we also have a part to play. We can show people that companies that use big data have to follow the rules.

So I will keep a close eye on how companies use data. I'm sure that the European Data Protection Supervisor and BEUC will do the same. And between us, I'm convinced that we can make big data, not a threat, but the key to a better future.

Thank you.