Short Reads

Do the math: ACM publishes strategy on monitoring use algorithms

Do the math: ACM publishes strategy on monitoring use algorithms

Do the math: ACM publishes strategy on monitoring use algorithms

07.01.2021 NL law

The ACM worries that the use of algorithms may lead to the creation of cartels, or nudge consumers towards a purchasing decision that is not in their best interest. Therefore, on 10 December 2020, it published a new policy document (in Dutch) setting out what businesses can expect when the ACM checks their algorithms. On the same day, the ACM also launched a trial with online music library Muziekweb to improve the ACM’s knowledge about the categories of data that are likely to be relevant in such investigations. All signs indicate the ACM’s intention to become more active in this area.

Although the ACM acknowledges that the use of algorithms has great benefits for businesses and consumers, it also notes that they can have harmful effects when used to violate consumer protection or competition rules. For example, companies cannot use algorithms to implement personalised pricing based on characteristics such as disability, religion, ethnicity or race.

If the ACM has a reasonable suspicion that an undertaking’s use of an algorithm is illegal, it can oblige the undertaking to provide the source code of the algorithm and all other relevant documents (such as internal communications, input data, log files, test and debugging reports, scrum boards and GitHub repositories). On the basis of this information, the ACM will look at aspects including (i) the algorithm’s role in the alleged violation; (ii) the purpose for which the algorithm is used; (iii) the basic principles of the algorithm’s design; and (iv) the input for and the results of the algorithm (“input-output analysis”).

The position paper also sets out certain challenges the ACM is likely to face when it investigates an algorithm, such as:

  1.  The possibility for self-learning algorithms to change from one moment to the next, for example by using artificial neural networks. The ACM notes that it can use advanced technical tools to understand the functioning of such complex algorithms.
  2. External parties and integrated use of software. Algorithmic applications can be part of an ICT environment with links to (sub)systems and datasets that may belong to external parties. The ACM warns that companies that purchase third-party software may still be liable if they use that software to violate consumer protection or competition rules. 
  3. Cross-border elements. The ACM’s view is that it can copy data, even in a cross-border situation, if one (or a combination) of the following three elements is satisfied: (i) the company under investigation owns the data, (ii) manages the data; or (iii) uses the data.  
  4. Privacy concerns. If an algorithmic application processes personal data, the ACM needs to structure its investigation in such a way that it complies with all applicable privacy rules. 
  5. Deviation from standard investigatory practices. If algorithms are simple, the ACM can copy the code and store it in its own environment. However, if a company uses a third-party cloud service, the ACM may only be able to investigate if it also uses the same third-party cloud service. This could force the ACM to deviate from its standard investigatory practices.

The ACM’s new focus on algorithms is likely to lead to formal investigations and potentially to complex litigation relating to the boundaries of its investigatory powers. For example, it is not certain that companies under investigation will readily accept the ACM’s view on the scope of its powers as set out under points (3) and (5) above.

This article was published in the Competition Newsletter of January 2021. Other articles in this newsletter:

Related news

24.09.2021 EU law
Digital Law Up(to)date: (1) the download of a software with a permanent licence can constitute a “sale of goods”; (2) alert of the BEUC regarding the privacy policy of WhatsApp and its new term of use

Articles - In this blog, we briefly present two interesting news in the field of digital law: (1) a judgment of the CJEU considering that the download of a software with a permanent licence can constitute a “sale of goods”, and (2) an alert of the BEUC regarding the privacy policy of WhatsApp and its new terms of use.

Read more

09.09.2021 BE law
Digital Law Up(to)date: (1) Parliamentary initiatives about cyber attacks; (2) ‘Zero tariff’ options before the CJEU; and (3) Council of State, GDPR and encryption

Articles - In this blog, we briefly present three interesting news in the field of digital law: (1) Parliamentary initiatives to tackle cyber attacks (2) "Zero tariff" options and open internet access do not mix! (3) Council of State, GDPR and encryption: validation of a decision of the Flemish Authorities

Read more

26.08.2021 EU law
Facebook/Belgian DPA: Landmark ruling on cross-border enforcement under the GDPR

Short Reads - On 15 June 2021, the CJEU delivered an important judgment on the one-stop-shop mechanism. While the CJEU reinforced that the lead supervisory authority is the sole interlocutor in cross-border processing operations, it also contributed to the effective enforcement of the GDPR by reiterating the conditions under which supervisory authorities other than the lead supervisory authority can bring enforcement actions against such processing operations.

Read more

13.09.2021 NL law
Adopting the new Standard Contractual Clauses to secure international personal data transfers

Short Reads - Recently, the European Commission issued an implementing decision on standard new contractual clauses (“SCCs”) for the transfer of personal data to countries outside the European Economic Area. Organisations need to use the new SCCs from 27 September 2021 and onwards. Transitional periods apply for existing international data transfer agreements. To meet their obligations under the General Data Protection Regulation, organisations need to make the appropriate changes in time.

Read more