When do companies using the same pricing algorithm violate the antitrust law?  Despite the new technology, the answer seems to center on the classic issue central to a hub-and-spoke conspiracy: is there an agreement along the rim?

In Gibson v. Cendyn Group, LLC, class plaintiffs accuse Las Vegas hotels of fixing prices via a subscription software program provided by Cendyn Group.  This software suggests prices for hotel rooms and conference rooms via algorithm, relying in part on publicly-available competitor pricing data scraped from the web.  The accusation was that this created a hub-and-spoke conspiracy, with Cendyn as the hub, the hotels as the spokes, and the agreement among the hotels being evidenced by the hotels’ subscribing to and renewing their subscriptions to Cendyn’s services

But the Court disagreed for three reasons.  Most importantly, the complaint didn’t allege that Cendyn’s software recommended prices based on competitor hotels’ confidential pricing information.  This was in contrast to the In re RealPage, Inc. decision, another pricing-software-hub-and-spoke conspiracy, there in the residential apartment market.  The RealPage complaint alleged that the illegality derived from defendants’ “exchange of otherwise confidential information between competitors through the algorithm[.]” Unlike in RealPage, the Gibson court found that there was no allegation that the pricing recommendations Cendyn’s software generated relied on competitors’ confidential pricing data.  Instead, the recommendations appeared to be individualized, with no reference to competitor pricing information other than publicly available data gathered from the web.  The plaintiffs argued that Cendyn’s software inherently relies on confidential pricing information of other companies because the algorithms improve their past performances over time through machine learning.  But machine learning does not facilitate the sharing of one hotel’s confidential information with other hotels.  This was a “fatal defect” in the complaint, because it showed that the alleged hub-and-spoke price fixing conspiracy had no rim, that is, that there was no quid pro quo agreement among the hotels.

Second, Cendyn’s software only recommended prices; it didn’t set them.  Hotels allegedly often overrode the software’s price recommendations.  If the hotels had agreed with Cendyn that the software would set their prices, the court reasoned, it would have been easier to prove that a “rim” of horizontal agreements existed between the hotels to fix prices.  But the algorithm did not bind the hotels.

Lastly, hotels began subscribing to Cendyn’s software at different times over a decade—implying independent conduct rather than tacit agreement.  Plus, the software had scraped the web for competitor prices only since 2015, after most hotels had already subscribed.  The court noted that the antitrust laws do not prohibit businesses from factoring publicly-available competitor pricing information into their own decisions. 

Comparing RealPage to Gibson, it appears that courts may look for more than just use of a common pricing algorithm to find an antitrust conspiracy, because even in a hub-and-spoke configuration, there still needs to be something supporting the existence of an agreement among all of the alleged conspirators.  Without that, there is no horizontal agreement to give rise to an antitrust violation.

Under the UK’s merger control regime, there is no obligation to notify mergers to the Competition and Markets Authority (CMA).  However, where merger parties wish to formally notify a merger, there is a duty for them to make full and accurate disclosures of all relevant information.

Information requested in a Merger Notice, which is the form for businesses to use to notify the CMA of an anticipated or completed merger, includes details of the merger parties’ businesses, finances, operations and any other relevant information. The CMA will also typically issue information requests, including request notices under section 109 of the Enterprise Act 2002 (Section 109 Notices), to the merger parties to complete the Merger Notice to ensure it has sufficient information to commence its investigation.

Even after the CMA has accepted a Merger Notice, it can at any time during the 40-working day initial review period, reject the Merger Notice if it suspects information submitted to be false or misleading or if the merger parties either fail to provide information, which should in fact have been included in the Merger Notice or fail to provide requested information on time without reasonable excuse.

In respect to information requests, including Section 109 Notices, it is a criminal offence to provide, intentionally or recklessly, false or misleading information to the CMA. Criminal sanctions include imprisonment for up to two years, a fine or both. The CMA may also impose an administrative fine, which may be of a fixed amount or calculated by reference to a daily rate. The amount of the fine is determined by the CMA, up to a maximum of £15,000 per day or £30,000 for a fixed amount. The CMA has exercised some of its powers.

In addition, the CMA has the power to suspend the statutory timetables for reviewing mergers where information required under a Section 109 Notice is not provided by a relevant person or is found to be false or misleading.

Below are some of the most recent penalty decisions where fines were imposed on the parties.

  • On August 11, 2023, the CMA announced that it had imposed a penalty of £25,000 on Copart in relation to its acquisition of Hills Motors for failing, without reasonable excuse, to comply with Section 109 Notices during its Phase 2 investigation. In particular, Copart failed to provide the CMA with more than 50 documents that it considered were relevant and responsive to the Notice. 
  • On September 7, 2020, the CMA announced that it had imposed penalties totalling £55,000 on Amazon for failing to comply with requirements imposed on it by Section 109 Notices during its Phase 2 investigation of the anticipated acquisition of certain rights and a minority shareholding in Deliveroo. By way of background, the CMA had issued three Section 109 Notices in December 2019, January 2020 and March 2020, requiring Amazon to produce certain documents and information relevant to the CMA’s investigation.  However, only a total of 189 documents were provided and these were more than two months late and only after follow-up by the CMA.
  • On October 11, 2019, the CMA announced that it had imposed a penalty of £20,000 on Sabre Corporation acquiring Farelogix for failing, without reasonable excuse, to comply with Section 109 Notices, which had been sent in March and April 2019, during the Phase 1 investigation.  In its penalty decision, the CMA noted that a total of 188 unique documents were submitted around two months after the applicable deadlines had expired at a relatively advanced stage in the CMA’s investigation. It concluded that Sabre’s reliance on external US counsel to conduct a privilege review does not give rise to a reasonable excuse as its failure to adopt a quality control process that was adequate to ensure compliance with the requirements of the Section 109 Notices was a foreseeable error.

The duty to make full disclosures on time is an important aspect of the UK’s merger control regime, as it is in the EEA where parties have similar duties of full disclosure under the European Merger Regulation. This ensures transparency and fairness in the process, and enables the CMA to carry out its investigations effectively. Merger parties are strongly advised to provide accurate and complete information to ensure a fair and thorough review by the CMA. It is also important for the merger parties to notify the CMA as soon as possible after receiving a request for information if they encounter any difficulties in meeting the deadlines for providing the requested information.

In merger procedures, it is a fundamental requirement for parties to provide accurate and complete information to the European Commission as it forms the basis of the Commission’s assessment of mergers. Under the EU Merger Regulation (EUMR), the European Commission can impose fines where parties intentionally or negligently provide misleading or incorrect information during the merger review process and in response to requests for information. In March this year, the European Commission issued a Statement of Objections to Kingspan, alleging it provided misleading or incorrect information during the Commission’s EUMR investigation of Kingspan’s planned acquisition of Trimo, despite the transaction being abended earlier in the process. The case highlights that the companies should be careful not only to avoid gun jumping during their acquisition processes (see Here and Here) but also ensure the quality and truthfulness of the information submit to the European Commission.

As a background, Kingspan had notified the Commission of its intentions to acquire Trimo in March 2021. However, by April 2022, the companies abandoned the proposed transaction following concerns raised by the European Commission. Notably, in November 2022, after the transaction was abandoned, the European Commission launched an investigation to determine whether Kingspan had intentionally or negligently supplied false information during the merger investigation.

The Commission’s preliminary view is that Kingspan had either negligently or intentionally provided misleading or incorrect information regarding basic facts about Kingspan’s internal organization. In addition, it is alleged that basic facts aimed at assessing the following have been misleading or incorrect:

  • The scope of the relevant product and geographic market.
  • The existence of barriers to entry and expansion.
  • The importance of innovation.
  • The competitiveness between Kingspan and Trimo and their competitors.

As a reminder, the issuance of a Statement of Objections does not pre-determine the final outcome of the investigation. It is merely a formal step in the investigation process, informing the companies concerned of the objections raised against them. The companies then have the opportunity to respond to the Commission’s objections.

Should the European Commission conclude that Kingspan had intentionally or negligently provided misleading or incorrect information, it could impose a fine of up to 1% of the company’s annual worldwide turnover for each breach. In 2021, the European Commission imposed a fine of 7.5 million euro on Sigma-Aldrich for providing misleading information on a remedy package during the Commission’s investigation of Merck’s acquisition of Sigma-Aldrich (despite the acquisition being approved beforehand). In 2019, the Commission decided to impose fines totaling €52m on General Electric for providing incorrect information to the Commission during its 2017 merger investigation into General Electric’s acquisition of LM Wind. In 2017, the European Commission fined Facebook 110 million euro for providing incorrect or misleading information during the Commission’s 2014 investigation of Facebook’s acquisition of WhatsApp (despite the fact that the breach had no impact on the outcome of its investigation).

In addition to fines, the European Commission may also ultimately revoke one of its decisions where “the decision is based on incorrect information for which one of the undertakings is responsible”.

The Kingspan case highlights that even the withdrawal of a merger notification does not halt an investigation where the European Commission suspects that misleading or incorrect information has been submitted. While the potential maximum fine is lower than one for gun jumping (1% vs 10% of global turnover) and in practice the fines are well below the statutory maximum, it is an important requirement to comply with during the merger review process.

The European Commission can issue requests for information (RFI) not only to the parties of the case but also third parties, including competitors, suppliers and customers. The Commission has discretion to issue either a simple RFI or RFI by decision. When it comes to simple RFIs, these are not mandatory and recipients are under no obligation to provide the requested information. However, if recipients choose to respond, they cannot provide incorrect or misleading information. The same is true in respect of RFIs by decision. These are mandatory and recipients are under the obligation to provide all the requested information accurately and truthfully. The failure to reply to a formal decision within the specified time limit could also result in a fine.

The ongoing case serves as yet another example of the European Commission’s strict stance on procedural violations in the area of merger control, whether it involves providing misleading or inaccurate information, or prematurely implementing transactions. To date, the European Commission has not revoked a merger decision due to procedural infringements, but the risk persists if decisions are based on false information. Both parties involved in the transaction, as well as third parties responding to RFI, must ensure the accuracy of their responses and ensure that no information is deliberately withheld.

After a lengthy period of consultation, the European Commission has adopted a new Notice (‘Notice’) on the definition of the relevant market for purposes of EU competition law.  The Notice comes on the heels of a significant period of updating competition laws, including (i) a number of new block exemption regulations setting safe harbors (e.g. for vertical agreements, R&D, specialization agreements); (ii) new guidelines on vertical agreements; (iii) new guidelines on horizontal agreements, which have a chapter dedicated to sustainability arrangements; (iv) the Digital Markets Act; (v) the Digital Services Act; and (vi) the Foreign Subsidies Regulation.

It is worth recalling that the purpose of the Notice is to provide guidance (including transparency) to business on the approach the Commission will take in analyzing the boundaries of competition between companies and the level of market power being exercised in a market (or the level of change in market power which occurs or might occur).  The new Notice acknowledges that the world has changed considerably since the previous market definition notice which dates from 1997, with the advent of digital markets, more complex supply chains and the multiple challenges of digital and green transitions (for example, carbon zero, environmental sustainability factors).  The Commission acknowledges that product characteristics, price and intended use are not the only competitive parameters.   Other factors may play a role, such as security and privacy protection, durability, possible integration with other products, range of possible uses, as well as possible behavioral biases from choosing the default option on offer.  The Commission wants to reflect these developments as well as developments in jurisprudence, its own practices and ensure consistency with other competition authorities.  The Notice seeks to increase the transparency and therefore the predictability of the Commission’s thinking, through publication of the methodology it will follow and the evidence and criteria it will seek to rely on in the application of the competition rules.  This should help businesses anticipate the sorts of information which the Commission considers to be relevant for purposes of market definition.

The Commission uses market definition as a tool for analyzing (i) proposed mergers and full function JVs under the merger regulation; (ii) antitrust enforcement relating to bi-lateral or multi-lateral conduct under Article 101 TFEU; (iii) antitrust enforcement relating to unilateral conduct by companies which may be dominant under Article 102 TFEU; and (iv) enforcement of equivalent provisions under the Agreement on the European Economic Area.  Customers take a number of factors into account, which the Commission looks at.  These include price, innovation, various aspects of quality (including factors of sustainability, security, reliability of supply). 

What the Commission is interested in are the factors which operate as ‘effective and immediate’ disciplinary forces or restraints on suppliers of a given product and for this it looks primarily at demand substitution, then at supply substitution.  These two help to identify the products and suppliers in the relevant market.  For purposes of the market definition exercise, it does not look at potential market entry (i.e. from outside the market).  Rather this is considered subsequently as part of the competitive assessment.

In addition to clarifying and expanding on existing and well-understood market definition principles, the Notice provides practical examples and there is also discussion in the Notice on a number of new topics.  These include:

  • Product differentiation: this could occur at product or geographic levels and could result in a finding of separate markets or of a single broad market where there is no clear distinction;
  • Customer groups: they could be differentiated (including by customer location) if there are different conditions of supply.  Three conditions are required to be present: identifiable groups, an absence of arbitrage and non-transitory discrimination between them;
  • R&D: where R&D and innovation efforts are in the mix, the Notice indicates that the Commission will consider whether the R&D identifies pipeline products which can be visible for ‘expected transitions in the structure of  a market’, in which case it could form part of the present or a future product market.  For innovation efforts, the Commission will assess what the objectives of the R&D are and whether it is too early a stage of innovation and whether the boundaries of competition can be identified and who the rivals are: ‘is there sufficient probability that new types of products are about to emerge’?
  • Digital markets: the Notice outlines the Commission’s approach to multi-sided platforms where competition may not be on price and after-markets.  For multi-sided platforms, the analysis seeks to determine whether there is one market for all products or separate and distinct markets for products on each side.  The Commission will look to see what substitution possibilities exist.  Where products have zero (or even negative) monetary value, what are the relevant non-price elements (including quality and sustainability factors) and are there alternatives to the SSNIP test (which would not be applicable in such circumstances).  For after-markets, the Notice indicates that the Commission will examine whether there are system markets, multiple markets or dual markets.

The update to the Notice on the definition of the relevant market is welcome and long overdue.  At the same time, businesses should not forget that the relevant market analysis involves both legal and economic arguments, with interpretation of the relevant concepts in a fact-specific context.  Also, markets are constantly developing and evolving and regard will need to be had to guidance from the European Courts.  One point which the Commission has made clear is that the Notice only offers guidance to business: it is not a regulation binding on the Commission and nor is it bound by past decisions.  Parties will certainly rely on the Notice to support their submissions, but the Commission will need to justify its position if it intends to depart from the methodology outlined in the Notice.

The Antitrust Division of the Department of Justice  and the Federal Trade Commission recently issued a revised model second request clarifying that companies under investigation have an obligation to preserve communications on messaging platforms including those on so-called ephemeral applications.  These applications, such as Slack, Microsoft Teams, Signal, and Google Chat, can be configured to delete messages automatically, posing a problem when a litigation hold is implemented.  A federal judge sanctioned Google in March of 2023 for telling the court that it was preserving messages on Google Chat while not turning off the setting that allowed for 24-hour default deletion.  In their statement, the agencies noted that many companies have not properly been retaining documents from these ephemeral messaging systems in response to preservation requirements in second requests, voluntary access letters, and compulsory legal process such as grand jury subpoenas. 

This failure to preserve is unacceptable to the agencies.  Although they believe that the requirement to preserve ephemeral messages was obvious before, the revised language “makes crystal clear that both ephemeral and non-ephemeral communications through messaging applications are documents” that must be preserved.  The relevant language in the revised second request model now states that “‘Messaging Application’ includes platforms, whether for ephemeral or non-ephemeral messaging, for email, chats, instant messages, text messages, and other methods of group and individual communication (e.g., Microsoft Teams, Slack).”   Also, the model second request states that employee-owned electronic devices used to store or transmit documents responsive to the request are considered to be “in control of the company”.

Companies should review the use of any messaging applications capable of automatically deleting messages to determine what the default settings are and if users have overridden them to delete messages.  In the event of a government investigation and a need to issue a litigation hold notice, the notice should explicitly state that all employees subject to the hold must turn off all auto-deletion functions on all messaging applications on all electronic devices on which they conduct company business. The agencies have signaled this is a priority issue for them and that they may bring obstruction of justice charges or seek civil sanctions if companies fail to preserve ephemeral messages. 

The Federal Trade Commission (“FTC”) has announced updated size-of-transaction thresholds for premerger notification (Hart-Scott-Rodino or “HSR”) filings, as well as updates to the HSR filing fees and transaction value categories.  Separately, the FTC has also updated the de minimis thresholds for interlocking officer and director prohibitions under Section 8 of the Clayton Act.

The HSR filing thresholds, which are revised annually based on the change in gross national product, trigger a premerger notification filing requirement with both the FTC and the Department of Justice’s (“DOJ”) Antitrust Division.  For proposed mergers and acquisitions, the 2024 threshold will increase from $111.4 million to $119.5 million.

Continue Reading The FTC Updates Size of Transaction Thresholds and Filing Fees for Premerger Notification Filings for 2024

On December 18, 2023, the DOJ and FTC jointly released the final 2023 Merger Guidelines that describe how the agencies will evaluate proposed merger and acquisition transactions.  Despite significant editing, and calls from industry to moderate the guidelines, the agencies essentially doubled down on their vision, which we have previously described, promising a more aggressive review of future transactions while providing limited concrete guidance for merging companies.

Changes From Draft Guidelines

We summarize some of the changes made between the draft guidelines and the final version.  None of these, though, are major revisions.  Beyond what is highlighted here, most of the revisions are wordsmithing and the addition of more contemporary case citations, perhaps in response to criticism that the case law cited was all very old.

  • Multimarket Contact Theory.  The agencies have inserted into Guideline 3 an additional example of a situation that may give rise to an anticompetitive alignment of incentives that can be a secondary factor to support a finding of coordinated effects.  Guideline 3 now states that if a merger results in a situation in which the merged firm competes with another firm in multiple markets (“multi-market contact”), firms might have an incentive to compete less aggressively in some markets in anticipation of reciprocity by rivals in other markets.
  • Weakened Threshold for Foreclosure in Vertical Mergers.  Draft Guidelines 5 and 6 have been combined into new Guideline 5, which focuses on vertical merger issues. The agencies removed the bright-line presumption of illegality where one merging party has a 50% share of a “related market” into which the merging counterparty sells or buys.  Instead, the text states that the presumption may be found if the merged firm is approaching or has monopoly power over the related product, and the related products is competitively sensitive.  And the 50% share figure resurfaces in footnote 30, albeit with slightly weaker language stating that the agencies “will generally infer” a violation if the 50% threshold is crossed.
Continue Reading DOJ and FTC Finalize Merger Guidelines

The Federal Trade Commission (FTC) recently submitted comments to the US Copyright Office as part of the Office’s notice of inquiry examining copyright issues related to artificial intelligence.

The agency’s comments largely focused on two areas: potential threats to competition from AI, and copyright.

Competition: The FTC cautioned that “the rapid development and deployment of AI also poses potential risks to competition” for several reasons:

  • “The rising importance of AI to the economy may further lock in the market dominance of large incumbent technology firms. These powerful, vertically integrated incumbents control many of the inputs necessary for the effective development and deployment of AI tools, including cloud-based or local computing power and access to large stores of training data. These dominant technology companies may have the incentive to use their control over these inputs to unlawfully entrench their market positions in AI and related markets, including digital content markets.”
  • “AI tools can be used to facilitate collusive behavior that unfairly inflates prices, precisely target price discrimination, or otherwise manipulate outputs.”
  • “Many large technology firms possess vast financial resources that enable them to indemnify the users of their generative AI tools or obtain exclusive licenses to copyrighted (or otherwise proprietary) training data, potentially further entrenching the market power of these dominant firms.”
Continue Reading The Federal Trade Commission Weighs In on AI and Copyright

A recent Seventh Circuit opinion by Judge Easterbrook held that no-poach agreements, absent valid ancillary restraints, can be per se illegal. Per se violations of the antitrust laws are inherently illegal—meaning no defenses or justifications are available. They have traditionally included conduct like horizontal price fixing, bid rigging, and market allocation. 

This is the first appellate opinion to reach the conclusion that no-poach agreements can be per se violations. As the Department of Justice Antitrust Division (DOJ) has spent the past seven years arguing that no-poach agreements are criminal violations of the antitrust laws, the opinion could empower the DOJ to bring more no-poach cases, given that it must establish an antitrust violation is a per se violation for criminal cases. This opinion also fires a warning shot at companies that use no-poach clauses in franchise agreements. Under the principles described in the opinion, many no-poach clauses in that type of agreement may be per se illegal.

Continue Reading Seventh Circuit: No-Poach Agreements May Be Per Se Illegal

On July 4, 2023, the highest EU court issued a landmark judgment in Case C-252/21, where the German court referred several questions for a preliminary ruling related to (i) the interplay between data protection concerns and competition law breaches; and (ii) interpretation of the EU General Data Protection Regulation (GDPR). This judgment has far-reaching implications for online operators whose business model is based on personalized content and advertisement.

We highlight some of the main takeaways from the judgment below, namely:

  1. Relevance of data protection determinations in competition laws cases.
  2. Large interpretation of the notion of sensitive data and restrictive application of the “manifestly made public by the data subject” derogation within the meaning of Article 9 GDPR.
  3. High threshold regarding the legal basis available under Article 6 GDPR for personalized content and advertisement.
  4. Charging a fee for processing activities not necessary for the provision of the services may be an alternative to consent.
  5. Dominant market position does not affect per se the validity of consent.

1. Relevance of data protection determinations in competition law cases

The Court of Justice of European Union (CJEU) confirmed that national competition authorities (which usually do not have a monitoring or enforcement role under the GDPR) can review whether a data processing operation complies with the GDPR as part of the examination of an abuse of a dominant position by that undertaking. However, the national competition authorities should engage in sincere cooperation with the data protection authorities responsible for enforcing compliance with the GDPR.

Where there is a decision from a data protection authority or a court on the conduct or similar conduct under the GDPR, the national competition authority cannot depart from that decision. It can, however, reach its own conclusions from the point of view of the application of competition law. Where there is no decision or the scope of that decision is unclear, and the data protection authority refuses to cooperate (for example, it does not respond within a reasonable time to the request to cooperate) or does not object the investigation by the national competition authority, the national competition authority can conduct its own assessment.

The judgment of the CJEU highlights the possibility that companies could face enforcement actions for the same conduct under two regimes, both of which could result in substantial fines. Further, while the judgment focuses on the abuse of dominance, similar interplay could arise between the GDPR considerations and other aspects of EU competition rules. We have already seen this in merger cases.

2. Large interpretation of the notion of sensitive data and restrictive application of the “manifestly made public by the data subject” derogation within the meaning of Article 9 GDPR

The CJEU clarified that the processing by an operator consisting in the collection – by means of integrated interfaces, cookies or similar storage technologies – of data from visits of websites or apps relating to sensitive data and of the information entered by the users, the linking of all those data with the operator’s user accounts and the use of those data by the operator must be regarded as processing of sensitive data if sensitive data can be revealed. Further, where the processing entails the collection en bloc of both non-sensitive data and sensitive data without it being possible to separate the data items from each other at the time of collection, such processing activity must be regarded as processing of sensitive data if the data set contains only one sensitive data item. Such processing activities are in principle prohibited unless one of the derogations provided under Article 9(1) GDPR applies.

Regarding specifically the derogation of special categories of personal data manifestly made public by the data subject provided under Article 9 (1) (e) GDPR, the Court further ruled that this derogation may only apply to the processing above described if the user has explicitly made the choice – through individual settings – to make publicly accessible to an unlimited number of persons his interactions with these websites or apps.

3. High threshold regarding the legal basis available under Article 6 GDPR for personalized content and advertisement

  • Performance of a Contract

The CJEU ruled that this legal basis can only be used where the processing is objectively indispensable for a purpose that is integral to the contractual obligations intended for the data subject. In practice, this means that the controller must be able to demonstrate that the processing is essential for the proper performance of the contract and that the contract cannot be achieved if the processing does not occur. The fact that the processing is referenced in the contract or merely useful for its performance is irrelevant. The Court considered that the personalization of content by social media platforms may be useful to users; however, such personalization is not necessary to offer the to users of social media platforms as such services can be provided without personalization.

  • Legitimate Interest

The CJEU recalled that the controller must consider – when conducting its balancing test to assess whether its legitimate interest is not overridden by the data subject’s interests, rights and freedoms – the reasonable expectations of the data subject as well as the scale of the processing at issue and its impact on data subjects. The CJEU acknowledged that personalized advertising may be regarded as a legitimate interest of the controller; however, it concluded the users’ interests, rights and freedoms prevail in the context of the processing at issue. Indeed, the CJEU noted that the processing at issue is particularly extensive since it relates to potentially unlimited data, and users may feel that their private life is being continuously monitored. According to the CJEU, users can, therefore, not reasonably expect that such extensive processing activity for the purpose of personalized advertisement is being conducted without their consent. Consequently, legitimate interest cannot be used as a legal basis for personalised advertisement in the context of the processing at issue.

4. Charging a fee for processing activities not necessary for the provision of the services may be an alternative to consent

The CJEU recalled that under the GDPR, consent is not freely given where the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment. In practice, this means that separate consent must be sought for each data processing operations. Users must, thus, be free to refuse to give their consent to particular data processing operations not necessary for the performance of the contract (such as personalized advertisement) without being obliged to refrain entirely from using the service offered by the online operator. According to the CJEU, users not wishing to provide consent to processing operations that are not necessary for the performance of the contract could be charged a fee.

5. Dominant market position does not affect per se the validity of consent

The CJEU noted that the dominant market position of the online operator does not, per se, preclude users from being able to validly consent to the processing of their personal data by that operator. However, since that position is liable to affect the freedom of choice of those users and to create a clear imbalance between them and the online operator, it is an important factor in determining whether the consent was, in fact, validly and, in particular, freely given, which it is for that operator to prove.