CYIL vol. 12 (2021)

CYIL 12 (2021) The ROLE OF COMPETITION POLICY IN CYBERSECURITY The first area we are going to discuss concerns the need to limit competition in order to increase cybersecurity; as an example, we will consider the prevention of certain companies from providing their technologies to 5G telecommunication networks (Chapter II). Second, we will focus on data privacy. As an example, we will consider the investigation of Facebook’s putatively anticompetitive practices in several jurisdictions and in particular the decision against this company adopted recently in Germany (Chapter III). Both these areas of concern are connected by the fact that it is questionable whether competition law was originally meant to intervene in them. We will argue in this Article that it should indeed be very cautious to do so. II. Limited Competition and Security of 5G Networks The EU 5G Action Plan 2 from 2016 expects comprehensive deployment of 5G networks in urban areas and major transport paths by 2025. Great expectations, but also risks are connected with it; as the Commission puts it: The fifth generation (5G) of telecommunication networks are set to play an essential role in the development of the European society and economy. They are expected to offer vast economic opportunities and to be an important basis for the digital and green transformation in areas such as transport, energy, manufacturing, health, agriculture and media. 5G will therefore potentially impact close to all aspects of the lives of EU citizens. The cybersecurity of 5G networks is therefore essential not only to protect our economies, societies and democratic processes but also to ensure a trustful digital transformation for the benefit of all EU citizens . 3 With the cybersecurity of 5G networks in mind, the Commission adopted in March 2019 a recommendation, 4 which was meant to set out guidance on appropriate risk analysis and management measures at a national level, on developing a coordinated European risk assessment and on establishing a process to develop a common toolbox of best risk management measures. 5 Without mentioning it explicitly, this recommendation reacted to a threat posed to cybersecurity by certain Chinese telecommunication companies, in particular Huawei Technologies (Huawei). 6 In 2008, the US House of Representatives Permanent Select Committee on Intelligence issued a report, 7 on the basis of which Huawei equipment was excluded fromUS Government 2 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 14 June 2016 5G for Europe: An Action Plan . COM (2016) 588. 3 Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions of 29 January 2020 Secure 5G deployment in the EU – Implementing the EU toolbox . COM (2020) 50, p. 1. 4 Commission Recommendation (EU) 2019/534 of 26 March 2019 Cybersecurity of 5G networks . 5 Ibid , rec. 9. 6 For further details, see e.g., KASKA, K., BECKVARD, H., MINÁRIK, T. Huawei, 5G and China as a Security Threat. CCDCOE (NATO Cooperative Cyber Defence Centre of Excellence), 2019. Available at: https://www. ccdcoe.org/uploads/2019/03/CCDCOE-Huawei-2019-03-28-FINAL.pdf (accessed 1 September 2021). 7 ROGERS, M., RUPPERSBERGER, D. Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE , available at: https://republicans-intelligence.house.gov/ sites/intelligence.house.gov/files/documents/huawei-zte%20investigative%20report%20(final).pdf (accessed 1 September 2021).

213