FEATURE
Holding Resellers to Ransom Rex Parry
I
n January of this year a UK-based software developer filed a complaint against IBM at the European Commission. The software developer, an approved dealer of IBM, alleged that IBM had abused confidential information ‘exchanged’ between the parties by taking unfair advantage of its dominant position in the market in breach of European competition legislation. In the light of this what can a David do against a Goliath? What are the consequences of aggressive contracting by dominant players and what protective measures are available to resellers against such contractual demands? The complaint has brought the terms and conditions imposed by such a ‘big player’ into the spotlight and has simultaneously raised the profile of the concerns of those (mainly resellers) subject to them. A recent fundamental amendment by IBM to the terms and conditions on which it contracts with its partners has fanned the flames even more. In essence, IBM has sought to broaden the information it can demand from its resellers and extended the use it can make of that information. IBM
“IBM has sought to broaden the information it can demand from its resellers and extended the use it can make of that information” achieved this by providing an explicit clause in the contract requiring that the reseller provide details of revenue data, contracts and contacts. Under the clause, IBM can use the information for whatever purposes it sees fit and, moreover, it can transfer such information to any related or non-related company of its choice who can deal with the information as they so wish and
Computer Fraud & Security October 1998 1361-3723/98/$19.00 0 1998 Elsevier Science Ltd. All rights reserved
possibly even use the information against the reseller. Resellers might well feel vulnerable. From the point of view of the reseller, the key issue at the heart of the complaint to the European Commission was the nature of the confidential information demanded. Usually, manufacturers will want to know what marketing is being conducted, what contacts the reseller has and what product information exists. The reseller’s main concern arises when the information extends to customer lists, a more valuable asset. A secondary but just as vital issue, much publicized by IBM’s amendment to their terms and conditions, is the use to which such confidential information acquired can be put. Strictly speaking, it is the commercial decision of the reseller as to what information he agrees to provide at the time he enters the agreement. What is clear from IBM’s conduct is that the reseller should carefully consider the nature of information provided to the manufacturer and the purposes for which the information may be used. It goes without saying that a customer list, which was acquired by IBM in the filed complaint, is one of
“the reseller should carefully consider the nature of information provided to the manufacturer and the purposes for which the information may be used” the most valuable pieces of confidential information a reseller possesses. Should a manufacturer gain this information all the reseller’s time and expense invested in building up the list is potentially not only wasted but given to a competitor. The reseller who initially believes he is appeasing the more powerful party may discover that he is cut out of the picture and that the manufacturer is supplying his former customers direct. It had been suggested by some (and used as a defence by IBM) that IBM’s sudden desire to seek to extract more information from their resellers was the
15
FEATURE result of a positive legal obligation of a European nature. In reality, IBM is partly seeking to preempt revised and more powerful data protection legislation which is due to come into force in EU Member States by 24 October 1998 and partly undertaking a review of how it obtains information from its resellers. In the UK, the data protection legislation will not be implemented until next year now. Whilst most of the data exchanged between the reseller and manufacturer will typically not be ‘personal data’ (i.e. information relating to an identified or identifiable natural person) and therefore
“IBM is partly seeking to preempt revised and more powerful data protection legislation which is due to come into force in EU Member States” not within the data protection legislation, some data will be covered. If data is held solely for the purposes of communicating with a customer (i.e. a company) and personal data is used purely to send the mail directly to the correct person in the customer’s organization then the data is not personal. However, if the intention is to communicate with the named individual, personal data is held and the legislation applies. These issues should be distinguished from those relating to any other information which a manufacturer may seek to extract from the weaker party about, for example, its revenue data or product information, for example, which although confidential, is clearly not ‘personal’.
resellers as the legislation will require the consent of the data subject (possibly a customer of the reseller in this instance) in many more instances than under previous legislation. A second practical consequence is that the transfer of personal data from the UK to a country outside the European Economic Area for processing will be prohibited under the new legislation unless the country can ensure an ‘adequate level of protection’. Where the reseller is dealing with an undertaking of considerable size or power (i.e. a conglomerate such as IBM), it is possible that data obtained from the reseller would be processed outside the European Economic Area by the manufacturer. The new law will, on the face of it, prevent this if the country concerned has, like the USA has, inferior protection. However, if, for example, the data subject consents to the transfer of data, the transfer becomes permissible. The burden, therefore, is initially on the manufacturer, he is likely to ensure the contract compels the reseller to obtain the ‘consents’ from data subjects. The impending legal changes and the need to review how all data is obtained given the potential severance of information flows has set loose something of a panic. Consequently, many may seek to acquire as much confidential information as possible prior to the cut off date whether or not the data itself falls within the data protection legislation. This is a panic which is likely to spread once other big players twig onto IBM’s way of thinking. Clearly, resellers
“such data will attract more stringent controls at national level on how it can be obtained and used”
If there is any doubt or overlap between these two definitions it is clear that some (such as IBM) are taking a cautious route. The distinction is important because if a manufacturer requires data which falls within personal data, such data will attract more stringent controls at national level on how it can be obtained and used which may be to the manufacturer’s detriment.
should be aware of their potential liability under the data legislation along with the shrewd drafting of manufacturers who will seek to ensure that the onus of complying with the new legislation lies firmly with the resellers.
One practical consequence of the data protection legislation is that it will hinder the ability of manufacturers to demand personal data from their
The reseller also needs to be aware of the value of European competition legislation. Should he be faced with a manufacturer seeking to impose onerous terms
16
Computer Fraud & Security October 1998 1361.3723/98/$19.00 0 1998 Elsevier Science Ltd. All rights reserved
FEATURE into the contract, even if such terms are accepted by the reseller at the time, there may be some relief under European legislation. One approach is provided by Article 86 which prohibits, without exception, any abusive exploitation of a dominant position. Without the need to show any
“the transfer of personal data from the UK to a country outside the European Economic Area for processing will be prohibited under the new legislation unless the country can ensure an ‘adequate level of protection”’ increase in market power or anti-competitive effects those contracting with an abuser have the benefit of seeing the big player’s conduct and performance regulated if the Commission takes action, or if it is prompted by, for example, a disgruntled party to a contract. Although price increases and output limitations are the classic examples of abuse of monopoly power and contradict the principle of fairness and freedom of traders encapsulated within Article 86, the enforcing of generally ‘abusive’, exploitative terms against a reseller falls within its remit. For a reseller to benefit from Article 86, it would need to establish dominance by the ‘abuser’. One needs to ask whether IBM has a position of economic strength enabling it to prevent effective competition being maintained on the ‘relevant market’ by giving it the “power to behave to an appreciable extent independently of its competitors and consumers”. What constitutes the relevant market is vital e.g. is it desktop PCs or laptops? The narrower the relevant market the more likely dominance will be established, and the greater likelihood of a successful result for the complainant.
A second approach is found in Article 85 which prohibits collusion that restricts competition. However vague the principle may sound, it is of great practical use. Usually for Article 85 to apply, there is some form of collusion between undertakings which affects trade between Member States and which has the object or effect of preventing, restricting or distorting competition within the common market. However, the requirement of ‘collusion’ is not as exacting as it suggests and unilaterally imposed acts accepted ‘in fear’ by the weaker bargaining party have been classified as agreements between the parties within Article 85. Wide information sharing provisions can be prohibited by it. The distinction from Article 86 is that there are possible exemptions to this prohibition. This European legislation creates legal uncertainty which is a valuable weapon for a reseller acting against a conglomerate. This is explained by the fact that the Commission often asks parties to make changes to their agreements. The potential benefit to the weaker party of such demands is that they may find themselves with the opportunity to re-negotiate after a shift in bargaining power if onerous terms have been found unenforceable by virtue of Article 85. The reseller should also be aware of its ability to threaten an approach to the Commission with a complaint. Even if the likelihood of success for an action based on Article 85 or 86 is minimal, the publicity against the other party is damaging and can put those contracting with the manufacturer on guard, much to the manufacturer’s despair. What use is made of this tactic should be clearly thought through, clearly the reseller does not want to lose its contract, but it should be aware of its power to twist the other’s arm, if necessary. Furthermore, even if the costs of pursuing any action are a deterrent to a reseller, a group effort by a number of resellers make this route more financially palatable. Big players should be aware that antagonizing resellers may inadvertently encourage them to make use of what protection exists.
Computer Fraud 81Security October 1998 1361-3723/98/$19.00 0 1998 Elsevier Science Ltd. All rights reserved
Rex Parry is the head of the Intellectual Ever-sheds, the UK law firm.
Property
at
17