CREATe is happy to present the ninth entry in our series of working papers released in 2022: “Affinity-based Algorithmic Pricing: A Dilemma for EU Data Protection Law”. This research paper by Zihao Li, a PhD researcher and Research Assistant at CREATe, University of Glasgow, is a pre-print version of an article published in volume 46 (2022) of the Computer Law and Security Review (CLSR). Recently, Zihao has been awarded the Modern Law Review (MLR) Scholarship.
In the age of big data and machine learning, online platforms are able to generate users’ digital profiles or infer their status by collecting and processing unprecedented volumes of data, which can strengthen platforms’ and sellers’ ability to provide tailored and personalised prices to customers. For example, as early as 2001 Amazon was reportedly using cookies data to analyse customer behaviours, then selling products to different users for different prices. Meanwhile, Staples.com is reported to frequently display lower pricing if competing shops were physically situated within around 20 miles of the customer’s estimated location. More recently, Uber is known to charge users with low-battery phones more, as they may be more desperate.
All these examples build users’ digital footprints and employ algorithms to anticipate the price that end users will be willing to pay for products or services. Owing to the increasing problems of privacy invasion, loss of control of informational self-determination, and the inequality and unfairness caused by the uncertainty of legal regulation in this grey area, many professionals have called for legal interventions to counter the commonly applied practice of algorithmic pricing. For example, data protection law is highly expected to regulate this area. However, due to the ambiguity of the term “price discrimination” and “personalised pricing”, many legal studies neglect affinity-based algorithmic pricing, which may bypass the General Data Protection Regulation (GDPR).
This working paper first discusses the limitations of these two terms in legal research before proposing a new concept (online algorithmic pricing) to improve the law. Based on this new concept, a detailed taxonomy is offered by following the method of data classification (personal data/non-personal data) used in data protection law. Through this taxonomy, a new form of online algorithmic pricing, namely affinity-based pricing algorithm, is disclosed. It finds that affinity-based pricing algorithm may completely bypass the GDPR because such affinity data and its inference are unlikely to identify a specific user. Therefore, it is argued that this new form of algorithmic pricing may pose a threat and undermine the protection offered by the GDPR.
The paper then examines the extent to which the GDPR can be applied to online algorithmic pricing, pointing out the loophole of the dichotomy of personal data and non-personal data. Furthermore, the paper examines what protection the GDPR can provide to individuals in the context of online algorithmic pricing. This overview explains why the current digital rights under the GDPR cannot work as expected in the context of online algorithmic pricing. Finally, four potential solutions are raised, relating to group privacy, the remit of data protection law, the ex-ante measures in data protection, and a more comprehensive regulatory approach.
The emergence of big data and machine learning has allowed sellers and online platforms to tailor pricing for customers in real-time, but as many legal scholars have pointed out, personalised pricing poses a threat to the fundamental values of privacy and non-discrimination, raising legal and ethical concerns. However, most of those studies neglect affinity-based algorithmic pricing, which may bypass the General Data Protection Regulation (GDPR). This paper evaluates current data protection law in Europe against online algorithmic pricing. The first contribution of the paper is to introduce and clarify the term “online algorithmic pricing” in the context of data protection legal studies, as well as a new taxonomy of online algorithmic pricing by processing the data types. In doing so, the paper finds that the legal nature of affinity data is hard to classify as personal data. Therefore, affinity-based algorithmic pricing is highly likely to circumvent the GDPR. The second contribution of the paper is that it points out that even though some types of online algorithmic pricing can be covered by the GDPR, the data rights provided by the GDPR struggle to provide substantial help. The key finding of this paper is that the GDPR fails to apply to affinity-based algorithmic pricing, but the latter still can lead to privacy invasion. Therefore, four potential resolutions are raised, relating to group privacy, the remit of data protection law, the ex-ante measures in data protection, and a more comprehensive regulatory approach.
The full paper can be downloaded here.