Information firewall between platform and own first-party business units

information-firewall-platform-business-unitsDomain: competitionType: mixed

Description

Information firewalls (sometimes called Chinese walls, increasingly avoided as a term) are what platforms operating both a marketplace and their own competing first-party offerings build to keep merchant data out of the hands of the people designing the first-party products. The competition concern is straightforward: when a platform has access to seller-by-seller pricing, conversion, return-rate, and demand-curve data across its marketplace, it has a structural advantage in deciding what products to make itself. Whether that advantage is unlawful depends on the jurisdiction and the conduct theory, but it sits squarely in the path of the EU Digital Markets Act's data-use prohibition for gatekeepers, the FTC's monopolization theory in its Amazon case, and the CMA's various platform investigations. The operational system covers access controls on merchant data, role separation between marketplace and first-party teams, audit logs of cross-team data access, written data-handling policy that names the prohibited uses, and an annual attestation from first-party product leads that lets the company show the data was not feeding the first-party roadmap. It is one of the harder pieces to operationalize because the architecture often pre-dates the policy: the analytics warehouse was built once, for everyone, and now you need to retrofit access boundaries that the original design did not contemplate. Plan for the warehouse re-architecture before the policy needs it.

Required by (4 regulations)

US Antitrust (Platforms)
US framework: information-firewall arguments arise in monopolization-theory cases under Sherman Act §2 and in FTC Act §5 unfair-methods cases. The FTC's Amazon complaint (2023) and the DOJ's Google ad-tech case have both raised cross-business-unit data-use concerns.
Sherman Act, 15 U.S.C. §2; FTC Act, 15 U.S.C. §45
UK Competition (Platforms)
UK framework: cross-business-unit data use is analyzed under Competition Act Chapter II and increasingly under SMS conduct requirements. The CMA's mobile-ecosystems work and the foreseeable application of conduct requirements to designated firms make this a near-certain area of attention for any UK platform with both marketplace and first-party offerings.
Competition Act 1998 c.41 Chapter II; DMCC Act 2024 c.13
EU Competition (Platforms)
EU framework: cross-business-unit data use analyzed under TFEU Article 102 dominance theory; Amazon Buy Box (Case AT.40703) Article 9 commitments (December 2022) provide the operational template. For DMA gatekeepers, Article 6(2) DMA imposes an ex-ante prohibition on using non-public business-user data to compete with those business users.
TFEU Article 102; Commission Decision of 20 December 2022 in Case AT.40703
EU DMA
DMA Article 6(2) — ex-ante prohibition on using non-public business-user data (or data from their customers) generated in the context of the core platform service to compete with those business users.
Regulation (EU) 2022/1925

Fulfilled by (2)

okta · partial · medium effort · $$
Identity and access governance covers the access-control mechanics. The data-architecture and policy work that sits underneath it is in-house engineering + counsel.
In-house build · full · high effort
The warehouse re-architecture and access boundaries are typically the largest engineering cost in the program.

ClearLaunch does not accept payment from vendors. Methodology.

Evidence formats

data-access policy naming prohibited cross-team uses
role-based access control implementation against merchant data
audit log of cross-team data access
annual attestation from first-party product leads
data-handling training records for first-party teams

ClearLaunch provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Description

Required by (4 regulations)

US Antitrust (Platforms)

US framework: information-firewall arguments arise in monopolization-theory cases under Sherman Act §2 and in FTC Act §5 unfair-methods cases. The FTC's Amazon complaint (2023) and the DOJ's Google ad-tech case have both raised cross-business-unit data-use concerns.

Sherman Act, 15 U.S.C. §2; FTC Act, 15 U.S.C. §45

UK Competition (Platforms)

UK framework: cross-business-unit data use is analyzed under Competition Act Chapter II and increasingly under SMS conduct requirements. The CMA's mobile-ecosystems work and the foreseeable application of conduct requirements to designated firms make this a near-certain area of attention for any UK platform with both marketplace and first-party offerings.

Competition Act 1998 c.41 Chapter II; DMCC Act 2024 c.13

EU Competition (Platforms)

EU framework: cross-business-unit data use analyzed under TFEU Article 102 dominance theory; Amazon Buy Box (Case AT.40703) Article 9 commitments (December 2022) provide the operational template. For DMA gatekeepers, Article 6(2) DMA imposes an ex-ante prohibition on using non-public business-user data to compete with those business users.

TFEU Article 102; Commission Decision of 20 December 2022 in Case AT.40703

EU DMA

DMA Article 6(2) — ex-ante prohibition on using non-public business-user data (or data from their customers) generated in the context of the core platform service to compete with those business users.

Regulation (EU) 2022/1925

Fulfilled by (2)

okta · partial · medium effort · $$

Identity and access governance covers the access-control mechanics. The data-architecture and policy work that sits underneath it is in-house engineering + counsel.

In-house build · full · high effort

The warehouse re-architecture and access boundaries are typically the largest engineering cost in the program.

ClearLaunch does not accept payment from vendors. Methodology.