Data PrivacyBalancing Consumer Protection: Data Privacy and Competition Law in Harmony

INTRODUCTION

Data privacy refers to the process of safeguarding personal information to prevent its unauthorized access, use, disclosure, destruction, or alteration. It ensures that individuals have control over their data and how it is utilized, while addressing the need for responsible and accountable use of such information.

Competition law also known as antitrust law refers to a regulation of business and legal practices that are construed to protect the harm that can be caused to the consumers which in turn reduces market efficiency. It is designed to increase the degree of fair competition thus eliminate monopoly or oligopoly organization control over certain markets.

The intersection between data privacy and competition law has become increasingly important in the digital age, where large technology companies have unprecedented access to vast amounts of consumer data. Both fields aim to protect consumers, but they do so with different objectives.

However, as data becomes a critical asset for companies, these two legal domains have begun to overlap. For instance, tech giants often leverage personal data to gain a competitive advantage, potentially leading to monopolistic behavior, which could harm market competition. The collection and use of vast amounts of consumer data can create barriers for new entrants, raise concerns about market dominance, and even result in the abuse of market power. This intersection thus requires careful consideration of how data is used, shared, and protected in a competitive marketplace.

UNDERSTANDING THE INTERSECTION

The intersection between data privacy and competition law arises in several areas:

• Data-Driven Market Power: Huge amounts of data for collection and analysis carry considerable market advantages for companies. This can cause unease regarding contraventions of anti-competitive laws that may include predatory pricing or exclusionary conduct.
• Privacy as a Barrier to Entry: On the contrary, high privacy standard also means that the new entrant will find it very difficult to obtain data, especially if their model mostly entails on data collection and analysis. This can decrease the rates of competition and lower the choices of the consumers available.
• Data Sharing and Competition Law: In some cases, the free exchange of data between competing firms is in the consumers’ best interest, for example when it comes to the setting of interoperability standards. However, it can also have effects concern with regard to collusive formation and anti-competitive organization.
• Enforcement Challenges: It should be noted that enforcement of both data privacy and competition laws can be problematic, within the framework of which different types of proofs are used and different types of experts are involved.

A STUDY OF CASE LAWS

In the case of  Suo Motu petition by the Competition Commission of India (case 01/2021) In Re: Updated Terms of Service and Privacy Policy for WhatsApp Users v/s WhatsApp LLC and Facebook, Inc., WhatsApp highlighted the issue between the data privacy and competition law. WhatsApp issues were examined as an example of problems arising from the application of competition law when analyzing the recent changes made to its data privacy laws.

WhatsApp has recently been in headlines for a number of reasons in India. The first one was the unilateral announcement of WhatsApp regarding the change it proposed to make to the data privacy laws on 18th November, 2020, whereby it issued the first notice about this to its users. It then received another notice from the Government of India in relation to the change that it wanted to make on 20th January, 2021.

Subsequently, in another landmark case of Bundeskartellamt v. Meta Platforms, Inc. [C-252/21, 4 July 2023], the intersection of competition law and data privacy regulation under the General Data Protection Regulation (“GDPR”) in the European Union was observed. The issue arose from an investigation by the German competition authority (Bundeskartellamt) into Meta Platforms (formerly Facebook), alleging that Facebook abused its dominant market position by collecting extensive user data across its services (including Instagram, WhatsApp, and third-party websites) without sufficient user consent.

Key Highlights of the Meta Platforms Order:

• Abuse of Dominance Linked to GDPR Violation: The CJEU ruled that breaches of the GDPR can also be relevant for assessing potential abuse of dominance under competition law. The court found that if a company’s data practices violate data protection rules, these violations can be considered when analyzing whether the company abused its dominant position in the market.

• Parallel Jurisdiction of Regulators: The CJEU affirmed that competition authorities (such as the Bundeskartellamt) could take into account data privacy violations under GDPR when assessing abuse of dominance. However, it stressed that the role of data protection authorities (“DPAs”) should not be undermined or replaced by competition regulators. Both authorities must work in parallel without one displacing the other.

• Coexistence of Regulators: This case established that competition law and data privacy law can coexist in regulating dominant firms, particularly in digital markets. The judgment confirmed that competition authorities could factor in data privacy breaches when addressing anti-competitive behavior, especially when a company uses its dominance to impose unfair conditions on data collection and use.

Implications:

This case highlights how, within the EU, competition law can be invoked in cases where a dominant firm exploits its position by breaching data privacy rights under the GDPR. The ruling creates a framework for cooperation between competition authorities and data protection authorities to address the intersection of privacy concerns and market dominance in the digital economy.

AMLEGALS Remarks

In conclusion, the convergence of data privacy and competition law highlights the complex challenges posed by the data-driven digital economy. While both legal frameworks serve the common goal of protecting consumers, they approach the issue from different angles—data privacy focuses on individual rights and the ethical handling of personal information, whereas competition law seeks to maintain market fairness and prevent monopolistic practices.

The growing reliance on data as a business asset raises concerns about market concentration, consumer welfare, and the potential for abuse of dominance by large tech firms. As a result, regulators are increasingly recognizing the need for a holistic approach that integrates both privacy and competition concerns.

This requires collaboration between privacy regulators, competition authorities, and policymakers to create a framework that address the evolving digital landscape without stifling progress or compromising consumer protection.

Team AMLEGALS assisted by Ms. Kashish Karia (Intern)

For any queries or feedback, feel free to connect to mridusha.guha@amlegals.com or liza.vanjani@amlegals.com