Can Antitrust complement Privacy Legislations?
Regulating Privacy and Data Protection issues through Anti-Trust: Co-operative fantasy or Competitive reality?
The arrival of Big Data, Machine Learning, and the widespread use of Data Analytics has become the digital economy framework. This has obviously led to a lot of privacy and data protection concerns. Different countries have already formulated privacy legislation or are in the process of formulating such legislations to cater to these concerns. The most comprehensive framework on this has undoubtedly been the General Protection Data Regulation (GDPR) which has been undeniably very effective in making Big Tech mindful of privacy and data protection concerns.
In this article I try to examine whether a lex specialis legislation such as the GDPR is the only way to ensure companies comply with the privacy and data protection concerns of the customers or whether regulation can also be done with the help of other legal regimes such as Competition Law or Antitrust.
The aim of the article is to therefore critically examine whether parallel regulations can exist in order to effectively regulate privacy concerns or whether the regulation of privacy issues should be left altogether to specialized privacy legislations such as the GDPR.
It is natural for the readers to have the question as to why I am examining the regulation of privacy issues through anti-trust. The answer lies in the nature of the modern economy wherein it has been established that data is nothing more than a commodity and forms the basis of the modern economy, wherein it has been established that data is nothing more than a commodity and forms the basis of the modern economy.
Most of us already aware of the adage that “data is the new oil”, therefore it is not difficult to imagine that companies that collect a lot of data for instance, Google and Facebook can be in a position to abuse their dominant position in the market and thereby create issues which can be under the direct purview of antitrust or competition law.
Having said that, it is not denied that data protection legislation and competition law regimes by their inherent nature are radically different to each other in terms of their application and scope.
This is because Competition Law and antitrust regimes are based on the basic principle that data sharing should be maximized so as to prevent any abuse of dominance based on information asymmetry.
“ This is in direct contrast to how privacy legislations operate which encourages and in fact puts obligations to share as less data as possible so as to decrease the exposure to personal data. “
There is another significant difference between the two regimes, most antitrust regulations focus on the protection of the customer by looking at the market as a “whole” which is in contrast to privacy legislation which aims to safeguard the fundamental right and freedoms privacy of the individual.
Notwithstanding these stark differences in the aforesaid regimes' scope and application, the underlying aim is the same: to protect the customer and the data subjects, albeit, they go about doing the same in very different ways. The existence of the “Privacy Paradox” is also something that indicates that the aforesaid regimes should be used in tandem and in order to complement each other in better securing the data and personal information of the data subjects and the customers.
To put simply privacy paradox arises from the fact that while users are very concerned about their data's privacy and how it is used by big tech, they have very different behavior when it comes to actually take steps to protect their privacy on the other hand.
Furthermore, the behavior also differs from person to person for instance I might feel very invasive about my privacy when certain personalized ads are shown to me, this may in complete contrast to someone else who actually enjoys the personalized ads based on his preference of convenience etc. This differentiated behavior regarding the privacy of their data makes privacy a non-price variable of competition and therefore makes data privacy issues also fall under the realm of Competition and antitrust regimes.
While regimes have been reluctant to regulate data privacy issues through the lens of anti-trust, there is a growing understanding that antitrust can serve as an alternative and complementary regime in addition to the privacy legislation in regulating privacy issues. The traditional view in this regard is summarised in the case of Asnef- Equifax wherein it was held that any possible issues relating to the sensitivity of personal data are not, as such, a matter for competition law, they may be resolved on the basis of the relevant provisions governing data protection. The aforesaid reasoning cannot be said that ipso facto antitrust regimes are not equipped to deal with data privacy issues but the court hinted that specialized legislations are perhaps better equipped to deal with any issues that arise due to privacy concerns. However, some developments show that more and more regimes are now looking at alternative ways of regulating data privacy issues. This article briefly looks at two of these developments.
Facebook Loses Antitrust Decision in Germany Over Data Collection
The first one arises in Germany wherein, the German Federal Cartel Office (FCO) after conducting a detailed three years-long investigation into alleged abuse of market dominance by Facebook, concluded that Facebook was indeed abusing its dominance in the relevant market by making access to Facebook conditional upon the users accepting the terms that allowed Facebook to collect user data outside Facebook but from other Facebook-owned apps such as Whatsapp and Instagram. The aggregation and creation of such massive data sets were held to be abuse of dominant position in the relevant market in Germany. However, interestingly, this was said to violate the GDPR and a violation of competition law as well rather than establishing the violation purely based on antitrust principles.
Basically anti-competitive behaviour of Facebook was held to be violating of the principles of the GDPR.
Competition Commission of India starts a suo motu investigation into Whatsapp’s updated privacy policy in India
The second situation is that of India wherein the specialised privacy legislation is still pending before Joint Parliamentary Committee and therefore the bill has not been enacted yet and is not in force. With this background, Whatsapp on 4th of January announced a new privacy policy through its app notification. Users were asked to mandatorily agree to the revised privacy policy or risk losing access to their user accounts.The lack of opt-out measures given to the users has now triggered a suo motu investigation by the Competition Commission of India to investigate whether the updated privacy policy and sharing of user data with other subsidiaries amounts to abuse of dominance.
I shall analyse this in a separate post. It is heartening to see that the Competition Commission has started to look at privacy issues arising out of the dominant position of Whatsapp in India, thereby filling the vacuum until the privacy legislation in enacted in the country.
The aforesaid two situations in Germany and India show that antitrust can complement the protection given to users and data subjects. I believe that primarily the issues of privacy should be legislated under the specialized privacy legislations however in countries where the such legislations are not in force, antitrust can be used as an alternative to regulate big data and privacy issues arising out of it and nevertheless even in countries which have privacy-specific legislations, competition law regime can be used to complement the protection.
