That historical outlook may be ripe for change, however, with the appointment of new enforcers whose writings and public statements have strongly suggested the need to consider privacy issues in the context of antitrust enforcement and the possible passage of new legislation that would mandate that concerns about privacy be analyzed in determining whether a particular transaction or type of behavior violates the Sherman Act. Most immediately, the question of whether privacy plays a role in antitrust analysis will be addressed in the government’s cases against Google and Facebook.
In Europe, the most prominent abuse of dominance case is the ongoing procedure against Facebook in Germany for allegedly exploitative data processing. Also, the Autorité de la concurrence (French competition authority) is currently investigating the impact of Apple’s recent changes to its privacy policy on third-party app providers. Merger control cases on a European Union level where privacy considerations were taken into account in the commission’s assessment include the Microsoft/LinkedIn, Facebook/WhatsApp, and Google/Fitbit mergers. On the level of new legislation, there have been competition law–related developments in the European Union (draft Digital Markets Act) and in Germany (recent amendment to the German Act against Restraints of Competition). These pieces of legislation mainly contain ex ante regulations and target large online platforms qualifying as so-called gatekeepers. The obligations imposed on these companies concern, inter alia, access to data and data portability.
In Canada, until recently at least, the Competition Bureau has been clear that its mandate is limited to conduct that harms competition and does not extend to privacy (or data security) concerns unrelated to competition and that Canadian competition policy does not, and should not, assume that “big is bad.” Despite the bureau’s historically “separatist perspective” (i.e., that privacy law and competition law address different harms and vindicate different rights), based on past enforcement action, policy documents, and statements by bureau officials, there appeared to be several areas of actual or potential privacy/competition law convergence in Canada; namely, misleading advertising/deceptive marketing practices (where the bureau has already taken enforcement action in respect of misleading claims about how firms collect, use, store, and discard consumer data) and, possibly, merger review and abuse of dominance. However, a speech by the Commissioner of Competition (the head of the Competition Bureau) in October 2021 calling for a comprehensive review and “moderniz[ation]” of the Canadian Competition Act to more effectively address potential competition issues in the digital economy portends a potentially fundamental shift in the bureau’s position on the question of whether privacy is a competition law issue.
Although enforcers have thus far focused most of their attention on Big Tech, the privacy- and data-related conduct of non-Big Tech companies can and is likely to attract the attention of competition authorities. In the United States, for example, many traditional brick and mortar retailers and e-commerce firms are looking to launch marketplaces, and there are several specialty e-commerce retailers that have amassed significant data that could be perceived as giving rise to the same competitive concerns as those identified in the investigations and lawsuits filed against so-called Big Tech. Moreover, there are several precedents already that suggest that the U.S. Federal Trade Commission is prepared to litigate against non-Big Tech firms, relying in part on claims that they misused certain large data sets. This indicates that the theories that have made headlines in the United States in connection with enforcement actions directed to Big Tech are potentially transferable to other data-centric businesses. Based on experience in other areas, it appears safe to anticipate that the Canadian Competition Bureau will follow the lead of its U.S. counterpart, and possibly sooner rather than later.
In Europe, as the protection of personal data may be an element of quality of a certain product or service, agreements or exchanges of information among competitors on privacy policies and the level of data protection are at risk of falling afoul of competition legislation such as Article 101 TFEU. Also, smaller firms may arguably be in a dominant position in a given market due, for example, to their possession of essential data that is needed by other companies to compete in that market. Even below the threshold of market dominance, recent legislation in some European countries in the area of so-called relative market power may extend privacy and data protection concerns to the conduct of companies in relation to companies that are dependent on them.
Finally, in Japan, information and competition laws have received much attention, especially in the context of platform business. Among other things, in 2019, the Japan Fair Trade Commission issued guidelines on the “superior bargaining position… between digital platform operators and consumers” and made clear that undue acquisition and utilization of consumers’ information by online platforms can be deemed as “abuse of superior bargaining position.” These guidelines are of note for both Big Tech and non-Big Tech firms alike, as a dominant position is not required; rather, relative superiority between parties is sufficient for demonstrating superior position.