Germany Gets It Wrong on Facebook

(Bloomberg Opinion) -- The move by German antitrust authorities to limit Facebook Inc.’s collection of data from third-party sites is fair in principle – but unhelpfully muddies the distinction between antitrust and privacy rules. The watchdog should have steered clear of this fight.

The Federal Cartel Office ruled on Thursday that Facebook abuses its dominant position in the German market for social networks by collecting and aggregating user data – not just from its own services, such as Whatsapp and Instagram, but also from every website that has a Facebook “Like” button or uses its analytics tools. The company, the regulator argues, uses the data to strengthen its dominant position by increasing its attractiveness to advertisers and impeding competitors which don’t have such huge data troves. 

The watchdog wants Facebook to restrict its use of data collected from third parties “without the consent of the users.” Such data, for example, shouldn’t be linked with specific Facebook accounts. The regulator hasn’t levied a fine, but may do it if the U.S. firm fails to comply; it has the power to impose periodic fines of up to 10 million euros ($11.3 million).

Facebook, which intends to appeal the ruling, makes two counterarguments. One is that it’s not really dominant: The watchdog failed to include services such as YouTube, Snapchat and Twitter, or professional networks such as LinkedIn and Xing, when it reviewed the competitive landscape and found 95 percent of the daily users of social networks used Facebook.

The other argument is that it should be up to data protection authorities, not antitrust ones, to enforce privacy. It makes no sense to link market dominance considerations with the universal requirements of the European Union’s General Data Protection Regulation, which came into force last year.

Regular readers know that I object to Facebook’s hungry, stealthy data collection, and that I abhor the growing power of the Google-Facebook duopoly, which controls 63 percent of the digital advertising market in the U.S. and is expected to eat up more this year. In this case, however, I believe Facebook’s arguments make a lot of sense.

If the Federal Cartel Office wants to go after Facebook as a monopoly, it should be looking at advertising market share, not the number of users. As far as the latter goes, the meaning of “monopoly” is blurred, because people use a lot of different services to keep in touch. If the regulator focused instead on the ad market, the first question it would face would be: why go after Facebook and not Google, the biggest fish of all? Google’s parent, Alphabet Inc., collects more data. According to Marc Al-Hames, general manager of Cliqz GmbH, a German developer of data-protection technology, every fourth website visit is monitored by Facebook – but Alphabet tracks 80 percent of all page loads.

The other problem with the Federal Cartel Office’s reasoning is that it talks about Facebook collecting data from third-party sites “without the consent of the users.” That in itself would be a GDPR violation. The German regulator says it conducted its investigation of Facebook with the consent and support of data protection authorities. But taking data without permission isn’t an antitrust violation, it’s a privacy one. There’s a strong case to be made against Facebook in this area, for exactly the same reasons the French data protection regulator fined Google $57 million last month.

Just like Google, Facebook is tricking users into checking boxes so they can carry on using its services. Other websites which have benefited from sharing data with Facebook have often misinterpreted the GDPR as a requirement to introduce an annoying pop-up window with a checkbox that, in most cases, doesn’t explain to users what kind of tracking they’re signing up to. In fact, the rules call for privacy by design and by default – sites should collect only essential data, and ask users explicitly if they want to provide it.

Getting platforms and websites to comply with the GDPR, instead of merely pretending to, is a legal battle with cleanly drawn lines. The cases should be argued out before individual countries’ data protection authorities and then before European courts to form a body of regulatory and judicial practice that will dictate how the GDPR is applied. Adding antitrust considerations into the mix is counterproductive; it’s best to keep them separate.

As things stand, the German antitrust regulator hasn’t solved any problem. It’s merely served to undermine Facebook’s competitiveness against Google in the advertising market. When the GDPR came into effect, the Federal Cartel Office should have dropped its probe into Facebook and let other regulators do their job. Besides, it has more important things to work on, such as its ongoing investigation into Amazon.com Inc.’s treatment of third-party sellers on its platform – which really is about market dominance and competition.

Much as I welcome more regulation of internet platforms, a pile-on by different regulators seeking to get a piece of the action when it’s not really their job is the last thing that’s needed. 

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Leonid Bershidsky is Bloomberg Opinion's Europe columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.

©2019 Bloomberg L.P.