Privacy And Competition: Where To Draw The Line?
Should competition law be used to address privacy concerns? This question has been the topic of much debate the world over, for some time. It gained renewed traction in India with India’s competition law regulator, the Competition Commission of India, deciding to investigate WhatsApp’s data policies as a violation of Indian competition law.
Last month, the CCI adopted the preliminary view that WhatsApp abused its market power by not allowing its users to ‘opt out’ from their account information (not chats) being shared with Facebook. The CCI opined that as users value non-price parameters of competition, “excessive” data collection exploits users by degrading the “quality” of service.
While India is yet to codify a data protection law, the CCI considers that lowering privacy protections by a dominant firm implies a loss of consumer welfare, which, in turn, justifies a competition law intervention.
But because privacy and competition law are distinct legal regimes, this intervention raises some important questions.
What are the acceptable levels of data collection under competition law?
How would these standards differ from privacy rules?
All forms of regulatory intervention are driven by their legislative mandate. India’s competition law seeks to increase consumer welfare. When competition among firms thrives, it is assumed that it improves the quality of service to the benefit of consumers.
Quality, however, is multi-dimensional. In competition law, benefits to users are measured by a variety of non-price parameters, such as user experience, relevance, and product innovation. A comprehensive assessment of quality would need to consider all other competitive parameters that users value in digital markets.
This assessment is not without its challenges, not least because innovation and privacy do not always go hand in hand. In fact, they often serve opposing interests.
On the one hand, the collection and use of user data allow digital firms to innovate and offer new services. At the same time, users are concerned about how their data may be used.
For example, a dominant social microblogging firm collects “non-essential” granular user data, which it then uses to innovate a new service that facilitates local community conversations among citizens. While this may compromise privacy standards, the creation of a new service would benefit consumers.
Competition law enforcement with privacy at its focal point could risk ignoring other benefits to consumers that arise from data collection. Data collection is responsible for the way we interact with a variety of tech services today, and whether ‘excessive’ data collection itself may qualify as anti-competitive, needs closer attention.
For a competition regulator to consider what levels of data collection are beyond a users’ legitimate expectations, it would also have to analyse aspects that lie in the privacy law domain. For example, in WhatsApp, one of the factors considered by the CCI was that WhatsApp violated users’ ‘legitimate expectation’ of the quality of service.
This may raise two key challenges.
First, if competition law reviews privacy standards as one dimension of quality, it would need to decide whether to side with privacy over innovation, when faced with a trade-off (the latter being fundamental to a competitive assessment).
Second, competition law and privacy law seek to correct different legal harms: competition law strives to improve competition, while data protection laws protect a user’s reasonable expectation of privacy. This may lead to a situation where two regulators examine the same conduct, resulting in two different legal outcomes.
These challenges are not unique to India. The Australian competition regulator has considered that changes to Australia’s existing privacy laws’ would be the most efficient regulatory balance for deciding privacy questions.
On the other hand, a German court has requested the European Court of Justice’s opinion on whether a violation of Europe’s data protection law could become the basis of a violation of the German competition rules.
In India, maintaining a balance between competition and privacy is likely to be tested with the adoption of data protection laws. Although the Delhi High Court refused to interfere with the exercise of CCI’s jurisdiction in the WhatsApp decision, finding no harm with parallel court proceedings, it did not examine whether privacy considerations should form the basis for competition law scrutiny.
Absent an academic or regulatory consensus on how privacy considerations may be examined under a competition lens, the objective of competition regulation may be better served by examining the effects of data usage (rather than data collection) on competitive conditions to identify any harm to competition at large, leaving the privacy regulator to examine and regulate the trust on the basis of which users’ data is collected and processed.
Hemangini Dadwal is a partner and Aakarsh Narula is a senior associate with the competition law practice of AZB & Partners. The views expressed are personal.
The views expressed here are those of the authors and do not necessarily represent the views of BloombergQuint or its editorial team.