Big Data presents as much of a challenge for competition regulators as it does for privacy regulation.
It involves balancing multiple considerations – on the one hand, collection and processing of extensive data allows businesses to better serve their customers.
On the other, it could create significant entry barriers to new market participants and increase consumer dependency on a single or a limited set of offerings.
Data protection under Indian competition law
Data was first recognised as a competition law concern by the CCI in 2012 in Matrimony.com Ltd vs Google LLC, where the complainants alleged that Google had abused its dominant position in the online search advertising market by, inter alia, imposing conditions that were discriminatory to its advertisers and displaying Google’s own websites prominently in comparison to other search results.
Google argued that for there to be ‘abuse of a dominant position’ in terms of Section 4 of the Competition Act, 2002, sale and purchase of goods and services had to be involved.
Dismissing this contention, the CCI reasoned that even though Google provides the search service free of cost, in a two-sided market (that is, where there is interdependence between users seeking information and businesses advertising their goods and services) information collected from users on every search contributed to Google’s capabilities to generate revenue from targeted advertisements.
The intersection of data aggregation and competition law was once again examined by CCI in 2017 when examining WhatsApp’s conduct in the case of Vinod Kumar Gupta vs WhatsApp Inc.
With respect to predatory pricing, CCI observed that other products in the same market (i.e., instant messaging services using consumer communication apps through smartphones) are also available for free, which the CCI noted appears to be standard practice for such market.
It also noted that there are no significant costs for users to switch to other instant messaging platforms. Taking note of the rapid growth of other messaging platforms at the time (e.g., Hike, Messenger, Viber), the CCI found that there were no barriers to entry into the market.
Separately, in respect of allegations of breach of the Information Technology Act, 2000 (IT Act), CCI observed in the Vinod Kumar Gupta case that data security and privacy matters did not fall within the purview of CCI and that such breaches needed to be examined by other authorities.
Data protection and competition law in global context
European antitrust regulators have taken an aggressive approach to Big Data -- most famously in examining Facebook’s data collection practices.
In 2017, Facebook was investigated by the European Commission (the Commission) for making certain misleading submissions in connection with its merger with WhatsApp.
Prior to the merger, the Commission had enquired with the entities regarding the possibility of automated matching of user accounts and IDs between Facebook and WhatsApp.
Facebook had responded that any integration would present significant technical difficulties due to the two apps using different account identifiers and having a fundamentally different architecture.
The Commission accepted this submission and the merger was cleared in October 2014.
However, in 2016, the Commission found that not only had the integration of Facebook and WhatsApp user networks been planned, but also that it had been technically possible in 2014 (and that Facebook officers were aware of this fact). The Commission imposed a €110 million fine on Facebook for violation of the merger conditions.
In another instance the Bundeskartellamt, the German antitrust authority (Federal Cartel Office), examined Facebook’s terms of service which allowed users to access the social networking platform only after consenting to its data and cookie policies.
These policies permitted Facebook to collect data on users and their devices outside of the social network through Facebook Business Tools and combined such data gathered from Facebook-owned companies, such as WhatsApp and Instagram, to create a hyper-targeted advertising profile for purposes of the Facebook social network platform.
The Federal Cartel Office found that such practices constituted an abuse of Facebook’s dominant position and therefore violated the European Union’s General Data Protection Regulation.
The Federal Cartel Office accordingly prohibited the implementation of such policies to the extent that they involved the collection of user and device-related data from other Facebook-owned companies without users’ consent and the combination of such data with Facebook data for purposes related to the social network.
In contrast to the EU, the Federal Trade Commission (FTC) and the Antitrust Division of the Department of Justice in the US have generally remained more skeptical of the anti-competitive effects of the creation of big data sets, particularly in vertical mergers such as Amazon’s acquisition of Whole Foods (2017), Google’s acquisition of ITA (2011) and Google’s acquisition of DoubleClick (2007).
In certain cases, the regulators have specifically approved of the efficiency gains that a business relying on user data may achieve from a merger with another data-rich business.
When closing its investigation into a proposed Internet search and paid search advertising agreement between Microsoft and Yahoo! in 2010, the FTC observed that the acquisition of data sets by Microsoft would lead to “more rapid innovation of potential new search-related products, changes in the presentation of search results and paid search listings, other changes in the user interface, and changes in the search or paid search algorithms.” It was concluded that the enhancement of Microsoft’s performance, if achieved, would exert correspondingly greater competitive pressure in the marketplace, in particular, by creating a more viable competitive alternative to Google.
2021 CCI investigation
In its submissions before the CCI, WhatsApp attempted to argue that issues of data privacy and sharing are not within the scope of the CCI’s mandate, and are governed by other legislations such as the IT Act.
Additionally, WhatsApp reiterated that the proposed policy does not expand upon the data collection and sharing practices currently in place and only clarifies how the platform will work with businesses that use Facebook or other third parties to manage communications through WhatsApp.
In its order of March 24, 2021, the CCI appears to have adopted a more nuanced approach in discussing considerations that could be relevant in assessing ‘abuse of dominance’ in the context of Big Data, stating that “in a data-driven ecosystem, the competition law needs to examine whether the excessive data collection and the extent to which such collected data is subsequently put to use or otherwise shared, have anti-competitive implications…”
The CCI also distinguished the present matter from the Vinod Kumar Gupta case, observing that in digital markets, “unreasonable” data collection and sharing may grant competitive advantages to dominant players and result in exploitative and exclusionary effects.
It specifically noted that unlike the fact scenario in Vinod Kumar Gupta, where WhatsApp provided an opt-out mechanism to users who did not wish to share their data with Facebook, the proposed policy is a “take-it-or-leave-it” policy, which when combined with the “unduly expansive and disproportionate” data being collected (including transactions and payment data, intrinsic device data, service related information and information on users’ interactions (including with businesses), warrants a detailed investigation in light of the market position and power held by WhatsApp.
Certain observations in the CCI’s order on the interaction of data collection and sharing, and consumer welfare, may be instructive in understanding how it may approach data sharing as a competition law concern going forward.
It also specifically notes that users are not likely to expect that their personal data would be shared with third parties ordinarily except for the limited purpose of providing or improving WhatsApp’s service.
Accordingly, the CCI has taken a view that WhatsApp’s conduct in sharing user data with Facebook group companies in a manner that is “neither fully transparent nor based on voluntary and specific user consent”, is prima facie unfair to users and goes beyond users’ reasonable and legitimate expectations of the service for which they have registered.
Interestingly, the CCI’s order notes that building user profiles through cross-linking of data, which is one of the intended end-uses of WhatsApp’s data sharing practices, may itself attract competition concerns as concentration of data may be perceived as a competitive advantage not only in the market for messaging applications but also in the market for display advertising.
In stark contrast to the Vinod Kumar Gupta case, the CCI observed that network effects make it difficult for a user to switch applications and acknowledged that users wishing to discontinue their use of WhatsApp may have to incur costs such as the loss of historical data, as porting data to other applications is cumbersome and time-consuming.
Pursuant to the CCI’s order of March 24, the Director-General is required to complete its investigation and submit an investigation report within a period of 60 days. However, as a practical matter, the investigation may take longer.
There is much wisdom to the adage that if you are not paying for a service, you are not the customer; you are the product. Data has assumed greater significance for businesses than ever before, whether for purposes of targeted advertising, personalised services or internal analytics, and is capable of shifting competitive advantage.
The CCI has wide powers under the Competition Act in case of a finding of abuse of dominance, and may pass such orders or issue such directions as it deems fit.
It is also possible that the CCI could ultimately conclude that WhatsApp’s conduct is not in violation of the Competition Act. It remains to be seen how the CCI will, in its final order, strike a balance between consumer welfare and data protection on the one hand, and free enterprise in today’s data-driven world on the other hand.
It will also be interesting to see how the intersection between privacy and competition considerations in the context of Big Data plays out over time and, in particular, how the CCI circumscribes the limits of where competition concerns end and privacy and data protection concerns begin.
Rachael Israel is partner and Sarangan Rajeshkumar and Dhanush Dinesh are associates at S&R Associates. They can be reached at firstname.lastname@example.org, email@example.com and firstname.lastname@example.org. Views are personal.