Capturing Data Privacy through the Lens of Competition Law

[By Taniya and Abhinav Singh Chauhan]

The authors are students at the National Law University, Odisha.

Amidst the informational age, companies, irrespective of their domains, have an eye on data and are investing significantly to get a hold of it. Therefore, data becomes an essential and scarce resource. Companies like Google and Facebook have a significant edge over their competitors due to their capacity to gather and process large amounts of data, enabling them to provide better facilities. The amount of innovation that a company can offer is directly proportional to the amount of data a company accumulates, as data empowers the company to analyse the consumer behaviour.

Nevertheless, the more data a company possesses, the greater is the possibility of its abuse. It not only raises privacy concerns for the user but also antitrust concerns regarding the behaviour of such companies. It involves not just the data gathered by the companies but also the data gained by the companies during the merger and acquisition process of other companies. Thus it becomes imperative to ascertain how data can be regulated to mitigate any antitrust concerns regarding the considerable data accumulation by digital companies.

Need for data regulation

Data privacy concerns have always been there during data accumulation and transfer by large companies, but efforts have rarely been made to identify the anti-competitive consequences. New technologies and big data analytics have transformed the way data is processed and used. A company that collects data for a particular purpose may use the same data for some other purpose with the company’s changing needs. Thus, the future application of data cannot be decided when the consent of consumers for processing their data.

The Indian Competition Act was enacted for the country’s economic development by preserving competition in the market and protecting the interests of consumers at the same time. The current antitrust regime concerns, in particular, predatory pricing, market denial, anti-competitive agreements, and other forms of abuse of dominant status that limit competition by driving away other firms.

In digital business models, the primary goal is to expand the user base and encash the network effects that become a potential income source. Owing to the proliferation of data accumulation activities, large companies expand their customer base and earn income by leveraging that database to redirect ads to targeted groups of people, popularly called targeted advertising. Eventually, gaining a dominant position in the relevant market and keeping track of the industrial trend. This network control gives rise to anti-competitive practices like self-preferencing and other abusive practices.

In one of its decisions, Germany’s competition regulation authority, Bundeskartellamt, prohibited the collection and processing of user data because Facebook was in a dominant position and could extensively manipulate user consent. It accredited the value to user consent for excluding them from Facebook services and its practice of gathering and combining data from different sources. Nevertheless, the decision prohibiting the data merger was based on the user’s privacy concerns, and neglected the antitrust regulations.

Most data-driven companies remain non-profitable during the initial years of their operation, as they are focused on increasing the user base to exploit the network effects thereon. India’s overall legal system scrutinises mergers based on assets and turnover of companies involved or created. This system fails to include data-driven companies, even if they significantly impact the competition in the relevant market. Jurisdictions like Brazil and Ireland have exercised their residuary powers to scrutinise mergers falling below the threshold limits; however, the competition act does not provide any such residuary powers to CCI.

The regulatory authorities in jurisdictions like Germany and Austria have tried to address the concerns raised by data accumulation through mergers and accusations by introducing deal value thresholds (DVT). DVTs empower authorities to assess data-driven companies’ mergers in which the monetary consideration surpasses the prescribed threshold limit. In India, the Competition Amendment Bill 2020 proposes to amend §5 of the act to enable the government to specify DVTs for mergers.

Nevertheless, DVTs are a novel approach, and their effectiveness is yet to be determined. The introduction of DVTs in India must take a pragmatic approach to ascertain thresholds limit and nexus criteria to avoid unnecessary burden for the CCI and red-tapism for the parties. Though DVTs bring data-driven companies under the regulatory authorities for their probable anti-competitive practices, the data protection and privacy concerns remain as it is.

How much data shall be regulated

Companies like WhatsApp and Facebook do not charge their users monetary fees for their services; instead, they charge them in the form of their data. The imposition of stringent restrictions on the collection and processing of users’ data would limit the revenue of such companies. Moreover, it will also impede the creation of new services due to the unavailability of user data.

While it can be claimed that data security and regulatory systems would benefit the consumers by preventing exploitation, but it can also reduce the competitive regime, as the innovation is mainly based on data. Potential competitors will first need to collect and analyse the data, which will increase the cost and required resources and ultimately dissuade new players from entering the market. Even if new players enter the market, they will not be able to compete with the already established players, since the new entrants with higher costs either have to offer services at a higher price or sustain losses.

Since present laws are insufficient to seal the rift between the individual’s privacy and the anti-competitive behaviour of the firm, the same can be resolved on a case to case basis assessing the needs and demands of the economy and competition. For example, the concept of open banking allows third-party to access banking and other financial data of customers, for promoting new players to provide better services, eventually instilling competition in the field. Thus, privacy may have to part away to ensure healthy competition and consumer welfare. In India, the fundamental right to privacy is not absolute and can be restricted for greater social good. Therefore, the competition in the market can be prioritized, if it can be ascertained that the benefits of subsiding user privacy are greater than the prospective harm.

Though there is an ambiguity regarding the impact of the data regulation regime, the need for balanced data protection cannot be averted. The sharing of personal information not only jeopardises the privacy of people but can also affects other individuals at times. It is thus, essential to have a basic level of data protection, which includes proper data sharing and anonymity provisions, to avoid the potential harm.

Data as An essential facility

An essential facility is a resource of vital significance for an enterprise to do business. The firm having access to such resource is under an obligation to provide fair access to others in the relevant market. In the present scenario, where most companies derive their revenue from the user’s data, the question arises whether data can be considered an essential facility of a business.

There are mixed opinions on this point. In Verizon Communications Inc v. Law offices of Curtis v. Trinko LLP, the US Supreme Court declined to recognise the doctrine of essential facilities (mandatory access remedy). It observed that mandating companies to share their resources would not be as per antitrust law, as it might minimise the opportunity for firms to invest in economically advantageous facilities. In Microsoft’s case, the court relied on ECJ’s jurisprudence of obligating dominant market players for not distorting legitimate competition in the relevant market. While evaluating the effects on market competition by Microsoft’s refusal to exchange the data, the court ruled that the impugned practice of Microsoft is an abusive use of dominant position.

Recently, in a report, MeitY’s expert panel on non-personal data governance framework recommended the sharing of collected non-personal data by companies with the government and other companies. It is to ensure a level playing field for all market players and prevent market barriers. However, it excludes the sharing of strategically business-sensitive data, which eventually fails the purpose of data-sharing, as the data with most of the service providing companies, like Facebook, Google, is strategically sensitive and vital for their business model.

The EU has also recently published its proposed Data Governance Regulation, which will provide a legislative framework for creating a single data market in Europe to promote data altruism and enhance competitiveness in the digital field.

Nevertheless, it would be interesting to see if, with further development of the antitrust regime, the courts treat data as an essential facility. Though it will enhance competition, it poses serious privacy concerns, which will entail proper regulation to prevent misuse.


Data serves as blood for individual businesses, as their survival relies on the collected user data for providing services. It is the correct time to realise the need for Antitrust regulations and control over large digital companies. The regulations will check privacy concerns and check anti-competitive concerns associated with the merger of two data-driven companies. Since these mergers do not come under the regulatory scanner for having less monetary value, it becomes crucial to assess the data accumulation and its effect to check the possible antitrust issues against the company.

To limit the scope of established and large data-driven companies’ anti-competitive practices, data can be treated as an essential facility and be provided to other companies and start-ups for facilitating a level of the field playing. It will not only prevent the consumers but companies too, from being abused by dominant firms.


Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

Kerwa Dam Road., 
National Law Institute University, Bhopal
Madhya Pradesh, India. 462044​.

write to us at –