Innovation and Data Privacy: Merger Review in Digital Markets: Part I

[By Tawishi Beria] 

The author is a student at the Jindal Global Law School. 

Part I


The rapid rise of digital activity across the globe, bringing with it a growth in the might of a select few companies in such digital markets, has raised several concerns, including antitrust and privacy-related issues. In light of the nature of digital markets, characterised by very strong network effects, use of big data, continuous innovation, the existence of barriers to expansion and entry and so on, regulation of any activity that seeks to augment the market power of these digital companies becomes necessary. Ex-ante regulation of digital markets has been suggested by some scholars as a way to face the challenges arising. Considering this, looking at how reviewing mergers and acquisitions (‘M&A’) warrants a change in terms of digital companies becomes pertinent, given that M&A is a tool that already entails ex-ante assessment on part of the competition authorities. BigTechs have been observed as being ‘remarkably active in M&As’ for various purposes.

Even though M&A transactions are generally seen as entailing softer antitrust scrutiny, certain factors are analysed by competition authorities looking at the counterfactual. Deals involving digital companies, two factors that become important are innovation and data protection and privacy. Through this article, the author seeks to assess the interplay of conflict between these factors and understand the need for balance and where it lies. This is the first part of a two-part piece. In Part, I, the need for considering innovation and data privacy as factors during merger review in digital markets is assessed independently. This part further looks at the interplay and conflict between the two factors in terms of actual and hypothetical scenarios. Part II analyses two deals involving Facebook and concludes by highlighting the need for changes in enforcement.

Considering the factors independently

Competition authorities across the world use various determinants to assess the possible pro-competitive and anti-competitive effects of an M&A deal on consumers. Some factors can clearly be demarcated into these categories. However, the two factors that are the subject of this paper-innovation, and privacy, do not strictly classify as either inherently pro-competitive or anticompetitive and can take both forms on a case-to-case basis. In this part, the author briefly argues for considering these factors in merger review, given the debate.

1.     Innovation

Although innovation has always been considered as a factor alongside traditional factors like price, quantity, consumer choice, and quality in merger assessment, it has recently gained more attention. Notably, evidence from digital markets on this front is still almost non-existent. However, killer acquisitions in digital markets are very common, requiring consideration of the innovation parameter. When entities with diverse products/services merge, the portfolio effect also comes into play, facilitating increased range, bundling, leveraging, and ultimately deterring innovation. In markets like digital markets, firms can safely be assumed to compete in ‘innovation spaces’ in addition to the relevant product market, mandating analysis.

Even though not related to digital markets, the Dow/DuPont merger laid the ground for and provides valuable insights into the innovation theory of harm in M&A deals. In that case, the concern was that ongoing parallel innovation efforts would be disincentivised due to the merger of horizontal competitors. Likewise, the concern in digital markets is that of continued investment in innovation by merged entities. Further, in the case of digital companies, when data, especially in large amounts, comes into the equation, the focus shifts to an interest in data from one previously purely in innovation. Therefore, keeping a check to ensure innovation is necessary.

2.     Data Privacy

The consideration of privacy concerns arising from an M&A deal has been debated, since it is argued by some that privacy is not a competition law-related factor, warranting no consideration. However, in digital markets where M&A activity is largely data-driven, the protection of this data and privacy is required. In terms of ensuring consumer welfare, the vulnerability of consumers has to especially be considered in countries like India where consumer protection laws are relatively insufficient and data protection laws are not in place yet. Even in other countries, data protection laws cannot block M&A deals and digital companies do attempt to comply with such laws; accordingly, the author believes that considering the privacy factor reflects the best approach.

Given the merged entity’s larger user base, the potential competitive advantages that can be gained by accessing and using big data are relevant. Over the last few years in some data-driven markets, Big Techs have increased their market share, instead of being disrupted by new and innovative services. An increased market share (a direct consequence of any M&A activity) also means an increased volume of data rich in variety and value, along with an enhanced velocity of generation and processing of such data. Coupled with other characteristics of digital markets like network effects and barriers to entry and expansion, it becomes extremely essential to keep a check on the activities of entities that have such data at their disposal.

Looking for the Balance

Having set out the need to consider these factors, the author now seeks to assess the required balance. The possible interface between the two in certain approved deals and hypothetical situations is elaborated on, addressing questions like what if a particular deal adds to innovation but jeopardises privacy or what if a deal might result in excessive market power but increases innovation and enhances data protection, or how to determine the weight given to these factors.

Looking at these factors in actual cases shows the non-consideration of privacy concerns in approving deals. In Microsoft/Yahoo Search! for instance, Yahoo’s continued incentive to innovate as well as Microsoft’s potential ability to make innovation for alternative intelligent solutions difficult was considered, but privacy was not. Google/DoubeClick is another deal that reflects complete disregard of data privacy (particularly in terms of targeted advertising) by the Commission. This is because, on assessment, the authorities found the data collected by DoubleClick to be relatively narrow in scope, whereas the possible degradation of the quality of DoubleClick’s tool and bundling with Google’s intermediation service was considered. In recent times, however, there has been an improvement in data assessment and privacy considerations in merger review, as evidenced in the 2016 Microsoft/LinkedIn deal.

Moving on to the possible conflict between innovation and data privacy, the proposed integration of Facebook’s messaging services (Facebook Messenger-WhatsApp-Instagram) best illustrates the same. While the purpose of the merger is building the ‘best messaging experiences’ enhancing consumer welfare, resultantly fostering innovation, the sharing of the data of users of each app and combination of the same is a concern that undercuts the innovation aspect. Moreover, while WhatsApp requires only a phone number, Facebook Messenger requires a ‘real identity configuration’ for setting up. Accordingly, restrictions on data portability and on holding more personal data than required, pursuant to GDPR regulations factor in.

The corollary of the aforementioned situation is an M&A deal which could result in increased data protection and privacy (if one of the companies offers end-to-end encryption and the other company can be expected to implement the same post-merger) but may deter innovation by disincentivising any further investment. While an actual deal representing such a scenario has not been observed, some cues can be taken from Microsoft/Skype and Cisco/Messagenet wherein operation of conglomerate effects post-merger led to reduced innovation. Since fostering innovation is one of the goals of competition law, it is unlikely that the privacy parameter would play a role in undercutting the loss of innovation; consequently, the deal may not get approved.

Next, for instance, company A is a digital service provider, known for often adding new features to its products and investing in innovative technology. Company B is a messaging service that has superior data protection and privacy policies and does not track user data. Both companies are market leaders (and dominant players) in their respective fields. It can be reasonably expected that a merger between the two would increase innovation and data privacy through combined competencies but would also possibly cause market foreclosure in the individual markets. In such a scenario, despite a significant increase in consumer welfare, competition authorities may not approve the deal. The concern of discouraging useful mergers precluding the creation of social value is manifested here.

Finding the Balance?

It is clear from the foregoing scenarios that both innovation and data privacy play an equally important role. Although innovation is a direct competition law concern, when it comes to the large amount of data that Big Techs possess, coupled with the ability to process it, protecting it to ensure privacy becomes more important. It has also been observed that there could be a loss of market share of ‘digital giants’ like Facebook owing to reputational damage due to data breaches rather than from short innovation cycles. The interplay between these factors is greater than the potential conflict between the two and competition authorities must consider both at par, especially in deals involving digital companies with substantial market power.

The discussion clearly shows that a conflict between the innovation and data privacy parameters may result in certain scenarios. In such a situation, a possible determination of the role of these parameters in a given deal may be effected by analysing the four ‘V’s that characterise data,  namely value, volume, velocity, and variety.  Determining the kind of data at stake essentially affects the data protection and privacy factor. While assessing a deal, authorities must be mindful of engaging in such an analysis; the case in point being the Apple/Shazam deal, where a thorough analysis of the four ‘V’s was undertaken. If the data involved is not such that might jeopardise privacy, the greater weight could be given to innovation in the relevant deal. On the other hand, if the data at stake, whether separate or post combination, involves a significant amount of sensitive and personal information, innovation consideration may have to take a back seat in such deals.

In terms of changes required, in the author’s opinion, a change in enforcement is definitely warranted, but ex-post assessment (as suggested by various authors) may not be the best option. However, even if such a shift were to take place, the first step would have to be conducting a robust and sophisticated market analysis, without which altering the timing of conducting the merger review may not have any impact. For this, the role of innovation and data privacy becomes extremely relevant, and these have to at least be considered in merger review, if not act as deterrents to block the deal. Depending on the peculiarities of the case, these parameters may either complement or be in conflict. The author believes that the characteristic of data involved is the deciding factor in determining where the balance lies.

In Part II of this piece, (available here) the author looks at two deals involving Facebook in hindsight and concludes the practical application of the two factors of innovation and data privacy.


Leave a Reply

Your email address will not be published. Required fields are marked *

Contact Us

Kerwa Dam Road., 
National Law Institute University, Bhopal
Madhya Pradesh, India. 462044​.

write to us at –