Recent cases have seen competition regulators intervening against tech giants, Facebook in particular. The most recent is a ruling in Germany, where the competition watchdog did not issue a fine, but instead ordered Facebook to stop practices which are a key part of the company’s business model. This, alongside other ongoing cases, could be a signal of a new regulatory trend, in which antitrust regulators aim to solve the issues that privacy regulators alone have not been able to address. Once again, Europe is leading the way, with countries elsewhere watching attentively.
The German ruling questions Facebook’s very business model
On 7 February 2019, the German competition authority the Bundeskartellamt ordered Facebook to stop linking user data across different platforms it owns, unless it seeks users’ ‘voluntary consent’ for doing so. In other words, Facebook can no longer force its users to agree to ‘practically unrestricted collection’ and assign non-Facebook data to their Facebook user accounts; and it cannot threaten users to stop providing its services if they do not agree. The Kartellamt calls this ‘internal divestiture’ of Facebook’s data, and notes these practices have allowed Facebook to gain market power. Finally, the authority condemns Facebook’s data collection practices as violating EU data protection rules, and detrimental to users.
The ruling does not impose any fine on Facebook; however, this does not detract from the significant potential impact the ruling may have. In fact, the decision questions some key elements of Facebook’s very business model; if confirmed, it will undermine Facebook’s practice of large-scale data collection, not only across different platforms, but also through instruments such as the ‘like’ button often seen on other websites not belonging to Facebook. It is therefore unsurprising that Facebook has decided to appeal the ruling, and tries to defend its practices by highlighting their benefits and their compliance with GDPR, in response to the accusations moved by the German authority.
The company is unlikely to have an easy time implementing the planned integration of its messaging platforms
The German ruling is a significant one, and did not come as a surprise. The Bundeskartellamt had spent several months during 2018 on the investigation, and hinted at an upcoming ruling at the start of 2019. Also, the decision comes from a country where data protection authorities (specifically, that of Hamburg in September 2016) had already tried to stop Facebook’s practices to synchronise data between Facebook and WhatsApp. As part of the conditions for the approval of the Facebook-WhatsApp merger in 2014, the company said it would not be able to establish ‘automated matching’ between accounts of the two platforms; however, Facebook started doing just that in 2016, which resulted in a €110m fine from the EC in May 2017, for provision of misleading information.
Back then, the EC was adamant that the 2017 ruling had no impact on the previous approval of the merger. However, things could take a different turn now that the company has announced its intention to integrate the messaging platforms of Facebook, WhatsApp, and Instagram, so that users on each of them can communicate with those on the other two. It is understood that the project is still in its early stages, and will not be completed before the end of 2019; however, some regulators have already shown concern and the intention to scrutinise the way in which Facebook will do this. The Irish Data Protection Commission immediately issued a statement requiring to be briefed on the matter, and stressing that GDPR compliance will be necessary for the integration to occur in the EU. While the EC has not yet taken an explicit stance on the matter, some people inside it have already voiced concerns. Tommaso Valletti, chief economist of the Commission’s DG Competition, said Facebook lied back in 2014. It is too early to predict whether the EC will carry out a new investigation, but the odds of it happening are high.
Europe sets the tone, the rest of the world follows
As was the case with privacy, European regulators lead the way, but they are by no means alone. Even before GDPR was approved, the debate it sparked led other jurisdictions to follow the same approach; so much so, that even in the US, where the hands-off approach to regulating has historically been strong, there is now an advanced discussion about a federal privacy framework. The same appears to be happening now, possibly at an even faster pace, in the update of antitrust regulatory tools to reflect the impact of digital platforms on the economy.
Japan is now reportedly considering the set-up of a specific regulator, to scrutinise large tech companies about monopoly practices and the handling of personal data; and the country’s existing competition watchdog, the Fair Trade Commission, has already carried out work to update its practices related to the activity of digital platforms. In India, the antitrust commission is reportedly looking at Google’s use of the Android mobile OS to block rivals. Once again, the US could be the latest to the party; however, it is by no means certain that they will not join. The Federal Trade Commission has been carrying out hearings, which are still ongoing, to gather evidence and assess the need to adjust competition and consumer protection law. Equally important is the FTC’s current inquiry on Facebook’s privacy practices, which is examining whether Facebook violated the terms of a settlement it reached with the body in 2011. It is very likely that the inquiry will result in a multi-billion dollars fine, though it remains to be seen whether it will trigger new approaches to competition oversight in the country.