TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

The Privacy Advisor | The thin line between privacy and antitrust Related reading: A view from Brussels: Germany seeks extension for CJEU judge


Companies that collect consumer data are facing intense scrutiny from antitrust and privacy enforcers in the U.S. and abroad. This increased scrutiny is not limited to Big Tech firms but could apply to any company holding large amounts of data. The lines between antitrust and privacy objectives and enforcement are increasingly becoming blurred. This article provides concrete, real-world scenarios in which companies need to find ways to compete, innovate and serve customers while navigating antitrust and privacy issues.

Scenario 1: The killer acquisition

Alpha company runs a popular app and seeks to acquire Beta company, a small, recently created competitor that has reached a new consumer segment.

At first glance, antitrust issues may seem nonexistent where there is currently little competition between the merging parties. Antitrust or privacy enforcers and regulators could have, however, a variety of nuanced concerns about the acquisition, including Alpha killing off its potential future (nascent) competitor; Alpha using the personal data obtained by its target to reinforce its market power in other segments, such as advertising; or privacy concerns about Alpha sharing consumer data across applications.

Nascent competition

For several years, there has been an increased focus on “nascent competition” in merger review by the federal antitrust agencies. Nascent or future competition concerns potentially exist where one of the merging entities “has the capabilities that are likely to lead it to develop new products in the future that would capture substantial revenues from the other merging firm” and where “one of the merging firms has a strong incumbency position and the other merging firm threatens to disrupt market conditions with a new technology or business model” (Horizontal Merger Guidelines). For example, some antitrust commentators have raised these concerns in their hindsight analyses of Facebook’s acquisitions of Instagram and WhatsApp. 

A recent nontech example of the antitrust regulators killing deals because they eliminate an emerging competitor is Edgewell’s decision to drop its $1.4 billion acquisition of direct-to-consumer razor company Harry’s after the U.S. Federal Trade Commission filed a lawsuit to block the deal in February. The FTC’s reasoning for blocking the deal was that losing Harry’s as a competitor “would remove a critical disruptive rival that has driven down prices and spurred innovation in an industry that was previously dominated by two main suppliers, one of whom is the acquirer.”

Interestingly, a nascent company that is viewed as an industry disruptor may draw increased scrutiny as it attempts to be acquired. But what if the founders of Beta want to be acquired and an acquisition was part of its original business plan? Some have argued that the theory that nascent competitors are better left on their own rather than as part of a larger corporation may actually harm innovation and disincentivize startups and app developers, particularly those whose primary goal was to be purchased one day by a larger tech company.

Acquisition of data to abuse monopoly power in adjacent market

Antitrust agencies may scrutinize or challenge the Alpha/Beta merger based on concerns that Alpha could use the personal data obtained by Beta to reinforce its market power in other segments, such as advertising. For example, the Department of Justice is currently taking a closer look at these issues in the pending acquisition of Fitbit by Google. While the two companies are not competitors, the acquisition could cut off a potential advertising rival because Fitbit has access to unique user data that could be exploited and monetized through targeted advertising.

Sharing data raises privacy concerns

While data protection issues were an afterthought in the structuring of merger and acquisition transactions previously, when the data assets are the main driver for an acquisition, identifying the legal, regulatory and contractual requirements that apply to the handling of data is essential, as is understanding customer expectations. Privacy concerns may arise where consumers may have agreed to share their data with one application but may not have agreed to share it with the acquirer, which may have different information that when combined changes the nature of the uses of that data.

Scenario 2: The data grab

A company holds unique datasets, such as biometric data, and wishes to expand its offerings by collecting additional data or acquiring another data-heavy company

It is not just the Big Tech companies that may be subject to increased antitrust and privacy scrutiny when it comes to data collection and access. Antitrust authorities, academics, Congress and litigators fear that companies that hold large amounts or unique sets of data may create barriers to entry and obtain market power that can be abused.

A more traditional antitrust analysis maintains that competition laws are intended to protect competition and are not intended to protect consumer privacy and that current antitrust laws are sufficient to address antitrust harm in digital markets. A countervailing view, popularized as “hipster antitrust” or the “new Brandeis” approach, espouses a shift of focus from price-based consumer welfare to competitive market structure, including access to data by rivals as a constraint on monopoly power.

In Europe, antitrust regulators already have attempted to make the connection under an “abuse of dominance” theory (the European phrase for monopolization). The German Federal Cartel Office, Bundeskartellamt, sued Facebook last year, alleging abuse of dominance where Facebook’s data policy permits the company to collect and combine user data from non-Facebook websites without adequate user consent and assign the outside data to Facebook user accounts to enhance ad targeting. Facebook ultimately won on appeal.

The DOJ’s Google/Fitbit merger investigation also raises these issues. Traditional antitrust analysis is not applicable because Google and Fitbit are not competitors and, even after the acquisition, Google would have a small share of the hardware and fitness-tracker market. But the investigation could lead to Google making data- and privacy-related concessions in order to get its deal through because the DOJ is concerned about whether the deal would give the company too much control over sensitive health data and give Google the ability to create health profiles of its users and use that information for Google Ads.

Scenario 3: Data potentially facilitating collusion 

An independent company aggregates and holds data from competitors in the same market in connection with the service it provides in the industry

A company that holds data of multiple competitors in an industry should ensure that it has sufficient antitrust and privacy compliance controls in place. In one real-world example, the FTC is investigating a company that aggregates and collects data from several car dealers. The car dealers then have access to that information. Many software-as-a-service companies have built platforms that process large amounts of data, some including sensitive personal data, belonging to customers across particular industries. By harnessing the beneficial power of data analytics, many of these SaaS companies are delivering data-as-a-service as a separate product.

Depending on the particulars of the industry, a data aggregator should be sure that sensitive pricing or competitive information is not accessible or shared among competitors. Allowing competitors to make decisions based on any nonpublic information that they obtained from the aggregator could lead to antitrust liability.

If data collected from one business is also available to its competitors, privacy issues may also be raised to the extent that data sharing between such third parties was not contemplated when the data was initially collected. Notice and consent requirements could apply in addition to an analysis of whether the prohibition against the “sale” of personal data under new laws like the California Consumer Privacy Act or the data broker laws apply. Expanded definitions of what is protected as “personal information” or what constitutes a “sale” under these laws mean a careful analysis of emerging legal requirements and changing customer expectations should be at the forefront when developing business strategies involving big data.

The views expressed in this article are those of the authors and not necessarily those of BakerHostetler or its clients.

Photo by Anika Huizinga on Unsplash

Credits: 1

Submit for CPEs

1 Comment

If you want to comment on this post, you need to login.

  • comment James Casey, Esq., CPP • Jul 10, 2020
    Excellent scenarios and discussion. Thanks!