top of page

Relationship between Competition Law and Data Protection: A Legal Analysis

This article is written by Lochna V Khatri from St. Joseph’s College of Law. This is an exhaustive article that deals with the interconnection between Competition Law and Data Protection from the perspective of the legal framework.



Abstract:

This article provides an insight into the relationship between two converse areas of law, data protection, and competition law. Both the laws are at a very nascent stage in India. The connection between the two is still greatly undetermined in India however, the connection seems to be better off established in some developed countries such as the United States of America and some European countries which are a part of the European Union. The concept has been evolved in these countries and the essence of its principles in the competition law practice in India is felt now as the provisions of the Competition Act, 2002 are greatly determined by the already well-established competition law of Europe. The lack of data protection laws in India further creates a lacuna for dealing with matters about data protection.

This article is written by Lochana V Khatri from St. Joseph’s College of Law, Bangalore. The article is based upon secondary sources of data and it aims to focus on the aspects of the relationship between the two concepts and their positions in India as well as in Europe.

Introduction:

Competition law is a stirring area of law that is based on the integration of economics and law. It aims to create a fair marketplace, promotes healthy competition by demotivating monopoly, and prohibits unethical practices in the field of business and economics. With the ever-growing digitalization and globalization, the exponential rise in the importance of personal data has been unearthed in the field of commerce. On one hand, companies thrive on personal data by processing them as although it is not a currency, it holds great monetary value. On the other hand, personal data is closely linked to the autonomy and privacy of the general public and consumers. This dual nature of data is what serves as the basic structure for the integration of competition and data in the field of law.

Position in the European Union:

GDPR stands for General Data Protection Regulation which was the law that replaced The Data Protection Directive on 25th May 2018. The GDPR is considered one of the toughest data privacy and security laws in the world. It aims to protect the privacy of the citizens, which fall under the EU, in the digital world.

EU’s competition law and antitrust policies are derived from articles 101 and 102 of the Functioning of the European Union (TFEU). These articles deal with the protection of competition in the modern economy market which is highly digitalized.

These features of both the laws express how these policies cannot replace each other but are rather complementary to each other as both the laws aim at consumer rights protection.

Such a view was held in the report submitted by the German Bundeskartellamt and the French Autorité de la Concurrence in 2016 where it was held that the mere fact of a legal instrument already existing to deal with matters of data protection does not entail its speculation in competition law and is not deemed irrelevant to competition law.

In the landmark case of Asnef-Equifax[1] decided by the Court of Justice of the European Union, it was held that certain tender issues about personal data are not matters of competition law therefore they may be resolved under relevant laws of data protection. A similar view was held in the case of AstraZeneca[2].

This case was later overruled in the judgment of Facebook by the German Bundeskartellamt in the year 2019, where provisions of TFEU were applied and it was held that Facebook(now Meta) had abused its dominant position by not providing its users with an option to opt-out of their data sharing policy. The data privacy policy of Facebook was in the form of “take it or leave it”, which did not leave consumers with a choice and also hindered healthy competition in the market. It is a good fact that the data collected is processed and then personalized advertising is provided to users which serves as the income for such online market players. The court has established infringement of provisions of the GDPR by Facebook.

The case clearly defines the line between collection and use of data for market power and thereby, its abuse by “Big data” firms. The case serves as a pivotal ground for the ambit of competition law in the countries of the European Union. It also serves as inspiration and guidance to other countries across the world to deal with matters of data protection and privacy which can also have competition law concerns.

Position in India:

Data privacy was held to be a fundamental right in the case of Puttaswamy v. Union of India[3]. This makes data privacy a constitutional law matter in the country and infringement of fundamental rights is decided by the High court and Supreme court of India. Furthermore, the Information Technology Act of 2000 also deals with some aspects of data protection and cybercrime. Therefore, the question arises whether the Competition Commission of India can decide upon matters of data protection.

In this regard, the most pertinent case is the case of Vinod Kumar Gupta v. WhatsApp Inc.,[4] in the year 2017 wherein the Competition Commission of India (CCI) held that Data Privacy is not a competition law concern. It further held that the case led to the breach of provisions of the Information Technology Act, 2000, and therefore, it did not fall under the purview of Competition law. A similar view was also held in the case of Harshitha Chawla where the data collection by Facebook and WhatsApp was held not to be anti-competitive and did not raise any competition law concerns.

This case had also cited the case of Karmanya Singh Sareen v. Union of India [5], wherein the Delhi High court held that data privacy is a constitutional law concern.

These cases show that Data protection was not recognized as to be causing any competition law concerns as provisions of the competition acts had to be violated and the burden of proof lies upon the informants to prove the same.

Recent developments in India:

On the 24th of January 2021, the CCI reversed its decision in the case of Karmanya Singh and issued a suo moto Order asking the Director-General to begin an inquiry into WhatsApp for abuse of dominance under the Competition Act because the Act makes it copiously clear that one of the CCI's responsibilities is to protect consumers' interests. The CCI found an illegitimate, non-specific, or involuntary gathering of user data to be unfair to consumers in the WhatsApp Case, which presents a prima facie case under Section 4(2)(a)(i) of the Competition Act. As a result, injury to consumers' data or privacy has been discovered to have anti-competitive insinuation in India, leading to the merging of privacy concerns and competition law. Data is now defined by CCI as a “non-price” parameter in the commercial market of India. The CCI takes this idea ahead to state that "in a data-driven ecosystem, the competition law needs to examine whether or not the excessive data collection, and the extent to which such accumulated data is subsequently put to use or in any other case shared, have anti-competitive implications, which require antitrust scrutiny".

Furthermore, in case of Rajasthan Cylinders And vs U.O.I And Anr the Supreme court ruled that it is subjugated to presently introduce statutes with AI and data to make the present Competition commission better furnished to protect consumer rights.

Powers of the Competition Commission and the ambit of Competition law was highly expanded by the judgment of the Supreme court in the case of Bharti Airtel [6] where CCI looked into the anti-competitive behavior of Bharti Airtel which belongs to the telecom industry and is therefore under the jurisdiction of Telecom Regulatory Authority (TRAI). It was held by the Hon’ble court that the unique feature of CCI is that it is not a sector-based body but has the jurisdiction which transcends sectoral boundaries, thereby covering all the industries, with a focus on the object and purpose behind the Competition Act. The court upheld the primacy of regulatory authorities and accordingly, it was added that the judgment would not bar the jurisdiction of CCI altogether but it would only push it to a later stage after the TRAI has undertaken the necessary exercise in the first place.

Conclusion:

The interconnectedness of competition concerns and data protection seems to be more lucid after the recent judgments of Facebook, WhatsApp, and Bharti airtel. These cases bring out the changing dynamics of the digital market and the role of personal data in the current world.

Although it seems to be a great development in the field of law to integrate other industries within the ambit of competition, it may also create judicial overlapping. Especially with the introduction of the new Data Protection Bill, 2019 in India, which serves to deal with matters of data protection of consumers, it may become more complicated as to which court to approach for breach of Data privacy.

References:

[1] Case C-238/05 Asnef-Equifax v Ausbanc (2006) ECR I-11125.

[2]CJEU, Case C-457/10 P, AstraZeneca AB and AstraZeneca plc v. European Commission, ECLI: EU: C:2012:770, ¶ 132.

[3]Justice K.S. Puttaswamy and Ors. vs. Union of India (UOI) and Ors. (26.09.2018 - SC): MANU/SC/1054/2018.

[4]Vinod Kumar Gupta vs. WhatsApp Inc. (01.06.2017 - CCI): MANU/CO/0036/2017.

[5]Karmanya Singh Sareen And Anr vs. Union of India And Ors (27.04.2017 - SC Order): MANU/SCOR/81142/2017.

[6]Competition Commission of India vs. Bharti Airtel Limited and Ors AIR 2019 SC 113.





Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
Post: Blog2 Post
bottom of page