In a significant development, Europe’s top court has ruled in favor of antitrust authorities’ entitlement to evaluate privacy breaches, potentially expanding their scope in investigating major technology companies. The Luxembourg-based Court of Justice of the European Union (CJEU) delivered the verdict following a legal challenge by Meta Platforms (formerly known as Facebook) after the German cartel office ordered the social media giant in 2019 to cease the unauthorized collection of user data, deeming it an abuse of market power.
The CJEU examined whether the German antitrust agency had exceeded its authority by utilizing antitrust power to address concerns related to data protection, which falls within the jurisdiction of national data protection authorities. The ruling clarifies that antitrust regulators can consider privacy violations alongside competition law, granting them additional latitude in scrutinizing the practices of Big Tech companies.
Meta, the conglomerate behind popular platforms like Facebook, Instagram, and WhatsApp, contested the finding, leading a German court to seek guidance from the CJEU. A Meta spokesperson responded to the ruling, stating, “We are evaluating the Court’s decision and will have more to say in due course,” suggesting that the company may explore its options following the verdict.
The CJEU judges emphasized that during antitrust investigations, competition authorities may need to examine whether a company’s conduct adheres to regulations beyond those specifically related to competition law. This broader approach acknowledges the interconnectedness of various regulatory domains when assessing the behavior of dominant tech companies.
While the CJEU ruling reinforces the authority of antitrust regulators, it also emphasizes the need for them to consider decisions or investigations conducted by competent supervisory authorities pursuant to relevant regulations. This requirement ensures that antitrust investigations remain aligned with existing privacy and data protection frameworks.
The German cartel office welcomed the ruling, emphasizing the crucial role of data in determining market power. Andreas Mundt, the head of the German cartel office, highlighted that the exploitation of consumers’ personal data by large internet companies can also be considered abusive under antitrust law.
However, legal experts have raised some concerns regarding the practical implementation of the ruling. Thomas Graf, a partner at the law firm Cleary Gottlieb, expressed caution about whether antitrust authorities would delve into the intricacies of privacy law. Graf pointed out that antitrust agencies would still need to establish the relevance of privacy violations to antitrust law, demonstrate restrictive effects and abuse, and coordinate with the General Data Protection Regulation (GDPR) authorities.
The GDPR, a comprehensive privacy and security law, imposes obligations on organizations that target or collect data related to individuals within the European Union. Graf questioned whether antitrust authorities would effectively assume the role of GDPR regulators, suggesting that such an expansion of their purview is unlikely.
The ruling has garnered support from the European Consumer Organisation (BEUC), which emphasized the need for authorities to adopt innovative approaches and prioritize data protection in today’s complex digital economy. Ursula Pachl, the Deputy Director General of BEUC, welcomed the ruling, stating, “In a complex digitalized economy, more than ever we need authorities to think outside the box and to consider data protection.”
As the landscape of tech regulation continues to evolve, this ruling sets a precedent for the intersection of antitrust and data protection concerns, signaling a potential shift in how Big Tech companies are investigated and held accountable for privacy breaches.
