by Mark MacCarthy

Antitrust enforcers can think of privacy as a parameter of competition

Jul 09, 2019

But it is not likely to improve privacy protection very much.

keep out sign do not tresspass privacy authentication access barbed wire by tim husser getty
Credit: Tim Husser / Getty Images

Over a decade ago, legal scholars and advocates in the U.S. debated whether privacy could be cognizable under the antitrust laws as part of the Federal Trade Commission’s review of the Google and DoubleClick merger. The Electronic Privacy Information Center, privacy scholar Peter Swire and FTC Commissioner Pamela Harbour all said yes. But the FTC majority at the time ruled otherwise. In giving the merger a green light, it said it lacked “legal authority to require conditions to this merger that do not relate to antitrust…”

This might seem to be the mainstream antitrust view, even now. As Carl Shapiro said recently: “Antitrust is not designed or equipped to deal with many of the major social and political problems associated with the tech titans, including threats to consumer privacy…” But the matter is much more nuanced.

Treating privacy as a parameter of competition is increasingly accepted view in antitrust circles

As the 2010 Justice Department guidelines make clear, merger reviews can take into account many dimensions of competition including innovation, product quality, and product variety in determining whether a lessening of competition in these areas will harm consumers.

Privacy could be such a dimension of product or service quality. Companies could compete on privacy in any number of ways: providing clearer, easier to read descriptions of their data collection practices, allowing choice about data use in a wider range of circumstances, adjusting the choice architecture to provide for opt-in rather than opt-out choice, allowing secondary use only with affirmative opt-in consent, not sharing customer data for third-party marketing, minimizing the data collected and discarding it after its initial use.

When differences in these privacy practices are valuable for consumers and a basis for choice among competing products or services, they are a dimension, aspect or parameter of competition.

Former FTC Commissioner Maureen Ohlhausen agrees, saying privacy “increasingly represents a non- price dimension of competition.” European Commission competition officials Eleonora Ocello and Cristina Sjödin say the degree of privacy afforded by a digital platform can be “a relevant parameter of competition.” Antitrust scholars Maurice Stucke and Allen Grunes (p. 131) agree that privacy can be “an ‘important’ factor in the decision to purchase or a ‘key’ parameter of competition.”

As a result, merger reviews have to be more nuanced that simply repeating the general principle that competition policy is concerned solely with protecting competition. When privacy is a “main” or “key” or “important” element in consumers’ decisions to purchase a good or service, a merger that eliminated or reduced competition along this non-price dimension could be blocked or conditioned under competition policy law.

But this touchstone of privacy as an aspect of competition has never been the sole basis for rejecting or conditioning a merger

In 2014, the European Commission approved the merger of Facebook and WhatsApp. The Commission treated privacy as one difference between WhatsApp and Facebook’s own communications app, Facebook Messenger. Facebook collected data on its users for advertising purposes and WhatsApp did not. There were other differences as well.

But the Commission’s market investigation found that the only factors on the basis of which WhatsApp and Facebook Messenger were close competitors were “the communications functionalities offered and the size of their respective networks.” In particular, the size of the network seemed of crucial importance because it determined the number of people users could reach.

Moreover, the Commission found that many people used both social messaging services. If WhatsApp users were genuinely put off by Facebook’s privacy practices, so much so that they would prefer to use WhatsApp instead, why were up to 90% of them Facebook users?

For these reasons, the Commission concluded that privacy was not a significant dimension of competition between the merging companies. It could not therefore use a decline in competition along that parameter as a basis for conditioning or rejecting the merger.

That judgment still seems reasonable today, even though WhatsApp’s pro-privacy practices have largely been replaced with the data collection and use practices typical of the rest of the Facebook family. There simply wasn’t evidence at the time that consumers chose their communications app on the basis of the privacy differences between Facebook Messenger and WhatsApp.

The European Commission review of the merger between Microsoft and LinkedIn in 2016 holds a slightly different lesson. LinkedIn’s professional social network competitor in Germany and Austria, Xing, provided opt-in choice for data sharing while LinkedIn provide the less protective opt-out choice. But, in this case unlike in the Facebook case, the Commission concluded that this privacy difference was “an important parameter of competition and driver of customer choice in the market.” 

The Commission also found that Microsoft had the ability and incentive to use certain integration and pre-installment practices to foreclose competition in the market for profession social networks. Foreclosing this competition would reduce consumer choice for their preferred social network, and it would, in addition, also restrict consumer choice in relation to privacy, an “important parameter” of professional social network competition.

The Commission approved the merger when Microsoft made commitments restricting their conduct in connection with integrating and preinstalling the LinkedIn app. It imposed no conditions relating to privacy practices.

In this case, the privacy issues added weight to the Commission’s case for conditioning the merger before approving it, but crucially, privacy was only an add on to the key finding that Microsoft had the ability and incentive to foreclose competition in the professional social network market. The remedy would have been exactly the same if privacy were not a parameter of competition at all.

Privacy needs to be regulated on its own, not as an adjunct to competition policy

The basic fact remains that merger reviews can promote privacy only when privacy dovetails with preserving competitive conditions. In the absence of competition on privacy between Facebook Messenger and WhatsApp, reviewing authorities had no capacity to block the merger that would end WhatsApp’s pro-privacy practices. If Microsoft had no ability or incentive to forestall competition in LinkedIn’s market, then reviewing authorities would have been powerless to preserve the more pro-privacy practices of LinkedIn’s competitors.

This is not to say that all is well with privacy. The US needs a national privacy law that can respond to consumer concerns, address industry’s issues about fragmentation in the states and present a US policy alternative as an international model. Considering privacy as a parameter of competition is not a mistake; it is not bad competition policy. But it won’t promote privacy very much and it is no substitute for a new national law focused directly on privacy as its objective.