Is Privacy an Antitrust Issue? A Growing Movement


American antitrust policy has been described as “one of the most successful U.S. exports.”[1] The past two decades saw substantial convergence between the competition regulation regimes of the U.S. and European Union, particularly in merger enforcement and overall policy goals.[2] Though the European Commission and EU member states arguably led the way, recent years have seen both jurisdictions closely scrutinizing both the data processing practices and market dominance of Google and Facebook.[3] The first question is whether these two inquiries should be combined, that is, whether data policies can potentially harm consumers and competition. If that is the case, the second question is whether these inquiries can be combined, given that consumer privacy law and antitrust law are not uniformly compatible.

The extreme approaches to these questions might be characterized in two ways. On one hand, some advocate that consumer privacy, while important, is not a sufficiently material benefit or the right type of harm to be evaluated on antitrust grounds.[4] The contrary perspective is that consumers “pay” for otherwise free services with their personal data, which are extracted as rents by dominant market participants, and that antitrust is therefore a useful and viable framework to assess welfare and competitive harms.[5]

A more nuanced approach emphasizes the range of characteristics underlying the generic term “big data,” differentiating high-value and sensitive personal data from the more general data that is routinely gathered by almost every undertaking.[6] Facebook and Google enjoy their dominance in targeted advertising largely due to their stores of high-value data, distinguished by its volume, freshness, variety, and accuracy.[7] While consumer privacy may be a non-starter for U.S. regulators,[8] examining market barriers and exclusionary conduct related to collection of more sensitive data types may “create a solid basis for theories of harm to competition and welfare.”[9] Indeed, former FTC Commissioner Maureen Ohlhausen writes that “competition law offers at best a convoluted and indirect approach to protecting people’s expectations of privacy online. Attempting to unify the competition and consumer protection laws creates needless risks for the Internet economy,” namely, a reversion from the rigorous scientific method of modern antitrust to the subjective analysis of the doctrine’s earliest days.[10] Such detriment can be avoided through an approach that relies on the same theories as modern antitrust to address the harmful effects of the consolidation of sensitive consumer data by a single dominant firm.

I. The U.S.

When it comes to the dominant tech companies, the “strong preference [by U.S. regulators]for erring on the side of nonenforcement [sic]”[11] is showing signs of waning. Facebook and Google faced historically large fines and strict conduct remedies in 2019.[12] However, sanctions of these companies have thus far been grounded not in antitrust law, but in consumer privacy violations.[13]

Google last year reached a $170 million settlement with the FTC and New York Attorney General for illegally collecting personal information from children without parental consent through YouTube.[14] The infringing conduct was a violation of the Children’s Online Privacy Protection Act (COPPA) rule, which the FTC is charged with enforcing.[15] The U.S. District Courts have generally been skeptical of private actions comingling privacy-based harm to consumers with allegations of anticompetitive business practices,[16] though certain class actions grounded on allegations of economically impactful privacy abuses have survived motions to dismiss, leading to settlement.[17]

The record-breaking $5 billion fine levied against Facebook last year was similarly grounded in violations of consumer protection laws.[18] In addition to the monetary sanction, Facebook’s Board of Directors is further required to establish a new Independent Privacy Subcommittee, overhaul its compliance program, and submit to a biannual third-party evaluation and continuous FTC monitoring of its privacy practices.[19] The expansive sanctions were, in part, motivated by the fact that Facebook’s conduct violated a 2012 settlement order with the FTC that prohibited the company from misrepresenting its data privacy and security practices to consumers.[20]

II. Germany

Last year’s decision by Germany’s Federal Cartel Office (“FCO”) took a wide-ranging approach to addressing Facebook’s dominance and data usage.[21] In light of Facebook’s dominance in the German market, the FCO found that the company’s data policy, which allowed it to collect and merge consumer data drawn from its own myriad platforms as well as third-party apps, violated the EU General Data Protection Regulation (“GDPR”).[22]

This violation of consumer privacy law was held to have an anticompetitive effect because Facebook, through its various platforms, is so dominant in social media that consumers effectively have no alternative.[23] Attempting to strengthen the link between the privacy violation and competitive harm, the decision noted that Facebook’s “competitive edge over its competitors” was reached through the aforementioned unlawful conduct and by raising market entry barriers through using this data in targeted advertising.[24] In a dictum surely calculated to send chills through Silicon Valley, the decision also stated that “the internet’s innovative power cannot be taken as a general argument against an internet company’s market power.”[25] The ruling prohibited Facebook’s data processing policy in its current form and ordered the company to reform its data and cookie policies within 12 months to comply with the FCO’s interpretation of the GDPR.[26] Facebook appealed the decision before it was even handed down.[27]

On appeal, the Higher Regional Court of Düsseldorf (“OLG”) was highly skeptical of the FCO decision below, suspending the ordered data reforms and expressing “serious doubts as to the legality of these resolutions by the antitrust agency.”[28] The OLG rejected the FCO’s exploitation argument in its entirety, finding no “exploitative abuse” of consumers under German competition law, and that the illegality of a contractual condition alone could not sustain allegations of abuse of market power.[29] However, the connection between data protection and competition that the FCO sought to establish was not rejected outright: “it is not excluded from the outset that damage to consumer protection may be regarded as a norm-relevant damage to competition within the meaning of [German competition law].”[30]

Further appeals at the OLG level or at the Federal Supreme Court level are possible, and the decision gave the FCO substantial guidance on where its allegations lacked legal or factual support.[31] However, the proposed remedies will likely be irrelevant by the conclusion of a years-long appeals process, notes Professor Rupprecht Podszun: “The law is at its limits with the internet giants. It is too slow.”[32] The OLG and FCO decisions demonstrate that increased, persistent scrutiny in this area is likely in the EU member states, even if the precise legal theory is still developing.

III. Conclusion

Herbert Hovenkamp described the modern state of antitrust as “caught between its pursuit of technical rules designed to define and implement defensible economic goals, and increasingly political calls for a new antitrust ‘movement.’”[33] Nowhere is this dichotomy more apparent than in the calls for consumer data protection and antitrust enforcement against Facebook and Google. Privacy and data protection do not fit neatly into the antitrust framework. The deciding question will be whether it is mere coincidence that these spectacularly dominant firms also sit on mountains of high-quality, particularized, and valuable personal data, or whether their dominance is a result of specific anticompetitive conduct in obtaining and maintaining their data advantage. It remains to be seen whether this “movement” will catch on, but the enforcement actions of the past year are a sign that courts and regulators are increasingly taking these arguments seriously.


[1] Aoife White, How the World Uses the U.S. Antitrust Enforcement, Bloomberg Businessweek (Oct. 25, 2019),

[2] See generally Kfir Abutbul, Note, The U.S. and E.U. Approaches to Competition Law-Convergent or Divergent Paths?, 17 Colum. J. Eur. L. 101, 119–128 (2011).

[3] See Steve Lohr, New Google and Facebook Inquiries Show Big Tech Scrutiny Is Rare Bipartisan Act, N.Y. Times (Sep. 6, 2019), (discussing a rise in bipartisan antitrust scrutiny of Facebook and Google at both the state and federal level in the U.S. following the series of multi-billion dollar fines levied against Google by the EU).

[4] See, e.g., Geoffrey Manne & Ben Sperry, Debunking the Myth of a Data Barrier to Entry for Online Services (Mar. 26, 2015),

[5] See, e.g., Dina Srinivasan, The Antitrust Case Against Facebook: A Monopolist’s Journey Towards Pervasive Surveillance in Spite of Consumers’ Preference for Privacy, 16 Berkeley Bus. L.J. 39, 44 (2019).

[6] See Daniel L. Rubinfeld & Michal S. Gal, Access Barriers to Big Data, 59 Ariz. L. Rev. 339, 380–81 (2017).

[7] See id. at 346–47.

[8] See infra § I-II.

[9] See Rubinfeld & Gal, supra note 6, at 380.

[10] See Maureen K. Ohlhausen & Alexander P. Okuliar, Competition, Consumer Protection, and the Right (Approach) to Privacy, 80 Antitrust L.J. 121, 156 (2015).

[11] Kevin A. Bryan & Erik Hovenkamp, Startup Acquisitions, Error Costs, and Antitrust Policy, 87 U. Chi. L. Rev. 331, 331 (2020).

[12]  See Press Release, F.T.C., Google and YouTube Will Pay Record $170 Million for Alleged Violations of Children’s Privacy Law (Sept. 4, 2019),[hereinafter Google Press Release]; Press Release, Fed. Trade Comm’n, FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook (July 24, 2019), [hereinafter Facebook Press Release].

[13] See infra text accompanying notes 14–15.

[14] See Google Press Release, supra note 12.

[15] See id.

[16] See, e.g., In re Google, Inc. Privacy Policy Litig., 58 F. Supp. 3d 968, 973 (N.D. Cal. 2014) (granting in part a motion to dismiss a “nationwide class claims against Google on behalf of . . . all persons and entities in the United States that acquired an Android-powered device between August 19, 2004 and the present, and downloaded at least one Android application through the Android Market and/or Google Play”).

[17] See Fraley v. Facebook, Inc., 830 F. Supp. 2d 785, 810–14 (N.D. Cal. 2011) (denying a motion to dismiss claims under California’s Unfair Competition Law in light of plaintiffs’ pleading that Facebook deprived them of the economic value of their endorsements of third-party products and services).

[18] See Facebook Press Release, supra note 12.

[19] See Lesley Fair, FTC’s $5 Billion Facebook Settlement: Record-breaking and History-making, FTC Business Blog (July 24, 2019, 8:52 AM),

[20] See Facebook Press Release, supra note 12.

[21] See Bundeskartellamt [FCO] [Federal Cartel Office] Feb. 6, 2019, B6-22/19, [hereinafter FCO Facebook Decision].

[22] See id. at 12.

[23] Id. at 7.

[24] Id. at 11.

[25] Id. at 7.

[26] Id. at 12.

[27] Id.

[28] See Oberlandesgericht Düsseldorf [OLG] [Higher Regional Court of Düsseldorf] Aug. 26, 2019, Case VI-Kart 1/19, (English translation provided by the University of Düsseldorf Antitrust Blog D’Kart).

[29] See id. The OLG found a wide range of evidentiary issues with the FCO’s competition analysis in addition to the questionable legal basis.

[30] Id.

[31] Id.

[32] Natasha Lomas, Facebook Succeeds in Blocking German FCO’s Privacy-Minded Order Against Combining User Data, TechCrunch (Aug. 26, 2019, 11:54 AM), (quoting Professor Ruppert Podszun, Director of the Institute for Cartel Law (IKartR) at Heinrich Heine University Düsseldorf).

[33] Herbert Hovenkamp, Whatever Did Happen to the Antitrust Movement?, 94 Notre Dame L. Rev. 583, 583 (2018).


About Author

Comments are closed.

Fordham Journal of Corporate & Financial Law