Competition Law and Data Protection: Across the Multiverse
SÉRVULO PUBLICATIONS 05 Jul 2023
There is no doubt that in pop culture, particularly in movies, the recent years have been marked by a trend of creating stories in which the main characters are drawn into different universes, often governed by rules that are foreign to them. With the judgment of the Court of Justice in case C-252/21, Meta Platforms, this trend has officially reached Competition Law.
At issue is a decision by the Bundeskartellamt, the German competition authority, which condemned Meta Platforms and its subsidiaries for considering the treatment of user data, as provided in the terms of use of the social networks managed by Meta Platforms, such as Facebook, WhatsApp, and Instagram, to be an abusive exploitation of a dominant position. This conclusion was based on the fact that the terms of use allowed the processing of data collected outside their platforms ("off-Facebook data"), in violation of the underlying principles of the General Data Protection Regulation (GDPR). In other words, the German competition authority considered that a violation of GDPR principles, when committed by a company with a dominant position, could amount to an abusive exploitation of the users of these platforms. The novelty of the case therefore stems from the use of normative standards unrelated to Competition Law to establish violations subject to it, also raising questions of competence of national competition authorities to examine compliance with other laws or branches of law.
In this regard, the Court of Justice clarifies that " in the context of the examination of an abuse of a dominant position by an undertaking on a particular market, it may be necessary for the competition authority of the Member State concerned also to examine whether that undertaking’s conduct complies with rules other than those relating to competition law, such as the rules on the protection of personal data laid down by the GDPR". Thus, the Bundeskartellamt could assess compliance with GDPR rules to establish the alleged abusive exploitation carried out by Meta Platforms. However, the Court of Justice also safeguards the competence of the GDPR supervisory authorities, stating that the analysis of these situations will primarily be the responsibility of the supervisory authorities and affirming that the assessment regarding GDPR compliance is exclusively intended to establish the abuse of a dominant position.
The Court of Justice concludes, regarding the specific case, that the Bundeskartellamt could establish violations of the GDPR, subject to compliance with an obligation of sincere cooperation with the GDPR supervisory authority. Within this sincere cooperation, for example, the national competition authority could not deviate from a possible decision of the GDPR supervisory authority and would also have the obligation to consult the supervisory authority if no proceedings for a breach of GDPR rules were underway.
In conclusion, the Meta Platforms case law establishes a new paradigm regarding the enforcement of Competition Law, allowing national competition authorities to establish violations of Competition Law using rules from other branches of law, without disregarding the role of competent authorities and requiring cooperation between these institutions. This judgment may potentially have implications beyond Competition Law, and it is legitimate to question whether this will be the new paradigm of enforcement in the face of an increasingly complex regulatory fabric. Although in Portugal, cooperation between the Portuguese Competition Authority and sectoral regulatory authorities is already provided for by articles 35 and 55 of the Portuguese Competition Law (Law No. 19/2012, of May 8), and article 11 of the Framework Law for Regulatory Entities (Law No. 67/2013, of August 28) this judgment further reinforces and could help clarify the possible scope of such cooperation. On their part, companies must remain vigilant, as it becomes increasingly necessary to ensure strict compliance with various regulatory requirements.
Francisco Marques de Azevedo | fma@servulo.com