Antitrust authorities overseeing firms such as Facebook owner Meta Platforms META.O are entitled to also assess privacy breaches, Europe’s top court ruled on Tuesday, potentially handing them more leeway in Big Tech probes.
The ruling followed a challenge by Meta after the German cartel office in 2019 ordered the social media giant to stop collecting users’ data without their consent, calling the practice an abuse of market power.
The case before the Luxembourg-based Court of Justice of the European Union (CJEU) looked at whether the German antitrust agency overstepped its authority by using its antitrust power to address data protection concerns, which are the remit of national data protection authorities.
Meta, owner of Facebook, Instagram and WhatsApp, challenged the finding, prompting a German court to seek advice from the CJEU.
In response to the ruling a Meta spokesperson said: “We are evaluating the Court’s decision and will have more to say in due course.”
The CJEU judges said regarding antitrust investigations that “it may be necessary for the competition authority of the member state concerned also to examine whether that undertaking’s conduct complies with rules other than those relating to competition law.
The CJEU, however, said antitrust regulators must “take into consideration any decision or investigation by the competent supervisory authority pursuant to that regulation”.
The German cartel office welcomed the ruling.
“Data is a decisive factor in establishing market power. The use of the very personal data of consumers by the large internet companies can also be abusive under antitrust law,” its head, Andreas Mundt, said.
Thomas Graf, a partner at law firm Cleary Gottlieb, was more cautious on whether antitrust authorities would want to go into the details of privacy law.
“You still need to explain why it is relevant for antitrust law and demonstrate restrictive effects and abuse, and they will need to coordinate with the GDPR authorities,” he said.
The EU’s General Data Protection Regulation (GDPR) is a privacy and security law that imposes obligations on organisations anywhere which target or collect data related to people in the EU.
“Are antitrust authorities going to become GDPR regulators? I don’t think so,” Graf said.
The European Consumer Organisation (BEUC) also welcomed the ruling: “In a complex digitalised economy, more than ever we need authorities to think outside the box and to consider data protection,” BEUC Deputy Director General Ursula Pachl said.
The case is C-252/21 Meta Platforms and others (User conditions for a social network).
(Reuters)