HomepageCommercial LawPrivate LawPublic Law & Human RightsCriminal LawEU & International LawCareers


Have Irlen Syndrome, or need different contrast? Click the button below for options.

Background Colours


Enter you email address below to subscribe to free customisable article notifications.

Alternatively, click the button below for our various RSS Feeds (available journal wide, or per section).

Investigating Facebook: Competition Law vs Data Protection

Article Cover Image

About The Author

Razvan Marginean (Guest Contributor)

Razvan is a law student in his 4th (and final) year at the University of Babes Bolyai (Cluj-Napoca, Romania). He studied for the past 6 months at Utrecht University in the Netherlands. His main area of interest is private law and as a hobby likes to keep in touch with the recent developments regarding big tech regulations. Apart from this, he enjoys sports such as F1, tennis, and football but also tv shows like BoJack Horseman, South Park, Family Guy, Seinfeld or Friends.

It's dangerous when people are willing to give up their privacy

Noam Chomsky


We like Facebook and we know that it is collecting our data. So why is Bundeskartellamt – Germany’s National Competition Authority (NCA) - investigating them? The crux of this article is evaluating in a normative manner the value of Bunderskartellamt’s investigation of Facebook in light of the pioneering crossroads between competition law and data protection. First of all, what ‘crossroads’ am I talking about and why? Secondly, what do I mean by ‘pioneering’This article will be framed by answering more key questions which altogether will lead us to the relevance of this investigation. Relevant big tech cases will be mentioned along the way, as well as fundamental competition law provisions, not only from the Treaty othe Functioning of the European Union (TFEU), but also from the German Competition Act 2017 (GWB). The star of 2018, the new General Data Protection Regulation 2016/679 (GDPR), which came into force on the 25thof May 2018, is of significant importance too.

Why ‘crossroads’?

The roads that intersect in this case are competition law and data privacy regulations. As noted by the Court of Justice of European Union (CJEU) in Asnef-Equifax [2006]:

Any possible issues relating to the sensitivity of personal data are not, as such, a matter for competition law, as they may be resolved on the basis of the relevant provisions governing data protection.

Similarly, the European Commission (EC) has since persistently shared the view in the context of its merger decisions in Google/DoubleClick [2008], Facebook/WhatsApp [2014] and Microsoft/LinkedIn [2016] that privacy-related concerns do not fall within the scope of EU competition law, but within the scope of the EU data protection rules. 

Nevertheless, since the application of the GDPR, the lines between these two areas of law have become even more blurred. Just recently, in January of this year, Google was fined €50 million for a violation of GDPR in France. The fining system is similar to the one found in competition law. Breach of a competition law provision may result in an undertaking facing a capped maximum fine at 10% of its turnover. At the same time administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher, are applied if GDPR regulations are breached (art. 83).

Despite  the  partial overlap  in  scope  between  the  corresponding  competition and  data protection regulations, their respective rules and principles are typically still applied in isolation of each other. Though Graef et al. argue that a particular type of behaviour may raise issues under more than one legal framework, others, such as Esayas, affirm that with the increasing commercialisation of personal data, there is an ever growing consensus that the level of privacy protection could be subject to competition as an element of quality, choice, or innovation. 

Why ‘pioneering’?

All in all, the idea of tackling data privacy issues with competition tools is already present in academic debates, but the Bundeskartellamt’s investigation of Facebook is the first attempt to put this into practice. On 19 December 2017, a press release was issued regarding the possibility that Facebook had infringed competition law by abusing their dominant power and breaching data protection provisionsas explained in the background information.

In short, what Germany’s NCA argued was the following. Imagine that you want to create a Facebook account. You offer your ‘freely given, specific, informed and unambiguous’ consent (as stipulated in Article 4 Section 11 GDPR) that your personal data given to Facebook will be used by the company (e.g. to target you with ads). This is the first type of collected data. By abusing its dominant power on the market, Facebook also forces third party sources (including both its own apps, such as Instagram and WhatsApp, and also any site which is accessed and has a ‘like’ button on it) to share with them the data that they collect about you – the second type of collected data. Bundeskartellamt argues that the second type of collected data might infringe the GDPR as the user's consent was not validly informed.

Article  5 Section 1 lit a GDPR provides that personal data must be ‘processed lawfully, fairly and in a transparent manner in relation to the data subject’. Facebook cannot reasonably presume that, because you created a Facebook account, your consent also extends to the data from third party sources, allowing them to combine the two categories of data. By gathering more data, the profiling is more accurate and more effective. Profiting from the unlawfully acquired data affects competition, which is why this type of behaviour is against antitrust rules.

But why is Germany’s NCA the first to launch such an investigation, and can other competition authorities, such as the UK's Competition and Market Authority or the European Commission (EC), follow suit?

Can European Commission do the same?

The German NCA relies on § 18 (3a) of the German Competition Act (GWB). The provision makes access to personal data a criterion for market power, especially in the case of online platforms and networks. By invoking §19 GWB without referring to Article 102 of the Treaty on the Functioning of the European Union (TFEU), the NCA tries to avoid any discussions regarding the potential (in)applicability of the latter.

Unfortunately, there is no provision like § 18 (3a) in EU legislation. This might explain why the EC is reluctant to engage in investigations such as this one. But is there a need for such a norm? The concept of fairness (Kalimo & Majcher, 2017) or considering data privacy a matter of quality under competition law (Microsoft case) could be argued to place data privacy issues under the scope of Article 102 TFEU.  Although the Commission restated that data protection is not a competition issue, in the context of Microsoft’s acquisition of LinkedIn, it also acknowledged that privacy related concerns:

Can be taken into account in the competition assessment to the extent that consumers see it as a significant factor of quality, and the merging parties compete with each other on this factor.

It is submitted that, thanks to the general terms used (from a teleological and evolutive perspective), Article 102 can be extended to cases related to big tech as well. Moreover, the judgment in Continental Can (1973) clarified that the list of abusive conduct stated in the then Article 86 (now Article 102 TFEU) is not exhaustive. Accordingly, the conditions through which online companies engage in data processing could be classified as trading conditions, and may be nonetheless examined under Article 102 TFEU.

This points us to the conclusion that abuse of a dominant position under competition law can also be interpreted as allowing the EC to initiate investigations in the data privacy field, even without a legal provision akin to § 18 (3a) GWB.

Will it be enough?

Some scholars, such as Graef et al., argue that the Bundeskartellamt’s intervention on the basis of competition law could help alleviate data protection concerns. This solution however has some drawbacks.

Firstlywhilst it is true that the list of abuses provided by Article 102 is not exhaustive, it is nonetheless also true that the cases listed in a legislative provision, even by way of example, reveal the intention of the legislator and indicate implicitly the kind of situations envisaged. With more transparent, predictable standards in place, compliance with the laws would likely improve as companies would be better able to police themselves - see the OECD's ‘Roundtable on Competition Policy’.

Secondlythe process takes too long. More than two years have passed since the beginning of the investigation mentioned above and we still have no decision. If the NCA concludes that Facebook has abused its dominant position, most probably the tech giant will appeal. This means that we will have the final judgment as early as the start of 2020 … almost 4 years later. As Jean Tirole (2014 winner of Nobel Prize in economic sciences) recently stated during a conference,  the problems with tackling data privacy issues with competition law are that the process is too slow, too late and with non-obvious remedies.

What we need are more cases. By having cases we can experiment and analyse different outcomes and solutions. The emphasis is not only on the final decision. Rather, we are learning from them and taking advantage of the information that we gather. This is how effective regulation might arise. As we have seen before, judgments from the CJEU were later the foundation of the Commission’s drafts (e.g. Manfrediv Lloyd Adiratico Assicurazioni SpA [2006] for the Commission’s 2008 White paper on the damages, actions for breach of the EU antitrust rules’ which later led to what we have today as EU Directive on antitrust damages actions).

It is also worth mentioning the newly announced move by Facebook. As the Guardian states, Facebook wants to create one big messenger app by combining WhatsApp, Instagram and Messenger features. This is interesting in light of the Facebook and WhatsApp merger, which the EC permitted subject to conditions. In  Recitals 160-161, the EC mentioned that :

Moreover, enabling cross-platform communication would necessitate substantial re-engineering of the services and re-writing of their code, given the differences in their architecture. The  current plans of Facebook, as evidenced by its submissions to the  Commission, public  statements and  internal  documents, do not provide support for a future integration of WhatsApp with Facebook of the sort that would strengthen Facebook's position in the potential market for social networking services.

Concluding remarks

In the context of competition law v data protection, can it be said that the Bundeskartellamt is truly pioneering crossroads? It might not solve the existing regulatory problems regarding big tech giants, which seem to thrive and remain defiant towards the rule of law, but it is nonetheless a breath of fresh air. It pioneers not a solution, but a proactive attitude towards a delicate situation. The investigation has already offered us more clues than we previously had, and by trying to deal with these issues it might encourage the EC to conduct similar “experiments” that can only strengthen our rule of law. It was a bold initiative and regardless of the outcome, it is a step in the right direction.

For the latest articles straight to your inbox, you can subscribe for free. Alternatively, follow @KeepCalmTalkLaw on Twitter or Like us on Facebook.

Comment / Show Comments (0)

You May Also Be Interested In...

Why the Law on Indirect Discrimination is so Vital for Equality

15th Jun 2021 by Annie Fendrich (Guest Author)

Walk It Off: Rugby Union and the Law of Negligence

18th Apr 2021 by Mark O'Neill

Are the Courts Overstepping on Parliamentary Accountability?

30th Mar 2021 by Jalal Chohan (Guest Author)

The Biggest Challenges Facing the Legal Profession in 2021

2nd Mar 2021 by Peter Lennon

KCTL: New Year, New Team

1st Mar 2021 by Liza Hartley

Intention to Create Legal Relations: A Necessary Fiction?

24th Nov 2020 by Suleha Baig

Section Pick March

Coronavirus and the ECHR: Should the UK Trigger Article 15?

Editors' Pick Image

View More


Keep Calm Talk Law: Moving Forward

3rd Sep 2019

Changing of the Guard: Moving Keep Calm Talk Law Forward

12th Aug 2018

An Anniversary or Two: Four Years of Keep Calm Talk Law

11th Nov 2017

Rising from the Ashes: The Return of Keep Calm Talk Law

18th Nov 2016

Two Years On, Keep Calm Talk Law’s Legacy is Expanding

11th Nov 2015


Javascript must be enabled for the Twitter plugin to function. Click below to visit us on Twitter.

Free Email Subscription

Subscribe to Keep Calm Talk Law for email updates, and/or weekly roundups. You can tailor your subscription on activation. Both fields are required.

Your occupation / Career stage is used to tailor your subscription and for readership monitoring.

Uncheck this box if you do not want to receive our monthly newsletter.

By clicking the Subscribe button, you agree to our privacy policy and terms of service. Please ensure you read these in full.

Free Subscription