India’s antitrust authority has finally broken its silence and identified the relationship between data privacy and competition. But although the market study on the telecommunications industry touched upon data privacy issues, the Competition Commission of India (CCI) fell short of stating its position on enforcement in data privacy-related matters.
The market study, released in January, traces the recent evolution of the telecoms industry, the threats and challenges to competition, and the strengths and opportunities in the wake of technological innovations.
The commission identified that data privacy could take the form of non-price competition, and that lower data protection could result in exclusionary behaviour and undermine the competitive process.
The study indicates that the antitrust authority has the power to look into data privacy issues where they may raise competition concerns. However, Deeksha Manchanda, a Delhi-based partner at Chandhiok & Mahajan, points out that previous cases have indicated its lack of determination. The CCI has dismissed allegations of misuse of data, citing a lack of evidence.
Recent example are the multibillion-dollar investments by Facebook and Google in Reliance Industries’ Jio, which were cleared by the commission despite industry concerns raised over the acquirers, and the target being dominant in the Indian market.
Nisha Kaur Uberoi, a Mumbai-based partner and national head of competition law at Trilegal, anticipates data privacy issues concerning a dominant player could be raised before the authority soon, considering that India’s personal data protection law has yet to be legislated. “The CCI has made its intent clear that lower data protection by a dominant player may be considered an abuse,” she says.
Quite a few antitrust lawyers expect that the ongoing WhatsApp controversy, surrounding the proposed change in its privacy policy, could be filed to the CCI.
Determining the appropriate data privacy standards that should be followed by a dominant player will pose a challenge for the commission, Uberoi says. Changes in standard existing tools, and the regulator’s approach to relevant market delineation and assessment of market power in two-sided markets, would raise regulatory difficulties.
The study may have identified data privacy as a non-price competition factor, but privacy is a domain that goes by its rules, which warrants another regulator, says Anisha Chand, a Mumbai-based partner in the competition and antitrust practice group at Khaitan & Co.
Manchanda agrees, and adds that once a data protection authority is established, parties may challenge the CCI’s jurisdiction to examine data privacy issues.
Inter-regulatory dialogue across regulators may prove necessary should the commission choose to look into data privacy issues, and may give rise to a jurisdictional challenge before the courts in determining whether data privacy should be addressed by competition laws, consumer protection laws, or the data protection law, which has yet to be legislated.
The study acknowledges the need for lines of communication among various authorities – namely the Department of Telecommunications, the Telecom Regulatory Authority of India, the CCI, and the envisaged Data Protection Authority – and robust and consistent regulatory decisions.
The Business Law Digest is written by Freny Patel.
