Advances in technology and digitisation have led to an increasing focus on the collection and storage of personal data. The collection, storage and use of such data as customers’ contact details and search preferences may have increased the quality of service particularly in the field of advertising. However, governments and authorities across the world have recognised the need for adequate protection of such data. Most governments and authorities have implemented, or have begun to implement data protection regimes. The collection, storage and use of personal data have also raised concerns regarding competition law.
Counsel
Chandhiok & Mahajan
One view is that such issues are best left to data protection regimes, but some competition authorities such as those in Germany have taken a view that the collection and usage of personal data without adequate information and informed consent may constitute abuse of dominance through the imposition of unfair terms on the users. However, an appeal court has referred to the European Court of Justice the issue of whether the German competition authority can examine violations of data protection rules.
In India, the Competition Law Review Committee (CLRC) which was set up to review the Competition Act, 2002 (Competition act) observed in its report that the regulation of digital businesses that rely on user data is still novel in global competition policy and that a balanced approach is essential as consumer benefit is involved. Personal data is regulated by the Information Technology Act, 2000 (IT Act), and the Information Technology (IT) Rules, 2011. A more comprehensive Personal Data Bill, 2019, awaits enactment.
Recently, in Suo Moto case No. 1 of 2021, the Competition Commission of India (CCI) appears to have brought data protection issues within the ambit of competition law. The CCI launched an inquiry into the 2021 update to its privacy policy by WhatsApp, the popular online messaging application. The update amended the way WhatsApp processes user data; how businesses can use Facebook (WhatsApp’s parent) hosted services to store and manage WhatsApp chats, and how WhatsApp and Facebook intend to integrate their products. Unlike earlier updates in 2016 and 2019, the 2021 update provides no option to WhatsApp users to opt out of sharing their data with Facebook. The CCI found this to be the key distinguishing factor from the earlier privacy policy updates. Finding that WhatsApp was dominant in the market for over the top (OTT) messaging apps in India, the CCI formed the preliminary view that the 2021 update was an abuse of dominance and has directed that an investigation be opened against both WhatsApp and Facebook.
Senior associate
Chandhiok & Mahajan
The CCI found that the take-it-or-leave-it nature of the 2021 update made it an unfair condition being imposed by a dominant player on users. The CCI found that the quality of service must be maintained by a dominant player to protect the interests of the consumer under competition law. The CCI observed that “reduction in consumer data protection and loss of control over their personalised data by the users can be taken as reduction in quality under the antitrust law”. The CCI also found that users must be informed about the precise purpose, scope and extent of sharing their data.
The CCI had previously found that the WhatsApp 2016 privacy update did not raise any competition law concern. In that case, the CCI found that any breach of the IT Act did not come within the purview of the Competition Act. However, in the 2021 case, the CCI appears to have departed from the recommendations of the CLRC report and its own previous self-restraint by requiring an investigation. The CCI appears to have failed to fully appreciate that there are the overlapping jurisdictions of a full-blown privacy regime in the IT Act, and of a comprehensive data protection regime in the Personal Data Protection Bill, 2019, when it is enacted. The CCI seems to be following the approaches of Germany and Turkey without appreciating the differences in the legal systems and interplay of competition laws and privacy laws in those jurisdictions. Such overlapping regulation regimes may create uncertainty for parties through conflicting decisions and will increase the burden of regulatory compliance.
Avinash Amarnath is a counsel and Prachi Agarwal is a senior associate at Chandhiok & Mahajan
Chandhiok & Mahajan
C-524, Defence Colony
New Delhi – 110 024
India
Mumbai | Bengaluru
Contact details
Tel: +91 11 4163 0033
Fax: +91 11 2433 9075
Email: office@chandhiok.com
