By Vedant Singh
Introduction
The Hon’ble Supreme Court in 2017 through the landmark judgement of K.S Puttaswami and Anr. V. Union of India had recognized the right of privacy as a part of right to life and personal Liberty under Article 21. In this judgement it was held that the fundamental right to privacy would consist of “intrusion with an Individuals Body, informational Privacy and privacy of choice.” The Court articulated that informational privacy is understood as control of dissemination of such information that will give a person the ability “to be able to control exercise over his/her own life and image as portrayed in the world and to control commercial use of his/her identity” and limit the purposes for which their information can be commercially exploited. In this paper we shall explore the placement of such data protection and privacy concerns under the contours of competition law.
Relevant Legal Frameworks
Earlier, under the Information Technology Act, 2000 (IT Act) regulation of such information was provided for under section 43A and Section 72A. Currently the Data Protection Bill, 2021(DPB) passed into law on 16th December 2021 has repealed section 43A of the IT Act and defines data as information "relating to a natural person who is directly or indirectly identifiable, having regard to any characteristic, trait, attribute or any other feature of the identity of such natural person, whether online or offline [...] and shall include any inference drawn from such data for the purpose of profiling.” The Ministry of Electronics and Information Technology (MEITY) had also issued a Non Personal Data Framework (NDPF) report in July 2020 (Later on revised in December 2020). Under Para 7(iv) of the report it is stated that “In a data economy, companies with the largest data pools have outsized, unbeatable techno-economic advantage” which have squeezed out many new entrants who are facing entry barriers by the virtue the aforementioned entities having a first mover advantage, sizable network effect and large amounts of data collected. The NPDF suggests that the Competition Commission of India, DPB, and the Non-personal data authority ought to be harmonized to regulate anti-competitive effects of large amounts of Data held by certain parties.
Data forms an Indicator of market power
Data protection concerns have arisen in the recent cases of the Competition Commission of India (CCI) involving dynamic multisided digital markets in relation to market players such as Facebook, WhatsApp and Google. Privacy has been understood as a non-price competitive parameter, which implies that there can arise competition on the lines of privacy policies offered by market players, and this can thus be taken into consideration while assessing competition law cases. The European Commission had also in the Facebook and WhatsApp merger case noted that customers heavily value privacy and security. They had established this using various examples such as the success of Telegram in attracting 35 million monthly active users just 6 months after its launch due to its privacy policies, the news of a high number of German WhatsApp users shifting to Threema due to privacy concerns arising out of Facebook acquiring WhatsApp amongst other indicators.
In India, when dealing with the Harshita Chawla case the Commission was of the view that WhatsApp is in a dominant position in the relevant market of market for ‘OTT messaging apps through smartphones in India’ due to its “popularity and wide usage, for one-to-one as well as group communications and its distinct and unique features” and network effect arising from various factors such as high switching costs due to the inoperability with other platforms. The informant had alleged misuse of data by Facebook (as a parent entity) through WhatsApp and other entities acquired by Facebook for commercial advantage by using consumer sensitive data for targeted advertising which was causing an adverse effect on competition. However, the Commission was of the view that even though Facebook and WhatsApp did possess such sensitive data which could have anti-competitive implications, there was no evidence to support this claim.
Yet, soon afterwards, in the Updated terms of service and privacy policy for WhatsApp users case the Commission again noted that “in a data driven ecosystem, the competition law needs to examine whether the excessive data collection and the extent to which such collected data is subsequently put to use or otherwise shared, have anti-competitive implications, which require anti-trust scrutiny” and then went on to opine that the sharing of data by WhatsApp with Facebook was seen amounting “to degradation of non-price parameters of competition viz. quality which result in objective detriment to consumers” and was considered prima facie violative of Section 4(2)(a)(i) of the Act.
Abuse of Dominant position by virtue of holding large amounts of Data
In so far as the abuse of a dominant position arising out of exclusive control of large amounts of data is concerned, in the Updated terms of service and privacy policy for WhatsApp users case, the CCI noted that WhatsApp shares users’ personalised data with other Facebook Companies, in a manner that is neither fully transparent nor based on voluntary and specific user consent, that the purpose of such sharing appears to be beyond a user’s reasonable and legitimate expectations regarding quality, security, and other relevant aspects of the service and that such data is being used to build user profiles through cross-linking of data that is collected across services. The CCI noted this raises competition concerns due to data constraint which gives market players like Facebook an WhatsApp a competitive advantage.
Even in Matrimony.com Limited Vs. Google order one can argue that there was abuse of data by google in the markets of ‘Online Web search services’ and ‘Online search advertising service’ by manipulation of such data on account of predetermining ranking of universal results, prominently displaying Google’s own search services and allegations of discriminatory practices in advertisements. Such is only possible owing to the huge data base of Google.
Lastly, in the CCI’s telecom report several issues were highlighted that arise due to abuse of dominance. It was noted that abuse of dominance could lead to lowering of privacy protection which would undermine consumer welfare (thus fall under antitrust/competition law), that there would be objective detriments to consumers from privacy degradation, exclusionary behaviour arising out of lowering data privacy which harms the competitive process and that there can be cross-linking of data across services by tying up with other digital products creating a serious data advantage for the dominant market players.
Conclusion and the way forward
It would behove us to note that it has been acknowledged by both the CCI in its Telecom Report under Para 70 and the European Commission in para 164 of its Facebook and WhatsApp merger case, that privacy is fundamentally a consumer protection issue and is to be dealt with, under certain data protection rules. However, as suggested by the aforementioned NPDF report the CCI can and should act in effect with other agencies to augment the degree of data protection that can be created. Recent legislations such as the DPB and the MEITY 2021 Notification can suggest standards and thresholds (for example, the MEITY notification defines a ‘significant social media Intermediary’ to be a media intermediary with 5 million or more registered users in India) which can aid the CCI’s market studies in terms of defining the market, key players and establishing the market power, the dominance (and possible abuse of such dominance) of a market player in the speedily growing digital media industry.
Comments