The relationship between privacy and competition law is complex and contentious. May or should competition agencies consider business conduct’s negative impact on privacy when this effect was the consequence of a restriction or absence of competition? This contribution critically assesses the issues at stake in Case C-252/21 Facebook Inc. and Others v. Bundeskartellamt. It argues that competition agencies should be allowed to consider the legality of business conduct under the GDPR when applying competition law. In the age of data-based business models, it is unhelpful to look at competition and privacy issues in isolation. Judicious regulation of digital platforms requires an interdisciplinary and interinstitutional approach.
By Anne C. Witt[1]
I. INTRODUCTION
Privacy and competition law have long been considered separate areas of law, guided by different objectives and enforced by different agencies. Competition law aims to protect competition, and privacy law aims to protect the personal information of individuals. In the age of data-driven business models, however, where consumers receive free services in exchange for their data, the dividing lines have become blurred. If a digital platform restricts competition by foreclosing competitors or acquiring a competitive threat, and is consequently able to degrade its privacy standards, is this a relevant form of harm within the meaning of competition law? If a dominant platform uses its near monopoly position to impose supra-competitive data-collection terms on users, should this be considered an abuse of dominance? The German Bundeskartellamt made the headlines in 2019, when it answered the latter question in the affirmative, and prohibited Facebook’s data collection terms as incompatible with German competition law.
The case persuaded the German legislator to amend the German competition act, and set in motion a long and complex judicial review process. It has now reached the European Court of Justice, which has been asked to clarify whether national competition agencies may apply the GDPR in competition law cases.[2] This short contribution critically discusses the request for a preliminary ruling in Facebook v. Bundeskartellamt, and argues that national competition agencies should be permitted to interpret national competition rules in line with the GDPR.
II. THE UNDERLYING FACTS, ACCUSATIONS AND PROCEDURE
The facts underlying the original case are well known. Because of its innovative – and highly controversial – theory of harm, the German competition agency’s prohibition from February 2019 attracted a great deal of attention in the international press[3] and scholarship.[4] In all brevity, the reference that is currently pending before the European Court of Justice in Facebook Inc. and Others v. Bundeskartellamt, relates to the decision of the German competition agency (“Bundeskartellamt”) of February 2019 to outlaw Facebook’s data collection policy under German competition law.[5] In essence, the Bundeskartellamt held that Facebook’s policy of collecting and combining personal user data from different sources (i.e. the social network itself, any Facebook-owned business, and any of the millions of third-party businesses worldwide that have incorporated Facebook business tools into their websites) amounted to an exploitative abuse of Facebook’s market power on the German market for personal social networking services.
The agency argued that Facebook had used its position of dominance to force excessive data collection terms upon consumers, which the latter had no choice but to accept for want of a reasonable alternative: if consumers wished to use a social network of a workable scale, they had to agree to Facebook’s data collection terms. According to the Bundeskartellamt, this harmed consumers because it violated their constitutional right to privacy. The agency inferred the infringement of this constitutional right from the fact that, in its view, Facebook’s conduct was incompatible with the “principles”[6] guiding the European Union’s General Data Protection Regulation (“GDPR”).[7] To this end, the Bundeskartellamt carried out a 100-page assessment of Facebook’s data collection policy under the “principles” of the GDPR. In substance, this amounted to an in-depth analysis of whether Facebook could invoke any of the legal justifications stipulated in Article 6 and 9 GDPR.
Throughout the process, the Bundeskartellamt liaised and consulted with the German data protection agency on the interpretation of the GDPR. Having reached the conclusion that Facebook’s conduct was incompatible with the principles of the GDPR, and having concluded that Facebook’s position of dominance was causal for this harm, the agency found that Facebook had committed an abuse of dominance within the meaning of sec. 19(1) GWB.[8] It ordered Facebook to amend its data collection policy, but did not impose a fine.
Facebook appealed, and applied for interim relief. The Düsseldorf Higher Regional Court was convinced by Facebook’s arguments, and, in an unusual move, ordered suspensive effect of the appeal. In a strongly worded interim order,[9] it stated that it was obvious that the prohibition could not be upheld in the main proceedings because of serious legal errors. Among others, the Düsseldorf Higher Regional Court, while also disputing the very concept of harm used by the agency, fundamentally disagreed with the Bundeskartellamt’s assessment that Facebook users had not freely consented to the data collection within the meaning of Articles 6(1)(a) and 4(11) GDPR because of a lack of choice. It took the view that users had had a very clear choice: they could opt to accept Facebook’s contractual conditions and use the network, or they could follow the example of 55 million German residents and choose not to use Facebook. Facebook had not coerced or swindled its users. It had laid out its contractual terms in diverse policy documents that consumers had the possibility of accessing online. If users were too lazy to read these documents in detail, but simply ticked a box accepting the terms and conditions, this did not call into question the freedom of their choice.
The Bundeskartellamt appealed to the German Federal Court of Justice, Germany’s highest court of ordinary jurisdiction, which sided with the agency and struck down the Düsseldorf Higher Regional Court’s interim order.[10] The Federal Court of Justice did not consider the decision sufficiently flawed to justify interim relief. On the contrary. While the court formally merely reviewed whether interim relief was called for, it made clear between the lines that it had little doubt that Facebook had committed an exploitative abuse. It did not call into question the Bundeskartellamt’s privacy-based concept of harm. It confirmed that the right to data protection was covered by the constitutional right to privacy and stressed the particular importance of protecting data generated on social networks against exploitation by network operators because of the political and economic significance of online communications and the sensitivity and depth of such data. The court also confirmed that public bodies were required to consider this constitutional right when interpreting open-worded legal rules such as the prohibition of abuse of dominance, even if the rule in question regulated a relationship between private actors. While the Federal Court of Justice thus ruled that sec. 19 GWB had to be interpreted in light of the German constitutional right to privacy, and not the GDPR, it also clarified that the Bundeskartellamt was entitled to take into account the principles and values underlying the GDPR in this process.[11]
The Federal Court of Justice further strongly disagreed with the Düsseldorf Higher Regional Court’s view that users had been able to make a free and autonomous decision whether to consent to the data collection. It criticized that, by focusing entirely on the lack of coercion and the freedom not to use Facebook, the lower court had failed to consider that for many users, communication via Facebook had become an indispensable part of their social interactions and a means of participating in society. The fact that 80 percent of users questioned had admitted to not having read Facebook’s terms and conditions was evidence of information asymmetry and rational apathy of users who thought they had no leverage, rather than indifference about the use of their personal data. Facebook had therefore deprived consumers of an important choice that would have existed in a competitive market, i.e. the choice between the use of (1) a highly personalized social network service for which consumers agreed to extensive data collection from Facebook and “off Facebook,” and (2) a less personalized service that relied only on the data users chose to disclose on Facebook. The Federal Court of Justice, failing to see any serious errors of law, therefore annulled the lower court’s interim order granting suspensive effect of the appeal.
III. THE CONTROVERSY
The Bundeskartellamt’s Facebook decision raises many interesting issues of competition law relating to causality, market definition and market power analysis in markets for free services. In addition, however, it brought to the fore a much more fundamental issue. May competition agencies consider the impact on privacy when assessing the anticompetitive conduct of businesses? Should they evem do so? These are highly controversial questions, which are closely linked to an even more hotly contested issue: what is the legal objective of competition law? To what end do we protect competition in the market? This last question is as old as the law itself, and yet, has never been answered to the satisfaction of all.[12]
Several possibilities come to mind. One may take the view that the law should protect competition as such because of the many, often unquantifiable, advantages competitive markets tend to generate for society. These benefits include, but are not limited to, economic efficiency, economic freedom, freedom of opportunity, fairness, democracy and social welfare. Alternatively, one could take a narrower view and focus on a specific outcome. U.S. courts adopted such a narrow approach in the late 1970s, when the U.S. Supreme Court was convinced that the ultimate purpose of U.S. antitrust law should be to maximize consumer welfare, and that distortions of competition should only be sanctioned if they reduced such welfare.[13] The European Commission followed suit in the early 2000s, and also adopted consumer welfare as the ultimate aim of EU competition law.[14] While both the U.S. antitrust authorities and the European Commission define consumer welfare in terms of low prices, high output, high quality and high levels of innovation,[15] U.S. courts, in particular, have tended to focus primarily on prices and output in practice, as these are easier to quantify than reductions in quality or innovation.[16] This makes for a very narrow concept of harm indeed.
The right to privacy and data protection do not fall within the scope of this purely economic concept of consumer welfare. Unsurprisingly, therefore, the European Commission has taken the position in recent years that data protection and competition law are two distinct spheres of regulation, which should be kept separate. Since the advent of data-driven business models, it has had multiple opportunities to review business conduct that might affect user privacy under the competition rules. However, it did not consider the impact on privacy a relevant factor in any of these transactions. Instead, it focused exclusively on the conduct’s impact on competition in terms of market shares, market concentration, barriers to entry and foreclosure effects. In its decision clearing Facebook’s acquisition of WhatsApp, the Commission even explicitly stated that any privacy-related concerns arising from the combination of personal data as a result of the merger did not fall within the scope of EU competition law but that of EU data protection regulation.[17]
The U.S. antitrust authorities have taken a similar approach in their investigations of data-heavy transactions. In its assessment of the Google/DoubleClick acquisition from 2007, for example, the majority of the FTC clarified that privacy concerns arising from the acquisition of user data were a matter for consumer protection and not antitrust law.[18] However, in the FTC’s current case against Facebook, alleging a violation of section 2 of the Sherman Act by means of strategic acquisitions of competitive threats, the FTC explicitly included and even heavily emphasized the degradation of privacy protection by Facebook, once the market had tipped in its favor, as evidence of consumer harm in the form of reduced service quality.[19]
In sum, there is a fair amount of disagreement and even uncertainty among enforcement agencies on whether to incorporate the impact on privacy into competition law assessments if this harm was caused by a restriction of competition. The German legislator, incidentally, sided with the Bundeskartellamt, and explicitly clarified in a recent amendment[20] of the Germany competition statute that relevant harm within the meaning of the act is not limited to measurable monetary losses, but can also consist in the transfer of personal data.[21] Parliament thereby rejected the purely economic interpretation embraced by the Düsseldorf Higher Regional Court, currently also guiding the European Commission’s interpretation of EU competition law.
The disagreement at the enforcement level is mirrored in the academic world. While there are commentators advocating a clear separation of privacy and competition law,[22] others are highly critical of this trend. The latter propose a number of ways in which privacy could be incorporated into competition law assessments. Many think it is wisest to frame privacy in terms of consumer welfare, which would facilitate its integration into the current economic consumer welfare standard. Among this group, there are proposals to look at data protection as a factor of service quality,[23] and suggestions to consider personal data the price that consumers pay for a service.[24] Others, finally, advocate abandoning the consumer welfare standard entirely, and to focus on protecting “effective competition,”[25] the “process of competition,”[26] “competitive market structures,”[27] or “consumer choice.”[28]
To say that the issue is controversial is probably understating the matter.
IV. THE REFERENCE
The European Court of Justice has now been afforded the opportunity to rule on the issue. After the Federal Court of Justice struck down the Düsseldorf Higher Regional Court’s interim order in June 2020, confirming the Bundeskartellamt’s view that excessive data collection could theoretically constitute an abuse of dominance under German competition law, the main proceedings continued before the lower instance court. While it was for the Düsseldorf Higher Regional Court to decide the merits of the appeal, it was bound to follow the Federal Court of Justice’s legal interpretation of the German competition rules. In particular it had to accept that, even in the absence of economic harm, excessive data collection could be abusive on the part of a dominant undertaking, at least under German competition law.
In April 2021, the Düsseldorf Court decided to stay the proceedings and make a reference for a preliminary ruling to the European Court of Justice.[29] In its request, it asked the European Court of Justice to provide guidance on the interpretation of the GDPR. All in all, it asked seven complex questions, many of which contained several sub-questions.
Primarily, the Düsseldorf Higher Regional Court is seeking to establish whether a competition agency may apply the GDPR in the context of competition law assessments. In essence, it is asking the Court of Justice to rule on whether it is compatible with the enforcement system of the GDPR for a national competition agency, rather than a data protection agency, to establish an infringement of the GDPR for the purposes of proving a competition law infringement under national law, and to order the undertaking to end that breach. In addition, and depending on whether the Court of Justice considers that national competition agencies are indeed competent to apply the GDPR, the Düsseldorf court further asked the Court of Justice to clarify the meaning of several justifications available under the GDPR. In particular, it asked whether it was at all possible for a user to give “effective and free consent” to a dominant undertaking such as Facebook. It further requested that the Court interpret the concepts of “necessity for the performance of a contract” and the “pursuit of legitimate interests,” and provide guidance on whether a user makes personal data public within the meaning of Article 9(2)(e) of the GDPR if he or she “likes” or “shares” certain posts on websites and apps.
V. ANALYSIS
What to expect from the preliminary ruling? The Court of Justice has been afforded the opportunity to provide important and much-needed guidance on several key concepts of the GDPR. However, according to the referring court’s application, these questions are only to be answered if the European Court of Justice considers that a national competition agency may assess business conduct under the GDPR for the purposes of establishing a competition law infringement.
This is a complex issue. The Düsseldorf Higher Regional Court’s questions on this matter are specific and narrow in scope. They are formally limited to issues of competence. The referring court did not ask the Court of Justice to rule on the objectives of EU competition law, or whether a negative impact on user privacy is a relevant form of harm under the EU competition rules. This is because the Bundeskartellamt did not apply Article 102 TFEU in addition to the German abuse of dominance rules, although, arguably, it should have.[30] Instead, the Düsseldorf Court therefore questioned the competence of the Bundeskartellamt to find that an undertaking had breached the GDPR, and to issue an order to end that breach. The GDPR, in Articles 51 et seq., establishes a rudimentary enforcement system through national supervisory authorities specifically tasked by each Member States with the enforcement of the GDPR. The Bundeskartellamt is no such supervisory authority.
The key danger of a competition agency applying the GDPR is that of conflicting decisions and inconsistent interpretation. The competition agency may well reach a different decision than the supervisory agency of its State would have done. A second danger, if a competition agency assesses business conduct under the GDPR, is that it might undermine the GDPR’s system of allocating competences between national supervisory agencies. According to Article 56(1) GDPR, it is the supervisory authority of the main establishment of the investigated company that shall be competent to act as lead supervisory authority for cross-border processing carried out by that company. In this specific case, the lead authority would be the supervisory authority of Ireland, where Facebook is established, and not Germany.
However, it is not clear that the Bundeskartellamt really established that Facebook had infringed the GDPR or that it had issued an order to end such a breach. The Bundeskartellamt was careful to stress throughout the decision that it was merely assessing the compatibility of Facebook’s conduct with the “principles” underlying the GDPR, rather than the GDPR itself, in order to support its view that Facebook’s data collection was excessive within the meaning of German competition law. It also did not formally establish an infringement of the GDPR. It established an abuse of dominance. Insofar, one could legitimately argue that the Bundeskartellamt did not directly enforce the GDPR, and therefore did not overstep its competences. Instead, it interpreted national (constitutional) law in light of the GDPR in an investigation under German competition law. Member States have a general obligation to interpret national law in line with EU law pursuant to Article 4(3) TEU. Also, if one required national public bodies to refrain from interpreting national law in line with the GDPR unless the competent supervisory agency had already pronounced itself on the case, this would significantly undermine the effectiveness of the GDPR.
The Court of Justice may well limit itself to answering the formal question of competence. It might, however, also take the reference as an opportunity to make a more sweeping pronouncement on the relationship between data protection and competition law, for example by indicating whether it considers a degradation of privacy a relevant form of harm if it is caused by the absence of competition or a distortion of competition. This is a highly contested issue, and one of great practical relevance. As national competition agencies are also competent to enforce Article 102 TFEU alongside the Commission, a clear statement on whether privacy is a relevant form of harm under EU competition law would contribute to the uniform interpretation of EU law at the national level.
Unlike the European Commission, the Court of Justice has never formally embraced economic consumer welfare as the exclusive legal objective of EU competition law. Its standard definition is that the function of these rules is to prevent competition from being distorted “to the detriment of the public interest, individual undertakings and consumers, thereby ensuring the well-being of the European Union.”[31] This is a wider concept than the European Commission’s view that the EU competition rules’ objective is to protect competition to prevent business conduct that would deprive consumers of low prices, high quality products, a wide selection of goods and services, and innovation.[32] The Court’s wider definition could theoretically accommodate a non-economic concept of harm, especially as the Court considers fundamental rights, such as the general right to privacy, now also enshrined in Art. 8 of the Charter of Fundamental Rights of the European Union, an integral part of the general principles of law the observance of which it ensures. It has repeatedly interpreted other areas of commercial law, such as the free movement rules, in light of EU fundamental rights. For example, it has held that fundamental rights, such as the freedom of expression, assembly, or the principle of human dignity, can act as limitations on the free movement of goods or services even if these aims are not explicitly listed in the relevant Treaty exemption.[33] In view of this case law, one could therefore argue that the right to privacy should be taken into account when assessing whether a restriction (or conduct in the absence) of competition led to a relevant form of harm.
Moreover, is it really sensible to segregate privacy and competition law in the age of the digital economy? Where undertakings use data-based business models, the tasks of protecting users’ privacy against the misuse of their data, and safeguarding competition against the abusive use of this data, are intrinsically linked. Regulating such business models in a judicious manner requires an interdisciplinary approach with input not only from competition lawyers and economists, but from privacy experts, IT technicians and psychologists. It also requires an inter-institutional approach, in which the different enforcement authorities liaise and advise each other on their respective areas of expertise. Attempting to solve privacy and competition issues in airtight institutional silos without regard to the conduct’s impact on values that fall within the primary responsibility of another institution is going to lead to suboptimal, because unbalanced, results for society.
Privacy and competition issues are inextricably connected in the case of data-driven business models. Not only can the accumulation of data harm consumer privacy. Businesses’ attempts to protect user privacy can also have detrimental effects on competition. For example, the CMA recently accepted commitments from Google to address competition concerns arising from its Privacy Sandbox.[34] Likewise, the French Autorité de la concurrence is currentluy scrutinizing Apple’s App Tracking Transparency Framework under French competition law.[35]
Finally, the Commission’s draft DMA[36] explicitly integrates GDPR assessments into the conduct rules aimed at digital gatekeepers to make markets more contestable. Article 5(a) of the draft DMA prohibits designated gatekeepers from combining data collected from the core platform with data from other sources, unless the user has validly consented within the meaning of the GDPR. Effectively, this rule mirrors the approach of the Bundeskartellamt, although the DMA does not proclaim to protect consumers but competition by reducing the barriers to entry that vast data troves are thought to cause.[37] Will the Commission have to refer the question of whether consent was validly given to the national supervisory body of the Member State in which the gatekeeper is established before enforcing Article 5(a) against a gatekeeper platform? The DMA does not suggest such a procedure. It would also significantly undermine the effectiveness of the DMA, which intends to provide conduct rules that are quicker to enforce than classical competition law.
However, in order to make such a system work, there is a clear need for better and more regular interinstitutional cooperation between European data protection and competition agencies, both at the national and EU level.
VI. CONCLUSION
Facebook v. Bundeskartellamt has the potential for a landmark ruling, not only for competition law but also for EU privacy regulation. It is unclear, however, whether the Court will wish to wade into the broader dispute on the type of harm competition law is meant to protect. This is an emotionally and ideologically charged topic, and hence the Court may well choose to avoid general pronouncements and limit itself to a narrow ruling on whether it is permissible for a competition agency to apply the GDPR for the purposes of assessing business conduct under the competition rules.
It is argued here that the Bundeskartellamt did not enforce the GDPR in a way that infringes the GDPR’s enforcement system. The Bundeskartellamt interpreted national law in line with the principles and compromises the EU legislator struck when attempting to balance the competing interests of data protection, economic freedom and efficiency in the GDPR. Banning a public body from interpreting national law in line with the GDPR in cases that the competent data protection agency has not investigated would significantly undermine the effectiveness of the regulation. More generally, competition and data protection agencies working in institutional silos, without regard to the impact of their decisions on the other agency’s objectives, risks yielding politically incoherent and hence undesirable results.
Regulating the activities of major digital platforms requires an interdisciplinary and interinstitutional approach. To this end, competition and privacy agencies should establish a system of regular dialogue and cooperation. The system set up by Regulation 1/2003 and the European Competition Network for the purposes of coordinating the enforcement of Articles 101 and 102 TFEU could serve as a useful blueprint for these purposes.
[1] Professor of Law, EDHEC Business School, Augmented Law Institute. Email: anne-christine.witt@edhec.edu.
[2] Request for a preliminary ruling from the Oberlandesgericht Düsseldorf (Germany) lodged on April 22, 2021 in Case C-252/21 Facebook Inc. and Others v. Bundeskartellamt.
[3] E.g. Sam Schechner and Sara Germano, “Facebook Told to Stop Tracking German Users’ Online Life Without Consent,” The Wall Street Journal (February 7, 2019); Olaf Storbeck, Madhumita Murgia and Rochelle Toplensky, “Germany blocks Facebook from pooling user data without consent,” Financial Times (February 7, 2019); Natasha Singer, “Germany Restricts Facebook’s Data Gathering” The New York Times (February 7, 2019); Cécile Boutelet, “L’Allemagne dénonce la position dominante de Facebook sur la collecte de données personnelles,” Le Monde (February 7, 2019.
[4] See e.g. Anne Witt, “Excessive Data Collection as a Form of Anti-Competitive Conduct – the German Facebook Case,” (2021) 66(2) Antitrust Bulletin 276–307; Viktoria Robertson, “Excessive Data Collection: Privacy Considerations and Abuse of Dominance in the Era of Big Data,” (2020) 57 Common Market Law Review 161–189; Marco Botta and Klaus Wiedemann, ‘The Interaction of EU Competition, Consumer, and Data Protection Law in the Digital Economy: The Regulatory Dilemma in the Facebook Odyssey’, (2019) 64(3) Antitrust Bulletin 428–446.
[5] Bundeskartellamt, decision no B6-22/16 of February 6, 2019. Because of the significance of the decision, the Bundeskartellamt provided an English translation of the decision, available at http://www.bundeskartellamt.de/SharedDocs/Entscheidung/EN/Fallberichte/Missbrauchsaufsicht/2019/B6-%2022-16.pdf?__blob=publicationFile&v=4.
[6] “Wertungen” in the original.
[7] Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), [2016] OJ L119/1.
[8] Gesetz gegen Wettbewerbsbeschränkungen (GWB). Available at https://www.gesetze-im-internet.de/englisch_gwb/.
[9] OLG Düsseldorf, Order of 9 January 2015, Az. VI Kart 1/14 (V), available at https://www.olg-duesseldorf.nrw.de/behoerde/presse/archiv/Pressemitteilungen_aus_2019/20190826_PM_Facebook/20190826-Beschluss-VI-Kart-1-19-_V_.pdf.
[10] Bundesgerichtshof, order of June 23, 2020 in Case KVR 69/19 – Facebook.
[11] Bundesgerichtshof, order of June 23, 2020 in Case KVR 69/19 – Facebook, paras 102-110.
[12] For a brief account, see Anne Witt, ‘Technocrats, Populists, Hipsters, and Romantics – Who Else is Lurking in The Corners of The Bar?” CPI Antitrust Chronicle (Nov. 2019).
[13] E.g. Reiter v. Sonotone Corp., 442 U.S. 330, 343 (1979).
[14] See e.g. European Commission’s Guidelines on the application of Article 81(3) of the Treaty of April 27, 2004, OJ [2004] C101/97, para 8.
[15] European Commission, Guidelines on the application of Article 81(3), paras 17–25, or European Commission, horizontal merger guidelines, [2004] OJ C31/5, para 22; FTC and U.S. Department of Justice, Antitrust Guidelines for Collaborations Among Competitors (April 2000), p.4.
[16] Marshall Steinbaum & Maurice E. Stucke, “The Effective Competition Standard: A New Standard for Antitrust,” (2020) 85 Chicago University Law Review 595.
[17] European Commission, decision of October 3, 2014 (Case COMP/M.7217 – Facebook/WhatsApp), recital 164.
[18] FTC, ‘Statement of the Federal Trade Commission Concerning Google/DoubleClick’ of December 20, 2007, F.T.C. File No. 071-0170. Commissioner Pamela Jones Harbour issued a Dissenting Statement on this point (Dissenting Statement of Commissioner Pamela Jones Harbour Concerning Google/DoubleClick of December 20, 2007).
[19] FTC v. Facebook, Case 1:20-cv-03590-JEB (Substitute Amended Complaint of September 8, 2021), para 222. Available at http://www.ftc.gov/system/files/documents/cases/2021-09-08_redacted_substitute_amended_complaint_ecf_no._82.pdf.
[20] Gesetz zur Änderung des Gesetzes gegen Wettbewerbsbeschränkungen für ein fokussiertes, proaktives und digital Wettbewerbsrecht 4.0 und anderer wettbewerbsrechtlicher Bestimmungen (GWB-Digitalisierungsgesetz), BGBl 2021 I S. 2.
[21] See e.g. the explanatory memoranda accompanying the legislative proposal: Bundesministerium für Wirtschaft und Energie, Entwurf eines Zehnten Gesetzes zur Änderung des Gesetzes gegen Wettbewerbsbeschränkungen für ein fokussiertes, proaktives und digitales Wettbewerbsrecht 4.0 (GWB-Digitalisierungsgesetz), p. 72.
[22] Justus Haucap, “Data Protection and Antitrust: New Types of Abuse Cases? An Economist’s View in Light of The German Facebook Decision,” CPI Antitrust Chronicle, February 2019, 1 (this commentator advised Facebook in the proceedings before the FCO); Giuseppe Colangelo and Mariateresa Maggiolino, “Data Protection in Attention Markets: Protecting Privacy through Competition?” (2017) 8(6) Journal of European Competition Law & Practice 363; Maureen Ohlhausen and Alexander Okuliar, ‘Competition, Consumer Protection, and the Right [Approach] to Privacy’, (2015) 80 Antitrust Law Journal 121; James Cooper, ‘Privacy and Antitrust: Underpants Gnomes, the First Amendment, and Subjectivity’ (2013) George Mason University Law and Economics Research Paper Series 13-39.
[23] Maurice Stucke, “Should we be concerned about data-opolies?” (2018) 2 Georgetown Law Technology Review 275.
[24] Viktoria Robertson, “Excessive Data Collection: Privacy Considerations and Abuse of Dominance in the Era of Big Data” (2020) 57 Common Market Law Review 161.
[25] Marshall Steinbaum & Maurice E. Stucke, ‘The Effective Competition Standard: A New Standard for Antitrust’, (2020) 85 Chicago University Law Review 595.
[26] Warren Grimes, ‘Breaking Out of Consumer Welfare Jail: Addressing the Supreme Court’s Failure to Protect the Competitive Process’, (2020) 15 Rutgers Business Law Review 49; Tim Wu, The Curse of Bigness: Antitrust in the New Gilded Age, Columbia Global Reports (2018).
[27] Lina M. Khan, “Amazon’s Antitrust Paradox,” (2017) 126 Yale Law Journal 710.
[28] Robert H. Lande, “The Microsoft-Yahoo Merger: Yes, Privacy is an Antitrust Concern,” 714 FTC:WATCH 9, February 25, 2008; Neil W. Averitt and Robert H. Lande, “Using the Consumer Choice Approach to Antitrust Law” (2007) 74 Antitrust Law Journal 175.
[29] Request for a preliminary ruling from the Oberlandesgericht Düsseldorf (Germany) lodged on April 22, 2021 in Case C-252/21 Facebook Inc. and Others v. Bundeskartellamt.
[30] See e.g. Wouter Wils, “The obligation for the competition authorities of the EU Member States to apply EU antitrust law and the Facebook decision of the Bundeskartellamt,” 2019(3) Concurrences 58.
[31] Case T-399/16 CK Telecoms UK Investments Ltd v. European Commission, ECLI:EU:T:2020:217, para 93 C-52/09 TeliaSonera Sverige, EU:C:2011:83, paras 20 to 22.
[32] E.g. European Commission, Horizontal Merger Guidelines, [2004] OJ C31/5, para 8.
[33] Cases C-36/02 Omega ECLI:EU:C:2004:614, para. 35; C-112/00 Schmidberger ECLI:EU:C:2003:333, para. 74; Case C-260/89 ERT ECLI:EU:C:1991:254, para 45.
[34] CMA, decision of February 11, 2022 to accept commitments offered by Google in relation to its Privacy Sandbox Proposals (Case number 50972).
[35] Autorité de la concurrence, Decision 21-D-07 of March 17, 2021.
[36] European Commission, Proposal for a Regulation of the European Parliament and of the Council on contestable and fair markets in the digital sector (Digital Markets Act), COM/2020/842 final.
[37] Supra, recital 36.