News / Legal Brief

The Crossroads, When Giants Intersect Competition and Data Protection Law

Sep 2,2020

by Ahmore Burger-Smidt, Director and Head of Data Protection and Privacy Practice; and Dale Adams, Candidate Attorney

…it’s not always turnover that makes a company an attractive merger partner. Sometimes, what matters are its assets. That could be a customer base or even a set of data.[1]

  1. Data protection and competition law both influence the exercise of economic activity and seek to enhance the interests of individuals.[2] In the era of our modern society, personal data has become the object of trade and companies compete to acquire and process this data. This rivalry has necessitated the application of competition law, albeit personal data is protected through data protection law.
  2. Competition authorities around the world have started to consider the implications of data privacy concerns in merger decisions. These merger decisions include those of Facebook/Instagram, Facebook/WhatsApp, Google/DoubleClick and Microsoft/LinkedIn.[3] Unfortunately, none of these decisions offer authoritative guidance, apart from a mere reference to potential data privacy concerns. In these types of transactions, it is inevitable that enormous chunks of personal data would be acquired post-merger. The value of this personal data is limitless. It goes beyond its use as an input for advertising and acts as a raw material from which multiple digital business models may be fashioned.[4]
  3. Personal data and the use thereof constitute a fundamental building block of the digital economy. An increasing number of business models rely on personal data as a key input. In exchange for sharing their data, users benefit from personalised and innovative services and some welcome this convenience. At the same time, firms’ collection, processing and use of personal data pose questions about privacy and fundamental rights, amongst others ethical decision-making. Moreover, given the significant commercial and strategic value of personal data, its accumulation, control and use may raise competition concerns and negatively affect consumers.
  4. It is, thus, a challenging task to develop a legal framework that ensures an adequate level of protection of personal data while at the same time providing an open and level playing field for businesses to develop innovative data-based services.
  5. The acquisition of large amounts of data can create several economic barriers to entry, which in turn excludes rivals from entering a specific market. This ultimately has the effect of creating a dominant firm in the market. For example, a significant amount of data which is acquired post-merger may allow a firm to develop products or services that would not have been possible otherwise.[5] This ultimately makes it difficult for competing firms to expand or enter the market.
  6. In the Facebook/WhatsApp merger,[6] the Commission acknowledged that “competition on privacy” exists and that “privacy and security, the importance of which varies from user to user but which are becoming increasingly valued, as shown by the introduction of consumer communications apps specifically addressing privacy and security issues“. However, despite this observation, the Commission did not particularly consider the effects of the merger on data protection. A similar stance was also taken in the merger of Google/DoubleClick.[7]
  7. The main objective of competition law is to promote market competition by regulating anti-competitive conduct by companies. This results in better quality goods and services at low prices, efficiency and wider choices for consumers. On the other hand, data protection law governs the processing and handling of personal information. Competition law, therefore applies to all economic activity whereas data protection law to personal data processing irrespective of whether it is an economic or non-economic activity. Based on the economic commonalities of both data protection and competition law, it should be noted that it is possible for both these policies to work and co-exist.[8] Competition law incorporates many non-price dimensions of competition such as, inter alia, innovation, quality, variety, service and advertising. A significant non-price dimension which should be included in this list is that of data protection.[9]
  8. New technologies, purposes and applications to process individuals’ personal data are being developed on a massive scale and at a faster pace than ever before. But we have not only entered the ‘golden age of personal data’ in terms of its exploitation’s: ours is also the ‘golden age of personal data’ in terms of regulation of its use.
  9. Knowledge based on data is applied and algorithmic decisions are made. Based on models, predictions or knowledge, individuals can be categorised or clustered, for example to show them different advertisements or decide what interest they should pay on loans. What is important is to realise that the algorithmic decision is not made solely on the basis of the data from a specific targeted individual. The decision rests on a limited amount of personal data from the specific individual individual, but behind that decision is a wealth of data from other people or sources.
  10. ‘Big data’ has become a catch-all phrase for applications that involve very large quantities of (personal) data, which are analysed to receive knowledge from it and then used to either target individuals or groups or make general information based decisions. Big data involves acquisition, analysis, and application.

[1] Commissioner Vestager ‘Refining EU Merger control system’ 10 March 2016, available at, accessed on 1 April 2020. [Emphasis added].

[2] F Costa-Cabral and O Lynskey ‘Family ties: the intersection between data protection and competition in EU law’ (2017) 1 Common Market Law Review, 54.

[3] I Rakic and I Dragic ‘Big Data – Between the competition policy and privacy and data protection’ (2018) Conference Paper.

[4] Supra note 1 at page 12.

[5] A Mitretodis and B Euper ‘Interaction between privacy and competition law in a digital economy’ 2019, available at, accessed on 2 April 2020.

[6] Case No: COMP/M.7217 Facebook/WhatsApp. See also Supra note 2 at page 12.

[7] Case No: COMP/M.4731 Google/DoubleClick. See also Supra note 2 at page 7.

[8] Supra note 2 at page 6.

[9] Ibid.

Latest News