Data Privacy and Competition Law at the Crossroads

WhatsApp was recently in the news in India for a number of reasons. First was its unilateral announcement regarding the change of its data privacy laws.¹ This was followed by a second notice from the Government of India to WhatsApp in this regard.² These new laws were announced globally on 4 January 2021 and subsequently have been kept on hold indefinitely in India,³ given the concerns of the government and some consumers switching to alternative platforms like Telegram. What came next is a suo motu case by the Competition Commission of India (case 01/2021) investigating the unilateral change in the data privacy laws by WhatsApp for potential abuse of dominance. The Indian competition authority had directed the director general to investigate the matter within 60 days from 24 March 2021 under the provision of Section 26(1) of the Competition Act, 2002. Despite protests from WhatsApp, the local Delhi High Court has not put a stop to this investigation by the Competition Commission of India.

In this ongoing case, we are facing an instance of the likely nature of antitrust concerns going forward that involves issues of private data as a commercialised commodity and the fallout on competition and consumer welfare. This in turn is due to our increasing dependence on companies specialising in big data capabilities. In terms of consumer protection, the debate in policy circles highlight the problem for countries like India with many consumers,⁴ coupled with the absence of data privacy laws.⁵ In a related recent news, Reuters reported that phone numbers and other information of 500 million plus users of Facebook have been put on sale by a leaker.⁶ What is the link between these two pieces of news? Facebook is not an instant messaging service and does not provide the end-to-end encrypted messaging facilities that WhatsApp does. However, in 2014, WhatsApp was acquired by Facebook through a $19 billion deal. When data privacy of the parent company itself is insecure, what kind of privacy can one expect? The recent change in the data privacy policy of WhatsApp has happened post merger with Facebook. India provides a good ground to understand this issue, since, unlike the European Union (EU), it lacks a data privacy law. Second, the ongoing pandemic has made services like WhatsApp essential to the consumers.⁷ In this context, we re-examine the role of data privacy laws and the intersection of the latter with competition law. It is our contention that a data privacy law alone is not sufficient to address the emergent concerns that are raised by the actions of WhatsApp and that the step taken by the Indian antitrust authority is in the right direction.