Privacy law meets antitrust – EU Commissioner Vestager on data in competition law; ECJ to rule on admissibility of Privacy class actions; Northern District of California Sends Yelp Privacy Suit to the Jury; EU Advocate General finds EU-Canadian PNR pact unlawful; New York Unveils New Cyber Security Rules for Financial Services Organizations; New Jersey Senate Passes Shopping Privacy Bill; NIST Issues Mobile Threat Guidance

Privacy law meets antitrust – EU Commissioner Vestager on when privacy issues can lead to antitrust concerns

European Competition Commissioner Margarethe Vestager has commented on the relevance of privacy issues with regard to EU antitrust rules. According to Vestager, current investigations of the German Federal Cartel Office regarding Facebook’s “privacy issues” would “not necessarily” lead to competition law concerns, even though both fields of law might correlate under certain circumstances.

In the investigations at issue, the German Federal Cartel Office is alleging Facebook of abusing an alleged ‘dominant position’ in the market for social networks by imposing unfair conditions regarding the privacy settings for Facebook accounts on its users. The German antitrust regulator is arguing that users would have “no choice” whether to accept the conditions or to terminate their account, because there is no real alternative to the well-known social network. Under Article 102 of the Treaty on the Functioning of the European Union (‘TFEU’), “dominant companies are subject to special obligations. These include the use of adequate terms of service as far as these are relevant to the market.”

It still remains to be seen whether Facebook will ultimately be found in breach of EU antitrust rules relating to its Privacy Policy. On a more general matter, however, the Commissioner’s statements seem to confirm that indeed, companies controlling vast amounts of data may be considered able to prevent market entry by withholding this data from potential competitors who could not reproduce comparable datasets themselves and therefore might violate Article 102 TFEU. Companies that might fall in this category should therefore be prepared that not only privacy regulators, but also antitrust authorities might potentially be questioning them regarding their use of data in the future. Nevertheless, “simply holding a lot of data” would not be enough to raise antitrust suspicions, Vestager appeased.


Continue Reading

ICO investigating into Facebook and WhatsApp Data Sharing Plans; Germany and France publish joint action plan against encryption; PrivacyShield now covering 200 U.S. companies.

UK DPA investigating into Facebook and WhatsApp Data Sharing Plans

The United Kingdom’s Information Commissioner (‘ICO’) is taking a closer look into WhatsApp’s plan to share more user data with parent company Facebook for the purposes of targeted advertising.

According to a recent WhatsApp blog post, WhatsApp has changed its Privacy Policy on August 25. This move will allow the company to share further personal information, in particular the mobile phone numbers of its users, with parent company Facebook. According to information published earlier this week, users should have 30 days to decide whether they want to receive targeted advertising, but they should not be allowed to object the data sharing as such.

Actually, the new approach of WhatsApp is not such a big surprise, as similar concerns had already been raised in the debate around the acquisition of WhatsApp by Facebook. However, the European Commission had explicitly made clear that the assessment of privacy issues does not fall within its competence as a Competition authority, and approved the merger.


Continue Reading