The Privacy/Antitrust Curse: Insights from GDPR Application in Competition Law Proceedings

Abstract

In response to the emergence of large online platforms whose business model revolves around the collection and processing of personal data, it is usually suggested that competition and data protection are synergistic, hence requiring an integrated approach. In this respect, Europe represents the testing ground for evaluating how privacy breaches may inform antitrust investigations. Indeed, the General Data Protection Regulation (GDPR) on the one side and the German Facebook antitrust decision on the other side are considered the benchmarks of this new stance aimed at linking market power and data power. This paper tests the concrete viability of such an approach, analyzing how data protection rules and principles have been applied in antitrust proceedings by the European Commission and national competition authorities. Notably, the paper aims at demonstrating the fallacy of the narrative which describes the relationship between privacy and antitrust in terms of synergy and complementarity. Furthermore, the paper maintains that the principles recently affirmed by the European Court of Justice in Meta do not appear conclusive in addressing the issue. The strategic use of privacy as a business justification to pursue anticompetitive advantages currently addressed in the numerous Apple ATT investigations indeed shows the tension between these areas of law. Therefore, rather than strengthening the antitrust enforcement against gatekeepers and their data strategies, the inclusion of privacy harms in antitrust proceedings turns out to be a potential curse for competition authorities, providing players with an opportunity for regulatory gaming to undermine the antitrust enforcement. JEL Codes: D83, K21, L12, L4