By Shravya Devaraj and Rohit Gupta*
Contrasting the two decisions, the German FCO was guided by Article 6(1)(f) of the General Data Protection Regulation (GDPR), whereas WhatsApp’s conduct in unilaterally denying consumers the “opt-out” option constituting a potential abuse of dominance spearheads the CCI investigation. In this piece, I aim to analyze the contours of antitrust scrutiny within the realm of privacy policies, specifically analyzing the role of consent in the CCI investigation.
II. DEFINING THE RELATIONSHIP BETWEEN PRIVACY POLICIES AND COMPETITION LAW
Digital platforms collect and monetize data through a direct subscription model (e.g., Spotify), by using collected data to tailor products directly to users (e.g., Amazon), or by selling targeted advertisements (e.g., Facebook and Google Search). Social media companies like WhatsApp and Instagram also monetize by selling advertisements. Since these products are free platforms, they are called zero-price platforms. The companies use the data they collect when users access their services to generate inferences about consumer preferences and behavior.
In competitive markets, companies compete fiercely for data and use this data to improve the quality and efficiency of goods and services. Since access to zero-price platforms is predicated on the data collected by companies, a lack of data can prevent companies from offering goods and services at competitive levels. This makes these companies less likely to survive in data-driven markets, leading to decreased competition. Courts have previously recognized the role of data privacy as a significant factor of quality, hence an important parameter in analyzing anticompetitive behavior. The value of data collected by zero-price platforms is not limited to the ad-tech industry; it extends to the company’s potential to use the data to innovate and ability to increase barriers to entry for new companies entering the market.
Further, zero-price platforms have forced competition regulators to revisit whether the absence of “data” within the competition law framework definition should preclude the basis for such investigation. For instance, the Competition Law Review Committee in India found the inclusion of data within the definition of price to tackle digital markets was unnecessary since the current definition of price encompasses “every valuable consideration, whether direct or indirect,” is wide enough to encompass any kind of consideration that has a bearing on a service or product. 
The relationship between privacy policies and competition law is not mutually exclusive. In the digital market, data substitutes price where the value and contribution of user data to the market prowess of companies are undeniable. For instance, Japan adopted guidelines to include a collection of personal data without consent as a violation of the Japan Anti-Monopoly Act.
III. PRIVACY AS A COMPONENT AFFECTING COMPETITION
In India, the WhatsApp investigation has presented an opportunity for competition regulators to determine the influence of privacy in influencing anti-competitive behavior. The recent CCI Telecom Report also presented abusive conduct illustrations, including a low privacy standard. This implies a lack of consumer behavior, lower standards of data protection, which could indicate exclusionary behavior, and leveraging a data advantage across various services.
IV. ROLE OF CONSENT THROUGH THE CCI INVESTIGATIONS
Though some researchers argue that the 2016 and 2020 CCI investigations established an ‘implicit’ and ‘explicit’ user choice standard for determining unfairness where the implicit element constitutes the user’s ability to opt-out of data sharing without limiting their access to the service – the explicit standard implies taking away additional choices that would have otherwise been available to users resulting in an unfair imposition on users. The 2021 policy is in contravention to both these standards and thus provides a sufficient basis for the CCI to decide against WhatsApp. However, the consequences of establishing anti-competitive behavior only on the competition regulator’s user choice standard of consent limit the extent of the commission in analyzing the repercussion of exploitative privacy policies to consent-based findings. This restricts the far-reaching implications of drafting privacy policies that might impose unreasonable time limits for storing and collecting data for vague purposes to slip between the cracks, especially if they merely fulfill the voluntary consent requirement.
In India, the scope for including privacy considerations is limited in the competition law legislative framework. The need of the hour is implementing robust data protection principles that have been envisaged in the 2021 Data Protection Bill. Further, addressing the collection of data that contributes to the unequal bargaining power of big tech companies might require an explicit inclusion of such provisions. Hence, instead of data protection standards playing catch up with the competition regulator’s findings, a clear framework for handling data with guidelines on formulating privacy policies will address the lacunae in the existing privacy law framework. Besides directing companies towards adopting better privacy policies, it would also facilitate anti-competitive behavior analysis. Having recognized the intersection of privacy policies and competition law, this article offers insights into the current CCI investigation and the impact of framing privacy policies on anti-competitive behavior. There are significant international differences in approaches to data protection and competition policy, and competition authorities worldwide differ in their mandate and the scope of their competition laws. Thus, applying global best practices in framing privacy policies will harmonize the application of legislative provisions specific to jurisdictions.
* Shravya Devaraj and Rohit Gupta are final year law students at West Bengal National University of Juridical Sciences, Kolkata.
 The German FCO is Germany’s national competition regulatory agency.
 Bundeskartellamt v. Facebook, Case KVR 69/19 (June, 2020).
 Processing shall be lawful only if and to the extent that at least one of the following applies:
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
 Lina M. Khan, Amazon’s Antitrust Paradox, 126 YALE L. J. 564 (2017).
 Maurice Stucke, Allen Grunes, Big Data and Competition Policy, Oxford University Press (2016).
 Case No. AT.40684.
 CMA investigates Facebook’s use of ad data, (June 4, 2021), https://www.gov.uk/government/news/cma-investigates-facebook-s-use-of-ad-data.
 Ministry of Corporate Affairs, Report of Competition Law Review Committee, (July 2019), https://www.ies.gov.in/pdfs/Report-Competition-CLRC.pdf.
 Japan Fair Trade Commission, The Guidelines for Exclusionary Private Monopolization under the Antimonopoly Act, (2009).
 Federated Learning of Cohorts (“FLoC”), https://privacysandbox.com/intl/en_us/proposals/floc.
 Competition & Market Authority, Investigation into Google’s ‘Privacy Sandbox’ browser changes, (2021).
 Case Number 50972, Decision to accept commitments offered by Google in relation to its Privacy Sandbox Proposals.
 Legal Process Guidelines, Government of Law and Enforcement, https://www.apple.com/legal/privacy/law-enforcement-guidelines-us.pdf.
 Epic Games, Inc. v. Apple Inc., 559 F. Supp. 3d 898 (N.D. Cal. 2021).
 CCI Workshop on Competition Issues in the Telecom Sector in India (February 2021).
 Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, (2011).
 The Information Technology Act, (2000).
 In Re: Shri Vinod Kumar Gupta and Whatsapp, Case No. 99, (2016).
 In Re: Harshita Chawla and Whatsapp Inc., Facebook Inc., Case No. 15, (2020).
 In Re: Shri Vinod Kumar Gupta and Whatsapp, Case No. 99, ¶14, (2016).
 In Re: Shri Vinod Kumar Gupta and Whatsapp ,Case No. 99,¶15, (2016).
 Bundeskartellamt v. Facebook, Case KVR 69/19, (June, 2020).
Image Source: http://www.nlujlawreview.in/integrating-data-protection-and-competition-law-the-why-the-how-and-the-way-forward/