There’s no arguing with the broad thrust of CCI’s order on WhatsApp’s use of data
- The National Company Law Appellate Tribunal has stayed a controversial part of an order passed by the Competition Commission of India, but the case shows how privacy and antitrust issues are linked.
On 23 January, the National Company Law Appellate Tribunal (NCLAT) partially stayed an order of the Competition Commission of India (CCI) imposing a penalty of ₹213.14 crore on WhatsApp and its parent company Meta for coercing its users to accept the WhatsApp Privacy Policy of 2021.
Compared to its earlier policy of 2016, the 2021 policy expanded the scope of the user data that was being collected and shared with other Meta group companies such as Facebook and Instagram.
The CCI noted that personal data of WhatsApp’s users was being commercialized by Meta for purposes unrelated to the primary function of WhatsApp.
Also Read: Meta’s misuse of its market clout served a privacy alert to millions
Unlike its 2016 policy, WhatsApp’s 2021 update did not give its users an option to deny such commercialization of their personal data.
The CCI held that the ‘take-it-or-leave-it’ nature of this policy was unfair and violated India’s competition law, as it had compelled users to accept expanded data collection terms without any ‘opt-out’. The terms of the two policies were also found to be “vague, broad, and open-ended," allowing WhatsApp flexibility to expand the scope of data collection at any time.
The CCI investigation also found that by acquiring user data from WhatsApp and combining it with data from Facebook and Instagram, Meta strengthened its position in the online display advertising market. This integration made Meta a data giant, as it could monetize a vast trove of data across multiple platforms in ways that its competitors could not replicate.
Along with the monetary penalty, CCI also imposed a couple of behavioural remedies on Meta to address the anti-competitive effects of its 2021 policy.
First, it placed a complete embargo on WhatsApp’s ability to share its user data for advertising purposes with Meta companies for five years. Though this seems intended to address the undue advantage Meta gained in the online display advertising market, the CCI order did not provide sound reasoning to justify such an onerous obligation.
The ban seemed more punitive than curative. It’s no surprise that the NCLAT has stayed it.
Also Read: Why CCI matters for protecting customers from digital players
The second CCI remedy laid down guidelines for WhatsApp to obtain the consent of its users for sharing their personal data for purposes other than advertising. The reason for not making these guidelines applicable to data shared for advertising was that the first remedy already prohibited it.
The CCI order allowed WhatsApp to keep gathering user data and sharing it with Meta companies to the extent it is necessary for providing WhatsApp services. For other purposes, agreeing to let such data be shared would not be a pre-condition for users to access WhatsApp.
While seeking consent, the app would be required to specify the purpose of sharing each category of data and ‘prominently’ allow users a choice to opt out through its in-app notifications. Users would also get a ‘prominent’ option to review and modify their choice under the app’s settings.
After the end of the five-year embargo, these guidelines would also apply to the WhatsApp data shared with Meta for advertising.
However, with NCLAT staying the embargo, WhatsApp must also seek the consent of its users to share their data for advertising. Otherwise, the NCLAT stay order could inadvertently lead to the commercialization of users’ personal data without their consent (at least until the NCLAT passes its final order).
To avoid such a fiasco, the CCI must consider approaching the appellate tribunal to clarify that consent guidelines also apply to data shared for advertising purposes.
Another point stood out in the CCI order.
Although it made a passing remark that the terms of the 2016 policy were unfair, there was no discussion on Meta’s conduct prior to 2021. The fact that the 2016 policy had an opt-out would suggest that user consent was not coerced. But it remains undetermined if Meta’s conduct between 2016 and 2021 raised any competition law concerns.
The CCI order had mentioned that the terms of the 2016 policy were also expansive and cryptic. This means that, even during the period between 2016 and 2021, Meta could collect more data and commercialize it than what users had consented to. The CCI, however, decided not to look into this issue at all.
This is the first CCI order with a detailed discussion on data privacy issues. It is heartening to see the CCI’s willingness to look into privacy issues from a competition law perspective even though digital personal data has a dedicated law for its protection.
Also Read: India's digital protection bill promotes competition and user interests
This position seems consistent with the view emerging globally on the interplay between data protection and competition law. On 16 January, the European data protection board highlighted the need to promote cooperation between personal data protection and antitrust authorities with a view to protect individuals and increase their choice.
The NCLAT stay order also indicates that it is inclined to ensure harmony between competition and data protection laws, insofar as it allowed the parties involved to seek modification of its order if and when the Digital Personal Data Protection Act of 2023 is enforced.
Divyansh Prasad and Rohan Zaveri contributed to this article.
The author is head of competition law practice at DMD Advocates.
topics
