On 24th January 2021, the Competition Commission of India (‘CCI’) joined an exclusive club of competition law regulators around the world to initiate action in the area of privacy and competition law. The CCI passed a suo moto order directing an investigation into Whatsapp for alleged abuse of dominance as per the Competition Act, 2002 (‘the Act’) with respect to its new 2021 updated privacy policy. This was a vast improvement from the previous case of Vinod Kumar Gupta v. WhatsApp Inc., wherein CCI held that it will not delve into privacy concerns as they fall under the purview of different legislation dealing with information technology. Recently, CCI exhibited a significant shift in perspective by acknowledging that privacy can take the form of non-price competition in its market study of the telecom sector published on 22nd January 2021. Subsequently, it was quickly put into practice via this suo moto investigation order against Whatsapp wherein CCI acknowledged its departure from the previous decision in Vinod Kumar Gupta case stating that unreasonable data collection and sharing could provide a competitive advantage to dominant players potentially resulting in abuse of dominance. For the purposes of this essay, it shall be constricted to critically analysing CCI’s approach and jurisdiction while determining prima facie exploitative conduct by Whatsapp in this interface of privacy and competition law.

 

Lack of choice for users to ‘opt-out’

CCI found Whatsapp to be dominant in the relevant market of ‘Over the top (OTT) messaging apps through smartphones in India’ as previously observed in the case of Harshita Chawla v Whatsapp Inc. & Anr. CCI noted that the users are not provided with an appropriate granular/voluntary choice to object or rather opt-out of data sharing, unlike the 2016 Whatsapp privacy policy update. It was observed to be an unfair and unreasonable condition for the users to accept the update to essentially conclude the contract and continue using Whatsapp services. Hence, CCI concluded that such a “take-it-or-leave-it” policy amounts to an abuse of dominant position and is prima-facie in violation of section 4(2)(a)(i) of the Act which refers to the imposition of unfair terms and conditions.

This case is very similar to the investigation and order by German Cartel Office (‘GCO’) against Facebook for exploitative business terms with respect to data collection and lack of choice to users. In that case also, one of the GCO’s main contention to hold Facebook liable was the fact that users were consenting to the terms and conditions of Facebook to essentially conclude the contract, which translates to the situation where a user is not provided with a choice to ‘opt-out’. Facebook was mandated to provide voluntary consent to users, which meant that the usage of their services should not be subjected to their consent to share data.

The previous Vinod Kumar Gupta case that challenged the 2016 Whatsapp privacy policy update can be observed to have a similar decisional precedence regarding user choice by CCI. One of the primary contentions that were considered by CCI for deciding against abuse of dominance was the existence of an ‘opt-out’ clause or a clear choice being provided to the users to not share their data with Facebook. Later, in the Harshit Chawla case, the integration of Whatsapp Pay, a digital payment application into Whatsapp’s messenger service led to an allegation of abuse of dominance. Again, the fact that the user must undertake a voluntary registration process to use the feature and that the users had discretion to utilise the service was an important contention considered by CCI to hold in favour of Whatsapp. CCI concluded that unless there is an explicit or implicit imposition by Whatsapp taking away the discretion of users, section 4(2)(a)(i) of the Act will not be contravened.

The Hon’ble Supreme Court in Central Inland Water Transport Corporation Ltd. & Anr. vs Brojo Nath Ganguly & Anr [1986 AIR 1571] emphasised the requirement of ‘reasonableness’ in the terms of the contract and discussed the doctrine of ‘unconscionability’ where unequal bargaining power is a major factor in the imposition of unfair terms in the contract. The Hon’ble Supreme Court had also observed that if such a weaker party has no meaningful choice but to give his assent to a contract (or to accept a set of rules as part of the contract), however unfair, unreasonable and unconscionable they may be, the courts will strike down such unfair and unreasonable contract. This reasoning by the Supreme Court essentially translates to the test of ‘user-choice’ as applied by CCI in competition law cases to determine abuse of dominant cases with respect to the imposition of unfair terms and conditions on users.

 

Jurisdiction of CCI

Presently, India lacks an exclusive data protection law and a data protection regulator. The Personal Data Protection Bill, 2019 (‘PDP Bill’) which address many integral aspects of ‘proper consent’ is yet to be enacted by the government of India, which has allowed Whatsapp to roll out a separate privacy policy for European users including an opt-out clause due to strict GDPR rules.

It must be noted that in the GCO’s case against Facebook, they closely cooperated with data protection agencies to analyse Facebook’s privacy policy and terms and conditions for exploitative abuse. The European data protection principles as per the General Data Protection Regulation (2016/679) (‘GDPR’) were the standard used by GCO to determine the legal validity of the manner and extent of data collection and usage by Facebook. The conclusive analysis that Facebook was indulging in exploitative conduct by breaching the concerned data protection laws were integral to the subsequent application of competition law in the case.

In the investigation order, it can be observed that CCI has proceeded to delve into the nitty-gritties of whether the privacy policy and terms of service were fair and valid. After analysing certain structure and wordings of the privacy policy and terms of service along with their own determination of data protection expectations of a user, CCI observed that it is opaque, vague, and open-ended. Even though CCI appears to have rightly relied on the issue of lack of an ‘opt-out’ clause for concluding a prima facie violation, such an analysis of the privacy policy and terms of service by CCI was unnecessary and improper.

Analysing GCO’s case against Facebook, it can be understood that ascertaining the legal validity of the privacy policy in itself is a mandatory step to the subsequent analysis for a potential competition law violation. This is because the illegal acquisition of data should be judged on a data protection standard and not a competition law standard which can vary on a case-to-case basis. Essentially, if the data collection and usage terms in the privacy policy by the dominant entity is fair and valid as per the data protection rules, then a competition law case of exploitative conduct will not arise.

 

Concluding remarks

The CCI has made it clear that it will act upon unfair privacy policies of dominant entities if an allegation as to an abuse of the dominant position is made. But in such scenarios, a fine line needs to be drawn between determining the legal validity of a privacy policy and the subsequent competition law analysis of the potential appreciable adverse effect on competition.

Presently at the outset when India lacks a data protection authority, it can be observed that CCI has simply taken advantage of such an absence to commit jurisdictional overreach without any immediate ramifications. Such an intention to step into the shoes of the data protection regulator was evident from CCI’s response to Whatsapp’s preliminary objection of challenging CCI’s jurisdiction by relying on the landmark case of the Hon’ble Supreme Court in Competition Commission of India v. Bharti Airtel Limited and Ors. [(2019) 2 SCC 521]. The Hon’ble Supreme Court for the purposes of maintaining comity between regulators had stated that CCI will essentially have a ‘follow-on’ jurisdiction to a sectoral regulator who will first exercise primary jurisdiction to address technical issues related to a case.

But, in the present case, CCI had refuted the preliminary objection by simply stating that there is no other sectoral regulator that is actually seized of the matter. Nevertheless, in a situation where the proposed PDP Bill is enacted by the Central Government, such a course of action by CCI can be challenged before the courts for lack of jurisdiction. Hence this could set a bad precedent for upcoming cases in the same area of interface between data protection and competition law without encouraging consultation or cooperation between regulators to tackle such issues and adding to existing turf wars faced by CCI.

At least in situations where the privacy policies are framed in such a way that the consent of users is dependent on the continuation of usage of that service, then it can undoubtedly be classified as improper/involuntary consent. As previously mentioned, the ‘test of user-choice’ is a valid course of action for CCI against dominant entities in such “take it or leave it” privacy policies to decide a prima facie case of exploitative conduct with respect to data collection.


________________________

To make sure you do not miss out on regular updates from the Kluwer Competition Law Blog, please subscribe here.

image_pdfimage_print

3 comments

Leave a Reply

Your email address will not be published. Required fields are marked *