Home Data Protection EU Competition and Data Protection Law: Insights from the 2019 Meta Decision and the ECJ Ruling

EU Competition and Data Protection Law: Insights from the 2019 Meta Decision and the ECJ Ruling

by delta
0 comment
EU flag

The complex interplay between EU competition law and data protection regulations has gained prominence alongside the rise of tech giants. Central to this relationship is the 2019 Meta decision by the German Federal Cartel Office (Bundeskartellamt), which accused Meta (formerly Facebook) of exploiting its dominant position in the German social network market. This exploitation involved collecting, combining, and analyzing “off-Facebook” user data for personalized advertising. The subsequent European Court of Justice (ECJ) ruling on July 4, 2023, provided crucial insights into the alignment of data protection and competition law.

I. Background

The Bundeskartellamt, in a groundbreaking move on February 6, 2019, asserted that GDPR infringements could indicate abuse of dominant position under competition law. The authority found Meta guilty of processing user data from outside Facebook without valid consent, contributing to targeted advertising. Legal battles ensued, culminating in the ECJ’s landmark decision on July 4, 2023.

II. Core Findings of the ECJ

  1. Relationship between GDPR and Competition Law

The ECJ affirmed that GDPR violations may overlap with competition law violations, especially in data-centric markets. Personal data, it stated, has become a significant parameter of competition in the digital economy. The ECJ outlined a framework for cooperation between competition authorities and data protection authorities (DPA), allowing competition authorities to draw independent conclusions under competition law.

  1. Meta’s GDPR Infringements

The ECJ deemed Meta’s practice of processing “off-Facebook” user data without explicit consent incompatible with the GDPR. It rejected Meta’s justifications under GDPR articles, emphasizing that user consent was the only valid justification. The ECJ asserted that consent must be freely given and refuted Meta’s claim of obtaining valid consent, citing the coercive environment created by market dominance.

III. Enforcement & Reactions

  1. BKartA’s Decision

Even before the ECJ ruling, the Bundeskartellamt reached a partial agreement with Meta regarding the implementation of its decision. Meta agreed to allow users to choose between separate or combined services, impacting data processing for personalized advertising. Negotiations on off-Facebook data continue, setting a precedent for digital players.

  1. Norwegian DPA’s Temporary Ban

The Norwegian Data Protection Authority issued a preliminary order against Meta, temporarily banning the processing of personal data for behavioral advertising. This move underscores the ongoing challenges in addressing GDPR infringements.

  1. Meta’s Shift to User Consent

In response to enforcement actions and the ECJ ruling, Meta announced a potential shift to a user consent-based data processing model. However, ambiguities in the announcement leave the actual extent of this shift uncertain.

IV. Conclusion & Outlook

The ECJ’s Meta decision not only shapes Meta’s business model but also sets a precedent for global digital economies. The ruling provides a blueprint for future interactions between competition and data protection authorities. The question arises whether similar reasoning can be extended to other regulatory areas, such as environmental, social, and corporate governance (ESG) laws, potentially influencing the assessment of competition law infringements. As the digital landscape evolves, delineating fields that regulate significant parameters of competition becomes a critical consideration.

DELTA Data Protection & Compliance Academy & Consulting – info@delta-compliance.com

You may also like

Leave a Comment


Delta-Compliance.com is a premier news website that provides in-depth coverage of the latest developments in finance, startups, compliance, business, science, and job markets.

Editors' Picks

Latest Posts

This Website is operated by the Company DELTA Data Protection & Compliance, Inc., located in Lewes, DE 19958, Delaware, USA.
All feedback, comments, notices of copyright infringement claims or requests for technical support, and other communications relating to this website should be directed to: info@delta-compliance.com. The imprint also applies to the social media profiles of DELTA Data Protection & Compliance.

Copyright ©️ 2023  Delta Compliance. All Rights Reserved