FTC Chair Khan Squares the Circle With an “Interdisciplinary Approach” to Protecting Privacy and Competition

Government efforts to protect competition and privacy could become more closely aligned under an “interdisciplinary approach” to enforcement announced by Federal Trade Commission Chair Lina Khan.

It’s no secret that a handful of major tech firms touch nearly every aspect of modern life.  Nor is it a surprise that their business models often rely on collecting and monetizing user information in order to provide goods and services to consumers at low or no out-of-pocket cost.

Yet antitrust lawyers’ opinions differ wildly on the competitive effects of these data practices.  Some think private information is equivalent to a price users pay to access digital products.  Others prefer to see user data as just another input market in a longer distribution chain.  Some think a firm’s ability to monetize that data to offer better targeted advertisements to consumers is a procompetitive sign of a well-functioning market.  Yet others see it as a sign of monopolistic unfair conduct.  Many, including at least one FTC Commissioner, think antitrust law has little if anything to say about user privacy at all.

In her very first public remarks as Chair of the FTC, Lina Khan focused on this question last week.  Although Chair Khan came to prominence as a leading voice in tech antitrust, she chose a forum highlighting the FTC’s consumer-protection mandate—the Global Privacy Summit of the International Association of Privacy Professionals (IAPP) for this major address.  There, Chair Khan articulated a forceful defense in support of an “interdisciplinary approach”—that melds antitrust and data privacy goals to work together to protect users against the “surveillance economy” of dominant firms.

Given Chair Khan’s stature as an influential antitrust enforcer and theorist on technology markets, all players in the digital economy should pay close attention to her emerging approach.

Privacy & Antitrust – Sometimes Aligned, Sometimes Not

Efforts to protect user privacy and competition often butt heads.  On the one hand, users frequently want their information shielded from others.  If a user gives personal information to one firm, she will usually not want that firm to share it with others.  In contrast, a vigorously competitive digital market incentivizes firms to gather as much information as possible, for example, to gain increasingly better insights to sell to advertisers.  This means one firm would seek to replicate data another firm already has.  And unlike an invention or work of art, information itself is not ordinarily protectable by copyright or patent.  Thus, user privacy goals of shielding information can conflict directly with the interests of a competitive market that seeks to share it.

Antitrust law takes a mixed approach to this tension.  In one example just this week, a firm was enjoined from preventing a rival from ‘scraping’ its users’ data.  HiQ v. LinkedIn, No. 17-16783 (9th Cir. Apr. 18, 2022).  Yet at the same time, antitrust law has long recognized that firms rarely, if ever, have a duty to share their investments with rivals.  And what should enforcers do about Apple’s “App Tracking Transparency,” and related initiatives, that prevent third-parties from accessing iPhone users’ data?  While some privacy advocates have hailed the initiatives as a “huge step in the right direction,” others see a dominant firm using privacy rights as an excuse to exclude competition—and then taking the advertising sales for itself.  Major tech firms often feel caught between these goals.  At the very same IAPP conference where Chair Khan spoke, Apple’s CEO Tim Cook defended its policies, calling privacy “one of the most essential battles of our time.”  He further criticized “regulations that would undermine privacy and security in service of some other aim,” like free competition.

The FTC’s Dual Mandate – Squaring the Circle

Nowhere is this tension between user privacy and competitive markets more on display than at the FTC, which has a dual mandate over competition and consumer protection.  This consumer-protection directive covers various data management practices, such as those governing children’s privacy, health data breaches,  financial information, consumer credit reporting, data security standards, and the FTC’s catch-all unfair and deceptive practices authority.

Attempting to square the circle, FTC Chair Lina Khan announced an “interdisciplinary approach . . . through both a consumer protection and competition lens.”  Remarks of Chair Khan at 4.  Given the FTC’s scarce resources, she announced the FTC’s approach would focus on “firms whose business practices cause widespread harm,” including focusing on “dominant firms as well as intermediaries that may facilitate unlawful conduct on a massive scale.”  Id.  This interdisciplinary approach includes procedural changes with important ramifications for firms.  For example, the FTC has been focused on learning.  Under Chair Khan’s leadership, the FTC has both hired technologists and streamlined information about firms and practices across the ordinarily separate competition and consumer protection bureaus.  Id.

But Chair Khan’s approach has substantive ramifications too.  Under Chair Khan’s leadership, the FTC has explained to Congress that “violations of consumer protection laws may be enabled by market power, and consumer protection violations, in turn, can have a detrimental effect on competition.”  FTC Report at 4.  As the FTC has hypothesized, a company could gain market share by making “deceptive reassurances on privacy.”  Id.  And Chair Khan, in line with her reputation as a skeptic of large technology firms, has stated that “concentrated control over data has enabled dominant firms to capture markets and erect entry barriers, while commercial surveillance has allowed firms to identify and thwart emerging competitive threats,” and “[m]onopoly power, in turn, can enable firms to degrade privacy without ramifications.”  Statement of Chair Khan at 2.

As another example, a firm previously subject to an investigation for a data breach may find that the Bureau of Competition has a greater knowledge of its data assets when the firm is considering an acquisition.  Or, as Commissioner Slaughter recently noted, section 7 not only prohibits transactions that “substantially lessen competition,” but also those that “tend to create a monopoly.”

Perhaps a transaction might expand or reinforce a dominant digital firm’s monopoly position, even if the transaction does not substantially lessen competition in the particular market where the transaction occurs.  And if the landmark Facebook Complaint is any clue, the FTC will likely consider deteriorations in user privacy as a direct example of anticompetitive effects.  See Substituted Amended Complaint §222 (due to alleged monopolization, “Facebook has been able to provide lower levels of service quality on privacy and data protection than it would have to provide in a competitive market”).

Of course, Chair Khan isn’t alone.  European authorities have led the way in expanding antitrust enforcement under user privacy theories.  As this blog has previously noted, Germany’s competition authority argued that Facebook abused its dominant position “based on the extent of collecting, using and merging data” in violation of German competition law and the European General Data Protection Regulation

No Consensus (Yet?)

Of course, many disagree with Chair Khan’s approach.  For example, FTC Commissioner Christine Wilson has vehemently disagreed, stating that the “FTC’s antitrust and consumer protection authorities are based upon distinct statutory provisions enacted at different times and for different reasons.”

Similarly, Commissioner Noah Phillips has also taken a skeptical view: “Competition and privacy can align, but they do not always do so . . . For one, when it comes to consumer data, privacy counsels security and limited sharing; robust competition often involves opening up access. . . . I am concerned that predicating enforcement resources on unsupported and counterintuitive assumptions about the alignment between privacy and competition is a recipe for ineffective enforcement and unfair application of the law.”

Considering the FTC currently has only four members, two dissents could restrain Chair Khan’s approach, at least in the short term.

Moving Forward – Lesson for Firms

Given a less-than-clear legal framework, what’s a company to do to forestall potential severe antitrust remedies, including treble damages or even a possible breakup?  Below are a few key strategies that savvy firms should consider adopting.

• Do not wait before ensuring compliance with data protection and antitrust laws. Federal and state governments have signaled that both data security and antitrust enforcement are high priorities.  Do not wait for a problem to arise before ensuring that your policies are up to date, especially if you plan any major transactions subject to premerger review.  Because enforcers are taking a closer look at the competitive effects of data, employing technologists to better understand how digital markets work, and sharing information across competition and consumer protection departments, enforcement risk has only increased.  For example, a data breach could lead to an investigation; and the information the government learns from that investigation could show up during a merger review.
• Be proactive with the government. This is advisable whether you have a transaction under review, are subject to an investigation, or you see something another firm is doing that you think an enforcement agency should know about.  No government entity is all-knowing, and enforcers rely significantly on third parties for information about the marketplace.  If you are not telling your own story, they are likely drawing their own conclusions from other sources.
• Retain counsel immediately if contacted by the government. If you receive a civil investigative demand (“CID”) or subpoena, you should retain counsel right away, even if you do not think you have done anything wrong.  Anything you say or do can and will be used against you.  Because enforcement agencies rely primarily on third parties, you should never assume that the government has all the facts, or that its legal approach aligns with reality.  Unfortunately, there are countless examples of unwitting bystanders becoming caught in an enforcement action merely because they did not promptly pick up the phone and ask for legal advice.  An experienced attorney can ensure the government obtains the information it needs, while protecting you from any crossfire.

As always, those seeking more information should not hesitate to contact experienced antitrust counsel.

Written by J. Wyatt Fore

Edited by Gary J. Malone