Facebook’s lead data privacy regulator in the EU, the Irish Data Protection Commission, yesterday summoned the social media giant for an “urgent briefing” to explain its planned backend integration of Facebook Messenger, WhatsApp and Instagram.
A Heavily Scrutinised Concentration
Facebook’s original acquisition of WhatsApp back in 2014 was examined worldwide and cleared by antitrust/competition authorities, most notably DG Comp in the EU and the FTC in the States, decisions that attracted severe criticism from consumer bodies.
A number of data privacy regulators subsequently stepped into the gap left by the antitrust authorities with a cluster of investigations into issues flowing from the Facebook/WhatsApp/Instagram concentration.
GDPR Obstructing What Antitrust Could Not..?
What is perhaps most interesting about this case is the regulator’s statement that:
…ultimately the proposed integration can only occur in the EU if it is capable of meeting all the requirements of GDPR.
What we see here then is a data privacy regulator looking to protect consumers by potentially frustrating the day-to-day commercial freedom of a concentration that has already been cleared by the antitrust authorities.
Business Must Get Onside With Both Regs
What are the lessons here for tech? Well, put simply, data privacy issues both run with and can arise separately from antitrust and that it is absolutely vital to meet both sets of obligations.
Failure to do so can trigger major regulatory and consumer concerns and potentially seriously constrain the business’ day-to-day commercial freedom.
And while this is particularly relevant to the tech sector given its tendency to horizontal and vertical integration, the lessons here go much wider to any player on any market subject to dual antitrust and data privacy regulation - in other words, everyone.
Ohalo builds tools to automate data governance. The Data X-Ray scans unstructured and structured datasources for personal data, allowing the user to search across their data estate for individual data elements (in response to a DSAR for instance) and manage their risk in both a high-level and detailed manner. Simply sign up here. Once you have established a baseline of where personal data is distributed across your data estate, you can track where that data is going with the blockchain-based Data Protection Router to assist your general data governance and data privacy compliance.