Data Privacy and Antitrust: Competing Frameworks for Mitigating Privacy Harms

By Christopher Yalda
3L  J.D. Candidate at LMU Loyola Law School

The data economy is changing. Users of technology and social media platforms are becoming increasingly aware of the value their personal data holds for both advertising and for developing generative AI systems. Law makers are calling for ‘data dividends’ and legal frameworks are emerging that empower individuals to capitalize on their own data production.^[i] Underlying these attitudes toward personal data is the realization that access to and the ability to use vast troves of personal data holds immense market power. This note draws on scholarly and literary works to examine how privacy and antitrust law intersect when control of personal data gives companies a competitive edge.

Personal data, in large enough quantities, confers a competitive advantage to commercial operators harnessing it for their own purposes. This results in tension between companies seeking access to ever increasing amounts of personal data, and platform users who have an interest in monetizing and protecting their data and privacy.  Antitrust law is one possible approach to address the impact of those conflicting interests on fair competition and digital privacy. As popular conceptions change about data, mergers lead to data being more consolidated, and A.I. drives up its value, new frameworks will become increasingly relevant to take on these issues. First, let’s consider a real-world example of how privacy innovation brought up antitrust concerns to illustrate how those areas of law intersect.

Apple and Meta’s fight over App Tracking Transparency:

In 2021, Apple introduced a suite of privacy tracking features, styled App Tracking Transparency (ATT) in alignment with its stated commitment to protecting privacy as a fundamental human right.^[ii] The feature requires that all apps on the App Store provide information for a “privacy nutrition label” which displays in plain and simple language what types of data an app links to users and what data an app uses to track users. Additionally, Apple required that developers ask for users consent before sharing their data—making data collection an opt-in feature rather than data collection being a default background function of an app.^[iii]

Facebook (now Meta), in turn, was unhappy with this update because the ATT features threatened to destabilize their user data-driven ads business. A spokesperson for Facebook’s messaging service Whatsapp said that the ATT features were anti-competitive because Apple’s own preinstalled messaging app does not provide a similar privacy warning label, giving Apple a leg up in data collection over its competitors in that market.^[iv] Apple’s privacy push also elicited antitrust concerns in Europe, with German advertising association ZAW arguing that the ATT features preclude Apple’s competitors from processing relevant user data while excluding Apple’s own data collection efforts from the ATT features.^[v] Ultimately, neither of these antitrust claims ever matured into litigation.

What Apple and Facebook’s tussle over the ATT features reveals is the complex relationship between data, competition, and user privacy. On one hand, platforms can garner good will from consumers by implementing privacy-minded features that most people would probably opt in to, like blocking certain app developers from tracking their data. However, companies can also use these same privacy features to gain a competitive advantage in data-driven markets.

Data Privacy and Protection as Non-Price Aspects of Competition in Antitrust Enforcement

The debate continues as to whether data privacy and protection concerns are best addressed through antitrust law, consumer protection law, state privacy laws, or a combination of those frameworks. What is becoming increasingly clear, however, is that data privacy rules may function as a non-price competition factor, which can trigger antitrust concerns. In practical terms, a non-price competition factor can be the strength or weakness of data privacy protections which can influence consumer demand for goods and services online.

European privacy regulators have long tested the boundaries between privacy regulation and competition laws, and, following the CJEU landmark decision in Meta vs Bundeskartellamt Case C-252/21, European competition regulators are now authorized to examine, among other things, violations of data privacy law.^[vi] In that seminal case, the court acknowledged that a dominant market position may be used to violate data privacy law, and that the processing and access to personal data are significant parameters of competition.^[vii]

U.S. Regulators: Tentative Evaluation of Competition Regulations as Instrument to Mitigate Privacy Harms.

Among U.S. regulators, several former FTC Commissioners have been most active in evaluating the interaction between anti-competitive conduct and privacy harms. As the analysis below will show, this process is occurring at a fairly deliberate pace, without producing a unified doctrinal result, thus far.

Former FTC Commissioner Maureen Ohlhausen identified in a foundational paper four general schools of thought among those advocating for the integration of antitrust law into data privacy: ^[viii]

1. Privacy as a Non-Price Quality of Competition: This first perspective acknowledges privacy as a non-price quality of competition and examines transactions, especially mergers and acquisitions, for their impact on the firm’s incentives to compete on privacy protections.^[ix]
   
   In practice, this means that regulators would assess whether a merger reduces firms’ incentives to compete on privacy protections, treating privacy as a parameter of quality alongside price, innovation, and choice. This perspective is most readily seen in European competition and privacy law. Meta vs Bundeskartellamt softened the distinction between privacy and antitrust harms, requiring cooperation between competition and privacy regulators, and marking the relationship between competition and privacy explicit.
   
2. Balancing Consumer Protection against Competition: The proponents of this approach, most notably former FTC Commissioner Julie Brill, treat privacy regulations for the most part as an extension of consumer protection law.^[x] They argue for a balancing approach, weighing the costs and benefits of consumer protection measures, including privacy-related regulations, against their impact on competition.
   
   This perspective often grapples with situations where antitrust and consumer protection law intersect, and generally views the distinction between these bodies of law as artificial.^[xi] Former Commissioner Brill hones in on the example of Cal. Dental Ass’n v. FTC, where restrictions from an industry group on allegedly misleading advertisements were struck down as anticompetitive limits on displaying truth price and quality claims to illustrate the challenge of balancing consumer protection and competition.^[xii]
   
   Ultimately, former Commissioner Ohlhausen comes to endorse this perspective as well, reserving antitrust intervention for those cases where efficiency losses—such as reduced output, higher prices, or degraded quality— can be demonstrated.^[xiii]
   
3. Antitrust as a Tool against Deceptive Privacy Practices: A third school of thought follows a more traditional approach drawing upon antitrust principles to the extent a company misleads and deceives consumers about data collection for the end of maintaining monopolistic power.^[xiv]
   
   This perspective is illustrated by Facebook’s 2014 merger with WhatsApp. Facebook represented to the European Commission upon its acquisition of WhatsApp that matching the user data of Facebook and Whatsapp users was not possible.^[xv] Two years later, WhatsApp’s terms of service was updated to reflect that Facebook profiles may be matched with WhatsApp accounts.^[xvi] Here, we see that the user data acquired through a merger was used in a way that compromised user privacy, and that EU merger regulations were used to impose sanctions in response to the privacy harms resulting from Facebook’s conduct.
   
4. Privacy Harm as Antitrust Harm:  The fourth, and most radical, perspective Olhausen identifies suggests treating harm to privacy itself as sufficient to trigger antitrust concerns. Thus, violations of privacy would be directly cognizable under antitrust law, even if privacy harms are not directly tied to competitive dimensions like price or output. This perspective treats the erosion of privacy as inherently anti-competitive.
   
   Advocates for a broader application of antitrust principles see network effects^[xvii] entrenching massive companies into dominant market positions that implicate their digital privacy. With competition facing growing obstacles in light of such network effects, the incentives for companies to protect user privacy erodes. And when user data becomes the product driving these companies’ profits, companies’ unchecked market power leads to more invasive data collection practices, without fear of losing customers to competitors.^[xviii] This dynamic, if unchecked, is likely to harm privacy interests and competition alike, underscoring why antitrust law may be situated to directly address privacy as a core dimension of harm to users.^[xix]
   
   The view equating privacy harm to antitrust harm emphasizes those concerns and treats the erosion of privacy itself as an anti-competitive harm. Its core argument is that in cases in which dominant platforms normalize invasive privacy practices, the injury to users is sufficient to justify antitrust intervention, even if there is no evidence of price or output effects.

Conclusion

As data grows into a core source of market power, the lines between antitrust and privacy are softening. International regulators are already treating privacy as a competitive parameter, and U.S. enforcement may not be far behind. For practitioners, the implication is clear: privacy arguments can’t be siloed. Merger reviews, conduct cases, and consumer protection actions increasingly hinge on how data is collected and used. Counsels, who are able to frame privacy-related arguments both as a compliance obligation issues and as a dimension of potentially anti-competitive conduct, will be best positioned to anticipate risk and shape appropriate remedies.

---

[i] Jeff Daniels, California governor proposes ‘new data dividend’ that could call on Facebook and Google to pay users, CNBC (Feb. 13, 2019) https://www.cnbc.com/2019/02/12/california-gov-newsom-calls-for-new-data-dividend-for-consumers.html ;André Vellozo & Brett King, Data ownership is leading the next tech megacycle, TechCrunch (Jan. 6, 2024) https://techcrunch.com/2024/01/06/data-ownership-is-leading-the-next-tech-megacycle/.

[ii] Data Privacy Day at Apple: Improving transparency and empowering users, (Jan. 27, 2021) https://www.apple.com/newsroom/2021/01/data-privacy-day-at-apple-improving-transparency-and-empowering-users/.

[iii] Id.

[iv] Sara Fischer, Scoop: WhatsApp goes after Apple over privacy label requirements, Axios (Dec. 9, 2020) https://www.axios.com/2020/12/09/whatsapp-apple-privacy-label-requirements.

[v] Sam Shead, Apple hit with German antitrust complaint as it prepares to roll out new iPhone software, CNBC (Apr. 26, 2021) https://www.cnbc.com/2021/04/26/ios-14point5-apple-iphone-software-leads-to-german-antitrust-complaint.html.

[vi] Verena Grentzenberg, Philipp Schmeche, lJonas Kranz, CJEU’s landmark decision in Meta vs Bundeskartellamt, DLA Piper (Jul. 12, 2023) https://www.dlapiper.com/en/insights/publications/2023/07/cjeus-landmark-decision-in-meta-vs-bundeskartellamt.

[vii] Id.

[viii] Maureen K. Ohlhausen & Alexander P. Okuliar, Competition, Consumer Protection, and the Right [Approach] to Privacy, 80 ANTITRUST L.J. 121, 134-45 (2015). https://www.ftc.gov/system/files/documents/public_statements/686541/ohlhausenokuliaralj.pdf.  

[ix] Ohlhausen & Okuliar, supra note 6 at 134.

[x] Ohlhausen & Okuliar, supra note 6 at 134-35.

[xi] Id.

[xii] Julie Brill, Competition and Consumer Protection: Strange Bedfellows or Best Friends?, Antitrust Source (Dec. 2010) https://www.ftc.gov/sites/default/files/documents/public_statements/competition-and-consumer-protection-strange-bedfellows-or-best-friends/1012abamasternewsletter.pdf; See also, Cal. Dental Ass’n v. FTC, 526 U.S. 756 (1999).

[xiii] Ohlhausen & Okuliar, supra note 6 at 152.

[xiv] Id at 135.

[xv] Mergers: Commission fines Facebook €110 million for providing misleading information about WhatsApp takeover, European Commission (May 17, 2017) https://ec.europa.eu/commission/presscorner/detail/en/ip_17_1369.

[xvi] Id.

[xvii] Tim Stobierski, What Are Network Effects?, Harvard Business School Online (Nov. 12, 2020) (“the term network effect refers to any situation in which the value of a product, service, or platform depends on the number of buyers, sellers, or users who leverage it. Typically, the greater the number of buyers, sellers, or users, the greater the network effect—and the greater the value created by the offering.”) https://online.hbs.edu/blog/post/what-are-network-effects.

[xviii] Sarit Markovich & Yaron Yehezkel, Competing for Cookies: Platforms’ Business Models in Data Markets With Network Effects, 17(Jul. 24 2025) (unpublished manuscript) https://ssrn.com/abstract=4770577(finding that strong network effects can drive platforms to increase data commercialization rather than protect privacy, demonstrating how network effects erode firms’ incentives to safeguard user data); But see, Maurice E. Stucke, The Relationship Between Privacy and Antitrust, Notre Dame L. Rev. Reflections, 410 https://ndlawreview.org/wp-content/uploads/2022/07/Stucke_97-Notre-Dame-L.-Rev.-Reflection-400-C.pdf (“Privacy and competition can be complementary. But more competition will not necessarily improve privacy, especially when the competition itself is toxic. Thus, competition and privacy policies can be at odds, as this Part explores”)

[xix] See generally Al Franken, How Privacy Has Become an Antitrust Issue, HuffPost (Mar. 30, 2012) https://www.huffpost.com/entry/how-privacy-has-become-an_b_1392580; See also Dissenting Statement of Commissioner Pamela Jones Harbour, In the matter of Google/DoubleClick F.T.C. File No. 071-0170, https://www.ftc.gov/sites/default/files/documents/public_statements/statement-matter-google/doubleclick/071220harbour_0.pdf.