The Competition Commission of India (CCI) recently concluded its inquiry into WhatsApp’s 2021 privacy policy update, finding Meta and WhatsApp guilty of abusing their dominant position. The CCI imposed a fine of INR 213.14 Crore (~USD 25.25 Million) and issued remedies, including a ban on sharing WhatsApp user data with Meta for advertising purposes. In this alert, we cover factual background, key findings, penalty determination and remedies imposed by the CCI. There are several important takeaways from this order for dominant entities who engage in data collection and sharing practices as part of their products and offerings:
Continued focus on the tech sector. The order once again puts the spotlight on the CCI’s continuing scrutiny of tech companies, particularly those operating in data-driven markets.
Jurisdictional boundaries. The CCI affirmed its jurisdiction over data practices, especially those that distort competition through exclusionary or exploitative tactics. The CCI also clarified its role in regulating practices with respect to collection of non-personal but competition-sensitive data (including anonymized and aggregated user data), which may fall outside the scope of the personal data protection framework under the Digital Personal Data Protection Act, 2023 (DPDP Act).
Privacy as a competition parameter. Privacy is now recognized as an important non-price competition factor, particularly in relation to zero-cost services. The CCI’s order re-affirms the “special responsibility” of dominant companies which need to ensure transparency and fairness in their data practices to avoid violating competition laws.
Consumer welfare and quality of services. Consumer welfare extends to privacy, and practices that lower data protection standards can reduce service quality, thereby violating competition law.
Data collection and data sharing. In effect, dominant entities must comply with some of the core underlying principles of the DPDP Act even if it is yet to be enforced, to avoid violation of the Competition Act, 2002 (Competition Act). For example, it is important that data collection (whether personal or not) policies are transparent and clearly set out. Excessive data sharing not necessary for providing core services will attract regulatory scrutiny.
User autonomy. User of coercive terms by dominant entities regarding data collection and sharing are likely to attract scrutiny unless such practices are necessary to provide core services.
Low threshold for abuse. The CCI’s analysis suggests that increasing market power facilitated through data-collection and obtaining a competitive edge may in itself amount to abuse or denial of market access. On the requirement to undertake an “effects analysis”, the CCI noted that the principle does not require to show that anti-competitive effects have materialized. This appears to be at odds with the ruling of the appellate tribunal (i.e., National Company Laws Appellate Tribunal) in Google v. CCI, 2023.
High threshold for pro-competitive justification. Any pro-competitive justification including efficiency gains associated with data collection and sharing policies must meet a high threshold – it is unclear what the threshold is. What is clear though is that efficiency gains for advertisers, in this case, at least was not sufficient as the CCI notes those efficiency gains and yet finds Meta in contravention of the Competition Act.
As per the rules of the Bar Council of India, lawyers and law firms are not permitted to solicit work or advertise. By clicking on the "I Agree" button, you acknowledge and confirm that you are seeking information relating to Economic Laws Practice (ELP) of your own accord and there has been no advertisement, personal communication, solicitation, invitation or any other inducement of any sort whatsoever by or on behalf of ELP or any of its members to solicit any work through this website.