DATA PROTECTION
EU Court of Justice: acompetition authority may take account of the compatibility of a commercial practice with the GDPR.
Meta Platforms is the owner of the online social network ‘Facebook’. Users of this social network must accept Facebook’s terms of service, which refer to Meta Platforms’ data and cookies policies. Under those terms, Meta Platforms collects data from other Meta Platforms group services, such as Instagram and WhatsApp, as well as from third-party websites and applications, via integrated interfaces or via cookies placed on the user’s computer or mobile device. In addition, Meta Platforms links those data to the Facebook account of the user concerned and uses them for advertising purposes, among other things.
The German Federal Competition Authority prohibited Meta Platforms from processing data in accordance with Facebook's terms of service and from implementing those terms, and imposed measures to stop it from doing so. The authority found that the data processing in question, which did not comply with the General Data Protection Regulation (GDPR), constituted an abuse of Meta Platforms' dominant position on the social network market for private users in Germany. Meta Platforms appealed against the decision of the above authority to the Higher Regional Court of Düsseldorf, which asks the Court of Justice whether national competition authorities are entitled to assess the compliance of data processing with the RGPD.
In addition, the German court asks the Court about the interpretation and application of certain provisions of the GDPR. In his Opinion delivered today, Advocate General Athanasios Rantos, first, takes the view that, while a competition authority does not have jurisdiction to rule on an infringement of the GDPR, it may nevertheless, in the exercise of its own powers, take account of the compatibility of a commercial practice with the GDPR. In that respect, the Advocate General emphasises that the compliance or non-compliance of that conduct with the provisions of the GDPR may, in the light of all the circumstances of the case, be an important indication of whether that conduct amounts to a breach of competition rules.
However, the Advocate General points out that a competition authority can only assess compliance with the GDPR as an incidental question, without prejudice to the powers of the competent supervisory authority under that regulation. Therefore, the competition authority must take account of any decision or investigation by the competent supervisory authority, inform the latter of any relevant details and, where appropriate, consult it
The German Federal Competition Authority prohibited Meta Platforms from processing data in accordance with Facebook's terms of service and from implementing those terms, and imposed measures to stop it from doing so. The authority found that the data processing in question, which did not comply with the General Data Protection Regulation (GDPR), constituted an abuse of Meta Platforms' dominant position on the social network market for private users in Germany. Meta Platforms appealed against the decision of the above authority to the Higher Regional Court of Düsseldorf, which asks the Court of Justice whether national competition authorities are entitled to assess the compliance of data processing with the RGPD.
In addition, the German court asks the Court about the interpretation and application of certain provisions of the GDPR. In his Opinion delivered today, Advocate General Athanasios Rantos, first, takes the view that, while a competition authority does not have jurisdiction to rule on an infringement of the GDPR, it may nevertheless, in the exercise of its own powers, take account of the compatibility of a commercial practice with the GDPR. In that respect, the Advocate General emphasises that the compliance or non-compliance of that conduct with the provisions of the GDPR may, in the light of all the circumstances of the case, be an important indication of whether that conduct amounts to a breach of competition rules.
However, the Advocate General points out that a competition authority can only assess compliance with the GDPR as an incidental question, without prejudice to the powers of the competent supervisory authority under that regulation. Therefore, the competition authority must take account of any decision or investigation by the competent supervisory authority, inform the latter of any relevant details and, where appropriate, consult it
