Georgetown Law
Technology Review

The Bundeskartellamt, Germany’s antitrust authority and Federal Cartel Office, recently issued a regulatory blow to Facebook, labeling Facebook’s current data collection practices abusive. On February 6, 2019, the Bundeskartellamt ordered Facebook to cease cross-app integration and data tracking from Facebook-owned apps like WhatsApp and Instagram to Facebook user accounts without “users’ voluntary consent.” The regulator also stated that Facebook could no longer “force” users to agree to “virtually limitless” data collection and tracking outside of the site without similar consent. The Bundeskartellamt described Facebook’s abuse of market power in Germany as causing users’ “loss of control” rather than “financial loss.” The order is eligible for appeal but as it stands would require Facebook to include more consent opportunities for users to protect their data privacy. These regulatory actions make Germany the first  General Data Protection Regulation (GDPR) signatory to place restrictions on Facebook’s expansive cross-app integration plans.

The Bundeskartellamt explained that Facebook’s business model and practices created an environment where users essentially cannot switch to other social networking apps. The German authority found that the social network “dominates the market” and is therefore subject to antitrust violations. Bundeskartellamt President Andreas Mundt explains that Facebook has been able to create “unique databases” for each user to gain market power, all without voluntary and affirmative consent from users. Mundt also claims that Facebook cannot remedy the issue by simply incorporating consent into the Facebook’s terms of services. Instead, Facebook must allow German users to opt out of the data collection process and continue to remain on the social network and its associated services.

Facebook rejects the Bundeskartellamt’s reasoning, stating that “popularity” does not amount to monopoly. Facebook also insists that the company faces “fierce competition” within Germany. As of 2018, Facebook has hosted 32 million users per month and 23 million users per day in Germany—a nation with 80.6 million citizens.

Aftermath and Potential Effects

Facebook promoted the cross-app integration plans as an effort to increase privacy, reliability and ease of the apps’ messaging services. The consolidation, however, not only provides Facebook with dramatic profitability and ad revenue potential, but also an unprecedented consolidation of data under one company. If enforced, the German order could prove to be a major set-back for Facebook’s plans to integrate the messaging services of Facebook, Instagram and WhatsApp internationally. During Facebook’s fourth-quarter earnings call, CEO Mark Zuckerberg announced that the integration plan will not take place until 2020 at the earliest. Although Zuckerberg ordered the incorporation of end-to-end encryption across all app messaging services, the plan has triggered privacy, security and antitrust concerns—as expressed by German regulators.

The German authority’s decision could open the door for other GDPR signatories to issue similar restrictions on Facebook’s back-end data integration plans based on both privacy and antitrust concerns. The decision could also spur a federal regulatory discussion in the United States about whether the current legal infrastructure and regulatory bodies are equipped to control the evolving data practices of behemoth tech companies like Facebook and Google.

State governments in the United States have already started legislatively targeting Facebook’s data-harvesting practices. Both the adoption of the California Consumer Privacy Act in June 2018 as well as California Governor Gavin Newsome’s recent “data dividend” proposal could provide frameworks for innovative restrictions on Facebook’s data integration capabilities and competitive edge on a potentially global scale.