15 Years of FTC Failure to Factor Privacy Into Merger Reviews

In many cases, companies that previously built their businesses on promises not to collect or share personal data then were absorbed by companies without such commitments, betraying the trust users had placed in the original companies.
This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.

Under both Democratic and Republican administrations, over more than 15 years, the Federal Trade Commission has ignored privacy concerns in approving merger after merger. The Electronic Privacy Information Center (EPIC) details that history in extensive comments submitted to the FTC as part of its review of its own merger remedy process.

Just a sampling of the mergers detailed where privacy concerns were ignored:

  • 1999: EPIC first raised concerns when the Internet advertising firm DoubleClick proposed acquiring the catalog database firm Abacus.
  • 2000: EPIC and a coalition of consumer groups highlighted the danger to privacy in the proposed merger of Time Warner and AOL.
  • 2007: EPIC highlighted the clear danger to consumer privacy of combining Google's own extensive profiling of consumers with DoubleClick's database in a corporate merger.
  • 2014: As recently as last year, consumer groups asked that privacy concerns be taken into account to block the merger of Facebook with WhatsApp.

As EPIC argues, in each case:

[T]he practical consequence of the merger would be to reduce the privacy protections for consumers and expose individuals to enhanced tracking and profiling. The failure of the Federal Trade Commission to take this into account during merger review is one of the main reasons consumer privacy in the United States has diminished significantly over the last 15 years.

In many cases, companies that previously built their businesses on promises not to collect or share personal data then were absorbed by companies without such commitments, betraying the trust users had placed in the original companies. Notably, after the DoubleClick merger, "Google has continued to expand the tracking and profiling Internet users, often ignoring prior commitments it had made to protect the privacy of these same users."

Notably, European competition regulators are increasingly seeing protecting personal data from corporate control as an integral part of their responsibility. Recently appointed European Union Competition Commissioner Margrethe Vestager argued recently:

Very few people realize that, if you tick the box, your information can be exchanged with others. Actually, you are paying a price, an extra price for the product that you are purchasing. You give away something that was valuable. I think that point is underestimated as a factor as to how competition works.

The Federal Trade Commission in the United States, however, has, as EPIC notes, been extremely resistant to integrating analysis of the harms to competition and consumers from control of personal data by increasingly centralized data platforms.

Unfortunately, it's not clear how soon that may change. I spoke at a panel yesterday at George Mason's Law and Economics Center on the topic "Big Data, Privacy, and Antitrust." Keynoting the briefing was FTC Commissioner Maureen K. Ohlhausen, who essentially doubled down on the traditional argument of the FTC that they should generally not address privacy in antitrust or merger proceedings. She outlined arguments from an upcoming law review article she has co-written, which argues vigorously that the FTC should focus exclusively on maximizing competition, defined in traditional "free market" Chicago School terms, and leave protection of privacy to separate consumer protection laws.

Part of the problem may be the word "privacy" itself, which tends to conflate everything from the icky "harms to dignity" of intrusion that Supreme Court Justice Louis Brandeis wrote about a century ago to equal rights for women embodied in abortion rights to protecting the rights of consumers to receive a fair return on the value of the personal information that big data platforms use to generate their megaprofits.

If regulators focus on the last version of privacy, of preserving the ability of consumers to control their own data and receive fair compensation for it, the supposed opposition between economistic "competition" concerns and soft "privacy" concerns largely disappears. As I have argued in law reviews I published last year, "Search, Antitrust and the Economics of the Control of User Data" and "The Costs of Lost Privacy: Consumer Harm and Rising Economic Inequality in the Age of Google," the sharing of data by consumers with online services is itself an economic exchange that can strengthen or weaken the monopoly power of the firms that end up controlling that data.

If companies too easily collect user data without fair compensation to those users, they will end up with a distorting edge in dominating particular business sectors. Preserving "privacy" (i.e., consumer control of their own data and the ability to demand fair compensation) is therefore a critical tool for competition regulators in ensuring a competitive marketplace. And where competition is failing, as it is too often in multiple online sectors, agencies like the FTC should be stepping up their intervention to do what the market is failing to do: protect consumer control of their data.

As EPIC details, we have had a bipartisan failure of the Federal Trade Commission to properly factor privacy concerns into merger reviews. We need a change in agency direction to ensure we don't have a similar 15 years of inaction going forward or we will end up with a near-irreversible obliteration of both privacy and competition across the economy.

Popular in the Community