FTC Merger Review Likely to Incorporate Analysis of Privacy Issues
The Federal Trade Commission (FTC or the Commission), along with the U.S. Department of Justice, can challenge mergers it believes will result in a substantial lessening of competition – for example through higher prices, lower quality or reduced rates of innovation. Although the analysis of whether a transaction may be anticompetitive typically focuses on price, privacy is increasingly regarded as a kind of non-price competition, like quality or innovation. During a recent symposium on the parameters and enforcement reach of Section 5 of the FTC Act, Deborah Feinstein, the director of the FTC’s Bureau of Competition, noted that privacy concerns are becoming more important in the agency’s merger reviews. Specifically she stated, “Privacy could be a form of non-price competition important to customers that could be actionable if two kinds of companies competed on privacy commitments on technologies they came up with.”
At this same symposium, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, remarked on the agency’s increasing expectations that companies protect the consumer data they collect and be more transparent about what they collect, how they store and protect it, and about third parties with whom they share the data.
The FTC’s Bureaus of Competition and Consumer Protection fulfill the agency’s dual mission to promote competition and protect consumers, in part, through the enforcement of Section 5 of the FTC Act. With two areas of expertise and a supporting Bureau of Economics under one roof, the Commission is uniquely positioned to analyze whether a potential merger may substantially lessen privacy-related competition.
The concept that privacy is a form of non-price competition is not new to the FTC. In its 2007 statement upon closing its investigation into the merger of Google, Inc. and DoubleClick Inc., the Commission recognized that mergers can “adversely affect non-price attributes of competition, such as consumer privacy.” Commissioner Pamela Jones Harbour’s dissent in the Google/DoubleClick matter outlined a number of forward-looking competition and privacy-related considerations for analyzing mergers of data-rich companies. The FTC ultimately concluded that the evidence in that case “did not support the theories of potential competitive harm” and thus declined to challenge the deal. The matter laid the groundwork, however, for the agency’s future consideration of these issues.
While the FTC has yet to challenge a transaction on the basis that privacy competition would be substantially lessened, parties can expect staff from both the Bureau of Competition and the Bureau of Consumer Protection to be working closely together to analyze a proposed transaction’s impact on privacy. The FTC’s review of mergers between entities with large databases of consumer information may focus on: (1) whether the transaction will result in decreased privacy protections, i.e., lower quality of privacy; and (2) whether the combined parties achieve market power as a result of combining their consumer data.
This concept is not unique to the United States. The European Commission’s 2008 decision in TomTom/Tele Atlas examined whether there would be a decrease in privacy-based competition by investigating whether the combination of the portable navigation device manufacturers would enable a dominant player to offer less privacy protections without fearing a loss of business. More recently, the European Data Protection Supervisor issued a preliminary opinion entitled Privacy and Competitiveness in the Age of Big Data (March 26, 2014) with the goal of initiating a dialogue between experts and practitioners on potential gaps in EU competition, consumer protection and data protection policies.
With former and current FTC commissioners advocating for the inclusion of privacy considerations in merger investigations, Feinstein’s recent remarks, and the European Data Protection Supervisor offering similar views, companies in data-rich industries who are considering merging with or acquiring a competitor should expect privacy to play a prominent role in the antitrust review of their proposed transaction. For proposed transactions that implicate combinations of large databases of consumer information, the parties’ chief privacy officers will likely play an unprecedented role in the antitrust defense of the transaction, and parties should expect inquiry into how the merger might affect consumer privacy post-transaction and how the data will be maintained, protected and used. If privacy concerns are likely to arise, parties can prepare in advance as part of their overall antitrust defense. For example:
Companies, through their counsel, should undertake due diligence of the target’s privacy practices, as well as its statements to consumers, including privacy policies– not only their current state, but how they have changed over time in response to competitive pressures;
Antitrust counsel should interview personnel and review the parties’ own internal ordinary course documents to understand how each has responded in the marketplace to privacy-based competition;
Merging companies may want to consider engaging economic consultants to assess the transaction’s potential competitive impact on privacy or consider efficiencies arguments that might help mitigate competitive concerns;
Companies should consider in advance how the combined entity will address consumer privacy post-transaction – and whether they can preempt FTC concerns through certain commitments such as consumer opt-outs or maintaining the quality of their privacy protections.