A national competition authority can find, in the context of the examination of an abuse of a dominant position, that the GDPR has been infringed (ECJ)

According to Judgment of the European Court of Justice in Case C-252/21 (Meta Platforms and Others), a national competition authority can find, in the context of the examination of an abuse of a dominant position, that the GDPR has been infringed.

Bound by the duty of sincere cooperation, it must nonetheless take into consideration any decision or investigation by the competent supervisory authority pursuant to that regulation.

Meta Platforms Ireland operates the online social network Facebook within the European Union. When they register with Facebook, its users accept the general terms drawn up by that company and, consequently, the data and cookies policies. According to those policies, Meta Platforms Ireland collects data about user activities on and off the social network and links them with the Facebook accounts of the users concerned. The latter data, also known as ‘off-Facebook data’, are data concerning visits to third-party webpages and apps as well as data concerning the use of other online services belonging to the Meta group (including Instagram and WhatsApp). The data thus collected serve, inter alia, to create personalised advertising messages for Facebook users.

The German Federal Cartel Office prohibited, in particular, the use of the social network Facebook by private users resident in Germany from being subject, in the general terms, to the processing of their off-Facebook data and those data from being processed without their consent. It based its decision on the fact that since that processing was not consistent with the General Data Protection Regulation (GDPR),[1] it constituted an abuse of that Meta Platforms Ireland’s dominant position on the German market for online social networks.

Hearing an action brought against that decision, the Higher Regional Court, Düsseldorf, asks the Court of Justice whether the national competition authorities may review whether a data processing operation complies with the requirements set out in the GDPR. In addition, the German court refers questions to the Court of Justice about the interpretation and the application of certain provisions of the GDPR to the processing of data by the operator of an online social network.

In its judgment, the Court of Justice states that, in the context of the examination of an abuse of a dominant position by an undertaking, it may be necessary for the competition authority of the Member State concerned also to examine whether that undertaking’s conduct complies with rules other than those relating to competition law, such as the rules laid down by the GDPR.

However, where the national competition authority identifies an infringement of the GDPR, it does not replace the supervisory authorities established by that regulation. The sole purpose of the assessment of compliance with the GDPR is merely to establish an abuse of a dominant position and impose measures to put an end to that abuse on a legal basis derived from competition law. In order to ensure the consistent application of the GDPR, the national competition authorities are required to consult and cooperate sincerely with the authorities monitoring the application of that regulation. 

In particular, where the national competition authority takes the view that it is necessary to examine whether an undertaking’s conduct is consistent with the GDPR, it must ascertain whether that conduct or similar conduct has already been the subject of a decision by the competent supervisory authority or the Court. If that is the case, it cannot depart from it, although it remains free to draw its own conclusions from the point of view of the application of competition law.

Furthermore, the Court observes that the data processing operation carried out by Meta Platforms Ireland appears also to concern special categories of data that may reveal, inter alia, racial or ethnic origin, political opinions, religious beliefs or sexual orientation, and the processing of which is in principle prohibited by the GDPR. It will be for the national court to determine whether some of the data collected may actually allow such information to be revealed, irrespective of whether that information concerns a user of that social network or any other natural person. As to whether the processing of such ‘sensitive’ data is exceptionally permitted due to the fact that they were manifestly made public by the data subject, the Court clarifies that the mere fact that a user visits websites or apps that may reveal such information does not in any way mean that the user manifestly makes public his or her data, within the meaning of the GDPR.

In addition, the same applies where a user enters information into such websites or apps or where he or she clicks or taps on buttons integrated into them, unless he or she has explicitly made the choice beforehand to make the data relating to him or her publicly accessible to an unlimited number of persons. As regards more generally the processing operation carried out by Meta Platforms Ireland, including the processing of ‘non-sensitive’ data, the Court examines next whether this is covered by the justifications, set out in the GDPR, allowing the processing of data carried out in the absence of the data subject’s consent to be made lawful.

In that context, it finds that the need for the performance of the contract to which the data subject is party may justify the practice at issue only on condition that the data processing is objectively indispensable such that the main subject matter of the contract cannot be achieved if the processing in question does not occur. Subject to verification by the national court, the Court of Justice expresses doubts as to whether personalised content or the consistent and seamless use of the Meta group’s own services are capable of fulfilling those criteria.

Moreover, according to the Court, the personalised advertising by which the online social network Facebook finances its activity, cannot justify, as a legitimate interest pursued by Meta Platforms Ireland, the processing of the data at issue, in the absence of the data subject’s consent.

Lastly, the Court notes that the fact that the operator of an online social network, as controller, holds a dominant position on the social network market does not, as such, prevent its users from validly giving their consent, within the meaning of the GDPR, to the processing of their personal data by that operator. However, since that position is liable to affect the freedom of choice of those users and create a clear imbalance between them and the data controller, it constitutes an important factor in determining whether the consent was in fact validly and, in particular, freely given. This is for the operator to prove. (source: curia.europa.eu/ photo: freepik.com)

Judgment is available here

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 119, p. 1).

Comments

Post a Comment

Editorial

Editorial
George Kazoleas, Lawyer

Top Stories

Ombudsman inquiry on Commission President’s text messages is a wake-up call for EU

Image
The European Ombudsman inquiry into the Commission’s handling of a request for text messages between its President and the CEO of a pharmaceutical company is a wake-up call for all EU institutions about ensuring accountability in an era of instant messaging. One year after the initial request by a journalist, the Commission has still not clarified whether messages reported to concern major vaccine procurement deals exist and whether the public is entitled to see them. The Ombudsman had asked the Commission, in a finding of maladministration in January, to conduct a more thorough search for the text messages. The Commission’s recent response failed to say whether it had looked directly and correctly for the text messages and if not, why not. While the response recognised that work-related text messages can be EU documents, it reiterated that the Commission’s internal policy is, in effect, not to register text messages. The Ombudsman has closed  the inquiry  and upheld her find
Read more

The name Pablo Escobar may not be registered as an EU trade mark

Image
According to the Judgment of the General Court in Case T-255/23 (Escobar v EUIPO) the name Pablo Escobar may not be registered as an EU trade mark. The public would associate that name with drug trafficking and narco-terrorism.  On 30 September 2021, Escobar Inc., established in Puerto Rico (United States), filed an application with the European Union Intellectual Property Office (EUIPO) for registration of the word sign Pablo Escobar as an EU trade mark for a wide range of goods and services.  The Colombian national named Pablo Escobar, who was born on 1 December 1949 and died on 2 December 1993, is presumed to be a drug lord and a narco-terrorist who founded and was the sole leader of the Medellín cartel (Colombia).  EUIPO rejected the application for registration on the ground that the mark was contrary to public policy and to accepted principles of morality. It relied on the perception of the Spanish public, as it is the most familiar with Pablo Escobar due to the links between Spa
Read more

Graduate Programme 2024 for EU Nationals in European Central Bank

Image
European Central Bank (ECB) is looking for 15 highly talented recent graduates with a postgraduate degree, eventually a PhD, for the ECB’s Graduate Programme offering full time monthly net salary €4,611 plus benefits. General Information  Type of contract: Two-year fixed-term contract starting on 1 September. It may be extended for one additional year upon successful completion of the programme. Who can apply?  EU nationals Salary  E/F (bracket 1 - step 1) full time monthly net salary: €4,611 plus benefits, for further information see  here . Working time:  Full time Place of work:  Frankfurt am Main, Germany Closing date:  21.02.2024 ECB is looking for 15 highly talented recent graduates with a postgraduate degree, eventually a PhD, for the ECB’s Graduate Programme.  You will have different ages, backgrounds and interests and will find intellectual challenges, varied opportunities and a people-centred working culture that gives you a voice and the chance to make an i
Read more

The Lawyer's right to refuse the defense of an accused person for ethical reasons

Image
by Giorgos Kazoleas, Lawyer LL.M. Lawyers have the right to refuse to undertake a case when it conflicts with their moral principles, their dignity and conscience. Both the Code of Lawyers in Greece and the Code of Lawyers 'Ethics in Cyprus provide the legal framework to support this choice.   The Greek Legislation The lawyer's right to refuse the defense of a specific defendant in a criminal trial clearly follows from the wording of article 37 of the Lawyers' Code (Law 4194/2013). According to paragraph 1 of this article, the lawyer has an obligation to undertake any case, unless it is manifestly unfounded, not amenable to defense, conflicts with the interests of other clients or goes against his/her principles. According to paragraph 2, the lawyer must undertake the defense of any accused, if requested by the judicial authorities, subject to paragraph 1. The reasons for refusing to undertake a case are expanded by article 6 of the Greek Code of Ethics of the Legal Pro
Read more

First judgment of the ECHR: Lawless v. Ireland

Image
60 years ago, on 14 November 1960, the Court delivered its first judgment, Lawless v. Ireland, with René Cassin as its President. The judgment concerned preliminary objections and procedural questions regarding the application, on which a judgment on the merits was delivered the following year. Since its inauguration the Court has delivered 23,291 judgments on just over 51,650 applications. The case was filed by Gerard Richard Lawless, who had been an IRA member, although he claimed to have left the IRA. He was arrested on 11 July 1957, as he was about to travel to Great Britain from Ireland, and subsequently detained under the special powers of indefinite detention without trial under the Offences against the State (Amendment) Act 1940. The case was filed by Lawless for violation, by the Irish Government, of Articles 5, 6 and 7 of the European Convention of Human Rights, providing rights to liberty and security, fair trial and the principle of 'no punishment without law'
Read more

Nepotism and favouritism in the legal profession

Image
by Giorgos Kazoleas, Lawyer Nepotism in the legal profession is not only a domestic but a global phenomenon with timeless characteristics. Lack of meritocracy and favouritism during the process of recruitment and professional development of lawyers have common sources of nepotism and clientelism. Even in countries with advanced legal systems, such as the USA, the phenomenon of placing relatives and friends in high positions in law firms is very common. In the southern countries of Europe, nepotism stems mainly from family-oriented concepts deeply rooted in the subconscious of the societies. In smaller populated countries the phenomenon of employers' relatives and friends being preferred for jobs in law firms is more than common. In countries like India, the phenomenon of nepotism in the legal profession has particularly concerned the legal community, as there is a stronghold of a few privileged and powerful families which prevails  in the legal profession. Among lawyers and jud
Read more

Gigantic fine for unfair practices imposed on Booking.com by the Competition Authority of Hungary

Image
One of the highest fines for violation of unfair competition law has been imposed (28/4/2020) on online hotel booking platform ‘’Booking.com’’ by the Hungarian Competition Authority. The amount of the fine (approximately EUR 6 million / HUF 2.5 billion) imposed by the Authority illustrates the seriousness of the Dutch company's violations. The Hungarian Competition Authority (GVH) imposed a fine of HUF 2.5 billion on the operator of the online booking portal booking.com, and at the same time banned the Dutch company from continuing its aggressive sales methods. According to the decision of the competition authority, Booking.com B.V. engaged in unfair commercial practices against consumers by, among other things, misleadingly advertising some of its accommodations with a free cancellation option and exerting undue psychological pressure on consumers to make early bookings. As a result of the Competition Authority’s competition supervision proceeding  initiated in 2018, the autho
Read more