Privacy & Antitrust: An Overview of EU and National Case Law
Over the past decade, the intersection of privacy and antitrust has become a central focus in discussions on the role of data in digital markets.[1] As data are the key input for many digital services, platforms strive to collect and process as much user information as possible. In addition to harvesting their own data, they increasingly rely on external sources through data-sharing agreements to enhance their offerings. This is particularly critical for platforms whose business models depend on monetising user information through targeted advertising and personalised content. In such cases, personal data become the most valuable asset, enabling platforms to secure privileged access to consumer attention and offer sellers a competitive edge.
As a result, privacy has moved to the forefront of regulatory concerns, with policymakers increasingly examining whether data accumulation strategies both compromise individual privacy and reinforce platform dominance. This has led to calls for integrating privacy considerations into antitrust enforcement and fostering closer collaboration between competition and data protection authorities. According to this view, strong network effects may reduce platforms’ incentives to compete on privacy, whereas increased competition in digital markets could enhance privacy outcomes for users. Further, while privacy concerns may be essential to assessing data accumulation strategies that fall outside the scope of traditional antitrust provisions, antitrust authorities could play a more effective role in safeguarding data protection.
However, critics of such an integrationist approach argue that conflating privacy infringements with antitrust violations risks blurring the distinct goals and tools of the two regimes. They warn that such convergence could undermine enforcement coherence, especially given the subjective nature of privacy preferences and the privacy paradox. More broadly, treating privacy breaches as competitive harms may lead to regulatory overreach, turning antitrust authorities into general-purpose enforcers.
Against this background, while U.S. antitrust cases have begun to emphasize privacy [2], Europe remains the primary testing ground for an integrated privacy–antitrust approach due to two main factors. First, the General Data Protection Regulation (GDPR) marked the start of the European regulatory agenda for digital markets. Second, on the antitrust front [3], the German Facebook case stands out as a landmark example of using competition law to address privacy concerns by applying antitrust tools beyond their traditional scope to fill perceived gaps in privacy enforcement.[4]
[1] For a recent overview, see Giuseppe Colangelo, ‘The privacy/antitrust curse: insights from GDPR application in competition law proceedings’, 70 Antitrust Bulletin 113 (2025).
[2] See, e.g., U.S. v. Apple, Case No. 24-cv-04055 (D.N.J. 2024), see also Julie Grangeon, United States: The Department of Justice and sixteen states sue big tech player for illegal monopoly (Apple), 22 March 2024, Concurrences N° 2-2024, Art. N° 118694, pp. 220-222; Christopher Casey, Sarah O’Laughlin Kulik, Sean P. McConnell, Andrew John (AJ) Rudowitz, The US DoJ and 16 State Attorneys General file a suit alleging the monopolization of smartphone markets and degrading of user experiences (Apple), 21 March 2024, e-Competitions March 2024, Art. N° 117925; and US Department of Justice Antitrust Division, The US DoJ alongside 16 other State and District AGs files a civil antitrust lawsuit against a Big Tech company for monopolizing smartphone markets (Apple), 21 March 2024, e-Competitions March 2024, Art. N° 117801; Federal Trade Commission v. Facebook, Case No. 1:20-cv-03590 (D.D.C. 2021), see US Federal Trade Commission, The US FTC files an amended complaint against a social media company alleging it resorted to an illegal buy-or-bury scheme to crush competition after a string of failed attempts to innovate (Facebook), 19 August 2021, e-Competitions August 2021, Art. N° 102162; U.S. et al. v. Google, Case No. 1:20-cv-03010 (D.D.C. 2020), Thomas A. Lambert, The US DoJ and eleven States with Republican attorneys general sued a Big Tech company for monopolizing the markets for general internet search services, search advertising, and “general search text” advertising (Google), 20 October 2020, e-Competitions October 2020, Art. N° 98540; Lesley Hannah, Stella Gartagani, The US DoJ files a complaint against a search engine for its unlawful monopolization of the search and the search advertising markets (Google), 20 October 2020, e-Competitions October 2020, Art. N° 97836; and Andrew Cook, Robert McKenna, The US DOJ files an antitrust complaint against a search engine for abuse of dominance (Google), 20 October 2020, e-Competitions October 2020, Art. N° 97371.
[3] Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, [2016] OJ L 119/1.
[4] Bundeskartellamt, 7 February 2019, Case B6-22/16. See Clement Hoff Munk, The German Competition Authority holds that a social media company abused its dominant position by making the collection of data on its users from third parties a condition for access to its social network (Facebook), 7 February 2019, e-Competitions February 2019, Art. N° 116987; Kyriakos Fountoukakos, Marcel Nuys, Peter Rowland, Juliana Penz-Evren, The German Competition Authority forces a social network company to change its data collection policy (Facebook), 7 February 2019, e-Competitions February 2019, Art. N° 101432; and Alexandre G. Verheyden, Philipp Werner, Jörg Hladjk, Undine Von Diemar, The German Competition Authority considers that a social network company’s data processing terms, enabling the collection, merger, and use of user data without valid consent, constitutes an abuse of a dominant position (Facebook), 7 February 2019, e-Competitions February 2019, Art. N° 101443.