Here’s something to puzzle over. In December, the Federal Trade Commission and a coalition of states filed antitrust lawsuits against Facebook, alleging that as the company grew more dominant and faced less competition, it reneged on its promises to protect user privacy. In March, a different coalition of states, led by Texas, accused Google of exclusionary conduct related to its plan to get rid of third-party cookies in Chrome. In other words, one tech giant is being sued for weakening privacy protections while another is being sued for strengthening them. How can this be?
That question, and others like it, are going to become increasingly urgent over the next few years. Antitrust enforcers are bringing cases against the biggest tech companies while states enact new privacy laws and Congress prepares (maybe, perhaps, hopefully) to pass one of its own. Meanwhile, those very companies are making all sorts of splashy changes to their privacy policies even as the government lawyers close in. If policy makers and enforcers can’t figure out the right way to think about how to reconcile privacy law with competition law, they risk badly screwing up both.
To win a monopolization suit under Section 2 of the Sherman Act, the government has to prove not only that a company is a monopoly, but that it has used its power to harm consumers—to do things it only can get away with because there’s nowhere else to go. (This rule, which is controversial, is called the “consumer welfare standard.”) The typical example is when a dominant firm raises prices after cornering the market. Since Facebook’s main products are free, that argument won’t work against it. But there’s another way to show an impact on consumer welfare: declining product quality. That’s the role privacy plays in the Facebook case. According to the lawsuits, the erosion of user privacy over time is a form of consumer harm—a social network that protects user data less is an inferior product—that tips Facebook from a mere monopoly to an illegal one. (This allegation, which the company denies, is only one of many antitrust claims raised against Facebook.)
That argument against Facebook illustrates the leading theory of how antitrust and data privacy intersect: As you turn up the competition dial, you get more privacy, because companies will try to woo customers by offering better protections. If a market gets monopolized, that incentive to compete disappears.
Sometimes, however, the privacy and competition relationship is inverted: As you turn the privacy dial up, you get less variety in the market. This is increasingly the case now that the most monopolistic companies are often the ones making the most extensive and lucrative use of personal data. In March, Google announced that it was moving ahead with a plan to block third-party trackers from Chrome, which has a global market share in the 60 percent range. Under its Privacy Sandbox framework, instead of cookie-based ad targeting, Google says it will implement a new system in which the browser does the tracking, and serves ads to users based on cohorts they fit into rather than targeting them individually.
On its face, this is a step forward for privacy. Getting rid of cookies will make it harder for strangers to get hold of your personal data. According to Texas, however—and the dozen or so experts I’ve discussed the matter with—the Privacy Sandbox will further entrench Google’s staggering position in the advertising market. By cutting off other companies’ ability to track users in Chrome, while keeping that power for itself, the company will add to its already formidable user-data advantage, and make it even harder for rival companies and publishers to compete for advertising dollars.