Facebook Fined for WhatsApp Data Linking Fallout

Written by

On 18 May 2017, the European Commission (“Commission”) fined Facebook €110 million ($122 million) for misrepresentations made in its application for competition clearance of the company’s acquisition of WhatsApp. In its merger application, Facebook claimed that it would be unable to automatically match Facebook users’ accounts and WhatsApp users’ accounts for marketing and other purposes. However, in August 2016, WhatsApp introduced functionality enabling the linking of WhatsApp users’ phone numbers with Facebook users’ identities. This is the first time since the new Merger Regulation entered into force in 2004 that the Commission has imposed a fine for the provision of misleading information during a merger clearance.

Back in 2014 Facebook asked the Commission to give it the green light to acquire WhatsApp. The Commission conducted an investigation, under the EU Merger Regulation, to determine whether the acquisition would violate EU competition rules and give Facebook an undue advantage. One question the Commission asked during the investigation was whether Facebook would be able to automatically match the data of its users with and the data of WhatsApp users. Such automatic data matching could substantially enlarge Facebook’s database and enhance use of the data for marketing and other purposes.

During the investigation Facebook informed the Commission that it lacked the technical ability to establish reliable automated data matching. However, the technical possibility of automated matching already existed at the time and was officially introduced on the WhatsApp platform in 2016. The Commission launched an inquiry to investigate the matter. Facebook acknowledged that its provision of incorrect information violated merger procedures and cooperated with the Commission in order to obtain a more lenient fine. This did not prevent the Commission from levying a fine of €110 million Euros, however, which the Commission claimed was both proportionate and deterrent.

The Commission did not state that Facebook’s provision of incorrect information had a material effect in getting the deal through. In giving the green light, the Commission had already considered “what if” scenarios that included automated user matching. In particular, the Commission examined whether the acquisition presented significant risks for three different markets: consumer communication services, social networking services, and online advertising. The Commission’s assessment was that the two companies were distant competitors and the acquisition posed no significant risks. Had the Commission determined otherwise, it might have attached conditions on clearance, in which case the provision of misleading information on automated data matching could have resulted in an even heavier fine.

This is the first time the Commission has imposed a fine on a company for providing incorrect or misleading information under the Merger Regulation. The fine comes at a time when EU stakeholders and consumer organizations are pushing hard for greater accountability from companies in relation to users’ data. The EU competition authorities are also scrutinizing more closely mergers of online companies for potential consumer harms related to data. This development reflects a general call from the EU Commission to antitrust bodies to work more closely with privacy bodies in regulating the data economy. Recently, for instance, a German antitrust official described Amazon’s dual role in collecting data as a reseller and then using it to boost its own retail branch as a “huge issue”.

The WhatsApp case therefore signals that the EU is aggressively monitoring data-heavy companies, and that EU merger clearance will take into account the data-related impacts of corporate deals.

Alston & Bird is closely follows significant developments in the fields of privacy, data protection and technology. For more information, contact Jan DhontJim Harvey, or David Keating.