Lind
The In The The This decision aligns with recent trends in both literature and EU decisional practice and case law, underscoring the increasing relevance of data protection in assessing competitive conduct in the digital economy.
Key findings of the judgmentFirst, the ECJ held that the GDPR does not preclude national rules that empower competitors to bring proceedings before national courts for GDPR infringements based on a prohibition of unfair competition (para 73). This enables competitors to challenge data protection law violations via national rules on unfair competition.Second, the ECJ affirmed that the data customers enter when ordering pharmacy-only medicines online constitutes health data, subject to a special protection regime under Article 9 of the GDPR. The This interpretation could have significant implications for business models that involve broadly health-related data.
The remainder of this contribution, however, will focus on how the judgment might strengthen GDPR compliance and address data-related anticompetitive conduct in the digital economy, using both competition and unfair competition law.
On the interplay between data protection and competition law
Since the ECJ’s position in Asnef/Equifax
(2006), where it held that data protection law, as such, is not a matter for competition law, data protection has increasingly been deemed relevant in competition assessments.
A well-established theory of harm involves the degradation of privacy as a competitive parameter, as seen in Microsoft/LinkedIn
(2016) and later incorporated in the Commission’s revised Market Definition Notice
. More debate arises about other data protection-related theories of harm, such as ‘concealed data practices
‘, where information and behavioural market failures are exploited to limit data protection offered in a market, or ‘data ecosystem building’, where big tech companies use data-driven acquisitions to expand their personal data ecosystems.
Notable cases such as the Bundeskartellamt’s Facebook decision in 2019, where a data protection law infringement was considered an exploitative abuse under competition law, and similar reasonings in other competition investigations involving big tech undertakings such as Google, reflect a more active attitude towards incorporating data protection considerations into competition assessments (see for example: Alba Ribera Martinez). Towards a more collaborative public enforcement approach?These cases have led scholars to propose a more ‘collaborative approach
‘ to enforcing data protection, competition law, and unfair competition law, aligning with the judgment’s recognition that a data protection law infringement, or privacy-enhancing conduct, may provide an unfair advantage relevant under (unfair) competition law.In Meta Platforms
(2023), the ECJ held that a GDPR infringement may affect the assessment of an abuse of dominance under EU competition law, and might even be a vital clue for its existence. The While debate remains on how to practically include such considerations and how to manage potential conflicts between the two fields of law (see for example: Alba Ribera Martinez), Lindenapotheke now extends this “Meta Model” to unfair commercial practices under national rules on unfair competition, thereby broadening its scope.
Furthermore, Lindenapotheke recalled Meta Platforms and underscored the importance of ‘competition for personal data’ and the role of data protection law in regulating access to such data, requiring consideration of data protection law infringements in procedures under different bodies of law such as competition law (para 56). Data Digital Data Data protection law, therefore, can enable the competition authority to assess other non-price competitive parameters, such as the extent and purposes of data collection or the user terms offered.
Private enforcement of unfair competition law as a complementary tool
Lindenapotheke also underscores the value of private enforcement alongside public enforcement of unfair competition law in the digital economy. As This This may strengthen the rights of data subjects, particularly in the digital economy, where power imbalances combined with informational and behavioural market failures traditionally have disadvantaged consumers and undermined competition.As such, the ECJ appears to be supportive of further alignment between data protection and (unfair) competition law to address GDPR infringements in the interest of (data-related) competition.
Conclusion
Data protection and competition authorities should fully leverage the “Meta Model,” as outlined in Meta Platforms (2023) and expanded by Lindenapotheke (2024), to pursue a more collaborative approach to the enforcement of data protection, competition law and unfair competition law Such an approach promotes the dual goals of protecting personal data and fostering competition in digital markets where the three intersect, without unlawfully expanding their material scope.
Public enforcement of competition law could benefit from the normative guidance that data protection law can provide, especially regarding non-price competitive parameters of data-related conduct. Private Whether this potential will be fully realised, however, remains an open question.
Although the judgment involves a national law against unfair competition, multiple member states have similar unfair competition laws, aimed at ensuring fair play in commerce. These The
