The IAPP Privacy Advisor published an excellent article on 23 June entitled “The thin line between privacy and antitrust.” In particular, the three scenarios presented by the authors are concise introductions to the important ways that privacy issues may arise in antitrust matters / investigations. And how the areas of privacy and antitrust are more linked as a way forward in the future.
As someone who has worked at the nexus of antitrust and privacy for the past couple years – and involved in 10 such U.S. matters (involving the U.S. Federal Trade Commission and the U.S. Department of Justice) – I have the following general observations to share:
- It is important to be extremely careful in internal corporate communications when it comes to privacy issues as discussed by those “in the know.” That may sound like an obvious piece of common sense, but I have been shocked by how corporate leaders (from the CEO on down) are inappropriate and sloppy when it comes to privacy discussions in antitrust matters. Email is an easy mode to fire off one’s thoughts, but discipline of thought and tact are incredibly important.
- I have been pleased by the awareness of company personnel when it comes to personal sensitive information, PHI – PII, etc. Very impressed.
- I have seen little discussion of privacy as a basic human right. Much more work needs to be done in the U.S. in terms of cultural change. As privacy pros know, they are excellent ambassadors for that point of view.
- In some situations, discussions of privacy issues were subtly couched in ways to restrain competition in the industry. As everyone here knows, never say that. As well versed antitrust lawyers also know, sometimes corporate leaders and counsel cease writing emails on a topic and continue the discussion on the phone.
- Some of the situations I have been involved with involved mergers where getting the data from the acquired company is one proposed benefit of the merger. The discussion by the authors in their section entitled, “Sharing data raises privacy concerns” is spot on and bears multiple reading. Once again, if you view data protection & privacy as a basic human right, there should be no question that a more rigorous conception of those topics is necessary from Day One. Privacy should be baked into the company’s DNA – and a newly merged entity is an excellent opportunity to make that a reality.
The section in the IAPP article focusing on nascent competition is especially pertinent for the future, though now with the pandemic in full force it remains to be seen what the final damage inflicted upon the U.S. economy will be. And how that will ultimately change corporate leadership in the future – especially with regards to the privacy / antitrust relationship.