Google’s plan to buy Fitbit took chutzpah from the start. The company was already being investigated by Congress, state attorneys general, and federal antitrust regulators, a reflection of growing alarm over a conglomerate whose dominant market share is built on unrivaled access to personal data. Now it was announcing a $2.2 billion acquisition of a firm with troves of the most intimate details of its users’ physical health, from their heart rate to their exercise routines to how many hours they sleep at night. Fitbit was apparently worried enough about the threat of the deal being blocked that it negotiated a $250 million breakup fee in case of “a failure to obtain Antitrust Approvals.”
A week later, almost on cue, Makan Delrahim, the top antitrust official at the Department of Justice, suggested at a conference at Harvard that federal enforcers might start treating data privacy as a relevant issue in evaluating mergers. “It would be a grave mistake to believe that privacy concerns can never play a role in antitrust analysis,” he said. So there was some reason to wonder whether the Google-Fitbit deal would be the first casualty of the growing antitrust techlash.
And that was all before the Wall Street Journal reported this week on Google’s Project Nightingale, a mostly secret deal with one of the country’s largest nonprofit hospital networks granting Google free access to tens of millions of complete, nonanonymized patient records, which it is using to train an AI platform that will be able to customize patient care. (This is apparently legal, somehow, under the Health Insurance Portability and Accountability Act, or HIPAA.) In return for the data, according to the Journal, the hospital network, Ascension, will get free use of the new software, which Google intends to sell to other health care providers. In a blog post after the story came out, Google Cloud executive Tariq Shaukat wrote, “All of Google’s work with Ascension adheres to industry-wide regulations (including HIPAA) regarding patient data, and come [sic] with strict guidance on data privacy, security, and usage.” That didn’t stop the Office for Civil Rights in the Department of Health and Human Services from announcing an investigation into the project on Wednesday.
Together, the Fitbit merger and Project Nightingale present an immediate challenge to Delrahim’s claim that antitrust regulators are ready to treat data collection as a competition issue. Since the late 1970s, the federal government’s approach to merger review has essentially narrowed to the question of whether the reduction in competition caused by two companies combining will be bad for consumers. That analysis has in turn tended to focus even more narrowly on whether the post-merger firm will raise prices. Bringing user data concerns into antitrust, as Delrahim suggested, would require asking a similar question: Will the reduction in competition lead to consumers having to accept inferior privacy protections?
“What I’m telling my students is, this is a great test case,” said Maurice Stucke, an antitrust expert at the University of Tennessee College of Law. “The agencies say they’re concerned about these data-opolies. They’re going to scrutinize their data-driven acquisition of these smaller firms. Here you have this established firm that’s already established a significant treasure trove of personal data. So, is anything going to change?”