The RFMLR Editorial Board recently interviewed Mr. Kunal Mehra, Partner, Phoenix Legal.

1.       What pivotal experiences in your legal career have played a crucial role in shaping the course of your professional journey?

Ans. Raised in a joint family, I was inspired early on by my uncle, Mr. Vishnu Mehra, Senior Advocate, and resolved to pursue a career in law. I attended Modern School, Barakhamba Road, New Delhi, graduated in law from ILS Law College, Pune, and completed my Master’s in International Business Laws at Queen Mary, University of London. I remain grateful for the opportunities that have shaped my professional journey.

I have had the privilege of learning from some incredible mentors including Ms. Zia Mody, Mr. Abhijit Joshi, Mr. Ajay Bahl, Mr. Gautam Saha, Mr. Shardul Shroff, Mr. Ranji Dua, and Mr. Rajiv Luthra. They exemplify a shared commitment to excellence, integrity, and the highest standards of the profession.

Although there are innumerable experiences during my practice of over 20 years, the following are some of the experiences that stand out:

AZB & Partners, Mumbai - My formative four years at AZB, working closely with Ms. Zia Mody, were foundational. The experience honed my ability to multitask, manage stakeholders across the board, and navigate high-pressure situations with confidence.

Bharti Airtel / Zain Group - Advised Bharti Airtel on its acquisition of Zain Group’s mobile operations in 15 African countries — one of India’s largest outbound acquisitions. Given the challenging deal timeline, it was a classic case of teamwork and effective delegation.

Dow–DuPont Merger - Led Dow Chemical’s CCI engagement end-to-end in its USD 130 billion merger with DuPont. I navigated through extremely complex competition issues and obtained CCI’s clearance with minimal remedies in a landmark global transaction.

East India Petroleum - Represented East India Petroleum Private Limited in its abuse of dominance complaint before the CCI concerning storage of imported LPG at Vizag Port. The matter resulted in a full 10% penalty — the first of its kind in a dominance case.

NSPIRA Management Services – Obtained  CCI approval in relation to acquisition of shareholding in NSPIRA Management Services Private Limited from Morgan Stanley and Banyan Tree. The CCI approval, secured within just 10 business days of filing, stands as one of the most expeditious clearances ever granted by the CCI in a merger-control matter.

Head of the Practice - Joining Phoenix Legal as Head of the Antitrust & Competition Practice marked the onset of an exciting and challenging journey. It is exciting to get the opportunity to shape the practice, raise the bar and instill a strong culture of excellence and discipline.

2.       In Meta v. CCI, the CCI for the first time characterised privacy as a significant parameter of competition, acknowledging that control over personal data can itself be a source of market power. Should CCI integrate privacy and data-governance standards into the dominance assessment, or would such an expansion risk overlapping competition enforcement with data-regulatory functions which are separately being addressed under the DPDP Act, 2023?

Ans. Both the CCI and the NCLAT (Competition Appeal Nos. 1 & 2 of 2025) held that privacy is a non-price parameter of competition — loss of privacy equates to degradation of service quality, which is a competition harm under Section 4(2)(a)(i) of the Competition Act, 2002 (“Competition Act”).  A dominant entity's coercive "take-it-or-leave-it" data-sharing conditions constitute an unfair imposition, cognisable under competition law independent of any privacy statute.  Further, control over aggregated data constitutes an entry barrier and a source of market power in the dominance assessment.

The NCLAT expressly rejected Meta's argument that the DPDP Act, 2023 ousts CCI's jurisdiction. It held that competition law and data protection law are complementary, not exclusive frameworks: "privacy law asks whether consent was valid, while competition law asks whether market power was abused through coercive or anti-competitive data practices".  The NCLAT went further: "The DPDP Act's existence does not make the CCI redundant" — even after DPDP Rules are notified and implemented, the CCI continues to exercise jurisdiction over dominant entities' data-related practices.   The Supreme Court had itself affirmed this in its order dated 14.10.2022, holding that CCI must not be restrained from proceeding with its enquiry. 

The appropriate boundary is that CCI's analysis must remain anchored in competition effects — market power, entry barriers, consumer harm, foreclosure — rather than becoming a surrogate data regulator. The NCLAT itself illustrated this limit: while it upheld the penalty and user-choice remedies, it set aside the CCI's five-year data-sharing ban, holding that the user opt-out directions were proportionate and sufficient. The core principle is to remove exploitation by restoring userchoice. Users must retain the right to decide what data is collected, for whichpurposes, and for how long. Any non-essential collection or cross-use (like advertising etc.) can occur only with the concerned user’s express and revocable consent. This signals that CCI may regulate the competitive impact of data practices, but must not replicate what the DPDP Board is designed to do.

Integration of privacy and data-governance standards into dominance assessment is doctrinally sound and has been judicially affirmed. The DPDP Act poses no jurisdictional bar, as both regimes operate concurrently under Indian law, with Section 38 of the DPDP Act expressly providing that its provisions are “in addition to, and not in derogation of” other laws. The risk of overreach does not arise from such integration per se, but from remedies that effectively replicate data-regulatory mandates. Accordingly, the CCI must remain focused on competition harm, while the Data Protection Board addresses issues of consent and individual rights; both authorities examine different aspects of the same conduct and may act simultaneously. The appropriate approach, therefore, lies in maintaining coordinated yet distinct mandates, wherein the CCI assesses data practices only to the extent that they result in competitive distortions, without purporting to adjudicate all dimensions of data protection law.

3.       The NCLAT's conclusion in Meta v. CCI that WhatsApp's unrestricted access to user data effectively foreclosed market access for rival advertisers, despite Meta not being dominant in the advertising market. Does this suggest a shift under Section 4 of the Competition Act in India from relying on traditional market-share indicators or a purely structural assessment of market power, to instead assessing dominance based on control over integrated data ecosystems?

Ans. The NCLAT’s ruling in Meta v. CCI reflects a clear evolution in the assessment of dominance under Section 4 of the Competition Act, moving beyond a purely structural, market-share-based approach to a more nuanced evaluation of digital market power. The NCLAT affirmed WhatsApp's dominance in the OTT messaging market not on market-share data alone, but on a composite Section 19(4) analysis: network effects, switching costs, lock-in, and critically, control over large quantities of user data acting as a barrier to entry.  The NCLAT explicitly recognised that in digital markets, "an enterprise's competitive advantage is increasingly shaped by the amount, diversity, and quality of data it possesses" and that such data access is itself a source of market power.

The most significant aspect of the NCLAT's ruling is its application of Section 4(2)(c) to the advertising market despite Meta not being dominant therein. The NCLAT held that cross-platform data sharing gave Meta an insurmountable competitive advantage in online display advertising, "creating an entry barrier for rival firms… that did not have access to equivalent volume of data." 

The Meta v. CCI proceedings do signal a meaningful evolution in Indian competition law's approach to dominance under Section 4 — one that is no longer tethered exclusively to static market-share measurement. NCLAT duly noted that network effects were found to reinforce WhatsApp's dominance, with a larger user base producing lock-in effects and a "winner-takes-all" dynamic that impedes competitors' ability to attract users, compounded by high switching costs and indirect network effects from business integrations and third-party developers. Meta’s significantly superior size, resources, and economic power have been recognized as reinforcing WhatsApp’s dominant position, particularly in technological innovation and market positioning. NCLAT duly recognised that integrated Meta ecosystem—including Facebook, Instagram, Messenger, and WhatsApp—increases lock-in effects through network effects and economies of scale, enhancing WhatsApp’s competitive strength and the attractiveness of the platform for advertisers and businesses. The NCLAT also clarified that dominance principles apply equally in zero-price markets, where user data constitutes valuable consideration.

Accordingly, the decision doesn’t signal a departure from Section 4, but its evolution—where dominance is increasingly assessed through the lens of control over data ecosystems and their exclusionary potential, rather than through market share primarily.

4.       In the absence of a globally harmonised law, how can a national competition authority like the CCI effectively regulate the cross- border flow and use of data within a global corporate ecosystem?

Ans- Meta and WhatsApp  argued before the NCLAT that the geographical market must be defined globally, not limited to India — contending that WhatsApp's product decisions are made on a global basis and digital markets are inherently cross-border. Both the CCI and the NCLAT squarely rejected this. The NCLAT affirmed that the relevant geographic market is India, holding that "India has a unique regulatory environment that significantly impacts the operation of OTT messaging services" and that providing services globally, or making product decisions on a global basis, does not mean that competitive constraints are homogenous across the globe. This is in line with the previous decisional practice that the geographic market cannot extend beyond India for the purposes of our Competition Act. CCI's jurisdiction is triggered whenever the conduct of a global entity — however organised, wherever decisions are made — produces anti-competitive effects within the Indian market. This is the foundational tool by which a national competition authority regulates global data ecosystems. In the context of global digital platforms like Meta, Microsoft, and Google etc., data practices are rarely confined to a single jurisdiction.

To this end, the extraterritorial reach of the CCI is dealt with in Section 32 of the Competition Act, based on what is commonly known as the “effects doctrine”. This provision empowers the CCI to take cognizance of any agreement, abuse of dominant position, or combination taking place outside India, provided it has or is likely to have an Appreciable Adverse Effect on Competition (AAEC) within India. This power has been coupled along with the power to conduct enquiry as well the procedure for investigation under Sections 19, 20, 26, 29 and 30 of the Competition Act. Alongside this, Section 18 of the Competition Act also empowers the CCI to enter into any memorandum or arrangement with the prior approval of the Central Government, with any agency of any foreign country in order to discharge its duty under the provision of this Competition Act.

The DPDP Act, 2023 adds another layer to this. It applies extraterritorially to entities offering goods and services to persons in India, regardless of where the entity is domiciled. The framework adopts a “negative list” approach, allowing personal data to be transferred outside India unless the Central Government explicitly restricts a country or territory via notification.

5.       Through LinkedIn's November 2025 privacy policy revision, Microsoft now feeds professional identity data into the same AI infrastructure that powers GitHub, Copilot and Microsoft 365 Copilot, spanning professional networking, developer tools, and enterprise productivity, all within a single corporate structure and without any discrete merger event that would trigger conventional notification thresholds. How should competition authorities assess the leveraging potential of integrated data ecosystems, especially where strength in one market can be used to gain a competitive advantage in another, in the absence of a notifiable merger?

Ans- The CCI's conceptual framework in the Meta case viewing Meta’s strategy through the lens of an envelopment remains instructive here. The CCI found that Meta's bundling strategy of user data facilitated by privacy policies, results in coercive effects on users who must accept cross-platform data sharing, and on advertisers who are forced to stay within Meta's ecosystem for effective targeted advertising. The ability of multiple-product ecosystem operators to combine vast amounts of user data across different platforms was found to lead insurmountable barriers for competitors, as they may not have access to comparable data sets.

Microsoft’s policy, if any, of feeding professional identity data of LinkedIn users to other affiliates of Microsoft could be construed as leveraging under competition law. That being it may also be argued that said, data-sharing across various products/services can lead to consumer welfare in terms of increased interoperability and seamless connectivity. Such an entrenched position of enterprise (or a group) could lead to a situation of dominance. That dominance isn’t in itself a contravention, but an abuse thereof is prohibited.

The practice of leveraging results in distortion of competition by providing the dominant firm with an unfair advantage, amplifying its market power. To this end, Meta’s practices of data sharing across platforms was held amounting to leveraging of its dominance in the OTT messaging market to protect and consolidate its position in the display advertising market.

6.       In Meta v. CCI, the CCI noted that WhatsApp’s 2021 policy update was unilateral and non-negotiable, and imposed after users were already locked into the platform. Similar concerns arise where platforms introduce policy changes on a “take-it-or-leave-it” basis, or treat continued use as consent. Conversely, the Digital Personal Data Protection (DPDP) Act Rules, 2025 require clear, specific consent, and make it equally easy for users to withdraw consent. Given these concerns, should dominant digital platforms be required to obtain prior regulatory approval (ex ante scrutiny) before making major privacy-policy changes that significantly alter how user data is shared or used? How would it impact ease of business for the digital platforms?

Ans- The NCLAT held that WhatsApp compelled users to accept expansive data-sharing as a condition of continued service on a  "take-it-or-leave-it" basis — with little time to evaluate their options, without any opt-out mechanism.  The 2021 Policy, unlike its 2016 predecessor, removed the 30-day opt-out window and mandated acceptance in its entirety.  The NCLAT confirmed that consent given under "competitive coercion" — threat of loss of service from a dominant, network-entrenched platform — cannot constitute free consent.

The DPDP Rules, 2025 (notified on 14 November 2025, with core compliance obligations enforceable from May 2027) require data fiduciaries to provide clear, standalone, itemised notice prior to processing, and mandatorily make withdrawal of consent as easy as giving it.   Consent must be given by clear affirmative action, and platforms must provide functional mechanisms for its withdrawal without adverse consequence to core service.  The Consent Manager framework under Rule 3 further creates an independent intermediary architecture for managing and withdrawing consent across platforms.

However, the DPDP regime does not impose ex-ante approval before policy changes — they impose disclosure and consent-design obligations, enforceable post-factum by the Data Protection Board. The Draft Digital Competition Bill, 2024 provides the most coherent structural answer — Systemically Significant Digital Enterprises (SSDEs) would be prohibited from self-preferencing, imposing unfair data-sharing conditions, or bundling data use without user choice, all on an ex-ante basis, without requiring a prior approval mechanism per se.   This is the more proportionate model: not a transaction-by-transaction prior-approval regime, but standing ex-ante obligations that apply to any policy change by a designated platform. A prior approval before every policy change could risk over-burdening of the courts / regulator.

7.       The NCLAT's removal of the five-year forward-looking ban on data sharing in Meta v. CCI has been challenged by the CCI before the Supreme Court, which in February 2026 issued an interim restraint order, precisely because data harms are difficult to reverse once absorbed into an ecosystem. Did the NCLAT's decision to set aside the five year ban weakens competition enforcement in data markets? If yes, what ex ante tools should the CCI adopt to intervene before anti-competitive data policies are implemented?

Ans- The NCLAT's removal of five-year forward-looking ban on data sharing was grounded in proportionality and procedural deficiency (lack of evidentiary reasoning for five years), not in a finding that structural data-sharing restrictions are impermissible as a matter of law.  The practical consequence is significant: once user data from millions of Indian WhatsApp users is absorbed into Meta's advertising ecosystem during the pendency of litigation, the harm becomes extremely difficult to reverse.  Data, unlike price overcharges, cannot be "refunded" — once aggregated and used to train AI models and targeting infrastructure, its competitive value is irreversibly entrenched.  The NCLAT itself acknowledged in its interim stay reasoning that the ban "may lead to the collapse of business model" of WhatsApp — but this proportionality concern, while legitimate, should not preclude structural remedies where competitive harm is structural and irreversible. The CCI's ability to impose forward-looking structural remedies — not just behavioural opt-outs — is essential for meaningful enforcement in data markets. Opt-outs address future consents; they do not undo the competitive advantage already built from years of aggregated data.

Section 33 of Competition Act permits the CCI to issue temporary restraints during an ongoing inquiry where the CCI is satisfied that an anti-competitive act has been committed and continues to be or is about to be committed. However, this power remains ill-suited in context of digital markets where harms compound silently before any formal inquiry is initiated and may be difficult to dilute at a later stage.

To this end, an ex-ante regulation assumes importance in data-driven markets characterized by network effects where the quantity of data and variety of data have a positive influence on the market share of a platform. Such hoarding of essential data sets creates a “tipping effect” leading all consumers in the market to opt out for the product of a particular entity conferring it with a monopolist position in the market. The Committee on Digital Competition Law (2023), which prepared the draft Digital Competition Bill, therefore recommended an ex-ante regulation eliminating such anti-competitive behaviour at the earliest.

8.       By holding in Meta v. CCI that potential anti-competitive effects alone were sufficient to establish abuse, and Supreme Court's February 2026 reliance on Article 21 to constitutionalise data rights the following question is of importance. Is India gradually converging towards the EU's precautionary approach, where default opt-ins, retroactive reach, inter alia are treated as indicators of competitive harm?

Ans- The Supreme Court in Competition Commission of India v. Schott Glass India Pvt. Ltd. leaves the door open in terms of demonstrating effect on the basis of likeliness of appreciable adverse effect on competition in India. To this end, NCLAT’s reasoning is consistent with the prevailing effects-based approach, given India’s Competition framework is grounded in an ex-post rather than an ex-ante enforcement model.

On the contrary, EU’s precautionary approach under the Digital Markets Act (“DMA”) is ex-ante and per se in character. Article 5(2) of the DMA prohibits anti-competitive conduct by virtue of gatekeeper status itself, without proof of actual competitive harm. India meanwhile, with an ex-post framework permits intervention only where hard evidence shows that the impugned conduct has caused, or is likely to cause competitive harm, and it demands an effects-based appraisal that balances commercial justification against proven harm.

Meanwhile, Supreme Court’s reliance on Article 21 to constitutionalise data rights directly applicable in private contractual arrangements is analogous to EU’s approach where data protection is treated as a fundamental right under Article 8 of the EU Charter, co-existing with but also capable of overriding commercial interests. Further, on default opt-in and retroactive reach, India’s position can be understood as incrementally building from the consent architecture of the DPDP Act. Under the DPDP Act, consent must be free, specific, informed, unconditional, and unambiguous which implicitly disfavours default opt-in and bundled consent mechanisms. To this end, this aligns with EU’s precautionary approach under the General Data Protection Regulation (“GDPR”) and the DMA, reinforcing that consent must be granular and actively given.

Accordingly, India though yet has not adopted a complete precautionary or ex-ante regime akin to the EU, the afore-said developments however indicate a context-specific convergence particularly, in digital market cases where data practices increasingly intersect with constitutional rights and competitive dynamics.

9.       Absent clear institutional demarcation among the CCI, the Supreme Court's constitutional jurisdiction, and the emerging Data Protection Board of India, does the current overlap risk enabling forum-shopping by digital platforms or producing fragmented and inconsistent compliance obligations?

Ans- Overlapping jurisdictions are inevitable in digital markets. From a regulatory perspective, three sets of obligations pursued in the Meta v. CCI case are not necessarily inconsistent but can be reconciled into a coherent compliance framework. Data protection and privacy laws focus on maintaining transparency and security for individual rights, while competition law addresses the impact of data on market power and preventing dominant firms from exploiting their data advantage. The CCI's decision to assert jurisdiction over data practices despite WhatsApp's objections that the matter belonged to data protection laws was a deliberate institutional choice that produced important jurisprudential outcomes such as recognition of data as a non-price competition parameter, thereby expanding antitrust analysis without displacing privacy regulation. A similar logic can be found in EU, where Article 37 of the DMA provide for coordination between European Commission and national authorities to rule out conflicting outcomes and ensure consistent enforcement across domains.

Importantly, Indian regulatory practice already demonstrates an ability to manage such overlaps. At the interface of competition law and sectoral regulation, the Supreme Court in Bharti Airtel Ltd. v. Competition Commission of India recognised that parallel regulatory regimes do not oust the CCI’s jurisdiction, but may require sequencing and deference based on institutional competence. A similar approach is evident in the interplay between competition law and insolvency law, where combinations arising during proceedings under the Insolvency and Bankruptcy Code, 2016 continue to require prior approval from the CCI. This reflects a model of concurrent yet coordinated jurisdiction rather than exclusivity. Accordingly, regulatory comity can be maintained in practice without jurisdictional friction, depending on the facts and circumstances of each case.

10.   What is your advice to young professionals and law students who aim to build a career in the field of Competition Law?

Ans. For all professionals, and especially in today’s dynamic business environment, it is essential to identify your strengths and weaknesses. With sincerity and hard work, nothing is beyond reach. Shortcomings can be overcome with extra effort. The key lies in self-belief and confidence in your abilities. Push beyond your comfort zone, set higher benchmarks, and pursue them relentlessly. Growth must be continuous. Given the high-stakes, reputation-driven nature of the legal profession, you are only as good as your last piece of advice. Take pride in your work and always deliver your best.

These are exciting times to be a competition lawyer. There is significant activity across merger control, antitrust enforcement, and competition compliance. While it remains a niche practice, experience in other areas — particularly M&A — adds immense value. In today’s fast-paced business environment, a cross-disciplinary background is fast becoming a necessity rather than an advantage. Moreover, the rise of digital markets and artificial intelligence has fundamentally changed the landscape. Those who embrace these shifts early and decisively will be best positioned to succeed.