In this brief piece of caution, we argue that competition law is not well-suited for dealing with exploitative data practices. As consumers usually act as if they did not value their privacy, legal remedies that neglect what social scientists call “the privacy paradox” are unlikely to improve the current status quo. We claim that privacy exploitation is better explained by informational and behavioral failures. Our analysis has important policy and legal implications as is shown in our assessment of the German Facebook Case. Under plausible assumptions, if consumer demand does not police the privacy attribute, any competitor will exploit it and thus competition will fail to yield higher privacy protection standards. Accordingly, it is impossible to find a competitive benchmark in the real world. From a legal perspective, this means there is no causality between a firm’s market dominance and the imposition of privacy intrusive terms and conditions. From a policy perspective, we argue that privacy intrusion would be better addressed by direct market regulation, since the complexity of the digital markets requires an assessment of the real equilibrium effect on privacy related concerns. This has to be handled with expert knowledge. Competition law is not a silver bullet, and many social and economic failures are beyond its institutional boundaries. Yet, any data related competition concerns should also reflect on the role of data under exclusionary abuse considerations, something that the Supreme Court of Germany surprisingly did.