Connect with us

Business

Privacy Issues in Business Combinations

Published

on

Privacy Issues in Business Combinations

By Dominique Shelton Leipzig and G. Thomas Stromberg, Partners at Perkins Coie

Every buyer of a U.S. business needs to think about what liabilities it is acquiring in the transaction and how to minimize or eliminate those liabilities or to become comfortable with the liabilities. Some liabilities are easily known (secured debt, major contracts, and real property leases), while other liabilities are not as obvious (environmental liabilities, unasserted claims, liens that do not show up in a central filing, and, increasingly, data). Specifically, one potential liability that has recently become significant is failure of an acquired business to comply with applicable privacy laws. Recent legislation, particularly in California, has made a compliance program essential for qualifying businesses, and failure to have a compliance program can result in significant liability, which a buyer should know about and plan for.

It is important to understand the applicable regulatory regimes pertaining to privacy when acquiring a business. In international acquisitions, much has been made of the EU General Data Protection Regulation (GDPR) as a game changer for privacy. Similar laws are now becoming part of the U.S. landscape. Ifthe target company is based in California or does business in California, the buyer (whether a U.S. entity or non-U.S. entity) needs to understand when the California Consumer Privacy Act (CCPA) will apply.

The CCPA covers any “business”(whether or not located or incorporated in California) that collects personal information (PI) from California residents. The term “business” is defined in the CCPA to have extraterritorial effect and will apply to any business that collects PI if one of three things also occurs:

  1. The business has revenues of over $25 million; or
  2. The business collects PI of 50,000 California residents or more; or
  3. The business derives 50% or more of its revenue from the sale of California data.

Please note that the CCPA includes a very broad definition of PI. It is broader than the definition of PI in the EU’s GDPR because it includes not only data types such as cookie data, unique device identifiers, names, emails, addresses, and phone numbers but also inferences drawn from the preceding.

For a buyer of a business that, according to the requirements set out above, is subject to the CCPA, it is essential to determine whether the target company is in compliance with the CCPA. If the target company is not in compliance with the CCPA and the non-compliant company is purchased, then the buyer could be liable for up to $7500 per violation if enforced by the California Attorney General and $750 per violation if a consumer pursues a class action. Put another way, if a website has 1 million California visitors per year and the privacy policy is not in compliance, the California Attorney General can set fines for each separate violation every time California residents visit that website up to US$7,500,000,000.

While the requirements of the CCPA are intricate and technical, at the core of complying with the CCPA is knowing how to deal with consumers’ requests with respect to any of the eight rights regarding their PI. These rights are:

  • An abbreviated right to disclosure of specific pieces and categories of PI collected.
  • An expanded right that mirrors the abbreviated right to know and adds information regarding the sources and disclosure of PI collected.
  • Right to disclosure regarding PI sold or disclosed for a business purpose.
  • Right to optout of the sale of PI.
  • Right to optin for the sale of a minor’s PI.
  • Right to deletion of PI collected.
  • Right to access PI.
  • Right to not be discriminated against.

A business must provide at least two designated methods, including a toll-free telephone number and a website address (if it has a website), for consumers to submit the requests. Companies with websites should take care to ensure that requests made through the website are routed to a centralized location and that the person responding to the requests is properly trained on how to do so. We have seen companies that failed to do this have problems complying with consumer requests made under the GDPR, either by leaving some requests unaddressed or by addressing them in inconsistent ways, opening themselves up to regulatory investigation.

If a buyer determines that a company it proposes to acquire is not in compliance with the CCPA, the buyer may want to require the target to come into compliance before the transaction closes or may want to complete the acquisition and bring the acquired company into compliance after closing of the acquisition. In either case, it is important to know how best to create a privacy program that includes the systems and policies to comply. Please note that each business that is subject to the CCPA must establish procedures to implement obligations relating to consumer rights in time for the effective date of the CCPA on January 1, 2020.

In creating a privacy program, it is important to look ahead and think strategically about who the company’s audience might be. At the outset, a business needs to implement systems to ensure that consumer requests are “verifiable”—that is, the consumer himself or herself is making the request. The CCPA does not specify exactly how a business should verify a consumer request and indicates that the California Attorney General’s Office should adopt regulations specifying how to do so. Given that the regulations may not be adopted soon enough for businesses to be able to operationalize them prior to the effective date of January 1, 2020, businesses should consider implementing methods, such as two-factor authentication and blockchain technology, now. In that case, come January 1, 2020, they can be reasonably confident that they are not disclosing or delivering PI to someone other than the person to whom the PI belongs. If a request is not verifiable, then the business should not disclose the PI.

There are other reasons why PI need not (or should not) be disclosed or delivered. For example, a business need not or should not disclose PI if the individual has submitted rights requests more than twice in the preceding 12-month period, if a request relates to PI collected more than 12 months prior, or if fulfilling the request would infringe the rights and freedoms of other individuals. Once a business verifies the request and determines that no defenses apply, it should know exactly what it is obligated to produce, and the response needs to satisfy the CCPA’s requirements regarding the method and timing of delivery. This means that the business should respond within 45 days unless unusual circumstances exist, in which case an additional 90-day extension can be obtained. Further, the responses should detail the specific pieces of PI collected about the consumer to respond to an access request or the right to know about data collected, sold or disclosed for a business purpose.

In addition, a company needs to structure its privacy program so that it will pass the scrutiny of regulators and judges resulting from a lawsuit, unwanted publicity, or data breach. It is critical to be able to demonstrate that the privacy program substantially complies with the requirements of the CCPA. This can be accomplished by developing privacy programs that follow guidance promulgated by regulators and courts. This guidance includes the CNIL’s (the French Data Protection Authority’s) Six Steps for GDPR Compliance, along with Federal Trade Commission orders such as the Vizio 2017 order, which provide a roadmap for a comprehensive privacy program that can be distilled down to six main phases:

Phase 1:      Appoint at least one leader/task force to lead the privacy program.

Phase 2:      Inventory data assets and flows. Consider using CNIL’s data inventory template form.

Phase 3:      Conduct a gap analysis/risk assessment by benchmarking practices identified in Phase 2 with the applicable legal requirements.

Phase 4:      Conduct a data impact assessment for high-risk processing (e.g., data flows associated with children as well as medical, financial, or location data).

Phase 5:      Mitigate risks identified in Phases 3 and 4 by implementing appropriate policies and procedures to govern data practices, including internal governance policies and procedures, external-facing policies (e.g., website, mobile app), vendor management policies, and employee training.

Phase 6:      Create an auditable record to demonstrate compliance.

By using this roadmap, businesses can streamline compliance efforts, reduce their exposure to litigation and enforcement, and present a defensible position if faced with such a situation relating to a company that they acquire.

Conclusion: Many U.S. businesses are required to comply with applicable privacy laws and regulations. Among these laws and regulations is the CCPA, which has been adopted by the California legislature and goes into effect on January 1, 2020. The CCPA has broad application, and many businesses located in California or doing business in California will be required to comply. If a business is required to comply with privacy laws such as the CCPA and does not, it can face exorbitant fines of up to $7500 per violation imposed by the California Attorney General. In addition, the CCPA gives California residents the right to bring privacy class actions, whereby they could seek $750 per breached California record. Based upon the number of breaches that were posted on the California Attorney General’s website, this would represent a collective $37 billion exposure for companies. Any buyer (U.S. or non-U.S.) of a U.S. business should determine (i) whether privacy laws such as the CCPA apply to the target business, (ii) if privacy laws such as the CCPA do apply, whether the target business is in compliance with the applicable privacy laws,and (iii) if the target is not in compliance, whether the buyer wants to require the target business to comply before closing, bring the target company into compliance after closing, or not complete the transaction.

If a buyer or business owner decides to implement a privacy program, the program should provide (i) a method of verifying a consumer request, (ii) a method of handling consumer requests pertaining to the eight rights regarding PI (listed above), and (iii) other methods geared to show compliance that regulators and courts have determined and stated to be important for compliance with applicable laws.

Business

Audi aims to sell one million cars in China in 2023

Published

on

Audi aims to sell one million cars in China in 2023 1

BEIJING (Reuters) – German premium automaker Audi aims to sell 1 million vehicles in China in 2023, versus 726,000 vehicles in 2020, the brand’s China chief Werner Eichhorn said on Wednesday.

Audi, which is making cars in the world’s biggest auto market with FAW Group, will also add more products in China, Eichhorn said. Audi’s rivals include Daimler and BMW.

(Reporting by Yilei Sun and Brenda Goh; Editing by Himani Sarka

Continue Reading

Business

Netflix forecasts an end to borrowing binge, shares surge

Published

on

Netflix forecasts an end to borrowing binge, shares surge 2

By Lisa Richwine and Eva Mathews

(Reuters) – Netflix Inc said on Tuesday its global subscriber rolls crossed 200 million at the end of 2020 and projected it will no longer need to borrow billions of dollars to finance its broad slate of TV shows and movies.

Shares of Netflix rose nearly 13% in extended trading as the financial milestone validated the company’s strategy of going into debt to take on big Hollywood studios with a flood of its own programming in multiple languages.

The world’s largest streaming service had raised $15 billion through debt in less than a decade. On Tuesday, the company said it expected free cash flow to break even in 2021, adding in a letter to shareholders, “We believe we no longer have a need to raise external financing for our day-to-day operations.”

Netflix said it will explore returning excess cash to shareholders via share buybacks. It plans to maintain $10 billion to $15 billion in gross debt.

“This is in sharp contrast to Disney and many other new entrants into the streaming market who expect to lose money on streaming for the next few years,” said eMarketer analyst Eric Haggstrom.

From October to December, Netflix signed up 8.5 million new paying streaming customers as it debuted widely praised series “The Queen’s Gambit” and “Bridgerton,” a new season of “The Crown” and the George Clooney film “The Midnight Sky.”

The additions topped Wall Street estimates of 6.1 million, according to Refinitiv data, despite increased competition and a U.S. price increase. Fourth-quarter earnings per share of $1.19 missed analyst expectations of $1.39.

With the new customers, Netflix’s worldwide membership reached 203.7 million. The company that pioneered streaming in 2007 added more subscribers in 2020 than in any other year, boosted by viewers who stayed home to fight the coronavirus pandemic.

COMPETITION HEATS UP

Now, Netflix is working to add customers around the globe as big media companies amp up competition. Walt Disney Co in December unveiled a hefty slate of new programming for Disney+, while AT&T Inc’s Warner Bros scrapped the traditional Hollywood playbook by announcing it would send all 2021 movies straight to HBO Max alongside theaters.

Disney said in December it had already signed up 86.8 million subscribers to Disney+ in just over a year.

“It’s super-impressive what Disney’s done,” Netflix Co-Chief Executive Reed Hastings said in a post-earnings analyst interview. Disney’s success, he added, “gets us fired up about increasing our membership, increasing our content budget.”

Netflix said most of its growth last year – 83% of new customers – came from outside the United States and Canada. Forty-one percent joined from Europe, the Middle East and Africa.

For January through March, Netflix projected it would sign up 6 million more global subscribers, behind analyst expectations of roughly 8 million.

Revenue for the fourth quarter rose to $6.64 billion compared with $5.47 billion a year ago, edging past estimates of $6.63 billion.

Net income fell to $542.2 million, or $1.19 per share, from $587 million, or $1.30 per share, a year earlier.

Netflix shares jumped 12.5% to $564.32 in extended trading on Tuesday.

(Reporting by Eva Mathews in Bengaluru and Lisa Richwine in Los Angeles; Editing by Sriraj Kalluvila and Matthew Lewis)

Continue Reading

Business

MGM Resorts drops takeover plan for Ladbrokes-owner Entain

Published

on

MGM Resorts drops takeover plan for Ladbrokes-owner Entain 3

By Tanishaa Nadkar

(Reuters) – Casino operator MGM Resorts International on Tuesday ditched plans to buy Ladbrokes owner Entain after the British company rejected an $11 billion takeover approach this month, sending Entain’s shares down nearly 12%.

The United States is seen as the next big growth market for sports betting, spawning a series of transatlantic partnerships tapping in to European technology and expertise. These include Caesars Entertainment agreeing last September to buy William Hill in a 2.9 billion-pound deal.

MGM said it would not submit a revised proposal or make a firm offer for Entain, which had said the approach announced two weeks ago significantly undervalued its business.

Entain shares closed down 11.9% at around 12.44 pounds in London. MGM shares were up 2.5% at $30.54 in New York trading late on Tuesday afternoon.

“We look forward to continuing to work closely with MGM to drive further success in the United States through the BetMGM joint venture,” Entain said in a statement.

Online betting firms have benefited during the COVID-19 pandemic-led lockdowns, as customers took to playing from home when casinos and betting shops were off-limits.

MGM had previously said a merger with the British bookmaker would be compelling and believed a deal would help expand BetMGM, which the two have operated since 2018.

The proposal, on the basis of 0.6 MGM share for each Entain share, was also backed by billionaire Barry Diller’s IAC. It valued Entain shares at 13.83 pence each when it was first announced.

Complicating matters, Entain Chief Executive Officer Shay Segev decided to step down just seven months into the role and in the middle of negotiations with MGM to take a job with sports streaming service DAZN.

Segev’s departure, as well as limited engagement in talks shown by Entain and a difference in price expectations between the two sides, led MGM to decide to walk away from the deal, according to a person familiar with the matter.

Entain, previously known as GVC, has itself expanded rapidly through a series of acquisitions and owns the bwin, Coral and Eurobet brands, operating traditional British high street betting shops as well as offering online gambling.

“While we are genuinely surprised MGM didn’t up its consideration … we don’t think this changes MGM’s ability to secure equity value enhancing benefits from the attractively growing US sports betting and iGaming pie,” JP Morgan analysts said.

The brokerage said it would not rule out further discussions with Entain depending on how the company shareholders reacted, adding it would be tough for someone else to buy Entain given so much potential equity value coming from the 50/50 BetMGM joint venture.

(Reporting by Tanishaa Nadkar in Bengaluru; Additional reporting by Joshua Franklin in Miami; Editing by Keith Weir and Matthew Lewis)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Why You Should Take On Debt To Stop Dilution 4 Why You Should Take On Debt To Stop Dilution 5
Finance13 hours ago

Why You Should Take On Debt To Stop Dilution

By Blair Silverberg, CEO of Capital Imagine an exciting space dominated by two major companies, each growing and developing at...

Audi aims to sell one million cars in China in 2023 6 Audi aims to sell one million cars in China in 2023 7
Business13 hours ago

Audi aims to sell one million cars in China in 2023

BEIJING (Reuters) – German premium automaker Audi aims to sell 1 million vehicles in China in 2023, versus 726,000 vehicles...

Netflix forecasts an end to borrowing binge, shares surge 8 Netflix forecasts an end to borrowing binge, shares surge 9
Business13 hours ago

Netflix forecasts an end to borrowing binge, shares surge

By Lisa Richwine and Eva Mathews (Reuters) – Netflix Inc said on Tuesday its global subscriber rolls crossed 200 million...

MGM Resorts drops takeover plan for Ladbrokes-owner Entain 10 MGM Resorts drops takeover plan for Ladbrokes-owner Entain 11
Business13 hours ago

MGM Resorts drops takeover plan for Ladbrokes-owner Entain

By Tanishaa Nadkar (Reuters) – Casino operator MGM Resorts International on Tuesday ditched plans to buy Ladbrokes owner Entain after...

Mike Ashley's Frasers ups stake in Hugo Boss to over 15% 12 Mike Ashley's Frasers ups stake in Hugo Boss to over 15% 13
Business13 hours ago

Mike Ashley’s Frasers ups stake in Hugo Boss to over 15%

(Reuters) – Mike Ashley-led Frasers said on Tuesday it has increased its stake in German luxury fashion house Hugo Boss...

Sterling rises above $1.37 for first time since 2018; UK inflation rises 14 Sterling rises above $1.37 for first time since 2018; UK inflation rises 15
Top Stories14 hours ago

Sterling rises above $1.37 for first time since 2018; UK inflation rises

By Elizabeth Howcroft LONDON (Reuters) – A combination of heightened risk appetite in global markets and UK-specific optimism lifted the...

Euro sinks amid broader risk rally against dollar 16 Euro sinks amid broader risk rally against dollar 17
Top Stories14 hours ago

Euro sinks amid broader risk rally against dollar

By Ritvik Carvalho LONDON (Reuters) – The euro struggled to join a broader risk rally against the dollar on Wednesday...

Britain to publish new weekly consumer spending data 18 Britain to publish new weekly consumer spending data 19
Finance14 hours ago

Britain to publish new weekly consumer spending data

LONDON (Reuters) – Britain’s statistics office said it would publish new weekly consumer spending data from Thursday, based on credit...

Mercedes unveils electric compact SUV in bid to outdo Tesla 20 Mercedes unveils electric compact SUV in bid to outdo Tesla 21
Business15 hours ago

Mercedes unveils electric compact SUV in bid to outdo Tesla

By Nick Carey (Reuters) – Daimler AG’s Mercedes-Benz on Wednesday unveiled the EQA, a new electric compact SUV as part...

England soccer star Rashford nets younger buyers for Burberry 22 England soccer star Rashford nets younger buyers for Burberry 23
Top Stories15 hours ago

England soccer star Rashford nets younger buyers for Burberry

By Sarah Young LONDON (Reuters) – Burberry stuck to its full-year goals on Wednesday after a media campaign fronted by...

Newsletters with Secrets & Analysis. Subscribe Now