Grindr and PatientsLikeMe Outcomes Show Non-Cleared Transactions' Exposure to CFIUS Scrutiny, Especially When PII Is Involved

Orrick, Herrington & Sutcliffe LLP

CFIUS热点追踪:对涉及个人可识别信息交易的审查——以Grindr和PatientsLikeMe为例

In the last three weeks, the Committee for Foreign Investment in the United States (CFIUS) has reportedly informed two Chinese companies that they must sell their stakes in two U.S. companies. It is understood that in late March 2019, CFIUS conveyed to the Kunlun Group that it must sell its stake in Grindr, an online dating app. More recently, it was announced that CFIUS ordered iCarbonX, the Shenzhen-based unicorn, to sell its majority stake in the U.S. company PatientsLikeMe. PatientsLikeMe is an online service that links individuals suffering similar health issues in an effort to improve disease detection and treatment.

CFIUS's disposition of these transactions reinforces two points about CFIUS's administration of restraints on non-U.S. investment in the United States for national security reasons:

  • First, as these transactions closed years ago, CFIUS's treatment highlights that a foreign investment transaction is susceptible to disturbance by CFIUS at any time into the indefinite future if CFIUS has not cleared it.
  • Second, CFIUS's treatment of these transactions shows the importance that CFIUS attaches to a U.S. target company's storage of personally identifiable information (PII) as a potential national security concern.

Non-Cleared Transactions – Exposure to Disturbance by CFIUS

The Kunlun-Grindr and iCarbonX-PatientsLikeMe cases illustrate how foreign investment transactions not cleared by CFIUS are susceptible to disturbance at any time.

Kunlun-Grindr

  • The Kunlun Group is a wholly owned subsidiary of Beijing Kunlun Tech Co. Ltd., a listed company in China. The Kunlun Group acquired 100% of the shares of Grindr LLC in two separate transactions. In March 2016, Kunlun acquired 61.53% of the shares of Grindr for US$93 million. In May 2017, Kunlun signed agreements to purchase the remaining shares of Grindr for US$152 million, with the deal closing in January 2018. In August 2018, Beijing Kunlun announced that Grindr was preparing for an IPO.
  • In March 2019, spurred by data privacy concerns, CFIUS intervened and Kunlun is now in an auction process to sell Grindr. On April 1, 2019, Beijing Kunlun announced it is in communication with CFIUS and has not reached any agreement on this matter.

iCarbonX-PatientsLikeMe

  • In January 2017, the U.S. healthtech startup company PatientsLikeMe announced that it received an investment from iCarbonX, the Chinese digital healthcare unicorn, in excess of US$100 million, resulting in iCarbonX being the majority stakeholder in PatientsLikeMe.
  • In April 2019, it was reported that CFIUS is insisting that iCarbonX fully divest its stake in PatientsLikeMe.

Foreign Company Access to U.S. PII – Exposure to Disturbance by CFIUS

The U.S. government's focus on a foreign company's access to the PII of U.S. citizens is not entirely new. The watershed was the Ant Financial-MoneyGram proposed transaction. In December 2017, Ant Financial Services Group's proposed purchase of MoneyGram International Inc. was de facto blocked due to concerns that Ant Financial would then have access to significant PII as part of the transaction. Another example is the 2018 China Oceanwide-Genworth Financial deal. In that transaction, China Oceanwide Holdings Group Co. first had to implement mitigation measures to prevent "personal consumer information [from] becoming more vulnerable" before CFIUS clearance was granted. Specifically, the mitigation agreement required, among other things, that Genworth use a U.S.-based third-party service provider to manage and protect the personal data of Genworth's U.S. policyholders.

In August 2018, the U.S. Congress codified in the Foreign Investment Risk Review Modernization Act (FIRRMA) that CFIUS is to focus on potential national security concerns associated with the U.S. investment target's maintenance or collection of "sensitive personal data of United States citizens."

Importance of CFIUS Planning

CFIUS's disposition of these transactions underlines the importance of informed CFIUS planning well before proceeding with a foreign investment transaction that could implicate CFIUS's jurisdiction. For Chinese companies in the process of an investment or an acquisition in the U.S., the parties need to resolve whether a filing with CFIUS is mandatory under October 2018 FIRRMA "pilot program" regulations relating to an investment in a U.S. business involved in "critical technology." If not, but the non-U.S. investor could gain control over a U.S. business, the parties should consciously resolve whether they will seek CFIUS clearance for the transaction. Whether to do so may depend on the types and magnitude of national security considerations (such as the target company's PII storage) that the transaction presents.

For any number of reasons, deciding not to notify the transaction to CFIUS may be in the parties' interest. But they should recognize that without CFIUS clearance, the CFIUS Sword of Damocles (large or small as it may be) will hang over the outcome of the transaction.

For Chinese companies that have already invested in or acquired a U.S. company and did not notify CFIUS in the process, it may be prudent to now conduct an internal review of those transactions. The review should cover, among other questions, whether the transaction has made PII of U.S. citizens accessible to the Chinese company. Various measures may then be considered, such as a partial divestment of shareholding in the U.S. company that would eliminate the Chinese company's access to the PII of U.S. citizens. Or the parties could propose that the U.S. company engage a U.S.-based third party service provider to manage and protect the PII of U.S. citizens. By proactively managing this risk going forward, the Chinese company would potentially be in a stronger position with more options than if CFIUS intervenes and demands a fire-sale divestment.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Orrick, Herrington & Sutcliffe LLP | Attorney Advertising

Written by:

Orrick, Herrington & Sutcliffe LLP
Contact
more
less

Orrick, Herrington & Sutcliffe LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.