No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

CFIUS Flexes New Muscles Where Customer Data and Critical Technology Are Involved

Committee Shows Particular Concern Over Chinese Investment in Select Deals

by Nevena Simidjiyska
April 24, 2019
in Data Privacy, Featured
chinese flag with stock ticker in background

The Committee on Foreign Investment in the United States (CFIUS) recently forced the Chinese owner of dating app Grindr to divest its ownership interest, citing national security concerns. Fox Rothschild’s Nevena Simidjiyska explains what the decision means for companies who carry personal data going forward.

A new law has expanded the oversight powers of the Committee on Foreign Investment in the United States (CFIUS), and businesses are quickly learning that the interagency committee won’t hesitate to block a deal or force the divestment of a prior acquisition, particularly one involving sensitive customer data or “critical technologies” in industries ranging from semiconductors to social media.

Within the past two years, CFIUS blocked the acquisition of U.S. money transfer company MoneyGram International Inc., as well as a deal in which Chinese investors aimed to acquire mobile marketing firm AppLovin.

Most recently, CFIUS forced the divestment of prior acquisitions in companies that involve sensitive customer data. The Chinese owner of Grindr, a dating app based in California, was ordered to sell its ownership interest when CFIUS concluded that Chinese ownership of the business amounted to a national security risk. CFIUS did not disclose its rationale, but officials familiar with the situation pointed to concerns about personal user data, including geolocation and health information, that Grindr collects and the potential for exploitation by foreign governments to coerce individuals, particularly anyone holding security clearances. The investor, Beijing Kunlun Tech Co Ltd., had acquired a major stake in Grindr in 2016, but CFIUS intervened nearly three years after the deal closed.

CFIUS further reinforced its interest in personal data last week when it forced another Chinese owner to divest its interest in health tech startup, PatientsLikeMe, which it had acquired two years ago. The company provides a network for patients to find others with similar conditions. Just as with Grindr, users share health information on the network. 

The Grindr and PatientsLikeMe decisions strongly suggest that the overseers are very concerned about Chinese investment, particularly where sensitive personal data is involved, even if it closed before the new law kicked in.

CFIUS is chaired by the Secretary of the Treasury and by statute includes the heads of nine cabinet departments, including Defense, Homeland Security, Justice and State.

Last year, the scope of CFIUS’s oversight was expanded with the passage of FIRRMA (the Foreign Investment Risk Review Modernization Act of 2018).

The new law expands CFIUS’s jurisdiction to cover a number of new industries, including data privacy and critical technologies, such as semiconductors, robotics and artificial intelligence. Critical infrastructure is also a priority, including transportation, health care, financial services and energy. Chinese investors are receiving the most scrutiny in these fields.

The new law also makes CFIUS filings mandatory in certain cases (previously all filings were voluntary). CFIUS now requires companies involved with critical technologies in one of 27 industries, such as aircraft, inorganic chemical manufacturing, biotechnology and semiconductors, among others, to seek CFIUS approval for foreign investment (even non-controlling) in certain circumstances.

Even if a U.S. company does not itself design, produce or develop such technology, but has customers in one of these industries, it could still be covered under the mandatory filing requirement.  

If a company fails to make a filing, CFIUS can initiate its own review – even after closing, as seen in the cases of Grindr and PatientsLikeMe. CFIUS may clear the transaction, impose mitigating measures or force divestment by the foreign investor (as it did with Grindr and PatientsLikeMe). CFIUS can also impose civil penalties up to the value of the transaction for failure to file mandatory filings. 

U.S. companies that assume they are not covered by CFIUS may very well be wrong, because the committee has taken a very broad view of what may constitute a covered transaction that requires its approval. And as the owners of Grindr and PatientsLikeMe discovered, CFIUS clearly likes to make examples of parties that choose not to file.

In passing FIRRMA, Congress indicated that the national security landscape has shifted in recent years, and that it believes that China and certain other countries are actively weaponizing their stakes in advanced technology industries and in companies that hold sensitive personal data.

CFIUS is sending a message that it is now willing to use its powers not just to block investment, but to also force divestment of prior acquisitions. The Grindr and PatientsLikeMe decisions show that CFIUS is particularly concerned about Chinese ownership, especially in critical technology and sensitive personal data. It’s clear that no company is safe, as CFIUS has gone after multibillion-dollar companies and startups alike.


Tags: Data GovernanceMergers and Acquisitions
Previous Post

Gartner: Just 4 in 10 Privacy Executives are Confident About Adapting to New Regulations

Next Post

Antitrust Pitfalls Awaiting Trade Association Members

Nevena Simidjiyska

Nevena Simidjiyska

Nevena Simidjiyska is Partner and Co-Chair of the International Trade Group at Fox Rothschild. Nevena advises public and private companies in a variety of transactional and corporate finance matters, including mergers and acquisitions and lending and secured transactions. Co-chair of the firm's International Trade Group, Nevena advises clients on export licensing, economic sanctions, and related internal controls, including compliance under the Export Administration Act, the International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC). Nevena also advises clients on the restrictions on foreign investment and acquisition of US companies and counsels them through the review process conducted by the Committee on Foreign Investment in the United States (CFIUS). Nevena is particularly well equipped to guide foreign and domestic companies through the CFIUS clearance process and the M&A issues that it involves due to her expertise in both M&A and CFIUS/export compliance.

Related Posts

hands shaking merger concept

How Your Labor Practices Could Become an M&A Problem

by Lawrence Krug and Konstantin Ebinger
May 30, 2025

Competition enforcers confront monopsony power in increasingly concentrated labor markets

doj building sign with flags

‘Reasonable Steps’: What the DOJ Expects From Your Bulk Data Transfer Compliance Program

by Alexandra P. Moylan, Alisa L. Chestler and Michael J. Halaiko
May 5, 2025

Sample provisions offer blueprint for compliant data brokerage with foreign entities

data security program concept cameras

Your Sensitive Data Is Now a National Security Matter: The DOJ’s New Data Security Program

by Randall Cook, Vince Mekles and Rachel Woloszynski
April 29, 2025

90-day implementation window closing on regulations affecting companies with genomic, biometric, health and other personal information

signing deal signature

When the Ink Dries: 6 Critical Post-Transaction Areas That Make or Break M&A Success

by Jim DeLoach
April 14, 2025

Poor follow-up once the deal is closed can cause culture clashes & value erosion

Next Post
businessman stepping in bear trap

Antitrust Pitfalls Awaiting Trade Association Members

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights