Friday, December 13, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

CFIUS Flexes New Muscles Where Customer Data and Critical Technology Are Involved

Committee Shows Particular Concern Over Chinese Investment in Select Deals

by Nevena Simidjiyska
April 24, 2019
in Data Privacy, Featured
chinese flag with stock ticker in background

The Committee on Foreign Investment in the United States (CFIUS) recently forced the Chinese owner of dating app Grindr to divest its ownership interest, citing national security concerns. Fox Rothschild’s Nevena Simidjiyska explains what the decision means for companies who carry personal data going forward.

A new law has expanded the oversight powers of the Committee on Foreign Investment in the United States (CFIUS), and businesses are quickly learning that the interagency committee won’t hesitate to block a deal or force the divestment of a prior acquisition, particularly one involving sensitive customer data or “critical technologies” in industries ranging from semiconductors to social media.

Within the past two years, CFIUS blocked the acquisition of U.S. money transfer company MoneyGram International Inc., as well as a deal in which Chinese investors aimed to acquire mobile marketing firm AppLovin.

Most recently, CFIUS forced the divestment of prior acquisitions in companies that involve sensitive customer data. The Chinese owner of Grindr, a dating app based in California, was ordered to sell its ownership interest when CFIUS concluded that Chinese ownership of the business amounted to a national security risk. CFIUS did not disclose its rationale, but officials familiar with the situation pointed to concerns about personal user data, including geolocation and health information, that Grindr collects and the potential for exploitation by foreign governments to coerce individuals, particularly anyone holding security clearances. The investor, Beijing Kunlun Tech Co Ltd., had acquired a major stake in Grindr in 2016, but CFIUS intervened nearly three years after the deal closed.

CFIUS further reinforced its interest in personal data last week when it forced another Chinese owner to divest its interest in health tech startup, PatientsLikeMe, which it had acquired two years ago. The company provides a network for patients to find others with similar conditions. Just as with Grindr, users share health information on the network. 

The Grindr and PatientsLikeMe decisions strongly suggest that the overseers are very concerned about Chinese investment, particularly where sensitive personal data is involved, even if it closed before the new law kicked in.

CFIUS is chaired by the Secretary of the Treasury and by statute includes the heads of nine cabinet departments, including Defense, Homeland Security, Justice and State.

Last year, the scope of CFIUS’s oversight was expanded with the passage of FIRRMA (the Foreign Investment Risk Review Modernization Act of 2018).

The new law expands CFIUS’s jurisdiction to cover a number of new industries, including data privacy and critical technologies, such as semiconductors, robotics and artificial intelligence. Critical infrastructure is also a priority, including transportation, health care, financial services and energy. Chinese investors are receiving the most scrutiny in these fields.

The new law also makes CFIUS filings mandatory in certain cases (previously all filings were voluntary). CFIUS now requires companies involved with critical technologies in one of 27 industries, such as aircraft, inorganic chemical manufacturing, biotechnology and semiconductors, among others, to seek CFIUS approval for foreign investment (even non-controlling) in certain circumstances.

Even if a U.S. company does not itself design, produce or develop such technology, but has customers in one of these industries, it could still be covered under the mandatory filing requirement.  

If a company fails to make a filing, CFIUS can initiate its own review – even after closing, as seen in the cases of Grindr and PatientsLikeMe. CFIUS may clear the transaction, impose mitigating measures or force divestment by the foreign investor (as it did with Grindr and PatientsLikeMe). CFIUS can also impose civil penalties up to the value of the transaction for failure to file mandatory filings. 

U.S. companies that assume they are not covered by CFIUS may very well be wrong, because the committee has taken a very broad view of what may constitute a covered transaction that requires its approval. And as the owners of Grindr and PatientsLikeMe discovered, CFIUS clearly likes to make examples of parties that choose not to file.

In passing FIRRMA, Congress indicated that the national security landscape has shifted in recent years, and that it believes that China and certain other countries are actively weaponizing their stakes in advanced technology industries and in companies that hold sensitive personal data.

CFIUS is sending a message that it is now willing to use its powers not just to block investment, but to also force divestment of prior acquisitions. The Grindr and PatientsLikeMe decisions show that CFIUS is particularly concerned about Chinese ownership, especially in critical technology and sensitive personal data. It’s clear that no company is safe, as CFIUS has gone after multibillion-dollar companies and startups alike.


Tags: data governancemergers and acquisitions
Previous Post

Gartner: Just 4 in 10 Privacy Executives are Confident About Adapting to New Regulations

Next Post

Antitrust Pitfalls Awaiting Trade Association Members

Nevena Simidjiyska

Nevena Simidjiyska is Partner and Co-Chair of the International Trade Group at Fox Rothschild. Nevena advises public and private companies in a variety of transactional and corporate finance matters, including mergers and acquisitions and lending and secured transactions.

Co-chair of the firm’s International Trade Group, Nevena advises clients on export licensing, economic sanctions, and related internal controls, including compliance under the Export Administration Act, the International Traffic in Arms Regulations (ITAR), and the Office of Foreign Assets Control (OFAC). Nevena also advises clients on the restrictions on foreign investment and acquisition of US companies and counsels them through the review process conducted by the Committee on Foreign Investment in the United States (CFIUS). Nevena is particularly well equipped to guide foreign and domestic companies through the CFIUS clearance process and the M&A issues that it involves due to her expertise in both M&A and CFIUS/export compliance.

Related Posts

change is coming text on city background at sunset

Future-Proofing the Compliance Professional

December 13, 2019
futuristic technology projecting 2020 in white text

The Future of Data Privacy Regulation

December 12, 2019
illustration of businessmen shaking hands through smartphone screens

FINRA Reveals Top Areas of Interest: Supervision and Digital Communications Compliance Programs

December 12, 2019
new york city skyline at sunset

The Early Days: The Birth of the Independent Monitoring Concept

December 11, 2019
Next Post
businessman stepping in bear trap

Antitrust Pitfalls Awaiting Trade Association Members

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • John Special, Defendant, and Michael Murphy, Relief Defendant, John Kenneth Davidson December 12, 2019
    SEC Obtains $3 Million Settlement in Insider Trading Action
  • Palm Beach Atlantic Financial Group, LLC and William A. Smith December 11, 2019
    SEC Charges Florida Resident and His Corporate Entity for Fraudulent Securities Offerings
  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights