February 19, 2019

Due Diligence: Privacy Risks Front & Center in M&A

This Bloomberg Law article says that dealmakers have made privacy issues a high priority in M&A due diligence and in negotiations. Here’s an excerpt about how privacy concerns are finding their way into deal terms:

Buyers will often assume the liabilities, including pending lawsuits and enforcement actions stemming from privacy laws, attorneys said. Data-driven companies could be a risky purchase because EU and U.S. regulatory authorities are focusing on businesses being transparent in their data collection practices, they said.

How well an acquisition target follows the GDPR and other privacy laws plays an increasingly important role in deal negotiations, attorneys said. Buyers are incorporating privacy issues in contract language, including representations and warranties, and changing deal prices to account for possible enforcement actions or lawsuits.

The article says that privacy concerns are particularly acute for data-driven businesses, and that buyers are digging into how well prepared those companies are not only to comply with existing regulations, but with those – such as California’s consumer privacy legislation – that will be coming online in the near future. Companies that haven’t taken steps to establish their right to the customer information essential to their businesses can expect to pay a steep price in terms of valuation.

John Jenkins