Roundtable: Competition Authorities Increase Data Scrutiny in Technology Industry Transactions

The increased focus on both internal documents and user data is introducing new complexities and challenges in merger clearance reviews, particularly for technology companies for which data is integral to the viability of entire business models. I recently participated in a virtual roundtable hosted by Global Competition Review (GCR) to discuss these issues with GCR editor and moderator Tom Madge-Wyld, Sharon Malhi, Partner in Freshfields’s Antitrust, Competition and Trade group, and Marc Zedler, a case handler within the European Commission Directorate General for Competition (DG Comp). Through the session, we discussed three key areas relating to data scrutiny in technology industry transactions, including:

1. Competitive Concerns Regarding Customer Data. As customer data is now a highly valued asset, it can impact an organisation’s competitive standpoint significantly, especially when combined (such as in M&A) with other adjacent data sets. Google’s recent acquisition of Fitbit (see CNBC article) was discussed as a prime example throughout our roundtable. In that particular case, authorities expressed concern that the acquiring company’s ability to access the target’s vast databases of customer preferences and information would result in an unfair competitive advantage to profile and target users.

   Privacy issues are also among the additional concerns that data can introduce in antitrust compliance and merger control matters; such as whether the combination of, or the access to, the customer data sets from the two companies would be lawful.

   Another common challenge we discussed is the uncertainty that arises—for organisations and regulators—when early-stage companies merge, or a company is acquiring a nascent competitor (such as the so-called ‘killer acquisition’ situation). In these scenarios, it may not yet be clear whether the restriction on access to the technology or customer base of one of the entities will undermine market competition, and therefore competition authorities may require more information or closer examination to determine potential future issues as the parties/markets mature.

2. Procedural Data Issues. When data issues come under scrutiny in an antitrust or merger clearance investigation, there are several procedural issues that can arise when attempting to collect, analyse, review and produce both internal documents and user/customer data to authorities. Many internal documents reside in traditional formats and can therefore be readily available for discovery. However, when cloud-based and collaboration platforms (e.g. Microsoft Teams, Salesforce.com, Slack, Google Workspace) are in use for internal operations and communications, the discovery process becomes more complex. Similarly, company-controlled user/customer data (e.g., customer usage history of a platform, payment information, geo-location data, social media activity, health information, contact information, etc.), resides in massive volumes in complex, bespoke and/or disparate systems that can be incredibly difficult to search and produce to a regulator.

   In any case, the growing volume, variety and wide dispersion of both categories of data are presenting significant challenges for organisations to respond to regulatory inquiries within the short timeframes typically required, especially in the reviews undertaken by the U.K. and EU authorities. Having internal and user data well organised and understood is essential to reducing the burden of discovery, and to ensure that the data that is produced enables the regulators to evaluate their concerns.

3. Data Remedies. As competition authorities increasingly scrutinise data as part of enforcement, we’re also seeing the emergence of data-driven remedies to address transactions that are determined to be problematic. During our roundtable session we discussed a number of creative remedies required for the combined data within the merged entity, often reliant on the oversight of monitors, including data siloes, ring-fencing, access provisions, and in one matter that our team at FTI Technology supported, vast data ring-fencing and disposal.

   Our panel agreed that while some data remedies may seem conceptually simple, they can be very complex from a technical perspective and quite onerous to implement given the scope and scale of the IT systems in large corporations. Organisations that are at a heightened risk of encountering these types of issues will likely need to engage data experts to enable them to have a clear understanding of their data, develop a proportionate resolution plan and negotiate with the authorities about parameters for data-driven remedies.