Buyers Beware: Data Difficulties Inundate Tech Industry Merger Control and Antitrust Investigations

The large spectrum and volume of data technology companies produce in their day-to-day operations can be a minefield in antitrust and merger clearance negotiations. Craig Earnshaw of FTI Consulting examines how best to navigate a safe way through.

As regulators worldwide — many concerned about the market impact and value of customer data — ramp up their efforts against anti-competitive practices, technology-first corporations are fielding unprecedented requests for information and applying data-driven remedies during antitrust investigations and merger clearance processes. The challenge of responding to these often sweeping requests is compounded by the fact that organisations increasingly possess a massive volume of customer data and internal documents generated from and residing in hundreds of different sources, formats and systems.

For technology-first companies, the fact that growth, value and existence are all driven by the organisation’s online presence and ability to offer information-based services to users is the very genesis for many of the antitrust issues they are now facing.

The data these companies hold about their user/customer base and their daily and strategic operations significantly impact on merger clearance and antitrust investigations. Namely, four key areas are affected: procedural data issues in responding to requests for information (RFIs), competitive concerns regarding customer data, data privacy complexities and the imposition of data-driven remedies. This article covers these areas and the steps organisations, and their advisors can take — through sound information governance, the use of advanced analytics and discovery workflows, and tested data expertise — to avoid costly and time-consuming delays in the process.

Procedural Data Issues
Data is now taking an increasingly central-stage role during any antitrust investigation; multiple procedural issues regularly arise when undertaking to identify, collect, review and produce the internal documents and market share data to authorities. Many internal documents reside in traditional formats (e.g., e-mail, documents, spreadsheets, presentations) and are therefore more accessible for conventional preservation, review and production approaches. However, increasingly cloud-based and collaboration platforms (e.g., Microsoft Teams, Salesforce.com, Slack, Google Workspace) and mobile devices are used for internal operations and communications. The process becomes more complex, giving rise to issues such as available versions of documents, questions about who a document custodian is and technical challenges around the review and production of chat messages and call logs from platforms such as Microsoft Teams, Zoom, WhatsApp or WeChat. This is before the extricable rise of encryption technologies implemented by the corporation further compound the challenge of accessing and reviewing documents and communications.

A survey from Global Competition Review found that these emerging data sources significantly impact responses to requests for information from competition regulators. Roughly half of the respondents said every investigation activity has become more difficult, with 20% saying identifying all data sources is now ‘significantly more difficult’. This is because current and traditional frameworks for discovery and investigations were designed for static data, not dynamic collaboration and communication tools. Many data sources and systems now generating the largest volumes of data within organisations were not even in existence when foundational discovery and investigation technologies, methodologies and review workflows were developed.

This growing volume, variety and wide dispersion of data are presenting significant challenges for organisations to respond to competition authority inquiries within the very short timeframes typically required. Having internal and user data well organised and understood is essential to reducing the burden of the process and the impact on the corporation to support the response.

Moreover, legal teams need to reorient to this new landscape. This includes beginning the identification and preservation phases well in advance of receiving a request from the regulators, engaging in technical negotiations with the authorities about the systems and content in scope, assessing how data is reviewed and analysed, creating new workflows and implementing new tools and technologies that can accommodate the data of this new paradigm.

Competitive Concerns Regarding Customer Data
As customer/user data is now a highly valued business asset, it is core to the existence of these technology-first corporations, especially when combined through a merger with other adjacent data sets. Google’s recent acquisition of Fitbit is a prime example. In that case, authorities expressed concern that Google’s ability to combine Fitbit’s vast customer activity and health information databases with its own user activity would result in an unfair competitive advantage to profile and target advertising to Fitbit users.

Another common challenge is the uncertainty for organisations and regulators when early-stage companies merge, or a company is acquiring a nascent competitor (the so-called ‘killer acquisition’ situation). In these scenarios, it may not be clear whether the restriction on access to the technology or customer base of one of the entities will undermine the operation of a just-emerging market. This issue may spur a closer examination of the parties’ data and strategy to determine potential future issues that may emerge as the parties and markets mature. Even if no issues are flagged during merger clearance, these sensitivities may create future antitrust risks as the market and organisations develop.

To prepare for and reduce the risk of such issues, organisations must establish clearly understand their data. Moreover, acquiring companies should invest in rigorous data assessment during due diligence to fully evaluate the potential risks and/or competitive conflicts data may create in the aftermath of a merger.

Data Privacy
Whilst not a direct antitrust issue, privacy concerns are among the additional factors that data can introduce in merger matters. In FTI Consulting’s Resilience Barometer, 73% of business leaders surveyed across the G20 said that data privacy concerns had impacted M&A in the past 12 months. Regulators are increasingly looking into whether the combination of, or the access to, customer data sets between two companies may be unlawful from a data privacy perspective, as well as how data privacy obligations intersect with and potentially impact competition.

Data privacy should be a key consideration for acquiring and merging parties during the due diligence process, focusing on privacy assessments of the organisations’ policies, business processes and infrastructure. An in-depth view of privacy risk and implications relating to a deal will better prepare organisations for potential regulatory inquiry and mitigate downstream risk.

Data Remedies
Data-driven remedies are becoming increasingly common as a way for competition authorities to address transactions that are deemed problematic. This is because user data, a company’s IP or other confidential information could be transferred as a result of the deal and subsequently used in a manner that could create an anti-competitive situation. As a result, remedies may now include the imposition of monitors, creation of data siloes, ring-fencing data, access provisions and data disposal. However, while some data remedies may seem conceptually simple from a business or legal perspective, they can be very complex from a technical perspective and quite onerous to implement, given the scope and scale of the IT systems in large corporations.

In one matter our team at FTI Technology led for an acquisition of a European manufacturer by a multi-billion-dollar US-based manufacturer, DG Comp issued an unprecedented data remedy requirement. For the deal to move forward, the target company was required to use “all means necessary” to identify and destroy all instances of specified third-party IP across its entire IT landscape. Implementation of the remedy in preparation for the transaction required the identification and remediation of hundreds of millions of files, including communications and complex document formats such as technical drawings and structured data, scattered across countries on multiple continents.

Identifying and remediating data within an organisation may, on the surface, seem easily achievable. However, these matters can quickly spiral in complexity and scope when a transaction involves large and/or multinational organisations. It’s therefore critical to leverage the expertise of data experts to design a defensible and proportionate response for negotiation with the relevant agency case teams.

Antitrust Investigations
Increasingly, where technology-first corporations are subject to antitrust investigations, there is a requirement for the disclosure of company-controlled user/customer data, e.g., customer usage history of a platform, payment information, geo-location data, social media activity, tracked health information, etc. For example, In Google’s ongoing investigation by the US DOJ in relation to search advertising, it was required to produce data about customer journeys through its site; data that it indicated would amount to over a trillion pages and wasn’t stored in a human interpretable format.

These types of data typically reside in massive volumes in corporations’ complex, bespoke and/or disparate systems. As a result, they are arguably more difficult to search and produce to a regulator than documents and communications, requiring specialist assistance.

Respond On Time
Without a highly mature data governance and discovery culture, handling the myriad data challenges when undertaking a merger clearance or responding to an antitrust RFI can be incredibly risky and challenging. Engaging data and e-discovery experts with strong antitrust expertise when an inquiry is anticipated will help ensure data can be produced to authorities within the required timelines and with minimal disruption to the business.

Craig Earnshaw is a Senior Managing Director in FTI Consulting’s Technology segment based in the London office which he founded in 2006. For over fifteen years Craig has worked solely in the electronic evidence field and during this time has amassed considerable experience in both the technical and strategic application of forensic technology for the clients whom he represents. Craig provides strategic advice to clients across all areas of FTI Consulting’s Technology offering, and provides specific counsel to clients in the areas of European Union-based evidence collection and disclosure, computer-based forensics and electronic data hosting for litigation and regulatory enquiries.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.