Breach, Compliance Management, Data Security, Privacy

Provision in LinkedIn, Microsoft agreement hints at privacy protection

A hint as to how Microsoft and LinkedIn will protect the privacy of user data after their merger as well as a hint as to an upcoming standard for companies that go through mergers and acquisitions (M&As) might include can be found in a brief privacy representation in the agreement between the two tech giants.

"Privacy and data security protections are developing and changing rapidly, everyone does it on their own, ad hoc,” lawyer John Maloney, commercial product director of corporate and transactional at Bloomberg Law, told “It will be interesting to see if this will set a new approach.”

“The Company (i) has adopted and published from time to time privacy policies (each, the " Company Privacy Policy "); and (ii) is in compliance in all material respects with (A) each Company Privacy Policy and (B) all applicable Laws and regulations and material contractual requirements pertaining to personally identifiable information of its customers and users of its products and services (" User PII "),” Maloney said the Sec. 3.16(i): Privacy and Data Security reads. “The Company and its Subsidiaries have taken commercially reasonable steps to protect the User PII from unauthorized access and use.  Neither the Company nor its Subsidiaries have suffered any security breach with respect to any User PII that would reasonably be expected to result in a material liability to the Company or its Subsidiaries, taken as a whole.”

The passage, said Maloney, who put the agreement through the company's Corporate Transactions technology and Draft Analyzer tool, is surprising in both its brevity and breadth. “What's unusual here is that it's pretty short and sweet,” he said. “We can't find another like it even in healthcare [agreements].”

In another break from the typical pattern, it is clear that LinkedIn's legal team exerted more influence over the wording of the passage. “The broader representation came from the target, they seemed to have more control over the language,” Maloney said, explaining "usually it's the acquirer” that takes the lead on language.

While privacy has always been important to M&A deals – J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP), told that “privacy is clearly an area of inquiry in due diligence of M&A” – Maloney said provisions for it used to fall under intellectual property. “Now they have separate protection for it.”

Not even the healthcare industry has come to a consensus as to how to handle privacy as part of an M&A agreement. “We're going to watch and see if more targets do it this way and if any issues (concerning breaches and privacy issues) will be disclosed in (accompanying) disclosure letters,” he said of the “broad but succinct” privacy representation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.