Posts from Federal Trade Commission

There are signs that Washington is gearing up to do something big in the area of online privacy. The FTC put out a report earlier this week and the White House called for a "privacy bill of rights" last month. Both have asked Congress to act on this issue.

I thought I'd lay out some basic thoughts and principles on the data we create, share, and curate on the open Internet.

1 – Our clickstreams, search history, likes, tweets, photos, and so on and so forth is our data and we should have the ability to control it, delete it, and limit how it is used. That seems like a basic right that should be available to everyone who uses the Internet.

2 – Those who do not want to be tracked should have the ability to opt-out of being tracked. The Do Not Track industry self regulation effort (in browsers, ad networks, etc) is long overdue and I hope we see real usable tools soon. The FTC expects these tools by year end. I hope they are right.

3 – Tracking and profiling provides real value to me and many users on the Internet. I like using Amazon and getting recommendations based on my purchase history. I like using Twitter and getting recommendations for who to follow. I like using Foursquare Explore and getting recommendations for places to go to based on my checkin history and my friends' checkin history. We should not do anything to limit the ability to offer these valuable personalization services on the web and mobile Internet.

4 – There are significant Internet revenue streams based on profiling and tracking. Much of the online advertising business is built on these approaches. And an increasing amount of commerce revenue is based on recommendations and personalization. We should be careful not to undercut the economic underpinning of the Internet in our attempts to regulate online privacy.

5 – Transparency can play a big role. Our portfolio company Duck Duck Go provides a very clear and crisp privacy policy for its search engine. Internet users who do not want their searches tracked and sold have come to Duck Duck Go in droves. We should encourage web and mobile services to lead with their privacy practices and let users vote with their feet. This is an opportunity for new web services who can use privacy as a basis for competition as Duck Duck Go does.

6 – There is a big difference between collecting data and using it within a web or mobile service and collecting data and selling it to third party services. I understand that the data Foursquare has on me will be used by Foursquare to make better recommendations and to target offers and specials to me. That makes sense and my decision to use Foursquare and continue to use it is an implicit license for them to do that. But I cannot use that same implicit license when the data on my activities is collected and sold to third parties.

7 – With the advent of open APIs, much of this data is not actually being sold, but it is moving freely around the web via the plumbing of the Internet. This is an area we should be particularly careful not to crimp. Open APIs are at the center of the permissionless innovation movemement and are responsible for many of the new services that are being built.

I do not have a specific set of recommendations for our elected officials on this issue. But I do agree that codifying best practices and policing the truly bad actors is a good idea. The Can Spam Act of 2003 is a good example of how industry self regulation codified in legislation was a net positive for everyone. That bill took a lot of work by the industry trade groups to get right and there were versions of Can Spam that would have be highly problematic for the industry. I suspect that will be the case with online privacy legislation too.

So everyone working in the Internet industry should make their voices heard in Washington on this issue. If you have a business that will be impacted by online privacy legislation, figure out how to engage in the debate/discussion. And the staffers in Washington who are working on this effort should reach out to the Internet industry (and not just Google and Facebook) to get a front lines view of the issues. If you don't know how to do that, you can contact me via the contact link at the bottom of this blog.

Related articles

• FTC Calls for "Privacy by Design" (allthingsd.com)
• FTC Privacy Framework Pushes For Regulation of Data Brokers (yro.slashdot.org)
• FTC online privacy report lays out new standards (sfgate.com)
• New federal Internet privacy standards introduced (mercurynews.com)
• FTC calls for laws to protect consumer privacy on Internet (usatoday.com)

Continuing our discussion of M&A Issues, this week we'll talk about governmental approvals. When two companies combine, the government can sometimes get involved. It mostly happens when two large businesses combine and the most common reason for governmental review is antitrust considerations. It is also possible that foriegn governments can take interest in a business combination.

The most common governmental review process for an M&A transaction is a review by the DOJ/FTC of anti-trust considerations. These reviews are done under provisions laid out in the Hart-Scott-Rodino Act. Wikipedia has a decent description of the provisions of that act. If a transaction is for more than a certain amount of value, the government will review it. From that same Wikipedia article:

The rules are somewhat overlapping to some degree, but the basic requirements are that all transactions of $252.3 million or more require a filing. All transactions worth more than $63.1 million require a filing if one of the parties is worth at least $12.6 million, the other is worth at least $126.3 million and the total amount of assets now owned by the acquirer reaches $252.3 million.

The DOJ and the FTC will look at every transaction over these amounts and try to determine if there are antitrust considerations. If they are concerned, they can negotiate provisions to the deal to remedy the concerns or they could simply not approve the transaction.

A similar process can happen in the EU. The Google Doubleclick transaction, for example, received very close scrutiny in europe.

There are other government agencies that can also be interested in an M&A transaction. They include the SEC, the FCC, and other agencies with specific oversight over certain businesses (EPA for example).

These governmental approvals are important for a bunch of reasons. First and foremost, they can prevent a transaction from happening. And they can also require significant changes be made to the transaction which may not be acceptable to the buyer. Bottom line, the government can mess with your deal.

For transactions that are large enough to merit review, governmental approvals represent risks to the transaction that need to be considered upfront. From the buyer's perspective, they will want to be confident they can get the deal approved in a reasonable time frame without significant concessions. From the seller's perspective, they do not want to be tied up in a long governmental review process, be in limbo business wise, and risk not getting the transaction closed.

The way that most letters of intent deal with these risks is they establish a breakup fee that the buyer pays the seller if the transaction does not close on substantially similar terms. The breakup fees can be considerable.

From the seller's perspective, a long review followed by a failed transaction is a horrible outcome. And a large breakup fee may be suitable compensation for that kind of damage. But it may not. Imagine having your entire team thinking they are going to be working for someone else, being in limbo for a long time, and then hearing that it is back to business. It is hard to get back the operating mojo once your team has adopted a different mindset.

If your M&A transaction is small, you don't need to worry about this stuff. But if it is a large transaction, you need to focus on the government approvals you will need and you need to consider what should happen if the approvals are not forthcoming. This stuff matters a lot.