On March 6, 2020, President Trump ordered Beijing Shiji Information Technology Co., Ltd. and its direct subsidiary Shiji (Hong Kong) Ltd. (Shiji) to divest all interests in StayNTouch, Inc. (StayNTouch). Shiji is a Chinese company whose stated mission is “to provide the hospitality, food service, retail and entertainment industry with… fully integrated IT systems.” StayNTouch, a Delaware information technology (IT) company that provides hotel property management software, was purchased by Shiji in 2018. The presidential order cites “credible evidence” that the purchase “threatens to impair national security…” and restricts Shiji from accessing hotel guest data held by StayNTouch while the transaction is unwound. As described in our GT Alert published Feb. 11, 2020, the jurisdiction of the Committee on Foreign Investment in the United States (CFIUS) was recently expanded to include review of minority transactions that give a foreign investor access to American citizens’ sensitive personal data.
The move reflects CFIUS and the president’s increasing focus on foreign companies’ access to the personal data of U.S. citizens, as well as broad concerns about Chinese investment in general. Another Chinese company, Beijing Kunlun Tech Co Ltd., reportedly agreed to divest its ownership of the dating app Grindr following a request from CFIUS in 2019. While presidential orders to unwind a foreign investment transaction (which may be made at any time after closing, with no time-period limitation) used to occur only rarely, they have become more frequent in recent years. In addition, many transactions facing significant CFIUS-imposed mitigation measures or obstacles to clearance – up to and including recommendations to the president to block a transaction – are abandoned voluntarily before such measures are mandated, further highlighting the trend of transaction failure resulting from U.S. government national security concerns.
Considerations for Investment Opportunities Involving Sensitive Personal Data
Access to personal data may not have been the sole factor CFIUS and the president considered in ordering Shiji’s divestment of StayNTouch, and all foreign investment transactions should continue to be evaluated holistically when considering potential CFIUS concerns. However, based on these recent events and the newly expanded scope of CFIUS jurisdiction, CFIUS will continue to attach significant importance to foreign investors’ access to sensitive personal data, among a number of other important national security touchpoints. This includes identifiable data collected on U.S. citizens in quantities of one million individuals or greater, as well as geolocation data, health information, biometrics, and financial data. All parties to a foreign investment transaction involving a U.S. target that collects or deals in personal data should carefully evaluate the risk of post-closing CFIUS mitigation measures or required divestment, and consider the merits of submitting a joint voluntary notice to CFIUS before closing to mitigate these risks.
Greenberg Traurig’s Export Controls & Economic Sanctions team has wide-ranging CFIUS experience, counseling both potential foreign investors as well as the U.S. targets of investment. The team provides integrated CFIUS advice from the initial stages of a proposed transaction to the conclusion of a CFIUS review, taking into account the operational and deal objectives of our clients. The CFIUS requirements continue to undergo rapid changes and our team diligently tailors our counseling to account for the changing regulatory landscape and the transactional objectives of our clients. The team also anticipates any government policy concerns which may arise in relation to a transaction and take a collaborative approach to designing and implementing mitigation measures.