CFIUS’s Axe to Grind: China’s Kunlun Reportedly Forced to Divest Grindr Amid Concerns Over Sensitive Personal Data
CFIUS’s Axe to Grind: China’s Kunlun Reportedly Forced to Divest Grindr Amid Concerns Over Sensitive Personal Data
The Committee on Foreign Investment in the United States (CFIUS) is reportedly forcing Beijing Kunlun Tech Co. Ltd. (“Kunlun”) to divest Grindr LLC (“Grindr”), the dating app Kunlun acquired in 2016. Much of the popular press is focusing on the seemingly remote connection between a popular dating platform for gay, bi, trans, and queer people on the one hand, and the national security of the United States on the other. The circumstances, however, highlight perfectly one of the U.S. government’s keenest national security concerns: the ability of foreign governments, and in particular the Chinese government, to collect and potentially exploit data related to U.S. citizens.
CFIUS’s actions in this case are an important development for non-U.S. investors in the social media space evaluating new investments, as well as for U.S. social media companies evaluating potential or even existing investors. It also highlights the ultimate risk of not notifying CFIUS of potentially sensitive transactions. CFIUS unilaterally reached out, investigated, and is ultimately forcing a major divestment more than three years after the initial acquisition.
CFIUS Background
CFIUS is an interagency committee of the U.S. government charged with reviewing foreign acquisitions of or investments in U.S. businesses to ensure that the transactions do not pose unresolvable national security concerns. CFIUS has the authority to impose measures to mitigate any national security concerns, or even recommend that the president block transactions before they close or unwind transactions after closing.
Over the past few years, CFIUS has increased its scrutiny of Chinese investments in U.S. technology companies, particularly where those companies involve critical technologies (e.g., export-controlled technology, robotics, AI), critical infrastructure, or sensitive personal data. Indeed, Congress passed sweeping CFIUS-reform legislation — the Foreign Investment Risk Review Modernization Act (“FIRRMA”) — to better equip CFIUS to address these very concerns. See our prior client alert. Among other things, FIRRMA broadened CFIUS’s reach to consider, as part of national security risk, the extent to which a transaction is likely to expose personally identifiable information and other sensitive data of U.S. citizens to a foreign government or person that may exploit that information in a manner that threatens national security.
CFIUS Concerns Regarding Kunlun Ownership of Grindr
Kunlun is a Chinese gaming company and is publicly traded on the Shenzhen Stock Exchange. In January 2016, Kunlun acquired a 60 percent stake in Grindr for $93 million. In 2018, Kunlun acquired the remaining interest in Grindr for $152 million. Now, more than three years after the initial acquisition, CFIUS is seeking to require Kunlun to divest its stake, either “voluntarily” or through an executive order issued by the president.
Although CFIUS does not comment publicly on transactions it reviews, CFIUS’s concerns regarding Kunlun’s ownership of Grindr are likely multifaceted:
In addition, these concerns must be viewed in the context of China’s acquisition of other large datasets by commercial means (i.e., acquisitions of U.S. businesses) or by more nefarious means (e.g., the OPM cyberattack). The compilation of these datasets potentially enables China to build sophisticated databases with detailed profiles of U.S. citizens.
Takeaways: