April 4, 2019 Publications
You read it correctly: The United States Government has deemed an online dating application to be a national security concern. The dating application Grindr has earned notoriety for being the gay equivalent to Tinder (a dating “hook up” application for straight people). Grindr has gained remarkable success. The application boasts of having 27 million registered users as well as an average of 3.3 million daily users.
Why does the United States government believe Grindr is a national security threat?
The reason relates to CFIUS. CFIUS is the common name for the Committee on Foreign Investment in the United States. That Committee is focused on reviewing and approving certain foreign investments in the United States. CFIUS has published various regulations that regulate foreign ownership of companies that impact national security. Traditional companies that have triggered careful scrutiny by CFIUS and its corresponding regulations include infrastructure and technology businesses that are integral to our nation’s defense.
The rather bizarre story of how Grindr became a national security concern started back in 2016 when Kunlun, a Chinese-based company, acquired a majority stake in Grinder for $93 million. Approximately two years later, Kunlun attempted to acquire the remaining stake in Grindr, purportedly for another $152 million. In both instances, Kunlun supposedly failed to make any filings with CFIUS or seek its permission for the transactions.
CFIUS’ concern about the dating application, Grindr, is arguably the first time CFIUS has taken interest/concern in a business that seemingly has no impact on national security. It also represents a somewhat unusual instance where CFIUS is seeking to unwind a transaction after it was already completed. Most of CFIUS’ work occurs prior to when a foreign investment occurs.
With respect to Grindr, CFIUS argues that the primary security concern relates to ownership of sensitive data and protection of that data. Applications like Grindr contain a significant amount of personal information, including things like users’ names, geographic whereabouts and some health information (e.g. HIV status). Based on CFIUS’ concern that Grindr’s owner, Kunlun, is a Chinese entity and that hacking from China occurs frequently, Kunlun is now seeking to divest itself of Grindr.
How does this matter to my business?
The fact Grindr has garnered CFIUS’ attention is noteworthy because it signals a shift in the traditional view of what issues are deemed national security risks. In the case of Grindr, personal data protection, privacy, and limiting hacking have been elevated to national security concerns. While data protection, particularly for trade secrets and intellectual property has historically been important, the Grindr case sets a precedent for more robust policing by CFIUS of foreign investors in United State companies that involve sensitive personal data on citizens/consumers.
The primary lesson for United States companies is to know that even if its products/services do not outwardly trigger traditional national security concerns, the sensitive data the company collects and maintains may be deemed a security concern. Accordingly, companies are well-served to seek professional legal assistance when soliciting and/or accepting investment from foreign individuals or companies. Likewise, it is prudent for foreign investors to seek legal advice prior to investing in the United States, otherwise they risk the ire of CFIUS. The consequence of violating CFIUS regulations can be severe for the company and investor alike, including the forfeiture of the investment.
Jon L. Farnsworth is a partner at Spencer Fane LLP in Minneapolis, Minnesota. He is the former chair of the Minnesota State Bar Association Technology Law Section, and frequently counsels clients on technology law matters, including CFIUS regulations. He can be reached at email@example.com or 612-268-7018.