Last week, dating website PlentyOfFish withdrew its offer to buy bankrupt rival True.com, citing concerns raised by Texas Attorney General Greg Abbott that the sale would violate True.com’s privacy policy and expose its members to unexpected privacy risks.  Two weeks ago, Abbott filed an objection in U.S. Bankruptcy Court to block the proposed transfer of True.com’s membership database, which contains personal information about the website’s 43 million subscribers.  True.com has been in Chapter 11 bankruptcy proceedings since 2012.

The Texas Attorney General objected to the proposed sale on the grounds that that it was inconsistent with True.com’s privacy policy, which Abbott argued “contains ambiguities as to whether Customers will have a right to opt-out or opt-in to consent to the transfer of their [personal information].”  As part of the bankruptcy proceeding, True.com had entered into an Asset Purchase Agreement with PlentyOfFish, another popular dating website, under which PlentyOfFish would gain access to True.com’s extensive database of members’ personal information.  But last week, PlentyOfFish withdrew from the Asset Purchase Agreement, citing the Texas Attorney General’s objection.  In a letter filed with the court on October 23, PlentyOfFish stated that the transfer of True.com’s customer information “do[es] not appear to be legal, valid and effective,” and that the sale “appears to violate Seller’s privacy policy which affects and binds Seller’s assets.”  Markus Frind, the CEO and founder of PlentyOfFish, addressed the problem candidly in his blog, asking “Who in their right mind is going to buy a dating site with 43 million members if you are not allowed access to those members?” 

The sequence of events in this case demonstrates the importance of including a clear transfer of control provision in a privacy policy and adhering to one’s privacy promises.  Indeed, this is not the first time that transfers of personal information have been a sticking point in bankruptcy proceedings.  In 2000, for example, Toysmart.com was sued by the FTC and a majority of state attorneys general when it attempted to sell its 250,000-customer database after having promised that it would never share customer information with third parties.  The 2011 liquidation of Borders Group, Inc. also attracted the FTC’s and state regulators’ interest.  In that proceeding, the FTC and state attorneys general raised questions about whether Borders’ privacy policy was insufficient to notify its customers that their information could be sold in bankruptcy.  (Full disclosure: Covington served as Consumer Privacy Ombudsman to advise the bankruptcy court on privacy issues in that proceeding.)

Print:
EmailTweetLikeLinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.