Last week, dating website PlentyOfFish withdrew its offer to buy bankrupt rival True.com, citing concerns raised by Texas Attorney General Greg Abbott that the sale would violate True.com’s privacy policy and expose its members to unexpected privacy risks. Two weeks ago, Abbott filed an objection in U.S. Bankruptcy Court to block the proposed transfer of True.com’s membership database, which contains personal information about the website’s 43 million subscribers. True.com has been in Chapter 11 bankruptcy proceedings since 2012.
The Texas Attorney General objected to the proposed sale on the grounds that that it was inconsistent with True.com’s privacy policy, which Abbott argued “contains ambiguities as to whether Customers will have a right to opt-out or opt-in to consent to the transfer of their [personal information].” As part of the bankruptcy proceeding, True.com had entered into an Asset Purchase Agreement with PlentyOfFish, another popular dating website, under which PlentyOfFish would gain access to True.com’s extensive database of members’ personal information. But last week, PlentyOfFish withdrew from the Asset Purchase Agreement, citing the Texas Attorney General’s objection. In a letter filed with the court on October 23, PlentyOfFish stated that the transfer of True.com’s customer information “do[es] not appear to be legal, valid and effective,” and that the sale “appears to violate Seller’s privacy policy which affects and binds Seller’s assets.” Markus Frind, the CEO and founder of PlentyOfFish, addressed the problem candidly in his blog, asking “Who in their right mind is going to buy a dating site with 43 million members if you are not allowed access to those members?”
The sequence of events in this case demonstrates the importance of including a clear transfer of control provision in a privacy policy and adhering to one’s privacy promises. Indeed, this is not the first time that transfers of personal information have been a sticking point in bankruptcy proceedings. In 2000, for example, Toysmart.com was sued by the FTC and a majority of state attorneys general when it attempted to sell its 250,000-customer database after having promised that it would never share customer information with third parties. The 2011 liquidation of Borders Group, Inc. also attracted the FTC’s and state regulators’ interest. In that proceeding, the FTC and state attorneys general raised questions about whether Borders’ privacy policy was insufficient to notify its customers that their information could be sold in bankruptcy. (Full disclosure: Covington served as Consumer Privacy Ombudsman to advise the bankruptcy court on privacy issues in that proceeding.)