ashurst data seminar | london 01 Mar 2018 If data has become the "new oil", what are the key issues that are arising in M&A transactions?

Transcript

Rob Aird (RA): Thank you for making the effort coming out this morning, I really do appreciate you coming along for this session.  My name is Rob Aird and I am a partner in Ashurst corporate in the M&A practice.  I focus primarily on M&A in the financial services sector but am also a member of our Fintech group and act for a range of acquirers, investors and tech start-ups.  I am joined today by Nigel Parr who is a partner in the global share of Ashurst competition and trade law practice, and by Tara Waters who is a senior lawyer in our corporate practice.  Nigel's practice has over recent times featured a high degree of overlap with the clients involved in the data economy, advising a financial data business in its long-running European Commission investigation into CDS pricing and recently advising a leading UK retail bank on a competition investigation which spawned the UK's open banking regime.  Tara is also a highly unusual member of the legal community I like to think!  She's a former technologist before she became a lawyer and began her career at the height of the .com boom developing web-based solutions in Silicon Valley.  Since then, Tara has become a lawyer and moved to the dark side, but retains a keen interest in all things tech, and she was included in Innovate Finance's Woman in Fintech Power list last year as well which I think was just reward for her specialist interest, which all leaves me feeling rather inferior compared to my colleagues here!

What are we going to cover this morning?  Well, we're going to look at four things: first, I'll look at the deals that have taken place in the market, what areas of the market are really hot right now and consider why that might by; secondly, I'll look at how opportunities in this area are valued, how deals are being structured and what we are seeing in terms of some current trends; Tara will then then look at the key risks and issues to be aware of in relation to M&A in this area, and Nigel is going to take you through how competition authorities are changing their approach to merger control to recognise the potential competition issues which are posed by deals in this area.  That's very much a hot topic right now, particularly within the EU.  

Just to be clear, this session is not intended to be an overview of GDPR in the context of M&A deals, that will either be a welcome relief to most or a complete disappointment!  Whichever way I will sound the GDPR claxon when I start talking about it so take that queue to either pay attention or leave, whichever takes your feel!

So first, let's look at what's going on in the market, so over the last couple of years, and then I'll come on to what's driving these types of deals very shortly.  So, in terms of this slide, basically these are the public deals that we've seen across the world in relation to this, the data economy.  In the spirit of full transparency, Ashurst only acted on two of these deals but I shall not tell you which ones they were, it will probably become apparent as we start going through the slides. 

Broadly they break down into data infrastructure, so that's kind of the conduits by which data moves, the data centres and the like, services and products, so these are entities that provide data-related products and services and then there's the users of data, the consumers of data as it were in the very broad sense, those companies that are using data for their own business.  Just perhaps worth an observation, it's worth pointing out Soft Bank investment in Uber, obviously not an acquisition, an investment but quite a significant one.  Also labelled in perhaps the services because Uber is a ride paying service, but Uber also has one of the largest data bases of information in short-term transit and transportation trends, so was Soft Bank's investment really driven by access, by potentially getting access to that huge global database?  Clearly an attractive part of Uber's offering.  

It's also interesting to note that it's not limited to the Facebooks, Apples of this world, you also see some traditional tech business, we've got Intel acquiring Mobili and Mobili is a business that specialises in artificial intelligence from the internet of things, so those clever toasters and kettles that you have that all talk to each other and let you know when they need more water putting in them in the case of your kettle or fridges that tell you when you need to get a refill on milk and things like that.  So very interesting to see these kind of traditional business buying up the very nimble, new technology businesses in order to try and stay relevant.  

As I said, these are just a selection of some of the really big mergers that have grabbed headlines around the world.  There are lots and lots and lots of private deals going on around this sector, we signed one only yesterday of a traditional bricks and mortar FTSE 250 company investing with a nimble tech business to try and develop a data strategy for that more traditional business, and that is something that we're seeing a lot more of at the moment, people with books of data that they don't really know how to go about doing things with, getting into collaborative JVs with the more nimble tech superstars as it were.  

As an aside and a slightly more interesting trend, what we are seeing is a lot more interest being taken in the infrastructure side from people that would traditionally have been thought of as infrastructure investors in the traditional sense, people who invested in roads and ports and things like that, and they're interesting because they are buying data centres, and I'll show you why that might be interesting to them shortly, but basically those types of investors have looked traditionally for things that have very long-term yields in what they're acquiring, so very long-term contracts with very steady revenue streams, and again we'll look at why that's interesting from the data infrastructure perspective very shortly.  

So what's driving this activity and how are investors approaching valuing the opportunities?  What's the rationale for it?  Big data is a colossal opportunity for most.  It's through use of marketing, so social media using your information that you post on social blogs, your Facebook page, to be able to understand a bit more about what it is that you're doing, what are your interests and being able to guide people to those particular interests.  Product development, using your data to be able to guide and finesse your products, we're certainly seeing a lot of that and traditionally have always seen a lot of that in the oil and gas industry where they use oil well data to be able to finesse and hone their drilling and things like that.  And then also targeting in terms of being able to identify who the most profitable client base are, sort of supermarkets looking through trends of who is buying what, what type of products are being bought in particular locations, and these are vast, vast databases of information which are being analysed by super, super powerful algorithms and machines to be able to analyse and produce this kind of analysis.  Some interesting sides to that, I'll come back to that.  

This is…as part of the European strategy on the single market digital economy, we are basically forecasting that the data economy value is going to increase to 2020 where it is worth €739 billion, and how do they get to that?  Well, the amount of data that is consumed is absolutely incredible.  At the moment we're talking about by 2025, the digital universe reaching 180 zetabites, that's for those not very good at maths, 180 followed by 21 zeros, and to put that into some context, that would take approximately 450 million years to pump it all through a typical broadband internet connection.  That is an absolutely huge amount of data and if I go back to my original slide about why is infrastructure hot and why are traditional infrastructure investors piling into that sector, the storage of that alone is going to massive, whether it be in the cloud, whether it be in physical data centres, that is why infrastructure investors are starting to look at that sector with a keen eye.  

Some of the stats on here are absolutely mindboggling.  90 per cent, and I don't know how they calculate this but this was part of the EU's analysis of the digital single market and in particular the data economy, it will say that 90 per cent of the world's data has been created in the last two years, and that is just again an extraordinary volume of data being created in a very short space of time, showing why and how this kind of exponential growth is anticipated.  

Let's just have a quick look at the opportunities themselves and how people are going about unlocking that value.  What has been interesting to note is there is quite a variance between the EBITDA of publicly traded businesses in this sector and what's actually happening in terms of acquisitions, so broadly speaking we are seeing quite high multiples of EBITDA for businesses that are publicly traded, somewhere between a range of 15 and 20 times EBITDA and EB to EBITDA basis, that's pretty staggering and very much above the kind of traditional benchmark.  Deals however tend to be priced towards more the kind of 10 to 15 EBITDA level.  Why might that be?  Tara is going to look at some of the legal risks around it and that will expose perhaps some of the issues people are wrestling with, but it could be related to the fundability of data, the Facebook WhatsApp merger, Facebook basically said look, we're going to keep the Facebook and WhatsApp data silo.  It hasn't actually happened that way and they've had their hand slapped apparently, but ultimately there is difficulty, perceived difficulty, in how you can blend that acquired data together.  There's a sort of licensing in the kind of contractual sense of licensing, how can you be comfortable that you have got the right user data that you've got coming in, what is it that you're actually licensing out, and also regulatory issues, I mean the internet is awash of stories of data hacking and things of that nature.  Very well publicised that Verizon managed to chip about $400,000 million off the price of Yahoo in relation to its acquisition on the basis of historic data breaches.  

What are we seeing in terms of trends, in terms of how things are being structured?  As I've said, the deals I showed earlier were very much a selection of the really high profile mega public deals.  We are seeing a lot of collaboration, people JV-ing with the tech superstars, and that means that you need to incentivise these guys, how do you go about doing that?  Just giving them a big lump of cash at the outset means that you will likely lose the people that really understand the business relatively quickly in the sense that they don't need to work anymore.  So we're seeing a lot of deals being structured with earn-outs, with very much staggered consideration payments or incentivisations through employment contracts and additional shares with the idea that you take a very small nascent business with a great idea and build it to create a greater scale.  And I said we are also seeing a huge amount of co-investment and JVs going on around this area, and I said only yesterday signed a deal with a FTSE 250 company.  Effectively to create a digital data strategy for them, an offering that they haven't necessarily had before, very much focussed on – and this is an estate agency chain – so very much focussed on bricks and mortar, estate agency shops, not so much on the data strategy and recognising that is a gap in their offering.  

So that's kind of a bit of a rattle through some of the market themes that we're seeing at the moment.  

I'm just going to hand over to Tara to go through some of the key legal risks and issues to be focussed on when doing deals in this sector.  

Tara Waters (TW): Thanks, welcome everyone.  So in terms of doing an M&A transaction and then actually specifically a data focussed M&A transaction, I think as a general principle, the usual concerns apply.  You want to make sure what you are acquiring is what you think it is, has the value that it has and if it has any issues you want to be able to chip at that value a bit in terms of making sure you're getting the right return, and then you want to be able to integrate that acquisition into your business and start making money off of it.  But with data there are specific concerns because it's quite an intangible thing and especially I think in a borderless economy, you have to think a lot more globally in terms of all the various regulatory regimes that are going to apply and how they impact your ability to actually extract the value out of the asset that you're acquiring, and in particular because regulatory regimes right now are not aligned, so you do need to very much think about what are you acquiring and what is the data strategy, and also then what is your data strategy going to be going forward once that target is part of your business.  And in terms of a data strategy, you really want your target and then going forward you to be looking at it from a holistic perspective so it's not just about regulation, you do need to be thinking about competition which we will talk about today, also tax, IP, employment, for certain sectors there's very specific concerns, for example in the healthcare sector, collecting is subject to very specific regimes in different jurisdictions so you need to be thinking about all these issues and looking at whether the target is thinking about all of those issues.  And then looking at where is this data coming from, how is it being stored, is it encrypted, is it unencrypted, how is it being transmitted to other parties within your group and outside of your group, are there arrangements governing the usage and the rights that people have in terms of that data, and what is your ability in your restrictions in terms of using that data going forward.  Can you merge that data into your data or do you need to keep them siloed, is it going to be fit for purpose in terms of future proofing, what happens when regulations change and suddenly you don't have the consents you thought you had to use the data in the way you wanted to.  So there's a lot of questions you need to ask and so it's really important when you're looking at a potential acquisition to really dive deep on the data points.  Of course for those of you that are involved in M&A transactions, a lot of the timescales are quite compressed, things like data and data protection issues can fall away and it's really important that you don't let those issues fall away and that you do take a very big risk approach in looking at things, and sometimes this may mean bringing in specialists, cyber security specialists, forensic IT analysts, who can really come in and look at assets and data pools and help you identify where the key issues are and where the key risks are.  

One of the major focuses for acquisition is going to be whether the data you're acquiring is going to be fit for purpose and do you have the rights to do that, so you want to make sure that in an ideal scenario your target has data sharing agreements in place that clearly delineate what the rights are, and then you're going to look forward and say okay well, do these agreements work going forward, do I need new agreements going forward and then also thinking a little bit about the costs in terms of making sure that your ability to use that data, store that data and stay compliant in terms of regulatory regimes, you need to look at all of the costs of that and how that factors into the overall value of what you're looking to do.  What you don't want to have happen is you acquire the data, you haven't looked under the right rocks and suddenly you find that you've got this tremendous pool of data that was wonderful for the target in what it was doing but is simply not fit for purpose for what you want to do with it and that's, for example, you can't actually merge that data in with your data, you were looking at them together thinking, oh look at these great synergies I'm going to get when I integrate all of this information, and suddenly when you actually look at the agreement and the consents you've got from the people that you've collected the data from and you realise that you can't actually merge the data together, you can't link them together and you can't actually benefit from the synergies and if you're a business, you're going to want to integrate that acquisition quite quickly and you're going to want to start getting value for your shareholders and for your business and so there is a time constraint in terms of how quickly are you going to be able to do that and if after you complete your acquisition it turns out you actually can't integrate that business in the way you wanted to, you are certainly not going to extract the value that you thought you were going to get.  

Now, we had a session yesterday on cyber security but obviously in terms of looking at the risks in an M&A transaction, it's really key to understand what's in place in the target in terms of their systems and control processes and how they are using and storing the data, and that's looking at not only how it's stored, but also looking at the surrounding IT systems and infrastructure that's around it, so there are various levels of due diligence that you're going to need to be doing in strata-testing and knowing that the target is strata-testing their environment and whether there's been any breaches and if there's been breaches, how has the target actually dealt with them because that will tell you a little bit more about the history of their compliance and the potential for you to inherit the risks that they have done something in a non-compliant way or there's been breaches in the past and then you inherit that risk going forward, much in the way I think…thinking about data sometimes if you think a little bit about how environmental risks are dealt with, it's often founded as a complete unknown quantity, you can't quantify it, therefore you can't get a lot of specific indemnities against that risk from the buyer, the buyer simply washes their hands and you inherit all the risk from something that happened in the past, and what you don't want to have to do is be responsible for someone's past bad behaviour.  So it's certainly something that you need to look at and in particular where you might want to bring in some of these experts who can take a very forensic look at what the target's systems are, how they are operating and be able to flag to you where the risks are.  

And then of course, if there are potential issues in terms of compliance with regulation in terms of their systems not being sort of up to snuff, then you can think about from an M&A context, okay, well do I need conditions?  Let's say they need to do x, y and z in order for me to complete because you want to make sure that they've actually implemented certain things.  Do you want covenants that, for example, if you have a split exchange and completion, covenants that they are moving towards a complaint system so that you know on completion you are getting something that's much more compliant, if not fully compliant, and that they have made improvements in the system that you identified needed to be made in your due diligence process.  And again, all of that takes time, it takes money and if you're in a compressed timetable you will probably get a lot of pressure to actually not dig that deep in terms of bringing in the third party experts but frankly if you do it after completion, you might find out it's just too late and actually what you've acquired suddenly can't be used in the way you wanted to use it.  

And I think as a general rule future proofing with data and other new technologies is something that's quite a difficult thing to figure out because we just don't know what's going to happen, regulations are changing and they are not aligned in all the various jurisdictions and sometimes things can go wrong, so what happens if in the worst case scenario you've acquired some data assets, you've completed your deal, you've done the due diligence you thought you could do but at the end of the day you look under a rock after you've completed and you realise, oh I can't actually use this, I don't have the right consents to use this, or what I want to do going forward actually isn't going to work.  And what if I have to delete the data, what if I'm under obligations to return the data under certain agreements and under data sharing agreements or other agreements, how do you actually do that in this new digital age?  Is it possible to do that?  I think for example, if you're using data in an AI system where you're getting data in, it's teaching the system how to understand and process information and extract information for you, and suddenly you think out you can't use that data, I didn't have the consent to process the data in that way, what do you do?  How do you unlearn?  How does an AI machine unlearn the data that it's using?  That's a good question.  Thinking about things like block chain, if you know anything about it, one of the key features that people hop on is that the block chain is immutable, i.e. once the information and data is stored in the block chain ledger it can't be erased, it can't be tampered with, and while that seems great in terms of data security, how do you deal with things like right to delete, right to forget?  What if you need to return that data to somebody, how do you extract that out of a system like that?  At present, people are grappling with those types of issues and new technologies and genuinely trying to crystal ball gaze and understand what might somebody ask me to do with this data and how can I build in the flexibility in my new platforms and systems to deal with those future requirements that I am not even anticipating at this moment.  And I think in the medium term we might start to see these issues arise and hopefully technological advances will come about that will enable us to actually change the block chain or be able to edit certain things or delete certain things but I think it's a question that we don't necessarily know the answer to.  

I think as a general matter, how do you actually integrate…what happens post-closing?  How do you actually integrate that data?  You might want to think about transitional services because maybe the target has certain data sharing arrangements with other third parties that need assistance in terms of migrating data that is stored on one system to another system that is well within your network, and so we need to think a little bit about, okay, what types of transitional services do I need to put in place, what new agreements do I need to put in place, how do I terminate the existing agreements, those are all things that you need to look at and there might be other types of ancillary documentation that you want to get in place and again it's a question of do those things get in place for completion?  Or do those things move to the post completion world?  So you shouldn't underestimate the challenges I think of dealing with data in an M&A context because you do want to be able to deliver value and results once you complete that acquisition.  

One other thing just to touch upon obviously in terms of data is a lot of people get very excited about the storage and use of personal data, it has a special status amongst most data protection regulations and in general people try to avoid having personal data because of that, so you want to look at anonymising your data when you've got big data sets, personal individual data sometimes isn't really of value, sometimes it's the really large groups of data but on an anonymised basis and so you do need to think a little bit about, okay can I move the personal information question from my list of issues by making sure you are maintaining anonymised data.  But however you shouldn't get too focussed on it but it should be mentioned that in a way, personal information can sometimes be a bit of a poison pill in an M&A context because if the target you're acquiring and the asset have a lot of personal data, you might just have your hands tied in terms of what you're going to be able to do with that data.  So it's certainly something to think about but not something that you want to always focus on if it's not at the core of what you're looking to do.  

And I'll hand over to Nigel.  

Nigel Parr (NP): Thank you very much Tara.  Given that we're such a small group I thought I might sit here if that's ok and just change the slides from where I am.  Rob mentioned that I'm going to talk about merger control and the way the competition authorities are trying to get to grips with what we are loosely calling "big data" and I'm certainly going to look at that. But first I'm just going to make a general observation about what merger control authorities are trying to do.  Generally they are trying to get to the right answer, they are trying to avoid what are known as "false positives" so they don't want to reach a conclusion that a merger is problematic if it's not a false negative, but something isn't problematic if it is.  And a lot of the time they are looking into the future, they're trying to figure out what's going to happen and generally also they are risk averse, they will generally err on the side of caution.  So against a background of those general observations I am going to look at what is big data?  How does that fit into that rubric of what merger control authorities are trying to do.  I'm going to touch on jurisdictions, so which merger can they look at because this has proven to be quite a significant issue for these transactions.  I'm then going to look at assessment, how are they trying to assess these types of mergers, then I'm going to look at remedies because most remedies in merger situations where there's a problem has been divestment and they don't like or traditionally there has been an aversion against behavioural remedies, so a conduct remedy to do or not to do something, and that methodology might not work in the context of data mergers.  I'm then going to look at government intervention.  You might say, well why is he talking about government intervention and I'll come to that, and broadly there is now a trend for governments to intervene more in mergers on non-competition grounds, could big data be one of those areas, and then I'm going to look at the risk of intervention by agencies post-merger, so the merger is completing if you've got a clearance but they might come after you under other legislation if there are competition concerns.  

So very briefly what is big data.  It's generally described in terms of the four v's.  It's high volume, as Rob has said, the sheer volume of big data is immense and I won't go through the numbers that Rob's already given you.  Variety, the second v, so volume, variety, and here I think are the big distinctions between traditional structured data, sort of stuff that the banks have on me, you know, my bank account details, my balances, my transactions, and unstructured data, Twitter feeds, audio files, web pages, images, my choice of music on Shazam for example, which I'll come to in a moment because that's raising some quite interesting issues, the Apple/Shazam deal.  

RA: What just your choice of music or actual competition !?

NP: Well probably both! [Laughter]. Velocity, and this is essentially the speed at which data has been generated, so things are moving very rapidly and when things move very rapidly, competition regulators get a bit nervous because they are trying to look at the future and predict what is going to happen and therefore what interventions are required.  And value, you know, there's a lot of value in data that isn't often translated into high turnover particularly for start-ups or companies in early stage, and that's raising concerns as well.  And some of these…I've tried to pull together on this slide some of these issues and some of the comments that the competition authorities are making, the European Commission and Margrethe Vestager has said "We don't just assume that holding a large amount of data lets you stop others competing", so that's a reference to Article 102, if you've got data, refusal to provide that data could in fact be abusive in certain circumstances. There's a very long history of that, it all goes back to the McGill case where you may remember in the 80s TV disputes, refusal to licence TV listings helped show abuse of dominant position. That case law is being looked at again in the light of what we're now seeing, but it's also…if you expressly refer to data and mergers, it could be an important factor in how a merger effects competition, and Andrea Coscelli who is the chief executive of the CMA has been much more explicit and he's said very recently at a conference that the CMA has generally been cautious about intervening in mergers, so you know, they don't want to intervene unless they have concluded that that is the right approach to take, they are concerned about false positives.  But they are worried about missing the acquisition of start-ups and innovators by established players, and he particularly called out the acquisition of Instagram by Facebook which was cleared unconditionally by the Commission as being one of those transactions that perhaps they should have looked at much more carefully and he is saying that he is getting comments from industry analysts and investors to the effect that the competition authorities are behind the curve, that their tools are not up to scratch in terms of investing and investigating.  Investing I refer to that because the CMA are now sitting on a data unit, they realise that generally agencies are staffed full of lawyers, they've got economists who have got typically a masters in industrial economics, and they've got sort of officials and case handlers.  CMA does have in certain areas specialist people, they've always found a few forensic folk when you're doing a dawn raid you can actually go and interrogate people's computer systems, they've got retired policeman who are very good at interviewing and are very good at criminal cartel offence, but they are now creating a specific data unit and they are recruiting people at the moment, they want it to go live at the summer and it's all aimed at understanding both in behavioural terms under 101 and 102 but also mergers and how they should be assessing transactions and conduct.  I've just flagged some of the transactions across the top and I'll be coming back to those in a moment.  

So looking at jurisdiction, generally jurisdiction throughout the world is more or less based on turnover and broadly the EUNL model has been applied.  You look at some of the worldwide aggregate turnover and then you look at the turnover of the target and/or the bidder in the member state.  So in Brussels you've got two thresholds, five billion worldwide aggregate, 250 million, at least two in the EU, lower threshold 2.5 billion, at least 100 million in three member states.  The UK, 70 million turnover of the target or creational enhancement of the market share in excess of 25 per cent.  Now the problem is it's becoming pretty clear that those thresholds are missing some very important transactions.  There's been a big debate as to whether merger control should introduce a value of transaction threshold, and the European Commission has consulted on that.  Generally, responses were negative on the basis that the system is working at the moment and there is a degree of flexibility in the system – which I'll come on to in a minute – which means you are not missing things, so the real issue is are we missing potentially anti-competitive mergers because they fall below the thresholds.  Now there are two countries, Germany and Austria, who have adopted a value of transaction test in addition to their merger turnover threshold tests and Germany has gone for a threshold of €400 million and Austria for €200 million, and a good example is the current proposed acquisition of Shazam by Apple, so Shazam's turnover is…can anyone guess what Shazam's turnover might be?  £40 million, so below all EU turnovers, it's even below the UK turnover of £70 million, so here is a merger that potentially could go without being looked at and there are potential concerns in relation to Apple acquiring Shazam, not least because of the merger of two very large musical databases, sort of point that Rob and Tara have  been talking about, but also because of potential vertical concerns because when you go on Shazam, you identify a tune, you get an option to buy on iTunes or Spotify.  Now if Apple acquires Shazam, is there going to be foreclosure of Spotify, is foreclosure going to lose an important route to market.  That's a traditional vertical concern, vertical foreclosure, so the vertical relationship between Apple and Shazam and as a possible risk of exclusion of a competitor to Apple.  

Interestingly it was notified in Austria, because the transactions value is £300 million, even though the turnover is only £40 million, and there is something under EU merger regulation called Article 22, it's been there since the very beginning in 1989, and originally it was known as the Greek or Dutch clause, and it was known as the Greek or Dutch clause because at the time, police in Holland did not have merger control, so it was put in there for member states to refer up to the Commission a merger that fell below the EU thresholds which they could not look at under national law because they did not have measure control law, but very interestingly the wording in Article 22 does not say those states that do not have merger control can make a reference up because now every single member state has merger control, even Jersey has merger control, and interestingly they've intervened in the Kraft/Cadbury merger, they sent a request for information and demanded their merger fee, so I think there are 127 merger jurisdictions in global merger control.  Every EU member state pretty much has now got it.  The interesting thing is, what that means is that under Article 22, a member state can request that the Commission take jurisdiction in relation to a merger so Austria made the reference, and then France, Iceland, Italy, Norway, Spain and Sweden all piled in behind and said, yes, we are also referring it up to you, even though they've got merger control but it wasn't satisfying their jurisdiction requirements.  Interestingly, the CMA and the OFT before it has always said that as regards the UK's policy under Article 22, they will not make a reference to the Commission where they do not have jurisdiction under UK merger control.  So in the UK, if there's a transaction which falls below £70 million and the 25 per cent threshold, the CMA have got a statement saying, I think in their guidance, we will not seek to make a reference up.  I query whether they might want to change that in light of these transactions because CMA cannot look at a merger that falls below the thresholds it would be subject to judicial review.  

Now data itself can have very pro-competitive effects, and I've just listed some of those.  It can materially reduce search costs, it can lead to increased switching, I mean, you know, when you're trying to buy something, where do you go, you just go onto the internet, you might go straight to Amazon, if you've got any sense you might go to Google and see if anybody else is selling it as well.  And that reduces barriers to entry.  Companies that can't engage in much advertising, that don't have a shop front on the high street, they've just got a warehouse somewhere, they can now compete with all these established players, so it's really pro-competitive, reduced barriers to entry, create new markets altogether, we are seeing new markets created, digital markets coming along all the time, and new channels for expansion.  So there's a lot of pro-competitive elements coming out of big data.  The problem is, when you get those pro-competitive developments, you often get a risk of competition being reduced in some way.  Mergers are in many ways the classic way of reducing competition.  We are all aware that cartels are banned and you can go in many countries, you can go to jail for a cartel, and the irony is…let's assume you've got two hairdressers in Sevenoaks where I live, and they've got five per cent market share of the Sevenoaks' hairdressing market, and they enter into a price fixing cartel, they could go to jail and be fined lots of money.  If they were to merge, that's a complete elimination of competition, they would most certainly be cleared.  But it's one of the great ironies of competition law that mergers generally are not presumed to be harmful and most mergers get cleared, whereas if you have a cartel, there's no de minimis, you can go to jail for five years.  So mergers can be anti-competitive obviously hence the focus of merger authorities.  

So what are the issues they are looking at?  Traditionally…I'll start at number two, mergers have been assessed generally in western democratic states, by reference to a rubric known as PQRS.  What does that stand for?  Price quality range of service.  And in very blunt terms, the question that we were always concerned about when we looked at a merger, is the price going to go up.  So if you've got two…I'm doing lots of classic mergers, I mean, let's take Morrisons/Waitrose where PQRS…Morrisons/Safeway rather, when that merger was being looked at in phase two, all of the other big supermarkets went to try and bid for Safeway as well, numbers were blocked, Morrisons was permitted to proceed and they applied PQRS, will the price of retail goods go up?  Will the quality of service in supermarkets go down?  Will they reduce the number of people on the check out?  Will you queue longer?  Will shelves not be filled up as much because there's no longer that competitor down the road that people would have gone to.  The range of products, is that actually going to be reduced, and service levels, are they going to be reduced?  It might be post sale warranties for example, all of these parameters of competition have been looked at in relation to merger assessment.  Big debate in relation to data mergers is that rubric actually going to work when a lot of products are free.  There is no price.  You know it's quality.  When Facebook makes an acquisition it's the quality of the target.  You know it's WhatsApp.  Is the quality of WhatsApp going to go down?  I mean surely it just works doesn't it?  It's not really a high quality experience or a low quality experience.  It just is what it is. 

But there's an issue that's coming down the track which is innovation and so we might see P2RSI and innovation is now really a big debating point in relation to merger control and it comes out perversely enough not out of a data merge but out of the Dow DuPont Pesticides merger and the real issue there was innovation pools between the two companies and rather unfortunately they wrote in their internal documents as one of the justifications for the merger.  They were going to sack a whole bunch of PhD research scientists.  So there was going to be an immediate impact post-merger on innovation in the pesticides market and that was identified as an adverse effect of the transaction.  Now a lot of what we're seeing in this sector is all about innovation.  It's the next big thing.  It is leapfrogging competition that you're seeing.  Constantly the new start up unicorn's going to come along.  It's going to leapfrog what is here.  That's going to become old technology and new technology will become popular and then it will begin to generate these network effects which are very powerful.  So the more users you have the more data you have the better your product is.  The more use it attracts.  You've then got the risk of foreclosure.  Others can't get access to that data.  Foreclosure in a more traditional way as I mentioned in relation to Apple and Shazam and personalised products.  More personalised products.  One of the difficulties in competition is always price discrimination.  If you're dominant it can be an abuse in certain circumstances.  It can be abuse to charge different prices to equivalent customers on equivalent transactions if you cause a competitive disadvantage.  But price discrimination is rife.  We all pay different for just about everything.  But with data it becomes really practical to discriminate very significantly.  I had a personal experience the other day when my house and contents insurance was up.  On the 27th February I had a renewal notice saying "last year it was £504 this year it's only going up to £540".  I phone up on the 27th with about six hours to go and they say the price has gone up to £770 and I say "well that's outrageous, why has it gone up?"  "Oh well our prices are constantly being reviewed by the computer" and I said "I think you've got an algorithm there which realises that I've been a loyal customer.  I've been there for about 10 years.  That I've always renewed in the past.  That I've only got six hours to find an alternative and you're trying to rip me off" and they said "Oh no it's just the way the computer works" and I said "I'm not paying it".  I went on to MoneySupermarket.  I got Axa.  Much better cover for £400. 

Now I'm a bit of an inert customer but I've learnt my lesson.  So that is a really good example of personalised price discrimination.  An additional issue to add to the assessment criteria is what about privacy concerns.  What about data protection?  Is that in itself an issue that merger control authorities should look at.  So if the bidder has got an appalling record on data protection and privacy and the target's got a good record and they're worried that in fact the targets going to be ruined if you like.  So the reverse issue of what Tara was discussing.  Is that something they should take into account.  What the Commission said in Facebook, WhatsApp is no, that is outside the scope of merger control law but it is obviously very important and there will be enforcement measures available under other legal implements to make sure that standards are maintained.  A slightly different approach in Microsoft LinkedIn whereby the Commission said yes that is right in principle but it may well be that that becomes a quality issue.  So you remember I referred a moment ago PQRS.  If one of the, if the bidder is not good at maintaining privacy, protecting data, it may well be that the quality of the user experience and the product post-transition is going to be reduced and that then is a merger concern.  You can see that these issues are being grappled with on a case-by-case basis.  In Germany at the moment the Bundeskartellamt is carrying out a 102 dominance investigation to Facebook where the alleged abuse is breach of privacy rules.  Now that takes on a whole new complexion. Where it's a serious infringement.  You can be fined a lot of money under 102 by the Commission and National Authorities for abuse of dominance.  Typically it's things like pricing, foreclosure, discriminative pricing all of those things but privacy breaches and poor quality of privacy – is that grounds for an abuse?  And you could end up getting referred to the European Court for judgment.  So that's the assessment.  Those are the issues I think that are coming down the track on merger.  What about remedies?  I mentioned at the beginning that typically structural remedies are preferred.  The so-called clean break. 

So if there is an overlap and its problematic there is a risk of market power being created.  Regulators do not like anything along the lines of don't worry we'll give you an undertaking not to increase our prices above RPI or we'll grant a trademark licence to somebody else so they can start up and complete with us.  Or we'll grant a sub-contracting arrangements with somebody so they can put an additional source into the market.  Very rarely those types of arrangements are accepted but the general proposition, it's all in the merger guidelines, is we don't like that.  Not least because they're uncertain.  They require monitoring so that the things called monitoring trustees that agencies put in place to look at those types of remedies they are costly for the agency and they'd rather have a structural remedy and a clean break.  When you're looking at data however, query whether structural remedies can be agreed or whether the whole transaction is going to be a problem.  I mean you know from a merge control perspective the nightmare scenario as an adviser is there's nothing you can sell off.  The whole transaction itself could be problematic and then you're facing a prohibition order.  The prohibition of the merger in itself.  So if we look at what's been going on so far, in Facebook WhatsApp there wasn't a remedy, a formal remedy but I think as Rob hinted there was a suggestion that the two data silos could not be integrated.  That was information given in 2014 by Facebook.  In 2016 post-merger, surprise surprise, they'd managed to integrate them.  The Commission then comes along and said you provided misleading information to us and fined them €110,000,000 for providing misleading information.  Even though the Commission had looked at that possibility as part of the merger and nevertheless concluded it wasn't going to be a problem.  Microsoft LinkedIn is interesting because there was a concern there that with Microsoft acquiring LinkedIn that there could be bundling of LinkedIn with the operating system or that could be a problem with others getting into operability with Office.  So commitments were given of a behavioural nature to make sure that those concerns didn't arise.  We've seen, albeit not in the context of mergers but in the context of market investigation in relation to retail banking, the open banking remedy, where the banks are obliged, the big nine banks in the UK are obliged to create APIs so that this new generation of intermediary so-called personal finance advisers will be able to transact with me the customer, saying "Look Nigel.  Give us authority and we will go via the API into your bank account, we will look at all your transaction history" and initially it's all about making sure that I get the best financial products. 

So I'll get a cheaper better current account. I might get a slightly higher rate of interest on my savings but personally I don't spend much money on those types of products but I spend a lot of money on broadband and energy and insurance.  So they can go in there and say "Nigel you're paying far too much for your energy" and what's more it won't just be why don't you switch to this company.  The expectation is that they'll do the switching for me.  So they will manage my affairs and they will go into my, they will get all of my transaction history and they will conduct transactions on my behalf ultimately.  Big liability as we were discussing with Mark earlier on.  These new entities will come along.  They're not going to be necessarily that big or well-funded. They might go bust.  They might have Talk Talk style data breach and what happens if my personal data is being hacked and it's being abused and I have a whole load of money taken out of my bank account and the person I gave permission to has gone.  Well a big debate going on about that at the moment and the risk is of course that they will turn to the banks because they're the people with the deep pockets.  Even though the banks were obliged to give access to that data.  Another issue is Frand.  Now Frand Licensing has been around for a very long time in relation to something called Standard Essential Patents.  So when you're standard setting you get a lot of patent holders come together, create the standard and effectively there's a licencing all-comers on more or less fair, reasonable and non-discriminatory terms.  In the Credit defaults case that Rod mentioned we did recently for market, that was a 101 case and effectively the remedy there was a Frand Licence in relation to finance indices.  First time it ever happened.  It raises all sorts of difficult questions as to what is Frand.  Frand is easy, relatively easy in relation to a patent to work out what the royalty rate is.  Much harder in relation to indices.  I've been told I'm running out of time. 

So I'm going to make two very quick points.  I mentioned at the beginning what is the risk of governments intervening under other laws in relation to mergers?  Now under the very old regime Fair Trading Act, that was a public interest test.  They could look at all sorts of things in addition to competition.  In 2002 we had the Enterprise Act.  It gave the CMA power to look at mergers and apply substantial lessening of competition test.  It reserved to minsters certain powers on polarity which we're now seeing with the Fox/Sky merger.  Financial security which we saw in relation to Lloyds HBOS and also national security and that's essentially been in relation to defence mergers.  Making sure that overseas companies don't acquire classified information.  Big debate about Hinkley Point about wanting to expand the concept of national security to cover critical infrastructure and there's now been a Queen's speech on the point and there is a green paper and the point is that national security is being very broadly interpreted.  If you look at the slide there you can see that here is a short term proposal and a long term proposal.  The short term proposal is going to be done imminently by statutory instrument.  They are effectively saying that they are going to reduce the merger thresholds to £1,000,000 from £70,000,000.  They're going to have an ability to intervene notionally on national security grounds but if any technology with military and dual use.  So any technology that could be used in military or elsewhere.  But the real issue and the one from left field is the focus on quantum based computing technology.  So any business that is engaged in hardware or software in relation to quantum computing is a candidate for government intervention.  Even if it's a tiny business.  Why are they fussed about quantum computing.  I'm sure Tara could explain it better than me but as I understand it these are very, very high speed computers and they are so high speed that all encryption will no longer work.  So everything that's encrypted will cease to be encrypted once quantum technology comes out.  The final point I'll make very briefly is they cleared the merger without remedies let's assume.  That's the end of it.  You can just get on and integrate the chief synergy – well the problem is that we've always had 102 which looks at abuse of dominance.  So you need, there's a presumption of dominance at 50% market share.  You start getting warm at around 35% market share.  British Airways 39% had to be dominant and there's a long history of looking at the refusal to licence data on the 102.  Going back to McGill the TV case.  IMS Pharmaceutical data in relation to market research toys. 

As I mentioned there's a German Facebook investigation.  But perhaps even more scary is what I said at the bottom there.  Beware of ending up like BAA.  Now you might remember BAA British Airports Authority, with a bit of a bidding war by Goldman Sachs and others to acquire BAA.  They got merger clearance and literally about five or six months later there was a market investigation reference and they were broken up.  So they had to sell Gatwick, Stansted and one of the Scottish airports.  So you think you're buying a nice big company but then the regulators come along for a second bite of the cherry late on and say we're going to break you up.  That was always a fear in relation to Lloyd's HBOS.  Lloyd's HBOS was waived through by Gordon Brown in relation to financial security because HBOS were going bust at the height of the credit crunch and the market reference in relation to retail banking.  You know there are questions like what, you know, it's open season.  We can break the banks up now.  We've got 80%, big four have got 80%.  Let's break the banks up.  They soon realised that actually nobody wants branches anymore because of big data.  When did any of us last go in a branch?  Branches if anything are a liability to banks because you're the last branch in town.  You're under a social obligation more or less to keep it open.  All these new entrants don't want that sort of overhead.  So the remedy there was a data remedy and it's now been rolled out.  Australia are looking very clearly at open banking and they're planning to introduce it as I understand it via primary legislation rather than complete investigation.  So that's it.  We're just past 10 o'clock.  Apologies for keeping you a couple of extra minutes but we're very pleased to take any questions that you've got.  

RA: I've just one point where Nigel referenced there in the competition sphere of Frand Licencing.  I think when I look at it, my more learned digital economy colleagues.  There is actually EU legislation being published and running at the moment which is going to look at the commercial data.  Actually making out an obligation in respect of some data set so EU is, as Nigel said, very alive with the whole possibility of having concentrations of data in the hands of particular persons and effectively trying to avoid that.  Because they did actually effectively turn down a kind of more focussed IPR right for ownership of data in the context of the digital single market and actually flicked it on its head and said actually we understand now that is a potentially dangerous position where people can actually say we own that particular data set outside the database, outside of trade secrets.  So then EU are priding themselves on their kind of privacy of the person and effectively trying to avoid people having this very concentration of databases.  That said, that's us.  If there are any questions feel free to email them.  We will of course respond to you.  Thank you very much for making the effort to come in.  Thank you we really appreciate it.  Thanks a lot.