OK, Microsoft has proposed acquiring Activision Blizzard for $68.7 billion. Now comes the parlor game of analyzing the ethics and compliance issues involved in this mammoth deal, and two arise right away: surviving regulatory scrutiny, and repairing Activision’s defective corporate culture.
We can begin with the regulatory scrutiny, because this deal captures so many current questions about antitrust and privacy.
First, the transaction will receive heavy antitrust scrutiny because it can’t not receive heavy scrutiny; the political pressures on the Biden Administration are too great. Everyone from Sen. Elizabeth Warren on the left to Sen. Tom Cotton on the right is complaining about tech companies amassing too much power. If the Federal Trade Commission and the Antitrust Division at the Justice Department simply rubber-stamped a deal like this, every one of those voices would howl as loud as they could, which is the last thing President Biden needs right now. The political imperative these days is to put any significant merger deal under the antitrust microscope.
Moreover, it’s clear that the Biden Administration wants a more muscular approach to antitrust review anyway. Lena Khan, chairman of the FTC, and Jonathan Kanter, assistant attorney general for the Antitrust Division, have spoken numerous times over the last year about their desire for a more modern approach to merger review. Kanter gave a speech about it just last week, citing “the advent of the digital economy” as driving that need for closer review. Well, this is their big chance.
Typically we would expect an antitrust review to result in either (a) structural changes, where the acquiring company agrees to divest other operations to preserve market competitiveness; or (b) procedural changes, where the company agrees to refrain from certain business activities in the name of market competition.
How to Address Antitrust Issues
If we consider structural changes, that raises the obvious question: exactly what part of its operations would Microsoft divest, and to whom?
I’m not sure an answer to that question exists. Microsoft’s operating segments are split into three nearly equal parts:
- Productivity and Business Processes, which is the core business of Microsoft Office software, LinkedIn, and Dynamics 365;
- Intelligent Cloud, which includes Azure, GitHub, SQLServer, and other high-growth lines of business;
- More Personal Computing, which includes the Windows operating system, the Bing search engine, and Microsoft’s gaming operations.
Which of those units would be a sensible divestiture? Windows and Microsoft Office are core elements of the company. Cloud computing is a high-growth sector that you’d be crazy to sell off. Gaming is the line of business Microsoft is looking to bolster with the Activision deal.
To my thinking, the only units Microsoft could possibly divest would be the Bing search engine or LinkedIn — except, divesting either unit leaves them prey to other acquisitive tech companies (for example, Google grabbing Bing, or Facebook grabbing LinkedIn) and we’re right back to the same antitrust concerns we started with. How does that do the FTC and the Justice Department any favors?
The much more plausible answer is that there is no divestiture or other structural reform that would usefully address the antitrust concerns Washington has these days. So regulators would need to consider procedural constraints such as an antitrust monitor and a consent decree governing how Microsoft manages Activision.
Into the Weeds of Monitoring
The idea of an antitrust monitor, plus one or more consent decrees curtailing how Microsoft puts Activision to use — that’s what legal, compliance, and privacy professionals should watch, because it’s the much more likely outcome. It’s also the scenario we’re most likely to see in other merger reviews in the future, especially in the tech sector.
The real issue here is the increasingly blurry line between “tech,” which we can define as hardware and software; and social media, which is much more about collecting and handling personal data. The more those lines blur, the more antitrust concerns become synonymous with privacy concerns — because people complaining about abusive market behavior are actually talking about tech companies giving preferential treatment, offering complementary products based on your previous buying history, and so forth. You can’t engage in such practices without exploiting the personal data you’ve acquired.
So what’s the proper resolution here? If regulators allow the merger to proceed but restrict how Microsoft uses the personal data of Activision’s gaming customers, how does that work? How does Microsoft provide assurance that it’s meeting its obligations? If the FTC requires an independent audit of privacy practices, how effective would that be?
The FTC already can require third-party assessments of a company’s data security and privacy efforts, and sometimes those assessments look pretty ridiculous. Exhibit A of this shortcoming is PwC, which had been auditing Facebook’s privacy program after Facebook’s first FTC settlement in 2012. PwC gave Facebook passing marks as recently as 2018, even as the company confessed to gigantic privacy failures that led to its second, $5 billion settlement in 2019.
Somehow the FTC and the Justice Department will need to craft the right blend of antitrust restrictions, and privacy restraint, and independent monitoring of how Microsoft lives up to the terms of whatever deal it reaches.
That’s the thing I want to see, because it will help legal, compliance, and privacy professionals understand how other proposed tech mergers will be handled in the future.
We should also remember that whatever happens here in the United States, the European Union could also impose restrictions that tie Microsoft into knots. What if U.S. authorities allow the deal to proceed, and then the EU (or specific member states within it) slaps restrictions on how Microsoft handles personal data of EU citizens? What if, say, Germany blocks Microsoft from moving personal data of German Activision customers beyond its borders?
My friend Jonathan Armstrong, expert and aficionado of all things EU and privacy, raised this scenario last week when we recorded an Everything Compliance podcast exploring the merger. Set your podcast app to give that episode a listen when it drops later this week.
All of this keeps bringing me back to one thought that just won’t leave my brain.
The simplest, most effective way for U.S. and EU regulators to address all their antitrust and privacy concerns here is not to allow the merger to proceed at all.
I’m not predicting a veto will happen. Plus, Microsoft has promised Activision a $3 billion fee if the merger doesn’t close. Clearly the company is confident it can get this deal done somehow — and if any big tech firm has the antitrust experience to handle U.S. regulators, it’s Microsoft. But nobody should assume this deal is a shoo-in. It may not happen.
Later this week: let’s say Microsoft does acquire Activision. How would an acquiring company then digest a merger target with such a dysfunctional corporate culture?