New and expanding proposals for laws and regulations regarding “Do Not Track” requirements that protect visitors’, members’ and users’ and right to choose whether or not to be tracked online may allow consumers to have greater control over the use of their information collected online, forbid the collection or use of such information, demand a business to comply with their choice to opt-out of such collection or use and place limits upon the disclosure of such information to third-party websites. Any such laws and regulations could have a significant impact on the operation of our advertising and data businesses. U.S. regulatory agencies have also placed an increased focus on online privacy matters and, in particular, on online advertising activities that utilize cookies or other tracking tools. Consumer and industry groups have expressed concerns about online data collection and use by companies, which has resulted in the release of various binding industry self-regulatory codes of conduct and best practice guidelines for online behavioral advertising (“OBA”) and similar activities. These codes of conduct and best practice guidelines govern, among other things, the ways in which companies can collect, use and disclose user information for OBA purposes, including how companies must give notice of these practices, and what choices companies must provide to consumers regarding these practices.
We may be required or otherwise choose to adopt “Do Not Track” mechanisms and abide by certain self-regulatory principles promulgated by the Digital Advertising Alliance and others for OBA and similar activities, which may impair our ability to use our existing tracking technologies, to collect and sell member and user behavioral data, and engage with other third parties. This could cause our net revenues to decline and adversely affect our operating results.
We endeavor to be in material compliance with all applicable laws, regulations and self-regulatory data privacy and protection regimes. However, as referenced above, these laws, regulations and self-regulatory regimes may be modified, and/or new laws may be enacted in the future, which could materially affect our business. Further, data protection authorities may interpret existing laws in new or conflicting ways. We may deploy new products and services from time to time, which may also require us to change our compliance practices. Any such developments (or developments stemming from the enactment or modification of other laws) or our failure to anticipate the application or interpretation of these laws accurately could create liability for us, result in adverse publicity, increase our future compliance costs, make our products and services less attractive to our members, users, visitors and customers, or cause us to change or limit our business practices and materially affect our business and operating results. Further, any failure or perceived failure on our part to comply with any relevant laws or regulations may subject us to significant civil, criminal or contractual liabilities.
The loss of personal, confidential, and/or proprietary information due to our cybersecurity systems or the systems of our customers, vendors, or partners being breached could cause us to incur significant legal and financial exposure and liability, and materially adversely affect our business, operating results and reputation.
We retain personal, confidential, and/or proprietary information relating to our members and users, employees, and customers in secure database servers. The industry in which we operate is prone to cyber-attacks by third parties seeking access to our data or the data we collect from our website visitors and members, or to disrupt our ability to provide service. The Legacy Businesses have experienced and we will likely experience cyber-attacks targeting our database servers and information systems. Cyber-attacks may involve viruses, malware, ransomware, distributed denial-of-service attacks, phishing or other forms of social engineering (predominantly spear phishing attacks), and other methods seeking to gain unlawful access. We may not be able to prevent unauthorized access to these secure database servers and information systems as a result of these third party actions, including intentional misconduct by criminal organizations and hackers or as a result of employee error, malfeasance or otherwise. A security breach could result in intentional malfunctions or loss or corruption of data, software, hardware or other computer equipment, the misappropriation of personal, confidential and/or proprietary information, disruptions in our service, and in the unauthorized access to the data of our customers or our data, including intellectual property, business opportunity, and other confidential business information. Additionally, third parties may attempt to fraudulently induce our employees, vendors, or customers into disclosing access credentials such as usernames, passwords or keys in order to gain access to our database servers and information systems.
Our online networks could also be affected by cyber-attacks, and we could inadvertently transmit viruses across our networks to our members, customers or other third parties. Cyber-attacks continue to evolve in sophistication and volume, and inherently may be difficult to detect for long periods of time. Although our Legacy Businesses developed systems and processes that are designed to protect their data and user data, to prevent data loss, to disable undesirable accounts and activities on their platforms, and to prevent or detect security breaches, we cannot assure that such measures will provide absolute security, and we may incur significant costs in protecting against or remediating cyber-attacks.
