The push for data privacy is starting to manifest in interesting ways on Wall Street. In a recent pair of S1 disclosures ahead of their respective IPOs, Bumble (a dating service) and Playtika Holdings ( a mobile game developer) each company cites concerns about distribution and privacy as being material to their business.
Bumble for example plans to:
- Grow Users in existing markets
- Grow Users in new markets
- Make investment in Product Innovation, Machine learning and Data Science.
But as a risk to that plan they cite they cite:
Distribution and marketing of, and access to, our products depends, in significant part, on a variety of third-party publishers and platforms. If these third parties limit, prohibit or otherwise interfere with or change the terms of the distribution, use or marketing of our products in any material way, it could materially adversely affect our business, financial condition and results of operations.
https://www.sec.gov/Archives/edgar/data/1830043/000119312521009745/d20761ds1.htm
and
Access to our products depends on mobile app stores and other third parties such as data center service providers, as well as third party payment aggregators, computer systems, internet transit providers and other communications systems and service providers. If third parties such as the Apple App Store or Google Play Store adopt and enforce policies that limit, prohibit or eliminate our ability to distribute or update our applications through their stores, it could materially adversely affect our business, financial condition and results of operations.
https://www.sec.gov/Archives/edgar/data/1830043/000119312521009745/d20761ds1.htm
Playhikta has in their disclosure:
We rely on third-party platforms, such as the iOS App Store, Facebook, and Google Play Store, to distribute our games and collect revenues generated on such platforms and rely on third-party payment service providers to collect revenues generated on our own platforms.
Our games are primarily accessed and operated through Apple, Facebook and Google, which also serve as significant online distribution platforms for our games. Substantially all of the virtual items that we sell to paying players are purchased using the payment processing systems of these platforms and, for the nine months ended September 30, 2020, 80.1% of our revenues were generated through the iOS App Store, Facebook, and Google Play Store. Consequently, our expansion and prospects depend on our continued relationships with these providers, and any other emerging platform providers that are widely adopted by our target players. We are subject to the standard terms and conditions that these platform providers have for application developers, which govern the content, promotion, distribution, operation of games and other applications on their platforms, as well as the terms of the payment processing services provided by the platforms, and which the platform providers can change unilaterally on short or without notice
https://sec.report/Document/0001193125-21-003653/#d55817ds1a.htm
The above is particularly relevant as the social network Parler was removed from a number of services, including Google Play, the AppStore and Amazon Web Services over Terms of Service violations recently. Parler disputes the claims and has sued Amazon, which may ultimately matter little as the service is effectively making no money until they can secure new hosting.
Since in the United States, web hosting isn’t defined as a ‘common carrier’ by the Federal Communications Commission these platforms are within their right under Section 230 to curate their platforms, which means that like Parler, should violations be had, each company could in theory face similar removal effectively shutting off the reach and revenue of the respective market segment.
Phrased another way, their success as a business likely depends in great part to being able to do business with the respective distribution channels they are in.
On the privacy front Bumble cites these as risks
Our success depends, in part, on our ability to access, collect, and use personal data about our users and payers, and to comply with applicable data privacy laws.
https://www.sec.gov/Archives/edgar/data/1830043/000119312521009745/d20761ds1.htm
and goes on to acknowledge how quickly this area is changing
The varying and rapidly-evolving regulatory framework on privacy and data protection across jurisdictions could result in claims, changes to our business practices, monetary penalties, increased cost of operations, or declines in user growth or engagement, or otherwise harm our business.
https://www.sec.gov/Archives/edgar/data/1830043/000119312521009745/d20761ds1.htm
So they are aware and more importantly are letting investors know they are entering a line of business in which privacy concerns could have material impact to their ongoing operation.
The game maker cites similar concerns, since their business model depends largely on in game advertisements. it even calls out Apple’s AppStore changes directly.
We track certain performance metrics with internal and third-party tools and do not independently verify such metrics. Certain of our performance metrics are subject to inherent challenges in measurement, and real or perceived inaccuracies in such metrics may harm our reputation and adversely affect our business.
We track certain performance metrics, including the number of active and paying players of our games using a combination of internal and third-party analytics tools, including such tools provided by Apple, Facebook and Google. Our performance metrics tools have a number of limitations (including limitations placed on third-party tools, which are subject to change unilaterally by the relevant third parties) and our methodologies for tracking these metrics or access to these metrics may change over time, which could result in unexpected changes to our metrics, including the metrics we report. If the internal or external tools we use to track these metrics under-count or over-count performance or contain technical errors, the data we report may not be accurate, and we may not be able to detect such inaccuracies, particularly with respect to third-party analytics tools. In addition, limitations or errors with respect to how we measure data (or how third parties present that data to us) may affect our understanding of certain details of our business, which could affect our long-term strategies. We also may not have access to comparable quality data for games we acquire with respect to periods before integration, which may impact our ability to rely on such data. Furthermore, such limitations or errors could cause players, analysts or business partners to view our performance metrics as unreliable or inaccurate. If our performance metrics are not accurate representations of our business, player base or traffic levels, if we discover material inaccuracies in our metrics or if the metrics we rely on to track our performance do not provide an accurate measurement of our business or otherwise change, our reputation may be harmed and our business, prospects, financial condition and results of operations could be materially and adversely affected.
Our business depends on our ability to collect and use data to deliver relevant content and advertisements, and any limitation on the collection and use of this data could cause us to lose revenues.
When our players use our games, we may collect both personally identifiable and non-personally identifiable data about the player. Often we use some of this data to provide a better experience for the player by delivering relevant content and advertisements. Our players may decide not to allow us to collect some or all of this data or may limit our use of this data. Any limitation on our ability to collect data about players and game interactions would likely make it more difficult for us to deliver targeted content and advertisements to our players. Interruptions, failures or defects in our data collection, mining, analysis and storage systems, as well as privacy concerns and regulatory restrictions regarding the collection of data, could also limit our ability to aggregate and analyze player data. If that happens, we may not be able to successfully adapt to player preferences to improve and enhance our games, retain existing players and maintain the popularity of our games, which could cause our business, financial condition, or results of operations to suffer.
Additionally, Internet-connected devices and operating systems controlled by third parties increasingly contain features that allow device users to disable functionality that allows for the delivery of advertising on their devices, including through Apple’s Identifier for Advertising, or IDFA, or Google’s Advertising ID, or AAID, for Android devices. Device and browser manufacturers may include or expand these features as part of their standard device specifications. For example, when Apple announced that UDID, a standard device identifier used in some applications, was being superseded and would no longer be supported, application developers were required to update their apps to utilize alternative device identifiers such as universally unique identifier, or, more recently, IDFA, which simplifies the process for Apple users to opt out of behavioral targeting. If players elect to utilize the opt-out mechanisms in greater numbers, our ability to deliver effective advertisements would suffer, which could adversely affect our revenues from in-game advertising.
https://sec.report/Document/0001193125-21-003653/#d55817ds1a.htm
So they acknowledge that tools can rapidly without warning and this can cause flawed analysis which may lead to material impact to their business.
The reality is, these are not isolated examples. This is the new world we live in where distribution, data collection and privacy efforts increasingly play a role into how effective a company may be on a particular platform, or how accurate the analysis of the data they do collect may be in context of the overall operations, which ultimately may materially impact them and be reflected in a loss of revenue.
If you have a mobile app in the distribution stores (Google, Apple, Samsung, etc.) you may have one or more of these same risks in your current operating environment. It’s good to take time to reflect on that, and prepare plans for when things that may go wrong, do.