Desperate companies will resort, if they can, to selling the detailed data they’ve meticulously collected about their users—whether it’s personally identifiable information, data about preferences, habits, and hobbies, or national-security files. That data, formerly walled-off and spoon-fed only to paying advertisers, would be attractive to both licit and criminal buyers. Easily searchable datasets could generate new innovations and investments—but it would be difficult to know who’s buying up sensitive datasets, and why.
If contracts and privacy policies prevent a floundering company from selling user data, there’s still another way to profit. Most privacy policies that promise not to sell user data include a caveat in case of bankruptcy or sale. In fact, a New York Times analysis of the top 100 websites in the U.S. last year found that 85 of them include clauses in their privacy policies like this one from Facebook:
If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.
This is the virtual equivalent of a beater getting hauled to the junkyard. If a Facebook-like social media company can’t legally sell off its data, then it may just sell itself in order to cut its losses. Among the post-crash rubble, the principal value that a potential buyer might see in snapping up the company is its data. It’s like an acquisition hire, but for a huge and detailed dataset.