Parent entities are typically shielded from liability for the actions of their subsidiaries. In the E.U., however, the competition law and the General Data Protection Regulation (GDPR) leverage the concept of an “undertaking” to significantly lower the threshold for holding parents liable. The European Commission has taken advantage of this in the past to levy fines against private equity (PE) sponsors for antitrust violations committed by their portfolio companies, and this risk could be amplified significantly if the competent data protection authorities pursue the same tact with GDPR violations by portfolio companies. This first article in a three-part series describes the increased risk of parental liability under the E.U. competition law and the GDPR, as well as certain ramifications PE sponsors could face. The second article
will explain the rebuttable presumption that a parent sponsor exerts decisive influence over the commercial policy of its subsidiary, along with common misconceptions shared by PE sponsors and other parents about ways to mitigate this risk. The final article
will prescribe measures PE sponsors can adopt before and after acquiring a portfolio company to mitigate the risk of E.U. parental liability. For more on previous antitrust claims in the PE industry, see “Federal Antitrust Suit Against Ten Prominent Private Equity Firms Based on Allegations of ‘Club Etiquette’ Not to Jump Announced Deals Survives Summary Judgment Motion
” (Apr. 11, 2013).