Snapchat, which filed for its initial public offering today, sees potential risks to its business in cybersecurity and international regulation, particularly in China and the European Union.
Security breaches — and the privacy concerns that follow — have already caused problems for Snapchat, according to its filing. The document refers to a CEO impersonation scam that occurred last February, when an attacker posing as Evan Spiegel sent a phishing email to Snapchat’s payroll department and made off with employee data. Such an attack could happen again, compromising Snapchat’s reputation for data security, the filing notes. Snapchat also shares user data with advertisers, who could suffer their own breaches.
“Mobile malware, viruses, hacking and phishing attacks, spamming, and improper or illegal use of Snapchat could seriously harm our business and reputation,” the filing states, adding, these attacks “have occurred on our systems in the past, and may occur on our systems in the future.”
Although Snapchat’s most illicit content is often thought to be sexual, the filing indicates that the company is more concerned about terrorist content on its platform.
“Terror and other criminal groups may use our products to promote their goals and encourage users to engage in terror and other illegal activities. We expect that as more people use our products, these groups will increasingly seek to misuse our products,” the filing notes. “We may not be able to control or stop Snapchat from becoming the preferred application of use by these groups, which may become public knowledge and seriously harm our reputation or lead to lawsuits or attention from regulators.”
Snapchat has already had several run-ins with regulators. The Federal Trade Commission completed an investigation into the company in 2014 and issued an order requiring Snap to make sure that user data remains private. The order stretches over a 20 year span and mandates bi-annual independent privacy audits. The Attorney General of Maryland issued a similar 10-year order in 2014 that requires Snap to make annual compliance reports to the state.
As Snap looks to expand its user base into Europe and China, it faces problems with Brexit and China’s massive internet censorship campaign.
Brexit — the referendum for the United Kingdom to leave the European Union — is expected to have unforeseen impacts on Snap’s business. Snap had planned to base “a significant portion” of its international operations in the U.K., but that could change due to Brexit, the filing states. Snap has already licensed its intellectual property to a U.K.-based subsidiary, but says that there is “considerable uncertainty” about how Brexit could harm its business.
The company also sees potential roadblocks in E.U. legislation, including a revision of the European Union Data Protection Directive that is currently under consideration and the General Data Protection Regulation, which is slated to go into effect in May of next year. Both laws could require Snap to make adjustments to the ways it manages and stores data for E.U. users.
Snap is also eyeing expansion into China, the filing reveals, but faces challenges because its infrastructure is heavily reliant on Google. “Access to Google, which currently powers our infrastructure, is restricted in China, and we do not know if we will be able to enter the market in a manner acceptable to the Chinese government,” the filing states. “Foreign governments may censor Snapchat in their countries, restrict access to Snapchat from their countries entirely, or impose other restrictions that may affect their citizens’ ability to access Snapchat for an extended period of time or even indefinitely. If foreign governments think we are violating their laws, or for other reasons, they may seek to restrict access to Snapchat, which would give our competitors an opportunity to penetrate geographic markets that we cannot access.”