Good morning. A colleague once received an unexpected note from Turkish counsel. A polite reminder that their merger regime sat outside the EU and might still catch a deal a client had in the works. Cue a quickly redrafted approvals table with a lot less green.
Netflix seems about $6bn confident they won’t suffer a similar fate, as you’ll see in this week’s top story.
For those of us not closing industry-defining M&A, a couple of quick wins on cart abandonment and cookies. Now back to my own abandoned carts of Christmas shopping.
BRIEFING ROOM
Netflix does a blockbuster
Photo by Dima Solomin on Unsplash
In a move to inspire young upstarts everywhere, a 28 year-old former DVD-by-post service announced plans to buy a 102 year old industry giant.
Amid the detail of the $83bn valuation is a striking detail: a $5.8bn penalty payable by Netflix if the deal fails regulatory scrutiny.
That scrutiny kicked in faster than your next binge-watch autoplaying. President Trump said “it could be a problem” and he’d “be involved in that decision”, and the Writers Guild of America said it represents “what antitrust laws were designed to prevent”. (The Writer’s Guild of Great Britain was more British, noting “it is only right that the deal faces regulatory scrutiny”.)
Then Paramount hit play on a $108bn hostile bid, pitched directly to shareholders, stressing their belief that their offer stands a better chance in front of regulators. When rival bidders are competing on regulatory credibility, you know where the centre of gravity now sits.
The front-and-centre focus on antitrust approvals demonstrates that regulatory approvals are no longer a tidying exercise. This is a real area of uncertainty with risk-allocation provisions to match. The regulatory reception is as much part of the offer mechanics as the price. Netflix expects a 12–18 month review across Washington, Brussels, London, and assorted national authorities, each demanding a coherent, data-driven theory of harm.
In 2025, the winning bid is often the one regulators are least likely to kill. Your influence is upstream.
RISK RADAR
🇫🇷 Unexpected cookies. CNIL fined Condé Nast €750k for dropping cookies before users set their preferences. The ICO also audited compliance amongst the UK’s top 1,000 websites, finding 95% compliant. The ICO followed-up directly with the remainder, at first collaboratively and then with enforcement notices.
Why it matters: an easy example to show product teams. A quick cookie audit this week is cheaper than a regulator-led one later.
🇪🇺 X pressed for transparency. The European Commission issued its first Digital Services Act fine, for failings by Elon Musk’s X. It challenged X’s blue-check mark system as “deceptive” (it relates to premium subscription status, not identity verification), as well as X’s “excessive delays” in its ad repositories and failures to provide researchers access to public data. Though the €120m fine is lower than expected, Musk still reacted by calling for the EU to be “abolished”.
Why it matters: X may be the target, but the DSA’s reach is wider. Any platform with EU users should assume the transparency bar has just moved up a notch.
🇬🇧 Online Safety Act enforcement step-up. Ofcom continued its public enforcement push around the OSA, fining one Belize-based adult website £1m for failing to implement robust age verification, plus £50k for failing to respond to RFIs.
Why it matters: Ofcom is openly flexing its new powers and will escalate if ignored. The OSA will not be a “slow burn” regime. Silence can be a liability. Take time to understand the OSA’s layered application as remaining provisions come into force.
EXPLAINER OF THE WEEK
Did you forget something? Abandoned cart reminders
Canva AI
Somewhere between a qualified lead and a live customer sits the abandoned cart: the user who has placed items in their e-commerce basket but not completed checkout.
Sending a nudge email can recover meaningful revenue, but it can also erode trust. The legal basis is narrower than many product teams assume.
Usually consent has not been given for abandoned cart reminders. The “soft opt-in” exception allowing for email marketing without specific consent only applies to existing customers.
Businesses could still explore sending a factual reminder (“you left items in your basket”) on the basis of legitimate interests. Alongside a legitimate interests assessment, remember the following watch-outs:
✅ Only explore this if the email was collected as part of starting the checkout, not if it’s been matched from elsewhere, not least to avoid the creepiness factor.
✅ Send the reminder soon or not at all - 48 hours or less is common.
✅ Avoid “while you're here” promotional cross-selling, which might need consent.
✅ Remember your opt-outs.
Abandoned cart reminders aren’t a growth channel, but a well-timed and careful reminder notification could catch some genuine revenue.
POLL OF THE WEEK
How firm are your Legal team's KPIs?
FROM THE SIDEBAR
🎓 Here’s what you can do with a BA in English… researchers have found that “adversarial poetry” can trick top AI models into generating dangerous content.
👩💻 One for the certification stack - you can now become an accredited legal technologist
🤖 Mischon replaces application forms with a chatbot.
Enjoying Profiles in Legal?
Our readers are curious, commercially sharp and allergic to legalese. If that’s you - welcome.
💬 Forward to a fellow innovator in Legal
Too much legal content is dull, jargon-filled or humblebrag. We’re changing that - and building a sharper legal community in the process.
🪃 Reply to this email with what you think we should cover
📣 Request to partner with us
© 2025 Profiles in Legal