Eagle Alpha Legal Wrap - April 2023

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative  data space  over the past month.

a year ago   •   4 min read

By Dallán Ryan

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative  data space  over the past month.

US

The US government is moving forward with its plan to ban TikTok following last week's congressional hearing. However, there is currently a protest taking place against the proposed ban with Congresswoman Alexandria Ocasio-Cortez stating that it would be a violation of free speech. She said that the real concern should be the lack of regulation around data collection and privacy for all social media platforms: “The United States is one of the only developed nations in the world that has no significant data or privacy laws on the books”. It remains to be seen whether the TikTok hearing will result in a renewed bipartisan push for a federal privacy law. You can access the full article here.

The Consumer Financial Protection Bureau (CFPB) has launched an inquiry into the business practices of data brokers. The inquiry will examine how data brokers collect, sell, and use consumer data, and how this impacts consumers. The CFPB is particularly interested in learning more about how data brokers use algorithms and analytics to make decisions that affect consumers, and how this might result in unfair, discriminatory, or otherwise problematic outcomes. You can access the full article here.

A note from a March webinar with former Chief Data Scientist of App Annie (now data.ai) Paul Stolorz organized by FISD: Several learnings he noted from the case: 1) all collection and transformation of data should be documented; 2) provenance of data and restrictions of its use should be demonstrated; 3) policies must be in place that documents how any confidential data is treated; and 4) the documentation itself isn’t enough, there needs to be a clear auditing process demonstrating that the policies are being followed.
The SEC proposed new rules around data breach notifications with covered institutions to notify each affected individual whose personal data was accessed or used without authorization. The rules would also require companies to provide additional information about the breach, such as the nature of the data that was compromised and the steps the company is taking to mitigate the impact of the breach. The proposed changes would strengthen consumer data protections and create a minimum standard for breach notifications. You can access the full article here.

The International Association of Privacy Professionals (IAPP) published a report on privacy and consumer trust with merely 68% of respondents saying they are either somewhat or very concerned about their online privacy. Furthermore, the majority of consumers reported taking actions like deleting a phone app, opting out of sharing personal data or avoiding a particular website. You can access the full article here.

The Federal Communications Commission (FCC) adopted an aggregate-level approach for subscriber-level ACP data collection arguing that it would be burdensome for providers to obtain subscriber consent to the collection of additional specific data in light of privacy concerns. However, petitioners claim that the detailed data is needed to investigate complaints and to enforce compliance. You can access the full article here.

Iowa is about to implement a data privacy law and become the sixth state in the US to have a comprehensive privacy statute. The bill would apply to businesses that collect or process personal data of Iowa residents and that meet certain revenue or data processing thresholds. You can access the full article here. Virginia’s data privacy law went into effect in January 2023 and was modeled after the CCPA with consumers required to opt-in before processing sensitive information like precise geolocation data. You can access the full article here.

Europe

The EU Council announced that its member states have agreed on a common position on fair access to and use of data (data act). The agreement is part of the EU's broader efforts to create a common framework for the sharing and use of data across the region. “The data act will unlock the economic and societal potential of data and technologies in line with EU rules and values. It will contribute to creating a single market to allow data to flow freely within the EU and across sectors for the benefit of businesses, researchers, public administrations, and society at large”, said Erik Slottner, Swedish minister for public administration. You can access the full article here.

Twitter’s plan to charge academic researchers for accessing and analyzing its data will likely fall afoul of the EU’s new Digital Services Act. The new standards require the largest social networking platforms to provide free access to vetted researchers. "If Twitter makes access less accessible to researchers, this will hurt research on things like disinformation and misinformation," said Professor Golovchenko from the Univeristy of Copenhagen. You can access the full article here.

France, the Netherlands, and Norway decided to ban the use of TikTok on government-issued devices. The Dutch interior ministry said it was planning to prevent the use of any apps from “countries with an aggressive cyber-program targeted at the Netherlands or Dutch interests”. You can access the full article here.

UK

Technology Secretary Michelle Donelan introduced UK’s new Data Protection and Digital Information bill. The government hopes that the new regime will provide a more flexible and business-friendly framework for data protection while still ensuring that individuals' privacy and data protection rights are protected. You can access the full article here.

China

Foreign ministry spokesperson Mao Ning said that the US government had not provided any evidence that TikTok poses a threat to its national security. She stressed that China “has never and will not require companies or individuals to collect or provide data located in a foreign country, in a way that violates local law”. You can access the full article here.

China National Knowledge Infrastructure will slash foreign researchers’ access to its academic database from April 1st. The action is said to be taken in accordance with the “measures of data cross-border transfer assessment and relevant laws”. You can access the full article here.

The Privacy Commissioner for Personal Data (PCPD) of Hong Kong highlighted the importance of protecting personal data in the wake of recent data breaches. The guidance note emphasizes the need for organizations to implement effective security measures, including governance, risk assessments, and access controls. You can access the full article here.

Spread the word

Keep reading