Eagle Alpha Legal Wrap - August 2023

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.

7 months ago   •   4 min read

By Mikheil Shengelia

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.

US

Seven AI companies joined President Biden to make an announcement on safeguards and managing risks. Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI agreed to perform security tests, implement watermarks for people to spot AI, publicly report AI capabilities and limitations, and to investigate risks such as biases, discriminations, and invasions of privacy. You can access the full article here.

OpenAI has taken a step toward enhancing transparency and user control by allowing website operators to block its GPTBot web crawler from scraping their sites for training purposes. The company stated that website owners can disallow the GPTBot crawler either by adding a specific entry to their site's Robots.txt file or by blocking its IP address. This move is similar to when Apple's iOS 14.5 raised privacy concerns requiring app developers to obtain user consent before tracking their data. You can access the full article here.

X Corp., formerly known as Twitter, sued an Israeli startup Bright Data for violating its terms and conditions. The lawsuit was filed in the U.S. District Court for the Northern District of California with Bright Data accused of scraping and selling millions of records from the X Corp’s platform. Elon Musk recently also limited the number of tweets that users can see per day in an effort to curb scraping. You can access the full article here.

Regarding the web scraping developments affecting social media giant X (formerly Twitter), Peter Greene from Schulte Roth & Zabel commented: “This move by X is not only interesting, but also worth watching for private fund managers who consume scraped data. The permissibility of scraping under the securities laws often hinges on whether the scraped data is available to the public without a user name and password, but if companies simply physically limit the ability to scrape, scraped data sets will become less attractive to managers.”

Lawmakers in Massachusetts are considering proposals to completely ban the buying and selling of location data from consumers’ mobile devices. According to ACLU, 92% of Massachusetts voters support passing a law that would prohibit businesses from selling location data. Various pro-choice groups also support it in a post-Dobbs world. You can access the full article here.

Regarding the location data developments in Massachusetts, Peter Greene from Schulte Roth & Zabel commented: “This move by Massachusetts is also worth watching for private fund managers who consume geolocation data. The permissibility of consuming geolocation data under the securities laws often hinges on whether the consumer grants permission for its geolocation data to be sold (albeit anonymously), but if certain states ban the sale of such data, geolocation data sets will become less attractive to managers.”

The FTC launched an investigation into OpenAI’s practices and the data breach incident that occurred in March. FTC's inquiry demands that OpenAI provide an account of complaints received regarding its products, like ChatGPT, involving dissemination of 'false, misleading, derogatory, or harmful' information about individuals. You can access the full article here.

Following recent cases concerning the privacy of health information, the FTC and the Department of Health and Human Services’ Office for Civil Rights (HHS OCR) issued a joint letter pertaining to the use of online tracking technologies by hospitals and telehealth providers. You can access it here.

EU

The European Data Protection Board (EDPB) has announced that it will impose a fine on TikTok for violating children's data privacy regulations within the European Union. This action follows TikTok's objections to a previous ruling by the Irish Data Protection Authority (DPA) regarding its data processing practices for users under 17. You can access the full article here.

Meta, the parent company of Facebook and Instagram, is facing increased regulatory scrutiny in Europe over its data collection practices. Norway's Data Protection Authority has threatened to fine Meta 100,000 USD per day and potentially ban the company if it continues to collect behavioral information for marketing purposes. This follows Ireland's data regulator imposing a 1.3 billion fine on Meta in May for mishandling user information. You can access the full article here.

UK

A digital rights group has raised concerns about a post-Brexit data protection and digital information bill in the UK, asserting that it favors large corporations and "shady" tech firms while undermining individuals' control over their data. The bill introduces changes to rules on subject access requests (SARs) and automated decision-making. You can access the full article here.

Britain's data regulator is investigating Snapchat to determine if the U.S. messaging app is adequately removing underage users from its platform. In March, it was reported that Snapchat had removed only a few dozen under-13 users in the UK, while estimates suggest thousands of active underage user accounts. You can access the full article here.

China

Global law firm Dentons is parting ways with its Chinese operations in response to impending data regulations aimed at tightening cybersecurity and data handling. Dentons will separate from its partner Beijing Dacheng Law Offices, granting the latter full independence to serve domestic clients. You can access the full article here.

Morgan Stanley is relocating over 200 technology developers from China due to the country's tightened access to locally stored data. The majority of these employees are being shifted to Hong Kong and Singapore. To comply with local regulations, the bank is constructing an independent system for its operations in China, an effort expected to cost hundreds of millions of dollars. You can access the full article here.

India

India's long-awaited personal data protection bill, which aims to regulate internet activities and online data sharing in the country, is set to be enacted after Parliament's upper house passed the bill. The law, which balances user data protection with an open internet, has been in development for years and is expected to be signed by President Murmu in the coming days. You can access the full article here.

Spread the word

Keep reading