Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.
US
hiQ Labs agreed to a permanent injunction in the case against LinkedIn and will now stop scraping and destroy all source code, data, and algorithms created using LinkedIn’s user data. Sarah Wight, VP of Litigation at LinkedIn, said: “This establishes an important legal precedent to stop this kind of abuse in the future and reaffirms that LinkedIn’s User Agreement unambiguously protects members from unauthorized data scraping and fake accounts.” You can access the full announcement here.
"This case remains important for scraping by the buy-side. Although it is not an insider trading case, it teaches us that if you are going to scrape, then you should not enter a user name or password; stay on the purely public parts of the site" - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
Google agreed to pay a 391.5 million USD fine in a settlement agreement with 40 state attorney generals over its use of location tracking. This is the largest consumer privacy settlement to date, with Google guilty of misleading users into thinking that proximity-based data collection was turned off. The company announced it would improve location tracking disclosures in 2023. You can access the full article here.
The SEC announced that AT&T agreed to pay a 6.25 million USD fine for selectively disclosing MNPI to research analysts. Internal smartphone sales data and the impact it had on revenue metrics were provided to analysts on private calls that led to reduced revenue forecasts. Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said: “The actions allegedly taken by AT&T executives to avoid falling short of analysts’ projections are precisely the type of conduct Regulation FD was designed to prevent.” You can access the full article here.
The SEC charged Goldman Sachs for not following its ESG policies and procedures. Goldman Sachs agreed to pay a 4 million USD fine. Andrew Dean, Co-Chief of the SEC’s Enforcement Division’s Asset Management Unit, said: “Today’s action reinforces that investment advisers must develop and adhere to their policies and procedures over their investment processes, including ESG research, to ensure investors receive the advisory services they would expect to receive from an ESG investment.” You can access the full article here.
A Delaware district court ruled in the Ryanair v. Booking Holdings case that the Computer Fraud and Abuse Act (CFAA) could be used to combat unwanted website scraping. Ryanair, a European low-fare airline, claimed that the online travel and hotel booking website scraped the ticketing portion of the site that is only accessible to logged-in users. You can access the full article here.
Republican legislators Bill Huizenga and Andy Barr introduced a bill that would prevent the SEC from requiring carbon emissions disclosures unless the information is material to investors of securities issuers. The proposed Mandatory Materiality Requirement Act would pre-empt the SEC’s suggested climate disclosure rules. You can access the full article here.
A coalition of more than 30 state attorney generals is urging the FTC to increase data privacy protections around consumers’ medical data, biometric data, and location data. “The alarming amount of sensitive consumer data that is amassed, manipulated, and monetized”, attorney generals highlighted in the letter to the FTC. You can access the full article here.
Europe
The EU’s Digital Services Act came into force covering all digital services that connect customers to goods, services, or content. It establishes extensive requirements for online platforms to mitigate risks, safeguards users’ rights, and places platforms under an innovative new transparency and accountability framework. You can access the full article here.
The Irish data regulator hit Meta with a 265 million fine over the EU’s GDPR breaches. The investigation started last year as more than 500 million users had their personal data exposed. You can access the full article here.
Discord, an instant messaging social platform, received an 800,000 EUR fine from the French regulator CNIL over GDPR violations. The case is interesting as Discord is being punished not for breaches but for not providing built-in security measures. You can access the full article here.
UK
The Financial Conduct Authority (FCA) plans to develop a code of conduct for ESG data vendors. It follows the introduction of an ESG strategy last year aimed at increasing trust in ESG-labelled financial instruments. You can access the full article here.
"Continuing regulatory efforts to prevent greenwashing may spawn growth of data sets designed to evaluate the ESG efforts of public companies" - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
China
Aurora Mobile, a customer engagement and marketing intelligence vendor, became one of the first data providers of the Shenzhen Data Exchange. The company’s four products are undergoing compliance audits and are expected to be available in the near future. ChinaScope’s news analysis data also became available on the data exchange. You can access the full article here.
The State Administration for Market Regulation and the Cyberspace Administration of China introduced new rules for implementing Personal Information Protection Certification. You can access the full article here.
India
India’s new draft data privacy law to implement easier cross-border data transfers while state agencies are exempt due to national security interests. You can access the full article here.