Eagle Alpha Legal Wrap - February 2022
Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.
US
Attorney Generals from Washington DC, Indiana, Texas, and Washington have sued Google LLC over allegations that it misled consumers with Google accounts on their ability to control how Google collects and uses their location data in violation of state consumer protection laws. You can access the article here.
In January 2022, Oxylabs filed a case alleging that Bright Data have infringed upon patents. According to the filings, Oxylabs’ competitor has illegitimately used patented Smart Proxy Rotator and web script management technologies for their own gain. This case comes after three cases were previously opened by Bright Data against Oxylabs. You can access the article here.
There has been several recent developments surrounding data protection across the US:
- Virginia lawmakers will consider multiple amendments to the Virginia Consumer Data Protection Act (VCDPA). in advance of its January 1, 2023 effective date. You can access the article here.
- On February 1, 2022, the Indiana Senate unanimously voted to pass SB 358, their first move towards consumer data privacy legislation. If passed, the law would go into effect on January 1, 2025. You can access the article here.
- On February 2, 2022, the Massachusetts Legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity released a new draft of a bill designed to provide mechanisms for how personal information is used and to control how companies use such information. You can access the article here.
- Also in January, the Florida House of Representatives released their version of the proposed data privacy bill, containing several notable changes from the previous version proposed in 2021. You can access the article here.
China
On November 25th, 2021, the Shanghai Data Exchange opened for trading nationwide and coincided with the final version of the Shanghai Data Regulation which implemented the PIPL, Cybersecurity Law and the DSL. The Shanghai law came into effect on the 1st January, 2022. You can access the article here.
UK
The UK Financial Conduct Authority has published a feedback statement relating to the call for input on accessing and using wholesale data. In particular, the FCA will focus on trading data, benchmarks, credit rating agencies and alternative data and advanced analytics. You can access the article here.
Europe
Belgium’s Data Protection Authority has declared the Interactive Advertising Bureau of Europe’s framework for how publishers get consent for collecting and use personal data doesn’t comply with EU privacy regulations. As part of the ruling, the DPA has fined IAB Europe €250,000 and given it two months to propose changes as well as six months to put them in place. You can access the article here.
On January 28, 2022, the European Data Protection Board published draft regulatory guidelines on the right of data subjects to have access to their personal data under GDPR. You can access the article here.
On January 12, 2022, the French data protection authority, the CNIL, published a statement on processor reuse of data entrusted by data controllers. This guidance aims at establishing a legal framework to determine if, and under which conditions, a processor can use personal data it obtained from a controller for purposes broader than just strictly providing services to the controller. You can access the article here.