Eagle Alpha Legal Wrap - July 2021

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.

US

On July 9, 2021, President Biden signed an Executive Order titled "Promoting Competition in the American Economy", the latest attempt to address how companies use and collect consumer data. Under this Executive Order, the FTC is directed to start what could be a years-long rulemaking process to strengthen consumers’ data privacy. You can access the article here.

Mobile fitness app Strava has access to a consumer base of 86 million users that can be tracked in real-time for over 30 different activities. Sensor Tower estimates that Strava generated $72 million last year from selling data rights to its partners. The data collected was sold on an aggregated and de-identified basis as part of the company’s Strava Metro program. You can access the article here.

In June 2021, 92% of LinkedIn users had their profile information scraped by a hacker that included phone numbers, address information, geolocation data and inferred salaries. Following this, the same person scraped Facebook profiles in April affecting 533 million users. Organizations are now calling for more control around web scraping after the hacker stated that he does this for “fun”. You can view this article here.

According to a recent Bloomberg article, iOS 14.5’s ATT, as predicted, has really hurt the likes of Facebook and its advertisers, with the latest figures from Branch saying that 75% of iPhone users are opting out of tracking. Companies using an advertising model like Facebook and Google are most affected by Apple’s move towards a walled-garden ecosystem. You can access this article here.

UK

Financial services companies in the UK are increasingly relying on web scraping, with almost two-thirds (63 per cent) using alternative data to improve their decision-making process. In a recent whitepaper by Oxylabs titled ‘The Growing Importance of Alternative Data in the Finance Industry’, over the past 12 months there has been a huge rise in web scraping for alternative data in finance.  You can access the article here.

UK financial regulators will run a pilot project this in Autumn to collect sensitive employee diversity data from firms, with a view to making it a recurring regulatory reporting obligation. Critics of the project have said that the move will add to firms' compliance workload and increase the risk of breaching GDPR. You can access the article here.

China

Following Didi’s $4.4bn IPO, China’s Cyberspace Administration sent the stock tumbling with a ban on new users and proposed measures that allow it to veto any company with more than 1m users listing abroad. On July 16th, several government agencies stationed staff inside Didi to carry out a possible multi-month cybersecurity review. China’s secretive agency, the Ministry of State Security, was also revealed for the first time, who based staff inside the company. You can access the article here.

US companies have been worried about the passing of China’s Hong Kong national security law a year ago, partly because it would allow Beijing to access data stored on servers in Hong Kong. More recently, companies have become alarmed by the possibility that China could apply the counter-sanctions law, which allows for the seizure of assets, in Hong Kong. You can access this article here.

Europe

Following WhatsApp’s change to its terms earlier this year, the European Data Protection Board said Facebook’s practices that are linked to WhatsApp’s data should be examined “as a matter of priority”. The EU body said in a statement: “Considering the high likelihood of infringements in particular for the purpose of safety, security and integrity of WhatsApp [and other Facebook units], the EDPB considered that this matter requires swift further investigations.”. You can access the article here.