Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.
United States
New Federal Privacy Bill Introduced – Could 2021 Be the Year?
The first comprehensive federal privacy bill of the year was introduced by Representative Suzan DelBene known as the Information Transparency and Personal Data Control Act. The proposal aims to protect sensitive personal information, including data relating to financial, health, genetic, biometric, geolocation, sexual orientation, citizenship and immigration status, social security numbers, and religious beliefs. You can view the article here.
Additional CCPA Regulations Approved
Effective March 15th new regulatory changes were added to CCPA primarily affecting businesses that sell personal information of Californian residents and include an opt-out icon for the purpose of increased consumer awareness of the right to opt-out. You can view the article here.
SEC Charges AT&T and Investor Relations Employees Over Calls To Analysts
AT&T and three executives have been charged with disclosing information to analysts that helped AT&T avoid having its results fall short of Wall Street expectations in March 2016. AT&T denied the allegations, challenging the regulator’s claim that it had shared material non-public information and warning that the charges would “only serve to chill productive communications between companies and analysts”. You can view the article here.
Proposed Data Privacy Legislation Heightens Scrutiny on Florida Businesses
Florida House Bill 969 closely follows the language in the CCPA, and if passed, would apply to any company doing business in the state that has more than $25 million in gross revenues, trades in the personal information of more than 50,000 Florida consumers, or gets 50% or more of its revenue from transactions involving the personal information of Florida consumers. You can view the article here.
What Are Mental Health Apps doing with Our Data?
Since the start of the pandemic there has been increased usage of mental health apps, offering help via video chat, mood-tracking diaries, therapy chatbots, and cognitive behavioural therapy exercises - also utilising questionnaires. The apps were sharing unique IDs associated with individual devices tracking what a user does across other apps, as well as combining with other data for targeted advertising. You can view the article here.
Europe
Web-Scraping: Limitation by the CNIL to Direct Marketing Practices
Nestor, a French food preparation and delivery company, was fined €20,000 by the CNIL at the end of 2020 for breaching GDPR regulations and the ePrivacy Directive. Nestor built up a database of around 645,033 contacts through third party services, initially collected through LinkedIn via web-scraping methods. You can view the article here.
Intensifying Negotiations on Transatlantic Data Privacy Flows
EU Justice Commissioner and US Secretary have announced that the European Commission and the US government have decided to intensify negotiations on an enhanced EU-US Privacy Shield framework. In a Joint Statement, they said: “These negotiations underscore our shared commitment to privacy, data protection and the rule of law and our mutual recognition of the importance of transatlantic data flows to our respective citizens, economies, and societies.” They also underlined that data flows will support economic recovery after the global pandemic. You can view the statement here.
China
China Defines for the First Time ‘Necessary’ information That Apps Can Collect
New rules have been announced jointly by Chinese agencies effective from May 1st 2021, stating that apps can only collect necessary personal information from users that allows them to access basic functions and services, while also allowing users to decline the collection of data that is deemed unnecessary. You can view the article here.
China’s GDPR is Coming: Are You Ready? — Exploring China’s Draft Personal Information Protection Law
On October 21, 2020, China released the first draft of the Personal Information Protection Law for public comments. The PIPL takes an approach similar to GDPR, which provides multiple lawful bases for processing personal information in addition to consent. You can view the article here.