Eagle Alpha Legal Wrap - March 2022

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.  

US

In February 2022, LinkedIn sued Singaporean-based web scraper Mantheos for scraping data from their Sales Navigator product site, in violation of its terms of services. The firm collected data on twenty LinkedIn member data fields using fake accounts set up using prepaid debit cards including professionals’ work experience, education, skills, titles, and posts accessible only to real, logged-in LinkedIn members. According to LinkedIn, Mantheos scammed the company out of hundreds of thousands of dollars. You can access the article here.

Peter Green of Lowenstein Sandler’s perspective on data regulations in China:

“This case is another important step in the path to the propriety of web-scraping, again involving LinkedIn. The market has accepted scraping as long as the scraper is not using log-ins or passwords or circumventing an authentication gateway. In the hiQ case, the court confronted scraping of public-facing webpages; here, the scraping allegedly is of non-public-facing content."

On January 27, 2022, the SEC released a Risk Alert from the Division of Examinations. In the Risk Alert, EXAMS noted four problematic areas related to private fund advisers which included failing to perform due diligence on key service providers, such as placement agents and alternative data providers. You can access the article here.

Peter Green of Lowenstein Sandler’s perspective on data regulations in China:

"We expect the SEC’s Division of Examinations to continue to probe the diligence processes and procedures fund managers follow when diligencing, on-boarding, and consuming alternative data."

On February 18, 2022, California lawmakers proposed two bills that further extend the existing employee and B2B data exemptions included in the CCPA and the CPRA. AB2891 would extend the exemptions expiration date until January 1, 2026, while AB2871 would permanently codify these exemptions. Under GDPR, personal information collected in the B2B and employee context is not exempted. You can access the article here.

Facebook’s parent company Meta has agreed to settle one of the longest-running data privacy lawsuits in the country for $90 million. This dispute, originally filed in 2012 in a total of 21 related cases, alleged that Facebook continued to track its users even after they logged out of the social media platform. You can access this article here.

China

China’s Internet Information Service Algorithmic Recommendation Management Provisions came into effect on March 1, 2022, targeting algorithmic recommendation technologies. These new measures were developed to regulate “the use of generative or synthetic–type, personalized recommendation–type, ranking and selection–type, search filter–type, dispatching and decision-making–type, and other such algorithmic technologies to provide information to users.” You can access the article here.

Europe

On February 10, 2022, France's data protection authority, the CNIL, announced that the use of Google Analytics by companies in the EU violates Article 44 of GDPR. The CNIL found that even though Google adopted additional measures to protect personal data transferred to the US in the context of Google Analytics functionality, those measures were insufficient. You can access the article here.

The EU is proposing legislation that would force more data sharing among companies in Europe—aiming to loosen the grip officials say a few Big Tech companies have on some commercial and industrial data. According to the WSJ, “EU officials say their goal with the new law is to help open up more of a marketplace for data by forcing companies to strike data-sharing deals that would allow consumers to choose between competing service providers when using connected devices.” You can access this article here.

Other

India’s 2019 Personal Data Protection Bill was reviewed by a joint committee of Parliament that submitted its final recommendations and a revised draft bill only in November 2021. Now the parliament may be proposing to draft a completely new bill, stating that the current data privacy bill proposal does not adequately address the changing technology landscape. You can access this article here.