Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.
US
The SEC’s Division of Examinations issued a risk alert highlighting “notable deficiencies” in handling material non-public information (MNPI) by investment advisers, investors, and other market participants. One area of concern for examiners was how firms handled potential MNPI derived from alternative data, defined as information about a company’s performance found outside of financial statements, company filings, and press releases. You can access the risk alert here.
Notably, the risk alert expressly mentions alternative data, making it more important than ever that private fund managers implement policies and procedures surrounding the diligence and use of alternative data - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
A ground-breaking court case related to web scraped data reached a conclusion. The U.S. Ninth Circuit of Appeals affirmed its original decision in hiQ v. LinkedIn and ruled that web crawling is legal. Ultimately, the court decided that profiles were not LinkedIn’s property as users elected to put them on the platform. Essentially, there was no expectation of privacy, and that information was, therefore, in the public domain. That is why web crawling can be argued to be legal as the information is in the public domain, and a password is not required to view the information. You can access the article here.
This decision affirms the important principle that if you do not bypass an authentication gateway, the information with which you come into contact on the internet is public - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
The Consumer Financial Protection Bureau (CFPB) announced supervision of non-banks, including fintech companies, that might pose risks to consumers. The CFPB believes that utilizing this dormant authority will help protect consumers and level the playing field between banks and non-banks. The CFPB is also seeking public comments on a procedural rule to make this process more transparent. You can access the article here.
The Connecticut Senate voted unanimously to pass Senator Maroney’s bill on consumer data privacy. It is modeled after the Colorado Privacy Act. One notable difference is greater children’s data privacy rights. The bill now has to go through the House floor. You can access the article here.
The FTC is being urged to investigate the location data industry. Laura Moy, Professor of Georgetown Law, filed a complaint on behalf of the Council on American-Islamic Relations as there are alleged abuses harming the Muslim community. For example, the government’s purchase of location data in order to conduct “warrantless surveillance” is being scrutinized. You can access the article here.
The US Department of Commerce announced the creation of the Global Cross-Border Privacy Rules Forum – an international collaboration concerning cross-border data flows. It is created to promote interoperability and is created along with Canada, Japan, the Republic of Korea, the Philippines, Singapore, and Chinese Taipei. The goal is to help bridge varying regulatory approaches to data protection and privacy. You can access the article here.
Europe
President Biden and the President of the European Commission von der Leyden announced that the US and EU reached an agreement on a new transatlantic data privacy framework. This new framework will allow companies to legally transfer data from the EU to the US. Until then, standard contractual clauses and transfer impact assessments remain the only viable option. You can access the article here.
Activists and privacy experts still have concerns about the new US-EU data-sharing agreement. It has been in the works for nearly two years with DigitalEurope, a lobby group for Meta, Amazon, Google, and others, saying it is necessary to preserve almost 1 trillion USD worth of US-EU commerce every year. However, surveillance and privacy issues are still prevailing. You can access the article here.
China
Didi, the popular ride-hailing app, suspended preparations to list publicly in Hong Kong after regulators complained that its proposals to prevent data leaks were insufficient under China’s new Data Security Law. You can access the article here.
Other
Indonesia is seeing the rise of so-called Digital Financial Innovation (DFI) companies which are largely not regulated. In response, Indonesia’s Financial Services Authority is introducing new rules to govern the registration, reporting, and protection of consumer data. For example, companies are required to register with the Authority and a failure to do so might result in companies being placed in the “regulatory sandbox”. You can access the article here.
Thailand’s three financial regulators – the Bank of Thailand, the Securities and Exchange Commission, and the Office of the Insurance Commission – joined forces by signing a memorandum of understanding to enhance personal data protection in the country. You can access the article here.
Industrial Commentary
Nitin Mathur, SVP Customer Experience for Privacera, on data collection: “First, establish a clear board and executive-level commitment to the responsible use of data. Regulations like GDPR, CCPA, and others are to be respected and followed...Secondly, move beyond the old style of privacy and security postures. Modern fine-grained access controls can allow you to provide access to the data with, for instance, masking or removal of that column. There are many technical solutions to this, but it requires a standardized approach to data access, security, and privacy across all the varied data sources out there.” You can access his full commentary here.
Pat McCarthy, Chief Revenue Officer at Precisely, on ESG data governance framework: “When assessing whether a data governance framework is ready to support ESG success, leaders must first look at what they need to report on, then understand the granular details required. This starts with quality data – data that has the ability to demonstrate compliance against changing regulations and standards.” You can access his full commentary here.