Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past month.
US
The White House announced six principles for “enhancing competition and tech platform accountability” following the listening session on September 8th: 1) Promoting tech sector competition; 2) Adopting federal privacy protections; 3) Providing robust protections for children; 4) Rescinding special protections for leading tech platforms; 5) Increasing transparency about algorithms and content moderation; 6) Stopping discriminatory algorithmic decision-making. The Administration is calling for legislative reforms to promote these principles. You can access the full article here.
"The White House’s reaction to its listening session underscores that the federal government continues to focus on privacy protection. This focus makes it ever more important for fund managers to document their due diligence of the consents received by their data vendors to share consumer transaction, geolocation, and other types of alternative data" - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
House Speaker Nancy Pelosi commented on the proposed American Data Privacy and Protection Act (ADPPA) highlighting concern over its pre-emption provision. She noted that California is seen as a leader in terms of consumer protection and the state should continue “offering and enforcing the nation’s strongest privacy rights.” You can access the full statement here.
"Federal pre-emption would be a welcome component of the ADPPA for the private funds industry. Compliance with a patchwork of state laws is becoming increasingly complex" - Peter Greene, Partner, Investment Management, Schulte, Roth & Zabel
The FTC held a public forum on commercial surveillance that harm data security and privacy practices. The FTC Chair Lina Kahn and Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya highlighted the need for public participation as comprehensive federal legislation is still not passed. Industry panelists advocated for the introduction of rules that would limit out-of-context data use or tracking. You can access the full article here.
The DC Council held a public hearing on the Stop Discrimination by Algorithms Act which is designed to regulate algorithmic decision-making for insurance, credit, education, employment, and housing. Those who oppose the bill argued that it lacks flexibility and is overly broad that will result in burdensome auditing for companies. Supporters of the bill welcomed transparency, private right of action, and impact assessments. You can access the hearing here.
The New York City Department of Consumer and Worker Protection proposed new rules to govern the use of automated employment decision tools. The Department seeks clarifications for bias audit requirements and obligations for the employer and employment agencies. A public hearing is scheduled for October 24th. You can access the full proposal here.
Europe
The European Court of Justice ruled against Germany’s data retention law as it was deemed to apply only under very strict terms in case of threat to national security. The case was brought forward by Deutsche Telekom and internet service provider SpaceNet AG who decided to challenge the country’s law. You can access the full article here.
Data retention was also central in another case as the European Court of Justice ruled against the French Financial Markets Authority as it tried to force telecom providers to hand over personal data of two suspects. It ruled that the EU’s Market Abuse Directive cannot ignore the EU’s Privacy and Electronic Communications Directive. You can access the full article here.
The European Data Protection Supervisor (EDPS) took legal action against Europol for two provisions in new regulations designed to bypass data protection rules. The EDPS argued that these provisions “seriously undermine legal certainty for individuals’ personal data and threaten the independence of the EDPS.” You can access the full article here.
UK
The UK’s secure data environment was designed to make NHS health and social care data to be available for research and analysis purposes. Approved users will be allowed to access and use the data without leaving the environment. Planning and population health management is highlighted as one example. You can access the full guidelines here.
TikTok might face a 27 million GBP fine for the breach of child data protection laws. The UK’s Information Commissioner’s Office alleged that the company “may have” processed data of children under 13 from May 2018 to July 2020. TikTok can also be accused of failing to provide proper information to its users. You can access the full article here.
China
The Cyberspace Administration of China proposed to increase penalties for certain violations. For example, “operators of critical information infrastructure” are proposed to be fined an equivalent of 5% of annual revenue for using products or services that had not gone through security reviews. You can access the full article here.
India
Minister of State for Electronics and IT Rajeev Chandrasekhar claimed that Europe’s GDPR was “a bit more absolutist” in its approach to data protection and that India will not be using it as a framework for comparison. He also commented on the use of bots and on algorithmic accountability. You can access the full article here.
Vietnam
Vietnam’s is introducing a new data localization regulation requiring domestic and some foreign firms in telecommunications, e-commerce, and online payment industries to store certain data in country for 24 months. Investors warn that it might have a negative impact on capital flows. You can access the full article here.