Eagle Alpha's Legal Wrap: 19th February
Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past week.
Ear to the Ground:
During the 2020 US political campaign, organizations spoke out about the tracking and targeting of individuals, donors, and lawmakers with tailored messaging at such a precise level and claimed it warranted intervention. Marketing companies “geo-target and geo-fence donors’ homes and deliver individual ads to them” and “combine geo-targeting with employer targeting.” The applications of targeting that emerged from the political space in 2020 raise serious questions around further regulation. You can view the article here.
On February 5th, 2021, the State Senate of Virginia voted to approve Senate Bill 1392 following the House of Delegates voted 98-9 for an identical House bill. If passed, the new bill, titled the Consumer Data Protection Act (CDPA), will make Virginia the second US state to impose major privacy legislation, following California’s CCPA. You can view the article here.
A draft decision by the European Commission is expected to be approved this week allowing the free flow of data to continue between the UK and EU. Although the decision will face scrutiny by the European Data Protection Board, the move is welcomed by the health, insurance, and technology sectors that regularly transfer customer personal information. You can view the article here.
Clubhouse, a voice-chat App launched in 2020, has gained recent global popularity, but German data protection authorities have said that the App raises many questions surrounding the privacy of users and third parties. The app’s terms of service state that conversations are recorded to monitor violations and are deleted once an event ends, but very few users are aware of this. European-based attorneys have said that it’s not doing enough to comply with GDPR. You can view the article here.
Privacy restrictions in GDPR initially caused companies to reconsider whether they could cash in on personal data collected on consumers. Now, some companies are finding ways to avoid revealing that data, including consumers’ identities. Techniques such as encryption or replacing identifying information with a hash code aren’t considered strong enough measures to fully anonymize data and remove all PII. You can view the article here.
European consumer groups from 15 countries, along with the European consumer organization BEUC have urged investigations into TikTok’s conduct surrounding their unclear terms of service and data processing practices. Under its terms of service, TikTok has the right to use, distribute and reproduce its users’ content and the complaint alleges that the use of branded hashtag challenges encourages users to create content for specific products. You can view the article here.
Facebook has been fined 7 million euros ($8.45 million) by Italy’s anti-trust regulator for misleading conduct on data protection. Facebook had already been fined 5 million euros in 2018 over unfair trading practices and had been ordered to correct it. Even if Facebook no longer advertises itself as free, the anti-trust regulator has said that "immediate and clear information on the collection and use of user data for commercial purposes is still not provided.” You can view the article here.
Sweden’s data protection authority has fined the Swedish police 250,000 euros for unlawful use of Clearview AI’s facial recognition software. Following another violation in Canada earlier this month, two investigations last year, and an ongoing case in the US, Clearview AI’s facial recognition software might be accelerating a risk-based framework to regulate applications of artificial intelligence. You can view the article here.