Eagle Alpha's Legal Wrap: 4th February
Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative data space over the past week.
Ear to the Ground:
In just 5 days GameStop’s shares rose by 500% following rallies on Reddit, triggering a “short squeeze” and costing Wall Street billions of dollars. The Robinhood trading app has been the centre of attention during the controversy and has been referred to as the ‘Facebook of investing’. Robinhood sells its order flow to third parties and those third parties are the ones who execute the trades, but they also get access to the data. You can view the article here.
Apple has introduced new privacy updates in the iOS 14 update requiring all apps to ask for explicit permission to track users. The new feature aims to add transparency for users but has come with backlash from Facebook, Google and other companies. Apple is withdrawing the identifier for advertisers (IDFA) to avoid the opt-in popping up on user’s iPhones. You can view the article here.
The Oklahoma Data Privacy Act (OCDPA) was filed on January 19, 2021, for consideration in February. This bill states that certain companies get prior consent before collecting and selling consumer data. These companies must either have an annual gross revenue over $10 million, derive 25% of revenue from selling user data, or buys, sells, receives or shares information totalling 50,000 or more consumers, households or devices. You can view the article here.
New York facial-recognition software company Clearview AI Inc. violated federal and provisional privacy laws in Canada by offering its service there in breach of Canadian law. Canadian regulators have said that the company has collected “highly sensitive biometric information without the knowledge or consent of individuals.” The company also has a database of about 3 million photos it scraped from the internet, allowing it to search for matches using facial recognition algorithms. Clearview has said the technology is no longer available in Canada and that they will remove data on Canadians upon their request. You can view the article here.
The Chinese Banking and Insurance Regulatory Commission has fined the Agricultural Bank of China 4.2 million yuan ($650,660) as an administrative punishment for poor data security management. The watchdog found the bank to be in breach of several transgressions, including inadequate protection of its network, leaking sensitive data and having wireless internet at branches. You can view the article here.
Health authorities in Chinese cities are implementing new rules requiring only geographic information and no personally identifiable information to be included when disclosing Covid-19 cases, aiming to protect individual privacy. Previously, for contract-tracing purposes detailed patient information was shared, including name, occupation and daily travel history, incurring some cases of discrimination and cyberbullying. Balancing transparency and privacy has posed a serious challenge around Covid-19. You can view the article here.
On January 4th WhatsApp implemented a new privacy policy making it mandatory for Indian users to accept the new terms and conditions otherwise they would be denied access. European users have the option to opt-out of the policy and would not be denied access. A bench of Chief Justice D N Patel and Justice Jyoti Singh have contended that the new privacy policy shows cracks in Indian protection and privacy laws, and are expecting a decision on the matter by March 15th. You can view the article here.