Eagle Alpha Legal Wrap - February 2023

Eagle Alpha rounds up some of the most relevant legal and compliance articles surrounding the alternative  data space  over the past month.

US

On February 7th, The Securities and Exchange Commission’s Division of Examinations today announced its 2023 examination priorities. On the topic of registered investment advisors to private funds they stated, "Examinations will review issues under the Advisers Act, including an adviser’s fiduciary duty, and will assess risks, including a focus on compliance programs, fees and expenses, custody, the new Marketing Rule, conflicts of interest, and the use of alternative data." You can access the full article here.

Ryanair filed a response to Booking.com’s lawsuit and asked a Delaware judge to dismiss the online travel agency’s defamation claim in a long-running scraping case. Ryanair’s legal counsel stated that Booking.com selected excerpts from a limited set of communications that are flawed as “the purported statements never identify Booking.com, instead stating truthfully that Ryanair does not authorize online travel agencies to sell Ryanair flights." You can access the full article here.

The SEC’s Chief Data Officer Austin Gerig outlined the Commission’s data strategy for the 2022-2026 fiscal years. He highlighted four goals to be achieved in this period: 1) Enhance the use of data assets; 2) Design and build integrated data infrastructure; 3) Promote data awareness and literacy; and 4) Strengthen data management and governance. You can access the full report here.

The FTC ordered GoodRx, a drug discount and price-shopping website and app provider, to stop sharing users’ health data for advertising purposes. The FTC also announced a 1.5 million USD fine and an agreement for GoodRx to implement strict privacy protections with user consent necessary to share data for reasons other than advertising. You can access the full article here.

The SEC released its 2023 priorities in the Unified Agenda of Regulatory and Deregulatory Actions. ESG and climate-related disclosures along with human capital management are the areas that the Commission will focus on. The proposed ESG disclosures are in the final rule stage, and they will likely require “certain funds to adopt   a policy to invest at least 80% of their assets in accordance with the investment focus that the fund's name suggests.” You can access the full article here.

The National Institute of Standards and Technology, an agency of the U.S. Department of Commerce, issued its AI risk management framework to improve trustworthiness, responsible development, and use of artificial intelligence systems and products. You can access the document here.

Europe

EU lawmakers suggested new amendments in an attempt to finalize the classification of AI systems within the AI Act. High-risk categories can include health and employment, but the categorization will not be automatic with AI providers going through a secure testing system first. You can access the full article here.

Ireland’s Data Protection Commission fined WhatsApp an additional 5 million EUR for not allowing data subjects to opt out of data processing. The original ruling in 2021 involved a 225 million EUR fine for GDPR violations and the current fine was imposed for an additional breach. You can access the full article here.

The EU and Singapore strengthened their cooperation by launching a new Digital Partnership, ensuring trusted cross-border data flows in compliance with data protection rules. Data innovation and cooperation in the field of cybersecurity is also highlighted. You can access the full announcement here.

UK

The UK and EU reached an agreement on sharing trade data with five different databases to be built for customs declarations, safety and security, and ferry manifests. A broader deal and renewed talks regarding the Northern Ireland Protocol are also being anticipated. You can access the full article here.

The FCA published an update on the wholesale data review in financial markets. Responses from venues and users were received with the regulator now in the analytical phase aiming to publish the report in Q1 2023.  The outcome of the FCA data review could also have implications for the wider financial services industry, as it may lead to a greater emphasis on the quality, reliability, and accessibility of financial data, and a more level playing field for firms that rely on wholesale financial data. You can access the full article here.

China

Alicia Kearns, chair of the UK’s Foreign Affairs Committee, urged TikTok users to delete the app as she suggested that the social media app is used by China to build its “tech totalitarian state.” In November 2022, TikTok updated its privacy policies for European users adding disclosures that personal data can be viewed by the company’s employees in China. You can access the full article here.

Industry Commentary

Alan Cross, Chief Commercial Officer, Diveplane, on regulating AI: “We believe that a more robust regulatory structure will be required to promote enterprise best practices and protect consumers. Companies need the reliability afforded by clear and objective regulations that can allow them the confidence to invest resources in innovative systems. Consumers need the security of legal protection for their data, privacy, and safety. We believe the American public would be better off if the United States created a comprehensive, balanced framework that both businesses and consumers could rely on. We hope that the next step forward in the development of the Blueprint for an AI Bill of Rights will work toward that.” You can access the full commentary here.