In recent years, alternative data users have started to alter their processes around bringing in new data sets, where legal and compliance professionals are now involved in these discussions from the beginning.
As leaders in the alternative data community, Eagle Alpha has noticed a stakeholder shift over the past three years. Traditionally, data hunters and strategists were the stakeholders spearheading the alternative data initiative with wider data and investment teams providing insights into their alternative dataset needs and queries. Today, we are witnessing a shift, where the legal and compliance function is involved in the conversation from the beginning of the alternative data initiative.
Eagle Alpha first noted the significant focus from regulators and media on high-risk datasets following the developments in three key cases: The Weather Channel versus the City of Los Angeles in 2018, the Facebook and Cambridge Analytica scandal in 2018, and finally, App Annie versus the SEC in 2021.
Data compliance has always been an important subject, however, there have been several key events that have paved the way toward where we are today. We are now seeing regulators proactively examining firms’ policies and procedures with more intent. Data sources considered higher risk than others are now found in the regulatory and media spotlight, and varying regional regulations are impacting the funds’ global strategies.
In response to the increased examples of data misuse, legal and compliance teams have had to upskill and educate themselves on considerations unique to alternative data. Compliance teams now need to place much greater emphasis on concepts such as material non-public information, data provenance, and anonymization techniques. You can download the full report here.
Theme 1: Fallout from App Annie – Material Non-Public Information & Insider Trading
Insider trading allegations often revolve around the materiality and non-public nature of the information, as well as breaches of fiduciary duty. While App Annie faced a securities fraud ruling, it’s important to note that no party was charged with insider trading. However, this case underscores the SEC’s close scrutiny of the alternative data space. Market participants should ensure clear data descriptions, robust procedures, and vigilance in handling sensitive data to comply with regulatory requirements.
Theme 2: SEC Risk Alerts & Priorities
Following the App Annie case, the SEC issued risk alerts highlighting deficiencies in due diligence and handling of material non-public information (MNPI). Notably, the SEC is focused on asset managers and their use of alternative data sources. To satisfy SEC requirements, market participants should establish specific policies and procedures for alternative data usage, adopt a risk-based approach during the diligence process, and conduct regular reviews of vendors. Compliance with the Advisers Act, including fiduciary duty, is a key focus area for examinations.
Theme 3: Data Privacy and Personally Identifiable Information (PII)
Data privacy concerns have gained prominence due to consumer awareness and high-profile scandals. Legislation such as GDPR and CCPA imposes strict rules on the sale, sharing, and licensing of PII, granting consumers new rights. In the US, current legislation is at a state level, however, the proposed American Data Privacy and Protection Act (ADPPA) aims to regulate data collection and usage, potentially superseding existing state laws. Market participants must ensure robust contracts, understand data de-identification methods, and be mindful of location data sensitivity and its potential de-anonymization risks.
Theme Four: Big Tech and Alternative Data
Big Tech companies, including Meta, Apple, Google, and Amazon, have come under scrutiny for their data collection methods and relationships with third-party data miners. This dominance of the tech giants has prompted new legislation on data processing and handling practices. Notably, Apple’s introduction of the App Tracking Transparency feature in iOS 14.5 marked a significant shift towards user consent and data privacy. The move allowed users to opt-in or opt-out of data tracking, aligning with the principles of data privacy regulations like GDPR.
The impact of Big Tech extends beyond privacy concerns. Changes in their operations, such as updates to terms and conditions, can have ripple effects on data quality, security, and governance. For example, alterations to mobile app store policies can affect app metrics and location data providers. It is crucial for alternative data users to stay updated on these changes and ensure data providers are aware of them in advance.
Theme Five: Developing Regulations in Emerging Markets
Data regulations are rapidly evolving in emerging markets, particularly in China, Southeast Asia, and Latin America. China has enacted comprehensive laws like the PIPL and DSL, similar to the GDPR, with strict enforcement actions against non-compliant apps. In Southeast Asia, influenced by the GDPR and multinational presence, regulations vary, with more leniency for public company data sharing and slower progress for private individual and company data. Consent is significant, and web scraping legality is uncertain, with potential consequences for breaching systems. Latin America, including Brazil, has implemented data privacy laws like the LGPD, emphasizing personal data ownership and advocating compliance. Web scraping is permitted in Brazil as long as anonymity is maintained, but accessing data behind login credentials is illegal.
Theme Six: ESG & Greenwashing
Sustainable investing requires accurate ESG data, but reliance on company disclosures and ESG ratings can be biased and low-quality. Regulatory scrutiny on greenwashing, like the SEC charging BNY Mellon, emphasizes the need for transparency. In Europe, ESG regulations impose disclosure obligations and introduce the EU Taxonomy for environmental criteria alignment. In the US, the SEC proposes ESG fund categorization and increases focus on disclosures and greenwashing. Alternative data users should approach ESG data cautiously, understanding provider methodologies and focusing on relevant metrics. Thorough data understanding, robust governance, and due diligence are crucial in this evolving regulatory and demand-driven landscape.
Theme Seven: Data Under the Regulatory Spotlight
Web scraping and location data usage have attracted significant regulatory attention. Legal battles like hiQ Labs vs. LinkedIn demonstrate the complexities of web scraping, with courts ruling in favor of hiQ but emphasizing violations of user agreements. Similar scrutiny applies to cases like Ryanair vs. Booking Holdings under the Computer Fraud and Abuse Act (CFAA). Location data has also faced legal challenges, such as The Weather Channel settling allegations of misleading users. Alternative data users must be mindful of the evolving legal landscape surrounding web scraping and location data, considering factors like user agreements and intent to harm.
In the rapidly evolving landscape of alternative data, the involvement of legal and compliance teams has become crucial from the early stages of initiatives. Recent high-profile cases and regulatory focus on data misuse have highlighted the importance of transparency and accurate reporting. The SEC’s risk alerts and priorities underscore the need for robust policies and procedures, diligent vendor reviews, and compliance with regulatory requirements. Data privacy and personally identifiable information (PII) regulations, such as GDPR and CCPA, impose strict rules on data handling and grant consumers new rights.
The dominance of Big Tech companies has prompted legislation on data processing practices, with user consent and privacy at the forefront. Emerging markets like China, Southeast Asia, and Latin America are implementing data regulations, requiring careful consideration of web scraping and privacy issues. Sustainable investing and ESG data also face challenges, with the need for accurate reporting and avoiding greenwashing. Overall, alternative data users must stay updated on evolving regulations, prioritize data governance, and engage in thorough due diligence when selecting data providers.