On Friday, the WSJ published an article detailing how companies are monetizing smartphone location data by selling it to hedge fund clients.  The data vendor featured in the WSJ article obtains geolocation data from about 1,000 apps that fund managers use to predict trends involving public companies.  However, as we’ve noted, the use of alternative data collection for investment research purposes may give rise to a host of potential issues under relevant laws.

Alternative data sets may conceivably contain material nonpublic information (MNPI), or information that, when aggregated, could be considered MNPI.  Trading while in possession of such information might lead to liability under the securities laws if confidential information has been “misappropriated” in breach of a duty owed to the source of the information. If data has been collected in a manner considered “deceptive,” then there is a risk that trading on that information may be considered part of a fraudulent scheme in violation of the anti-fraud provisions under the securities laws.

Fund managers who use such data need to be careful.  One concern is whether vendors have obtained appropriate consents to both the usage and sharing of the information.  Many smartphone users may not be aware that their phone is sharing location data.   Another concern is heightened risk of the data containing personally identifiable information (PII) or information which can readily be linked to PII.   The vendor highlighted in the WSJ article apparently scrubs location data of personally identifiable information, and most data collectors de-identify or anonymize data that comes from sources that contain PII.  Fund managers who purchase scrubbed data from third parties should check to ensure the information they receive is appropriately de-identified or anonymized and, if not, take steps to remove all identifying information.

Fund managers should also be aware of a host of other potential concerns involving collection and use of alternative data.  For example, the Computer Fraud and Abuse Act (CFAA) prohibits access to information from a computer, website, server or database that is without authorization or in a way that exceeds authorized access.   The Electronic Communications Privacy Act prohibits the collection or use of communications collected in violation of the Act.  Other potential concerns involve claims as varied as copyright to breach of contract.

When using alternative data sets, due diligence and appropriate representations are required in order to minimize risk.

View Original Source
Photo of Joshua M. Newville Joshua M. Newville

Joshua M. Newville is a partner in the Litigation Department in New York and a member of Proskauer’s White Collar Defense & Investigations Group and the Asset Management Litigation team.

Josh handles securities litigation, enforcement and regulatory matters, representing corporations and senior executives in civil and criminal investigations. In addition, Josh advises registered investment advisers and private fund managers on regulatory compliance, SEC exams and related risks.

Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is a partner, co-head of the Technology, Media & Telecommunications Group, a member of the Privacy & Cybersecurity Group and editor of the firm’s New Media and Technology Law blog.

Jeff’s practice focuses on technology, media and advertising-related business transactions and counseling, including the utilization of emerging technology and distribution methods in business. For example, Jeff represents clients in online strategies associated with advertising, products, services and content commercialized on the Internet through broadband channels, mobile platforms, broadcast and cable television distribution and print publishing. He also represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements.