Organizations focused on consumer privacy are raising concerns about hedge fund use of mobile phone users’ location data, according to a recent article in Financial News.
Frederike Kaltheuner, a policy officer at Privacy International, suggested that hedge funds using location data to inform their trading strategies had “unprecedented population-level insight about individuals’ lives, communities and entire nations and markets” and questioned whether the practice was ethical.
Ed Johnson-Williams, a representative of Open Rights Group, a charity that protects citizens’ digital rights, said: “While some people may be happy for their data to be used for public-interest research, they may not want their data to be sold on to contribute to a hedge fund’s investment decisions.”
A spokesperson for the UK Information Commissioner’s Office, an independent authority which regulates information rights, said location data is “a valuable source of information but its collection and use may be considered very intrusive”. Anonymizing data and using it in aggregated form were “key safeguards,” and added that the European Union’s major update to privacy laws, General Data Protection Regulation (GDPR), is due to come into force May 2018, when “there will be a greater focus on transparency and organizations being accountable for what they do with personal data.”
Giles Pratt, data privacy and cyber security partner at law firm Freshfields Bruckhaus Deringer, said hedge funds “either have to use the data in a way that is truly anonymized, or they will need to treat the dataset as personal data and so comply with all the rules and requirements of GDPR”.
Pratt argued that anonymizing data sets is not straightforward. According to a paper published in 2013, researchers at MIT and the Université Catholique de Louvain, in Belgium, found in a 15-month study that, armed with an anonymized data set of mobile phone users in a small European country, they needed just four interactions between users and network towers to uniquely identify 95% of people in the anonymized data set. Pratt said: “Hedge funds need to do careful due diligence on how the firms selling the location datasets have collected and anonymized their data, and make sure the transfer of that data is done in a compliant way.”
Griff Ferris, a researcher at Big Brother Watch, a civil liberties group, argued that because it is possible for data to be de-anonymized by combining it with publicly available records, even anonymized geolocation data is risky: “The collection of such personal and sensitive datasets therefore poses a potentially very serious privacy risk, and both individuals and companies should be aware of this.”
Jaap Tempelman, a lawyer at Clifford Chance, said funds needed to be “particularly cautious” about complying with European privacy regulation when using data culled from European users. He said: “The E-Privacy Directive says location data derived from telecoms can only be processed for very specific purposes related to providing and billing the telecoms service. If you want to use it for any other type of service you need specific consent from users.”
The UK Financial Conduct Authority, which regulates Britain’s security markets, said that although this is not an area the regulator is looking at specifically, the regulator does monitor data financial firms collect and how they use it. If this alternative data were to be deemed insider information, it would potentially constitute a breach of market regulations.
In the US, popular weather app AccuWeather was caught sending geolocation data to a third-party data monetization firm, even when users had switched off location sharing. AccuWeather and the data collection firm involved, Reveal Mobile, subsequently changed the application to conform to user preferences.
The enforcement arm of the US Federal Trade Commission has brought actions in similar situations. In 2013, the developers of one of the most popular flashlight applications for Android mobile phones settled with the FTC for violating user location preferences.
Mobile phone geolocation data is one of the most valued alternative data sets used by institutional investors. Analysis is performed at an aggregated basis typically with anonymized data, as investors try to correlate geolocation trends to same-store sales or other revenue-related metrics.
Although investors have no incentive to violate privacy laws, the concerns expressed by privacy organizations highlight the importance of due diligence with suppliers of geolocation data to ensure that data has been obtained legally and properly anonymized.