Alternative Datasets and GDPR
Hedge funds and asset managers are constantly seeking Alpha, that is, an edge that enables them to beat the market. They have always looked for better information and especially for information that others don’t have. That gives Alpha. While many funds and managers turn to Increasingly complex data analytics on existing data, more and more are turning instead to alternative data.
Here are some examples of alternative data sets.
Social media posts: if a new product or brand are trending in social media, that could be an early indicator that they’ll be a big success. In this case, the social media footprint of the product is a way to measure hype, which is a predictor of sales.
Geolocation, traffic and foot traffic: there are many apps today that collect geolocation data. But this needn’t come from an app. For example, Google’s satellite company Terra Bella sells analytics of shipping traffic; another classic application is tracking parking-lot traffic outside stores to predict their earnings, see here.
Similar uses can be made of Point of Sales transactions, of App logins, of browsing activity, price tracking, and so on.
How is all this connected with GDPR? Well, that depends on the data source you’re using, and the way in which you use it. Many of these alternative data sources are based on personal data. For example, apps that track users’ geolocation are collecting personal data. Hopefully they do so lawfully. But using that data for third party analytics is trickier. This is because, under GDPR, using personal data for analytics must be lawful. So, for example, if a navigation app stores users’ location history for its own analytics, it is not entitled to anonymize that data and sell it as Alternative Data. GDPR does not apply to anonymous data, but anonymity is relative (see GDPR Recital 26), and the very act of de-identifying data is ‘adaptation’ which is ‘processing’ (see Article 4(2)).
As a result, the lawfulness of the alternative data set must be carefully examined to ensure that its use is not a violation of GDPR.