Looking ahead to the next wave of earnings calls, we suggest extra attention is due to the tech regulation frontier and recent developments in data privacy law. In complex political and economic times, we expect there to be some noise to sift through in the coming months. However, we believe the lack of focus on the latest iteration of data privacy reform already on the books could pose risks to certain investment theses.
Last year saw a tectonic shift in global data and privacy regulation with the roll out of the EU’s General Data Protection Regulation (GDPR). A frenzy of interest was lasered in on how companies would respond to a paradigm shift in the treatment of personal information upon which an entire industry had been built. True to form, Amenity’s NLP models detected a ramp up and then spike in GDPR-related questions in earnings calls prior to the regulation’s effective date in May 2018.
This year, markets face the roll out of the California Consumer Privacy Act (CCPA). CCPA passed in July 2018 and is slated to take effect in January 2020. It is the closest approximation to an American response to GDPR, and yet the differences between the policies will complicate matters for firms that must comply with one or both. The operational challenges for firms with diverse user bases across global footprints are considerable. Just under four months from CCPA’s implementation, the absence of focus on the legislation’s consequences is problematic.
We used Amenity’s text analytics platform to visualize this trend in the figure below by querying GDPR questions asked of S&P 500 executives on earnings calls between 4Q16 and 3Q19. GDPR ambitiously rethinks data privacy rights on a global basis, granting users greater control of their data while imposing obligations on organizations that collect, process, and use personal data. Enforcement measures are strict and infractions are costly. Against that backdrop, the spike in focus is warranted and unsurprising:
The figure above also presents the number of questions asked about CCPA. When regulatory shifts pose existential threats to a company’s core business, we expect analysts to put management to the test. When they don’t, we are rationally concerned. Such is the case with the CCPA. Our concern is informed by what we know from the recent GDPR roll out – namely, that analysts questions about data privacy reform triggered high levels of deception in management answers.
Below, we provide aggregated deception scores for all companies with extractions linked to GDPR and CCPA as question topics. We show that questions about data privacy lead to precipitous levels of deception both before and after GDPR’s effective date. In the run up to CCPA’s roll out in January 2020, an absence of questions may be masking similar underlying uncertainty:
Given GDPR as context, we would expect substantially more focus to be paid to CCPA in earnings calls. Against an historical record that shows management teams are deceptive in the face of tough regulatory questions, it is critical for investors to engage in an active discourse now. In the best case, management will have answers. In the worst case, they won’t...
Of S&P 500 companies, only Salesforce and Twitter have been asked questions directly about CCPA. We offer an illustrative exchange from 23 April 2019 below, in which Anthony DiClemente of Evercore ISI puts the question directly to Twitter CEO Jack Dorsey:
"...I’m not sure anyone’s asked about regulation, regulation of either privacy or content. One of your peers is increasingly publicly open to government taking a more active role on how social media is regulated. What’s your updated and latest view for investors on regulation? And to what extent is Twitter prepared for compliance with the CCPA rules and regulations for the State of California that take effect in January 2020?"
"In terms of regulation, we’re completely open to regulation where it makes sense… Regulations like GDPR have been a net positive and not just for our service but also for our broader industry in general. It’s added a lot more clarity around privacy and how data is being used on people that we serve, so regulations like that, we do believe, are smart and beneficial to us and also our broader industry. And we’ll continue to look and work with regulators around the world to make sure that, that regulation is crafted in the right way and that we can comply readily."
So much for straight answers... Outside of the S&P 500, Roku’s management team got the question from Oppenheimer’s Jason Helstein on 8 May 2019:
"...how are you thinking about the pending privacy legislation, particularly CCPA as it relates to next year, both positively and negatively for the Roku platform?"
"With regards to your question about privacy legislation, we continue to watch it closely as we've done with GDPR. In general, we're broadly supportive of things that help consumers control what information is shared. As a platform, we have a first-party relationship with our consumers, which allows them to directly communicate their preferences, what information is shared and used. And we think in general this legislation is both good for consumers as well as good for platforms like Roku who got a direct first-party relationship."
In both cases, management provides fluffy answers that tip a hat to regulatory reform while not providing a direct answer to the CCPA question. This lines up with the bigger picture pleadings of tech firms of late, who have asked for comprehensive federal legislation partly to avoid a patchwork of state policies that would be difficult to comply with and partly to protect their competitive moats with even higher barriers to entry. This may be sage strategy, but companies must also deal in reality – CCPA isn’t going away and compliance will be required.
One plausible explanation for the absence of a robust discussion may be that observers feel confident that GDPR-compliant firms should be well prepared for CCPA. Given the distinct policy differences, this seems to be a strong assumption. Dual-compliance might not be as easy as some believe. CCPA requirements are more stringent than GDPR in some areas and vice versa. With diverging takes on jurisdictional scope, data subjects, personal information, opt-out/opt-in procedures, minors and parental consent, rights of rectification, restrictions or objections to data processing, private rights of action, penalties for violations, and more, we believe the proportionality of moving parts to questions is lopsided.
With one round of earnings calls in 4Q19 left prior to CCPA’s effective date in January 2020, we suggest analysts start asking management questions before it is too late. In the meantime, any investment theses that rely on regulatory certainty should be partially discounted.
Request a demo today to find out how you can analyze earnings call transcripts and other financial documents with our text analytics platform. Spot outliers, identify critical insights, and understand key drivers.
Our team at Amenity Analytics looks forward to meeting with business and Fintech leaders participating in several events this month. From New York to Last Vegas and London we are in for a busy month. Visit our Events page for more information and stop by our booth if you're in attendance.
This communication does not represent investment advice. Transcript text provided by S&P Global Market Intelligence.
Copyright ©2019 Amenity Analytics.
Keep up to date with our analyses and how we're making changes.