Analysts and Executives Silent on California Consumer Privacy Act

Looking ahead to the next wave of earnings calls, we suggest extra attention is due to the tech regulation frontier and recent developments in data privacy law. In complex political and economic times, we expect there to be some noise to sift through in the coming months. However, we believe the lack of focus on the latest iteration of data privacy reform already on the books could pose risks to certain investment theses.

Please note: This in no way represents investment advice. All transcript text provided by S&P Global Market Intelligence.

Historical Context

Last year saw a tectonic shift in global data and privacy regulation with the roll out of the EU’s General Data Protection Regulation (GDPR). A frenzy of interest was lasered in on how companies would respond to a paradigm shift in the treatment of personal information upon which an entire industry had been built. True to form, Amenity’s NLP models detected a ramp up and then spike in GDPR-related questions in earnings calls prior to the regulation’s effective date in May 2018.

This year, markets face the roll out of the California Consumer Privacy Act (CCPA). CCPA passed in July 2018 and is slated to take effect in January 2020. It is the closest approximation to an American response to GDPR, and yet the differences between the policies will complicate matters for firms that must comply with one or both. The operational challenges for firms with diverse user bases across global footprints are considerable. Just under four months from CCPA’s implementation, the absence of focus on the legislation’s consequences is problematic.

Quantifying the Commentary Gap

We used Amenity’s text analytics platform to visualize this trend in the figure below by querying GDPR questions asked of S&P 500 executives on earnings calls between 4Q16 and 3Q19. GDPR ambitiously rethinks data privacy rights on a global basis, granting users greater control of their data while imposing obligations on organizations that collect, process, and use personal data. Enforcement measures are strict and infractions are costly. Against that backdrop, the spike in focus is warranted and unsurprising:

The figure above also presents the number of questions asked about CCPA. When regulatory shifts pose existential threats to a company’s core business, we expect analysts to put management to the test. When they don’t, we are rationally concerned. Such is the case with the CCPA. Our concern is informed by what we know from the recent GDPR roll out – namely, that analysts questions about data privacy reform triggered high levels of deception in management answers.

Below, we provide aggregated deception scores for all companies with extractions linked to GDPR and CCPA as question topics. We show that questions about data privacy lead to precipitous levels of deception both before and after GDPR’s effective date. In the run up to CCPA’s roll out in January 2020, an absence of questions may be masking similar underlying uncertainty:

Given GDPR as context, we would expect substantially more focus to be paid to CCPA in earnings calls. Against an historical record that shows management teams are deceptive in the face of tough regulatory questions, it is critical for investors to engage in an active discourse now. In the best case, management will have answers. In the worst case, they won’t...

Of S&P 500 companies, only Salesforce and Twitter have been asked questions directly about CCPA. We offer an illustrative exchange from 23 April 2019 below, in which Anthony DiClemente of Evercore ISI puts the question directly to Twitter CEO Jack Dorsey:

  • Jim DiClemente (Evercore ISI):

"...I’m not sure anyone’s asked about regulation, regulation of either privacy or content. One of your peers is increasingly publicly open to government taking a more active role on how social media is regulated. What’s your updated and latest view for investors on regulation? And to what extent is Twitter prepared for compliance with the CCPA rules and regulations for the State of California that take effect in January 2020?"

  • Jack Dorsey (CEO, Twitter):

"In terms of regulation, we’re completely open to regulation where it makes sense… Regulations like GDPR have been a net positive and not just for our service but also for our broader industry in general. It’s added a lot more clarity around privacy and how data is being used on people that we serve, so regulations like that, we do believe, are smart and beneficial to us and also our broader industry. And we’ll continue to look and work with regulators around the world to make sure that, that regulation is crafted in the right way and that we can comply readily."

So much for straight answers... Outside of the S&P 500, Roku’s management team got the question from Oppenheimer’s Jason Helstein on 8 May 2019:

  • Jason Helstein (Oppenheimer):

" are you thinking about the pending privacy legislation, particularly CCPA as it relates to next year, both positively and negatively for the Roku platform?"

  • Scott Rosenberg (Senior Vice President, Roku):

"With regards to your question about privacy legislation, we continue to watch it closely as we've done with GDPR. In general, we're broadly supportive of things that help consumers control what information is shared. As a platform, we have a first-party relationship with our consumers, which allows them to directly communicate their preferences, what information is shared and used. And we think in general this legislation is both good for consumers as well as good for platforms like Roku who got a direct first-party relationship."

In both cases, management provides fluffy answers that tip a hat to regulatory reform while not providing a direct answer to the CCPA question. This lines up with the bigger picture pleadings of tech firms of late, who have asked for comprehensive federal legislation partly to avoid a patchwork of state policies that would be difficult to comply with and partly to protect their competitive moats with even higher barriers to entry. This may be sage strategy, but companies must also deal in reality – CCPA isn’t going away and compliance will be required.

GDPR Compliance  ≠ CCPA Compliance

One plausible explanation for the absence of a robust discussion may be that observers feel confident that GDPR-compliant firms should be well prepared for CCPA. Given the distinct policy differences, this seems to be a strong assumption. Dual-compliance might not be as easy as some believe. CCPA requirements are more stringent than GDPR in some areas and vice versa. With diverging takes on jurisdictional scope, data subjects, personal information, opt-out/opt-in procedures, minors and parental consent, rights of rectification, restrictions or objections to data processing, private rights of action, penalties for violations, and more, we believe the proportionality of moving parts to questions is lopsided.

With one round of earnings calls in 4Q19 left prior to CCPA’s effective date in January 2020, we suggest analysts start asking management questions before it is too late. In the meantime, any investment theses that rely on regulatory certainty should be partially discounted.

Interested running these types of analyses with our platform?

Request a demo today to find out how you can analyze earnings call transcripts and other financial documents with our text analytics platform. Spot outliers, identify critical insights, and understand key drivers.

See Amenity in September:

Our team at Amenity Analytics looks forward to meeting with business and Fintech leaders participating in several events this month. From New York to Last Vegas and London we are in for a busy month. Visit our Events page for more information and stop by our booth if you're in attendance.

Transcript text provided by S&P Global Market Intelligence.

Copyright ©2019 Amenity Analytics. 

No items found.
September 18, 2019

Sentiment Analysis: Updated Regional Bank Uncertainty Ahead of Fed Rate Decision

We follow up on our regional banks white paper, applying our NLP platform to the full set of earnings calls from regional banks this quarter to explore the state of uncertainty before an expected rate cut on September 18th. Our rationale for close scrutiny of regional bank earnings calls holds true since our last publication as we find deceptive commentary indicating there may be underlying uncertainty regarding headwinds to net interest margins.
September 10, 2019

Analysts and Executives Silent on California Consumer Privacy Act

Under four months until the implementation of the California Consumer Privacy Act, Amenity’s text analytics tools detect a concerning absence of commentary in quarterly earnings calls. Against the backdrop of GDPR’s recent history, we would expect significantly more focus in the Q&A between analysts and management teams. We use our platform to contextualize CCPA in the broader context of global data privacy reform.
July 30, 2019

Sentiment Analysis: Regional Banks Shaky Prior to the Fed's Interest Rate Decision

We use our NLP platform to analyze regional bank earnings calls and estimate economic uncertainty in advance of the Federal Reserve’s rate decision. We uncover elevated deception levels focused on margin topics related to interest rates and net interest income, revealing evasive and euphemistic language patterns.
July 24, 2019

Snapchat Earnings: Beyond the Headline a Look at Cost-Price

Snapchat's 2Q19 showed a turnaround moment with beats on user growth and revenue, but a look beyond the headlines through the lens of our text analytics platform shows that while Deception has tapered off SNAP's 1Q18 high, the trend in Cost-Price is worth a closer examination.

Stay Informed: Join Our Newsletter

Keep up to date with our analyses and how we're making changes.