Research: Trends and Conclusions: Information Technology 2013
In 2013 more data was produced than ever before; the age of “big data” has made this area of law an integral concern for businesses and corporations worldwide. As businesses utilise new methods of reaching customers, expert counsel in this area has become a necessity. The pace of change and the convergence of new media in the IT space have made this an increasingly complex sector, encompassing many fields of law. Over the last 12 months many practitioners spoke of this area as developing quickly and becoming increasingly specialised and this publication, previously entitled The International Who’s Who of Internet, e-Commerce and Data Protection Lawyers, has been renamed The International Who's Who of Information Technology Lawyers to reflect the increasing scope of this practice area. In this article we examine these issues and identify some of the key trends affecting the IT legal marketplace.
Data Protection, Privacy and Security – “Data as an asset”
Data protection, privacy and security have become key concerns not only for businesses but also for individuals. Recent events surrounding the US National Security Agency’s PRISM programme have pushed these issues once again to the top of the media agenda. With information now seen as an “asset” or “property” and regulatory scrutiny growing in turn, big business is all too aware of the importance of compliance as a key component of business strategy. It has become, in the words of one practitioner, “an established boardroom issue” and was one of the most frequently mentioned topics during our research. As in last year’s edition, the EU data protection regulation and directive remains an ongoing concern, although with estimates that it will not come into force until 2015 its impact remains to be seen. However, in many jurisdictions, clients are taking a proactive approach.
Data transfer has been a major focus. The question of which region’s legislation should apply when data can be moved at the touch of a button is a complex one. As one practitioner remarked, “Technology doesn’t care about geography – but the law does.” Multinational clients have increasingly sought compliance advice with many practitioners reporting this as a major focus of their practices over the last 12 months. Privacy is also seen as major priority. Businesses involved in e-commerce are compelled to take privacy considerations into account when they develop and roll out products, with legal counsel becoming a part of the product development process at an early stage. This proactive approach is reflected by a similar stance taken by regulators in relation to enforcement. In Brussels, one firm reported that their clients received compliance questionnaires at the early stages of data-related projects. The formulation of new legislation and guidelines in foreign jurisdictions is also driving work on compliance. In Hong Kong, new guidelines on an individual’s right to opt out of direct marketing propose financial penalties of up to HK$1million, should a company sell an individual’s data to a third party without prior consent. PRISM has led many to call for a tougher stance on privacy, and balancing the interests of government and business with the individual is a major talking point at present, as demonstrated by the EU’s proposed “right to be forgotten”. During our research, lawyers both in Europe and the US questioned whether such a balance of interests was realistic or even possible and reported a rise in litigation over companies using data without an individual’s permission. At the time of writing, a senior adviser to the European Court of Justice argued that a major search engine was not responsible for an individual’s private data appearing on the web. This is likely to remain an area of some contention which will continue to be played out in the media.
The prevalence of these issues in the press has caused clients to consider the reputational aspects relating to protection, privacy and security. Over the last few years, cyber breaches to online companies have become major news stories and brands are looking to lawyers to advise on what can be done to protect against them. In many ways the role of legal counsel has increasingly shifted into the area of risk mitigation. The question to lawyers in this case has moved from “What if it happens?” to “When it happens, what measures can be taken?”
Outsourcing and Cloud Computing
Outsourcing has remained a mainstay of IT practices over the last 12 months. A prevalent trend in this area has been towards the “cloud” with many practitioners mentioning a preference of their clientele to favour cloud solutions for storing data. Indeed, lawyers in some jurisdictions, such as South Africa, Belgium and Australia, spoke of a surge in cloud related work for 2013, whilst others in the UK noted that it has been a prominent focus for clients for some time. Despite the difference of opinions, it can be said that with companies possessing more “big data” than ever before, the utility and cost-effectiveness of the cloud has become very appealing.
Whilst the cloud is certainly a viable solution concerning data capacity, there are areas where there are legal questions for clients. Concerns over data protection and security have had a major impact with clients seeking advice on whether to adopt a public or private cloud. In the UK, one firm noted a surge in the adoption of public clouds due to the economic climate. Furthermore, there are issues for lawyers on how local regulation should apply to cloud deals. Many practitioners also had a difference of opinion on the speed of such deals. Whilst one lawyer in the UK spoke of the appeal of “quick and easy off-the-shelf” solutions for clients, one practitioner in Silicon Valley remarked that, in the US, cloud deals are taking longer to push through because of concerns over data protection and security.
As a result, traditional outsourcing agreements continue to be a busy area within the IT space. In Spain, the consolidation of local banks has led to renegotiation of outsourcing contracts, and larger banks are negotiating to secure reliable IT services for next few years. In the UK, many lawyers reported a developing trend in business process outsourcing (BPO) which is increasingly becoming an IT-enabled service within the financial services sector. There is also an increasing trend regarding a “pressure to automate” in outsourcing deals, involving remote infrastructure management. Client outsourcing agreements can now include a large chain of vendors, and there has been a rise in the popularity of service integrators to pull them all together.
Some lawyers reported a trend in suppliers offering unlimited storage as a way to keep customers. While unlimited capacity is beneficial for clients, it is not an unmixed blessing should they ever wish to transfer to another supplier as the volume of data will be so large that the cost of switching is likely to be prohibitive.
New innovations in technology have continued to shape and drive work for lawyers in this practice area over the last 12 months. Internet-based companies are finding new ways in which they can both gather and interrogate “big data” in the pursuit of their e-commerce goals. Clients in all sectors have become “technology companies” looking to utilise data. Our online habits, activity on social networks and contacts have become central to businesses and many lawyers reported clients coming up with ever more creative ways of using existing data sets involving new tools and technology. In response lawyers are being asked to design complex legal strategies for client data assets which ensure compliance and incorporate a risk strategy and at the same time fulfil client objectives. Companies and individuals are only starting to realise the value of their data.
Questions over customer segmentation have been a major focus for many. Lawyers reported a recent surge in work from clients in the health industry looking to utilise online sales statistics in order to drive products and services. Customer profiling continues to be a major focus, with some businesses utilising visual quizzes in order to build up a complete picture of customer preferences. Affiliate/partnering agreements are also a dominant trend. Clients within the online gaming and gambling sectors are increasingly looking to target new customers through banner placements on affiliate websites offering a share of profits from any new business. Contract law is a key area for the e-commerce lawyer in this respect as businesses use more and more innovative ways to increase profits.
E-payment methods and e-wallets are also frequently mentioned topics. Technological convergence over the last few years has seen this become a hot area. Practitioners are having to be aware of what terms and conditions should apply to such payment methods, and this area was deemed to be “heavily lawyered” due to its complexity and relative novelty.
Development and innovation in technology has seen products increasingly targeted towards our online preferences and surfing habits raising new questions over privacy. Online behavioural advertising has become commonplace among e-commerce vendors. On the one hand, targeted advertising can be considered mutually beneficial for both the company and customer; but as individuals have become increasingly aware of their online value, there is what many lawyers termed “the freak-out factor”. Privacy fears over new products such as Google Glass illustrate this. Developments in legislation continue to readjust the legal playing field in which online companies can operate. At the time of writing, new rules in the Children’s Online Privacy Protection Act (COPPA) will readjust the information which can be collected from children under 13 online in the US. This has been met with opposition from some major online players with an argument that children will miss out on online child-friendly services and new apps as a result. As the debate is sure to continue, lawyers are sure to be called upon to ensure compliance with the new rules.
Legal Marketplace Summary
During the course of our research, practitioners in this sector spoke of a market sentiment that was “relatively positive”. As a result of developments in the aforementioned areas, particularly data protection, many firms are seeking to build their IT practice in order to capitalise on the demand for advisory work. In the words of one practitioner it is a “topical issue” at present and there has been some lateral movement with lawyers at established firms being headhunted for their expertise in this field. Leading data protection specialists are also being lured in-house by major online brands. At present the picture is that of increasingly competitive market. Boutiques continue to flourish serving smaller start-up companies and have actively sought to pursue and “poach” clients from major players. With fewer overheads such firms are able to provide services for a fraction of the cost.
In general there is a trend in this area, as there is in most these days, of clients seeking to use lawyers more efficiently and counsel having to work harder for their fees. Businesses with in house-legal teams are seeking advice on only the most complex issues which is also reducing the scope of work for some firms. A reported additional trend is growing competition from legal consultancies. A lot of clients with in-house legal teams are hiring such lawyers on one-off IT-related projects. The increased level of competition has led to surge in marketing activity from firms. More firms are trying to position themselves as specialists, if not in relation to wider IT law than certainly in data protection and privacy. This has taken many forms, most notably online blogs on the latest regulatory developments which are bringing issues into an increasingly social context. With further regulatory developments on the horizon, the outlook for lawyers within the IT space is certainly positive for the year ahead.