Research: Trends & Conclusions
Statistical claims that 90 per cent of the world’s data has been generated in the past two years can only in part convey how data has become a central socio-economic issue. The leveraging of information and communications technologies is now one of the most progressive ways of increasing productivity and capital. To this end, we can highlight through several major trends the growing role of TMT lawyers in the global corporate environment.
Data Protection and Privacy
The emergence of big data and the globalisation of the tech market have forced new issues into the spotlight. Every time consumers browse the internet, use a social media site or shop online, they are giving away information about themselves to companies and government agencies. The fact that huge amounts of data can be accrued and stored for very little cost has made this information a valuable commodity for tech giants, non-tech start-ups and everything in between. However, since this has brought ethical and legal issues into the forefront of the public conscience through recurrent data leaks, businesses are increasingly determined to demonstrate privacy accountability and consistently apply privacy policies.
The exponential growth of data and the spread of technology have meant that regulations are becoming rapidly outdated. The 10-year-old US–EU Safe Harbor Framework, as outlined by the EU’s original Data Protection Directive, is under massive pressure and no longer commands the necessary amount of trust, particularly after the NSA data leak last year. Indeed, the European Commission has made clear that legislation which “reinforces trust in the market will be a key driver for business growth.” Consequently, the European Commission unveiled a draft European General Data Protection Regulation in 2012 that will supersede the Data Protection Directive this year. Instead of adhering to requirements from 27 individual data protection authorities, organisations will only have to address one set of data protection rules. Other governments have attempted to follow suit the world over. For example, the Australian parliament has passed the Enhancing Privacy Protection Act; and in Canada the potential Bill C-475 is looking to tighten personal information protection and, among other proposals, impose an obligation on businesses to report security breaches. Lawmakers have also tried to unify the US federal and state laws. The Obama Administration’s framework for privacy protection, the Consumer Privacy Bill of Rights, was released in February 2012. However it was largely ignored by Congress; as a result, US state policies continue to contradict each other and there is no single comprehensive law regulating the collection and use of personal data in the world’s biggest tech market. Indeed, respondents point out that data protection and privacy legislation differs widely from jurisdiction to jurisdiction, and it takes increasingly sophisticated legal counsel to navigate the risks involved in the collection and transfer of personal data.
The availability of advanced mobile technology has also presented serious security issues for business data. “Bring your own device” (BYOD) allows employees to use their own smartphones, tablets and storage devices as a platform for their business needs. It has obvious benefits, allowing the use of preferred devices, as well as reducing upfront costs for employers. BYOD is becoming more popular, with Gartner estimating that, by 2018, 70 per cent of employees will conduct their work on personal smart devices. There is a substantial security risk in the encrypting and regulating of a range of personal devices holding company data. Statistics suggest that over half of enterprises engaged in BYOD have had some form of data breach. In an environment where data is ubiquitous, where we can transmit intimate personal and business details from the palm of our hands, 24 hours a day, security presents overwhelming hurdles. Overall, issues in the data protection and privacy market will continue to be a global trend as regulations tries to catch up and even more technologies that share and transfer data emerge.
Cloud Computing and Security
Closely linked to the growing trend of big data and data protection concerns is cloud computing. Due to the enormous processing and storage capacities enabled by the cloud it has become a popular means of processing big data. There are also significant cost and usability advantages associated with moving ICT systems into cloud-based solutions. Hardware and software do not have to be procured and operated by users themselves but obtained as services. Cloud service providers enable users to access and use the necessary ICT resources via the internet. The growing appeal of the technology, combined with the vague legal issues involved in its administration, as well as high-profile data security breaches, have driven the cloud to the forefront of many lawyers’ practices. In the UK the Information Security Breaches Survey 2014, commissioned by the Department for Business, Innovation and Skills, found that 60 per cent of small businesses and 81 per cent of large organisations had suffered a security breach in 2013. It also found that the cost of a security breach has risen dramatically since 2013, with large enterprises paying out sums of between £600,000 and £1.5 million; for small enterprises, figures are between £65,000 and £115,000. Hence, it is no surprise that the report also found 82 per cent of businesses believed security and privacy was a “high” or “very high” priority.
The positives of the cloud, particularly for SMEs, vastly outweigh the negatives. It is a key enabler for growth, productivity and job creation. The European Commission is especially aware of its potential and has found that cumulative economic effects of cloud computing between 2010 and 2015 in the five largest European economies alone are around €763 billon. The cloud economy is growing by more than 20 per cent and could generate nearly €1 trillion in GDP and 4 million jobs by 2020, provided the right policy framework is in place. As a result, the European Cloud Partnership (ECP) is tasked with establishing a “Digital Single Market” for cloud computing in Europe. This will hopefully harmonise the national laws of member states in relation to the location of data, ownership of digital content and fair and transparent rules for access to data. The ECP is also looking to certify trustworthy cloud providers. If the ECP becomes the first legislature to tackle cloud security and successfully engage the industry to adopt better regulation, it could become a good basis for future action amongst businesses and governments.
Outsourcing has always been a mainstay of the ICT sector. In the past it was mainly employed as a cost-saving benefit; however, outsourcing is increasingly a part of strategic ambitions to improve quality and efficiency of businesses. Organisations, both public and private, are employing multiple suppliers with different tower arrangements to improve specialism among different outsourced roles. For instance, at the start of 2014, the BBC announced plans to replace its £2 billion Atos outsourcing deal with a tower model featuring seven contracts. Besides being better value for money, the broadcaster cited three key benefits: increased control over how certain services are performing; increased specialisation for specific services; and greater flexibility. However, as a result, outsourcing agreements are becoming more complex. The disaggregation of large IT contracts has become a significant legal challenge for TMT lawyers, particularly within the intricacies of allocating liabilities among tower contractors. Given the increased sophistication of the client base in the technologies industry, lawyers have to devise creative ways of solving the issues that have arisen from an increasingly complex sector.
Spectrum, the radio waves that telecommunications companies need to offer their services, has become an increasingly important issue. Consumer obsession with increased connectivity, mobility and speed is keeping pressure on the industry. Next year, smartphones and tablets are expected to exceed PCs in internet usage. As a result, there have been concerns raised over spectrum shortages and spectrum interference, which is slowing the potential economic advantages of, on the one hand, increased connectivity for businesses and, on the other, consumer spending. Its heightening value has seen governments hold spectrum auctions to deleverage their debt and boost services, while companies are actively engaged in mergers and acquisitions just to assimilate more spectrum. Respondents have reported activity around the world as telcos look to upgrade to more advanced networks, particularly with the looming prospect of 5G. In India, the Department of Telecommunications is now planning its fifth auction in as many years, which will expect to raise as much as 2 trillion rupees from 2,100MHz, 2,300MHz and 2,500MHz frequency bands. Australia and Austria announced they are “refarming” 2G frequencies, which will increase spectrum for 4G services. In September, Brazil’s three biggest wireless carriers spent 8.5 billion reais buying spectrum to help handle growing demand for high-speed 4G data services. Greece also plans to auction off spectrum this autumn in the 800MHz and 2.6GHz 4G band, aiming to gross upwards of €380 million in the process.
As mobile operators are currently investing heavily in 4G services, experts are aware that it will not achieve the speed, coverage, reliability and performance required in future wireless networks, in as little as five years’ time. The average cycle between two generations of communications infrastructures has until now been around a decade – but with standards for 5G expected well before 2020, it’s quickly shrinking. At the end of last year, the vice president of the European Commission signed an agreement with the 5G Infrastructure Public-Private Partnership. The 5G PPP will deliver solutions, architectures and technologies for the next generation of ubiquitous communication. The EU will look to invest up to €700 million in public funding to develop 5G during its seven-year Horizon 2020 programme. In sum, spectrum issues will continue to drive corporate and government spending in both the short and long term.
The Legal Marketplace
The demand for TMT lawyers has been growing for the last few years. However, the legal market remains relatively small and specialised. The number of lawyers featured in this publication has not sizeably increased since last year’s respective editions, although we do imagine that this will rise more noticeably in the long term. Practitioners we interview have observed that even though the number of lawyers whose practice incorporates some form of TMT work has without a doubt increased, the number of lawyers who can consider themselves specialists has not. Essentially the intricacies and technicalities involved in gaining a comprehensive understanding of the tech market can take many years, or even a lifetime. As one interviewee stated, “I have been interested in tech since I was a child; mastering new technologies is a personal interest, but it is also how I stay ahead as a lawyer.” Even with the recent convergence in the IT and telecoms and media sectors, only 8 per cent of the lawyers in this edition are ranked as leaders in both fields, highlighting the difficulties in specialisation.
As has already been conveyed, clients are perceptibly more nervous about data protection and privacy, as well as being more sophisticated in their transactional and contract demands. These are the main reasons respondents suggest experience is vital for an external counsel in this market. The rationale is also the same for in-house counsel, who are becoming increasingly more sophisticated. Technology companies are also able to recruit some of the best associates, as the culture of practising in-house in the tech sector is particularly appealing. The developments and buoyancy in the tech marketplace has yet to translate itself into a larger field of recognised legal experts at law firms.
The law firms themselves largely mirror this. The major players in the TMT field, such as Bird & Bird, DLA Piper and Baker & McKenzie, have been actively operating in this area since its inception. They have developed a global network of offices that are able to furnish clients with leading cross-border transactional and regulatory expertise in this area. While most other global firms consider this area as a key industry sector, it is largely secondary to corporate and financing practice areas. Indeed, in contrast with corporate areas of law, a large portion of the legal marketplace is dominated by regional and small to medium-sized firms, which have specifically cultivated highly specialised practices in this area. This is highlighted by the fact that 86 per cent of law firms in this edition have only one office listed.
The 63 law firms with between two and four offices are mostly regionally dominant firms, which may have as much as a network of offices within one jurisdiction and perhaps a supporting office in a neighbouring country. According to our research, less than 2 per cent of law firms have market-leading TMT offices based across an international network. For the most part, the industry is based around local and regional law firms who are able to keep cost down and provide the right advice for the best possible price. International expertise is secured by a close network of carefully selected law firms and peers. Global firms are often not a part of this independent network, due to the more likely scenario that they will refer work laterally through their own offices. However, as the TMT market matures and becomes richer there will be greater opportunities for law firms to operate on a global scale. Many medium-sized European firms are already establishing international offices. Nevertheless, the declining cost of setting up a law firm, coupled with the number of highly promising start-ups and SMEs needing price-sensitive counsel, will ensure that local offerings continue to have a presence in the top tier of the legal marketplace.