Clara-Ann Gordon’s practice focuses on TMT, outsourcing, data protection, internal investigations, e-discovery, cloud computing and compliance. In addition to her advisory and transactional expertise, Clara-Ann also represents clients in court proceedings, mediation and arbitration. She regularly publishes and speaks at national and international conferences. She is a former chair of the technology law committee of the IBA; member of the board of directors of ITechLaw; co-chair of IAPP’s Basel/Zurich KnowledgeNet chapter; and president of the Association for IT Conflict Management.
What motivated you to specialise in data privacy law?
As data is increasingly recognised as the distinctive asset in our digital age, more and more companies are aspiring to capitalise on this new gold. Data has become an asset. Data can make companies very valuable. I think it is challenging and inspiring to navigate between, and balance, the rights of the data subjects against the interests of the controllers (companies).
What are the most exciting new developments in data law and technology?
A lot of new technologies are popping up, and I think a lot of encryption technologies, forensic tools, and anything that deals with the processing of data is becoming more and more important. As data lawyers we cannot just look at the legal side of data protection, we also must look at these new tools which can help us. The internet and the exchange of data is global but our laws are very national. Any criminal prosecutions that are cross-border take too much time today and this is an area in which we need to improve. If you are trying to get data from different servers worldwide this can take time. This is an area where new international conventions could speed up things.
To what extent does Switzerland match what the EU does in data, or diverge from it? Will this change?
Due to the heavy cross-border transactions between Switzerland and its European neighbours, it is crucial for Switzerland to receive the adequacy decision from the EU, according to which the Swiss Data Protection Act provides an adequate level of protection. Hence, the Swiss Data Protection Act is currently being revised and will be, it is assumed, over 80 per cent aligned with the provisions of the GDPR. There are some so-called “Swiss finishes”, where Switzerland will introduce stricter or different rules. One of these “Swiss finishes” are the fines that are lower than those under the GDPR – 250,000 Swiss francs. However, they are imposed on the individual and are therefore ad personam.
How is the role of data lawyers changing in the context of cyberattacks?
In Switzerland we are currently experiencing a massive ransomware attack wave. Clients are seeking more and different ongoing support, including support of management and CIO. Much more than just informing the data protection authorities, the clients would like to have a sparring partner at their side to discuss a holistic approach.
How does Niederer Kraft Frey’s data group stand out from competitors in the market?
The diversity and broad experience has enabled Niederer Kraft Frey to take on work in a number of specialised areas including sport-related issues, broadcasting rights, data privacy and the internet of things. The corporate background and the specialisation in technology and data protection, combined with the strengths of Niederer Kraft Frey’s other practice groups, give clients access to a broad range of expert knowledge. In such a quickly evolving field as data protection and technology, our lawyers keep abreast of developments through being active members of industry groups. Innovation and keeping at the forefront of developments are key. This is made possible by the excellent network of international law firms (through cross-border collaborations on transactions) and networks in the technology sector.
How have auditing firms and other service providers affected the competition in the Swiss market for data privacy and protection work?
Audit firms and other service providers are a serious competition to us lawyers in Switzerland, since they are often, due to their audit work, very close to the client. Moreover, these firms often have excellent software tools that assist them in their data protection audits and work. Nevertheless, we still think law firms offer a more holistic approach (eg, tax, corporate, litigation, regulatory, etc) when advising on data protection matters, which is beneficial for the clients.
How would you like your practice to develop over the next five years?
Data and technology play a main role in almost all sectors. I look forward to seeing best practices developing and the laws adapting to enable new technologies and the protection, and also the free exchange and transfer of personal data.
What advice would you give to young women lawyers hoping to be in your position in the future?
Being a lawyer and being a partner in the technology and data protection field is a very good profession for women. Especially nowadays, with technologies, you can work from anywhere: you can work in the office; you can work from home, which gives you a lot of flexibility – especially if you want to have a family and a career. Our profession is really excellent in this regard.
It’s a long track until you become a partner, and you need to have stamina, but in the end you have your own business, your own business case, and can develop from there. It is a long way but it’s absolutely worth it.