The International Who’s Who of Internet, e-Commerce & Data Protection Lawyers has brought together three of the leading practitioners in the world to discuss key issues facing lawyers today.
Kemp Little LLP
Who’s Who Legal: Internet security and data protection have been high on the agenda in recent months. Have you seen an increase in demand for counsel in these sectors, and what new issues do you predict for the future?
Richard Kemp: Yes, IS and DP are both areas where demand continue to grow quickly. Media focus on lost laptops, hacking and privacy issues generally ensure both continue to get the CEO’s and so the Legal Department’s attention. Computer power through the internet means that individuals’ personal data can be used increasingly specifically – for example in the commercial sector for credit history or to target ads; and in the public sector where HMG databases are joining up (eg, about a person’s health, tax, employment history). Use of this data raises important policy issues about the boundaries between privacy and counterparty/third party use. We don’t see the need to counsel on the legal issues arising diminishing any time soon.
Rodney D Ryder: There is no doubt that internet security and data protection remain an important concern for organisations and governments of late. Incidents like hacking, electronic fraud, misuse of domain names and electronic mails, violation of privacy and identity theft [impersonation] is at an all time high in India. The need for expert counsel has dramatically risen in recent times.
Another development that we have witnessed is that corporations are now looking for experts in technology law and related matters, even in in-house roles, which is contrary to the earlier scenario. Even more so, there is increased awareness among corporations and professionals regarding Cyber law and related aspects. The most prominent issue are the new Rules on Information Security and Privacy Rules [Information Technology Reasonable Security Practices and Procedures Rules, 2011], under the Information Technology Act, 2000 [the “IT Act”].
Stephen Kines: In Central Europe we see an increased demand for counsel in security and DP on two levels. The first is the compliance side along the lines that Richard outlines for the UK. As the countries in Central Europe (depending on your definition of CE of course) are all now EU countries then the issues are similar although the enforcement is different. For example regulators and courts in certain high-profile cases, such as against Google, have taken different approaches and thus clients can not take a one-size-fits-all strategy for the way they conduct business in the EU. Secondly, Central Europe has a very strong technology development culture that create some of the security solutions that clients need to comply. Initially these companies are start-up and Central European business culture does not immediately lend itself to hiring specialised counsel, but if these solution providers are to service multi-nationals then they need counsel that understand the requirements.
WWL: What are the most recent regulatory changes in your jurisdiction, and what effect are they having on the advice you give to clients? Are there any impending changes in the pipeline?
Richard Kemp: Current regulatory changes are in two flavours - generic and sector specific. Generally, hot issues in privacy include ICO’s enforcement powers, international transfers, online/cookies and data security; and competition authorities are continuing to get their teeth into sectors like search, financial market data and e-books. In particular sectors, access to and use of transparency pre- and post- trade data in financial markets is an evergreen issue, as is the encroachment into day to day operations of anti-terrorist regulation in the transportation, financial and consumer sectors.
Rodney D Ryder: Mobile marketing has been, recently, regulated by the Telecom Commercial Communications Customer Preference Regulations, 2010, which mainly deals with unsolicited Calls or SMS’s. New ‘Rules’ have been notified under section 43A of the Information Technology Act, 2000 [Amended in 2008], which deals with reasonable security practices and procedures with respect to handling, collection and storage of sensitive personal data or information, or both. In reference to the rules, government has come with a clarification for the sake of easy and non-conflicting interpretation of the rules with respect to outsourcing industry. Apart from the general review of the rules, clients are advised about two important additions, which are the now mandatory Privacy and Information Technology Compliance. The Privacy Bill, 2011 is in the pipeline and almost on the verge of being passed by the Indian Parliament, advisories have been issued to various clients informing them about the basic structure of the Bill.
Stephen Kines: Again I would echo the issues that Richard raises, as well as Rodney regarding mobile marketing, since these kinds of developments tend to take a more global scope than anytime in the past. Central Europe is like India in that we have a heavy mobile-dependency as we never had reliable fixed solutions (I am sure some Brits would say neither did they but would leave that for them to debate!). Central Europe tends to be quite populist due to the nature of our frequent elections and almost constant minority governments and so hot issues are those that are most bothersome to the consumers, which means anything infringing on privacy and excessive marketing that borders on harassment. As we advise corporate counsel in the telecom, media and technology sector in Central Europe as well as law firms that are seeking to expand their service offering in Central Europe, our advice is always to be careful of the disconnect between the level of legislation you can read about and having someone who actually knows how it is being applied in practice, as in that we are often years behind our western European colleagues.
WWL: Which technological developments have prompted the greatest levels of work in recent times? Do you see any other areas becoming busy in the coming years?
Richard Kemp: The following are, and we believe will continue to be growing areas:
• The cloud - as service-based, scalable, shared, metered use computing over the internet reaches its inflection point, we’re seeing rapid growth in demand on the supplier, developer and customer sides of the table.
• Open source - now in the mainstream, attention is shifting to managing from risks of use.
• The internet - it’s everywhere and growing: online retail sales in the USA are growing at 15 per cent a year and account for 5 per cent of the total.
• Outsourcing - less big deals, more a day-to-day operational business tool.
• Data - first hardware and now software are commoditising, so data becomes the competitive differentiator.
Rodney D Ryder: The greatest technological developments, of late, are:
Cloud Computing - It is a common consensus that India will play an important role in the growth of cloud computing in the coming years. According to a Gartner survey, Indian companies expect to adopt new cloud services in 2011 much faster than originally anticipated, with two-thirds of CIOs expecting the majority of IT to be running in the cloud within the next four years. We advise several clients on legal issues in the ‘cloud’. IDC has reported that the Indian cloud computing market would grow at a CAGR of 40 per cent by 2014, and to become a US$3 billion market by 2015.
Domain Names and Internet Addresses – The launch early next year of the ‘new’ Indian language Domain Names gives tremendous opportunities for brands and their marketers to reach the untapped non-English speaking Indian market. Our firm, Scriboard, is advising the Ministry of Communications and Information Technology, government of India on the Domain Name Dispute Resolution Procedure for the Indian Language Domain Names.
Telecommunications – An impressive growth story in India! A number of interesting legal and economic issues from one of the fastest growing markets in the world.
Stephen Kines: In Central Europe we see a growth of Nearshoring, which often may be a complement to the outsourcing further East where there is a requirement to reduce country risk factors or tap into a closer home base. From a consumer perspective there is only now beginning to be the take-up of credit cards and a system of on-line trust that allows for B2C to take hold in a serious way. As a price-sensitive market, open source is a real option and cloud computing provides a better way to deal with the various sizes and needs of a business at its various stages of growth.
WWL: What challenges are presented by the inherently international nature of Internet and e-commerce law? Are clients requiring a greater international capability from their law firms?
• IP rights tend to be national and the internet international - tension compounded by the pace of technology change and the perceived slowness of the legal response.
• Adequate protection of consumers in this world.
• Transborder data flow and data protection and security issues.
Rodney D Ryder: The imminent challenges are:
• implementing the law pertaining to transborder data flow, data protection and internet security;
• immoderate technological advancement and the lack of legal preparedness at state, national and international level;
• lack of awareness and co-ordination among governments and professionals; and
• lack of a universally applicable and uniform structure of Intellectual Property Laws.
Yes! Clients do prefer to reach out to law firms that regularly review the Internet Security and Data protection on a global scale and have international or cross-border expertise. Our firm, for instance, advises clients in Nepal, Bhutan, Bangladesh and Sri Lanka. The firm has assisted the People’s Government in Nepal in the drafting and preparation of the Electronic Commerce law. The firm advises the office of the Attorney General of Sri Lanka on Technology and Intellectual Property matters. In addition, the firm acts as legal advisor to the Computer Association of Nepal [CAN], the Nepal Supreme Court and the Nepal Telecom Authority [NTA].
Stephen Kines: Clients want pragmatic, cost-effective solutions that do not require tailoring to every little jurisdiction. If a jurisdiction gets too complex then sometimes it is easier for them to exclude the jurisdiction from their service area as the economies of Central Europe do not justify a huge investment with perhaps the exception of Poland. Counsel therefore need to have a dual role in that they need to be creative to realise that internet and e-commerce law is always evolving and never clearly domiciled in one country. I once was asked by a client to review three legal opinions they purchased on the same issue (this was of course before 2008...) regarding taking their business online and all of the legal opinions explained why under the local law it was not possible for the client to execute the business online, but not one lawyer addressed the issue that it may not even come under the local legislation if the business was structured in a way that local law did not apply (server location, target market, staffing, corporate structure and the like). Secondly, if governments are out of line lawyers need to step out of their billable hour role and apply pressure to governments to be business-friendly. The really superb lawyers will take it further and educate the government before it takes the wrong path but for that they need to know what the right path is and that means being switched on to the wider international trends.