The TMT 2019 guide provides expert legal commentary on key issues for businesses. The guide covers the important developments in the most significant jurisdictions.
Last Updated: February 22, 2019
Another year of disruption behind us, another one ahead. New legal frameworks, new business models, new technologies. Nowhere is this pattern clearer than in the TMT sector, which encompasses a mixture of products and services all related to information and communication.
2018 was marked largely by data protection, with the EU’s General Data Protection Regulation (GDPR) dominating the conversation, followed by other legislative initiatives such as the California Consumer Privacy Act (CCPA), new guidance under the Cybersecurity Law of the People’s Republic of China and the Brazilian General Data Protection Law. There were scandals, hearings and breaches aplenty. Yet 2019 is shaping up to surpass even that, with the first large GDPR-related fine handed down and many investigations and legal proceedings pending.
There have also been further discussions on net neutrality, freedom of expression and the use of technology to influence public debate. Social media politics has become the hallmark of a new kind of policymaking, replacing television addresses when it comes to mass communication. What is more, with renewed tensions regarding access to information, in 2019 we will see whether new rules on online media in the European Union might have an influence on their availability and profitability.
Revolutions of this kind used to come more infrequently; today, there are new ones almost daily. Throughout it all, technology influences law and law influences technology.
For any person not within the sector, and sometimes even for those who are, it is difficult to remain up to date on even the major developments – both technological and legal. For this reason, the Chambers and Partners TMT Guide for 2019 aims not so much to paint a broad picture, covering all possible aspects of the TMT landscape, as to be topic-driven, giving insights into some of the most frequent questions with which lawyers and in-house counsel will be confronted in this era of permanent disruption.
In certain countries, everything is ‘cloud’ nowadays. Your television, your music, your wallet, your relationships. Your work documents, your professional contacts, your communications, your software.
For consumers, there is often a trade-off to be made between availability and control, with licensing replacing ownership. For organisations, a decrease in costs generally goes hand in hand with higher security standards – as well as provider-dependency.
The legal implications can be diverse, from sector-specific regulations on availability and liability to broader data protection considerations.
With cryptocurrencies as their leading use today, the case for the use of distributed ledgers outside of (and even within) the financial sector is still being made. Yet if you are presented with a ‘killer app’ for blockchain, what legal challenges will you face?
Risk and liability, intellectual property, data protection, service levels, jurisdictional issues in relation to the relevant contractual relationships – this TMT Guide strives to provide a taste of how to deal with these issues.
Big Data, Machine Learning and Artificial Intelligence
While waiting for the reveal of the killer robot, we have allowed digital assistants to invade our workplaces and homes. Completing an unfinished symphony by a revered composer, carrying out predictions of shopping patterns, learning board games on their own – an increase in the capabilities of machines has created possibilities deemed unthinkable just a few years ago.
For businesses, big data promises a better understanding of their customers and patterns; for consumers, fewer undesired distractions.
Big data, machine learning and artificial intelligence also raise important societal and legal questions ranging from liability and insurance, data protection and intellectual property to even jurisdiction and fundamental rights. While few businesses will yet be examining whether algorithms also have fundamental rights, there are more immediate concerns they may wish to consider.
Internet of Things
‘IoT’ is a small acronym for something so large. After our computers and mobile devices, everything in our home and workplace is becoming ‘connected’. Energy-providers are keen to roll out smart meters, and automobile manufacturers are becoming service-providers by adding connectivity to their (manual or self-driven) vehicles.
With everything connected to the Internet, meteorology has never been so accurate; yet our fridges have never been so dangerous, exploited en masse to wage war on digital targets.
Aside from data protection, some of the legal keywords become more technical, such as machine-to-machine communications, communications secrecy and cybersecurity. Any project in this field requires careful consideration and sound legal review.
IT Service Agreements
In a global world, organisations have a broad range of providers to choose from. In some countries or regions, though, choosing a local provider means that the foreign organisation must contend with specific rules.
If data cannot leave a given provider's country, is it as interesting to work with that provider? Some legal restrictions can be very specific, such as restrictions on price-revision mechanisms. All in all, it may be best to be informed of local requirements before even making a selection.
Employee performance reviews, business strategies, customer lists, etc – every organisation has data, and much of it is personal data. Business information may be confidential, but it is not necessarily protected as such by law; personal data can be trivial, but failing to protect it can give rise to fines.
Data protection is not just about placing a short document on a website. It is a mindset: thinking why an organisation needs certain data, and what it will do with that data. Sometimes, this requires in-depth data protection impact assessments or even consultation with data protection authorities.
Monitoring and Limiting of Employee Use of Computer Resources
Monitoring employees is nothing new, but the techniques for doing so are constantly evolving. Location-tracking for drivers, country identification for workers posted abroad, monitoring of social media use within an organisation – the digital surveillance of employees can take many forms. What is more, this surveillance can have a range of purposes: factory productivity improvements, anticompetitive conduct prevention, tax administration facilitation, etc.
From broad rules in relation to data protection to specific rules on employee monitoring, there are many aspects to contend with, and it may in certain cases be necessary to carry out in-depth assessments or even to obtain approval from works councils before any project can be rolled out.
Scope of Telecommunications Regime
Once, ‘telecommunications’ rules would have been considered to apply only to large incumbent telephone and radio operators. Today, voice-over-IP and instant messaging solutions have become commonplace in organisations, sometimes even in interactions with customers. Finally, many retailers and product manufacturers have adopted technology-powered labelling in the form of RFID tags.
Yet the use of some of these means of communication or technologies can trigger the application of a strict regulatory regime, even requiring administrative fees in certain cases. While this regime does not represent an insurmountable cost or effort, it is worth considering its application in all such projects.
Audio-visual Services and Video Channels
Today, every organisation can have a digital communications channel, from podcasting to video channels, a realm once reserved to large content providers. Yet where this is more than a one-off video, the creation of a structure and frequent addition of content can trigger the need to apply for authorisations with the local regulator.
It is therefore important to know whether rules on audiovisual services also apply to online video channels, even on third-party websites featuring user-generated content.
Security of information can be achieved in a number of ways, notably encryption. This particular form of data manipulation is often believed to be the ultimate information security measure. Yet not all encryption is created equal, with certain algorithms being stronger than others by their very nature, and some even having been broken.
In an era of breaches involving billions of user credentials, though, encryption remains a gold standard. In this context, it is important to know whether it is ever required or recommended by law and, if so, for what purposes.