TMT 2020 features 21 jurisdictions. TMT provides insight into cloud computing, blockchain, AI, Internet of Things, big data, IT service agreements, telecommunications, data protection principles and encryption requirements.
Last Updated: February 21, 2020
New legal frameworks, new business models and new technologies – nowhere is the impact of technical evolution clearer (and more potentially disruptive) than in the technology, media and telecom (TMT) sector, which encompasses a range of products and services related to information and communication.
Last year, 2019, was notable largely for data protection issues, with the EU’s General Data Protection Regulation (GDPR) continuing to dominate the conversation and the first fines being issued by several national data protection authorities.
Technology wars (for example, between the USA and China) and strategic discussions focused on the development and roll-out of 5G technologies, among other matters. Also, AI and robots remain an increasing trend; for example, more than 750 million edge AI chips performing or accelerating machine-learning tasks on-device, as well as more than 1 million robots for enterprise use, are expected to be sold in 2020. This will continue to challenge existing legal frameworks and traditional thinking paths: throughout it all, technology influences law and law influences technology.
For any person not within the sector – and sometimes even for those who are – it is difficult to remain up to date on even the major developments, both technological and legal. For this reason, the Chambers TMT Guide for 2020 aims not so much to paint a broad picture, covering all possible aspects of the TMT landscape, as to be topic-driven, giving insights into some of the most frequent questions with which lawyers and in-house counsel will be confronted in this era of permanent change.
Nearly everything is "cloud" nowadays – your television, your music, your wallet, your work documents, your professional contacts, your communications, your software, even your relationships.
For consumers, there is often a trade-off to be made between availability and control, with licensing replacing ownership. For organisations, a decrease in costs generally goes hand-in-hand with higher security standards – as well as provider-dependency.
The legal implications can be diverse, from sector-specific regulations on availability and liability to broader data protection considerations.
With cryptocurrencies as currently their leading use, the case for the use of distributed ledgers outside of (and even within) the financial sector is still being made. Yet if you are presented with a "killer app" for blockchain, what legal challenges will you face?
Risk and liability, intellectual property, data protection, service levels, jurisdictional issues in relation to the relevant contractual relationships – this TMT Guide provides a taste of how to deal with these issues.
Big Data, Machine Learning and Artificial Intelligence
In the past few years, we have allowed digital assistants to invade our workplaces and homes. From completing an unfinished symphony by a revered composer, to carrying out predictions of shopping patterns, and learning board games on their own – an increase in the capabilities of machines has created possibilities deemed unthinkable just a few years ago.
For businesses, big data promises a better understanding of their customers and patterns, while for consumers, big data may involve a number of undesired side-effects (for example, when being subject to profiling or automated decision-making on the basis of all data gathered).
Big data, machine learning and artificial intelligence also raise important societal and legal questions ranging from liability and insurance, data protection and intellectual property to jurisdiction and even fundamental rights. While few businesses will yet be examining whether algorithms also have fundamental rights, there are more immediate concerns they may well wish to consider.
Internet of Things (IOT)
IoT is a small acronym for something so large. After our computers and mobile devices, everything in our home and workplace is becoming "connected". Energy providers are keen to roll out smart meters, and automobile manufacturers are becoming service providers by adding connectivity to their (manual or self-driven) vehicles.
With many of our devices (eg, fridges, lights, watches, etc) connected to the internet, the security risks are increasing because of the vulnerability of such devices. Hackers no longer have to directly target laptops or PCs, with stronger in-built security features, but can rather attack IoT devices, which are often not properly secured, in order to compromise an entire network and access all devices connected to it.
Aside from data protection, some of the legal key words have become more technical, such as machine-to-machine communications, communications secrecy and cybersecurity. Any project in this field requires careful consideration and sound legal review.
IT Service Agreements
In a global economy, organisations have a broad range of providers to choose from. In some countries or regions, though, choosing a local provider means that the foreign organisation must contend with specific rules.
If data cannot leave a given provider's country, is it as attractive to work with that provider? Some legal restrictions can be very specific, such as restrictions on price-revision mechanisms. All in all, it is invariably best to be informed of local requirements before making a selection.
Employee performance reviews, business strategies, customer lists, etc – every organisation has data, and much of it is personal data. Business information may be confidential, but it is not necessarily protected as such by law; personal data may at first sight appear to be trivial, but failing to protect it can give rise to fines.
Data protection is not just about placing a short notice on a website. It is a mindset: it is thinking why an organisation needs certain data, and what it will do with that data. Sometimes, this requires in-depth data protection impact assessments or even consultation with data protection authorities.
Monitoring and Limiting of Employee Use of Computer Resources
Monitoring employees is nothing new, but the techniques for doing so are constantly evolving, as are the laws detailing what is permissible in terms of personal privacy. Location-tracking for drivers, country identification for workers posted abroad, monitoring of social media use within an organisation – the digital surveillance of employees can take many forms. What is more, this surveillance can have a range of purposes: factory productivity improvements, anticompetitive conduct prevention, tax administration facilitation, etc.
From broad rules in relation to data protection to specific rules on employee monitoring, there are many aspects to contend with, and it may in certain cases be necessary to carry out in-depth assessments or even to obtain approval from works councils before any project can be rolled out.
Scope of Telecommunications Regime
Once, telecommunications rules would have been considered to apply only to large incumbent telephone and radio operators. Today, voice-over IP and instant messaging solutions have become commonplace in organisations, sometimes even in interactions with customers. Finally, many retailers and product manufacturers have adopted technology-powered labelling in the form of RFID tags.
However, the use of some of these means of communication or technologies can trigger the application of a strict regulatory regime, even requiring administrative fees in certain cases. While this regime does not represent an insurmountable cost or effort, it is worth considering its application in all such projects.
Audio-visual Services and Video Channels
Today, every organisation can have a digital communications channel, from podcasting to video channels, a realm once reserved for large content providers. Yet, where this is more than a one-off video, the creation of a structure and frequent addition of content can trigger the need to apply for authorisations with the local regulator.
It is therefore important to know whether rules on audio-visual services also apply to online video channels, even on third-party websites featuring user-generated content.
Security of information can be achieved in a number of ways, notably encryption. This particular form of data manipulation is often believed to be the ultimate information security measure. However, not all encryption is created equal, with certain algorithms by their very nature being stronger than others, and some even having been broken.
In an era of breaches involving billions of user credentials, though, encryption remains a gold standard. In this context, it is important to know whether it is required or recommended by law and, if so, for what purposes.