Roundtable: Internet, e-Commerce & Data-Protection 2010
We bring together four leading lawyers in this practice area from Brazil, the US and Europe discuss keeping up with technological advancements, regulatory changes, emerging markets and working on international projects and cases.
Participants
Paulo Brancher
Barretto Ferreira Kujawski e Brancher (BKBG)
Brazil
IT Law Group
USA, CA
ROWAN LEGAL sdruzeni advokatu
Czech Republic
Matheson Ormsby Prentice
Ireland
Who’s Who Legal: Internet and e-commerce is a fast moving practice area that has undertaken significant technological change over the years. How do you keep up to date with these technological developments and what difficulties does this create?
Paulo Brancher: Above all, I really like technology, and to be aware of the new trends, softwares, devices, services, etc. Each time there is news regarding these matters, legal issues regarding data protection, licensing, tax and so on arise. I am a member of many national and international technology related associations, which helps a lot.
Zbynek Loebl: I try to follow the latest developments in the areas of which I have been focusing in the long-term, which are online dispute resolution and internet domain names; fortunately, both these areas are quite wide and relate to issues like authentic electronic documents, e-commerce regulation, IP rights, cybersecurity, internet governance etc. The best approach on how to keep up-to-date with the latest developments is to be part of such developments.
Don McAleese: Yes, this can be a challenge. However, it does help when you have a strong interest in how technology is changing and evolving (it is a nice distraction from the law!). I subscribe to quite a number of technology publications and news services. I also participate in a number of technology industry groups.
Francoise Gilbert: Since my practice focuses on information privacy/security and cloud computing, I am interested in those technology developments that are associated with cloud computing, or that may cause privacy or security concerns.
With respect to my privacy/security practice, I am always interested in new developments with consumer products or services because they usually raise numerous information, privacy and security issues. I follow new business trends through reviewing the news that I receive through RSS feeds from technical press such as Techdirt, Techcrunch, and Wired. I try to attend trade shows regarding a particular industry, such as the upcoming CTIA, in San Francisco, to walk around and see the new products, or to attend technical or business presentations during the show. I am also a member of several LinkedIn groups that gather individuals interested in new technologies. Some of these groups are very active, and provide opportunities to read about new technologies.
For technical developments in cloud computing I rely on the Cloud Security Alliance, a NPO that was formed to promote the use of best practices for providing security assurance within cloud computing. I am active within the organization, and serve as its General Counsel. I am involved in projects that aim at facilitating the use and adoption of cloud computing. I have the opportunity to spend quality time with Chief Security Officers and other information security professionals and participate in discussions about the technology developments in this area. Together, we analyse the legal, business, technical, security and other issues raised by these proposed technical developments or business models.
Who’s Who Legal: What are the most recent regulatory changes that are having an effect on the advice that you give to clients?
Zbynek Loebl: From an international point of view, not recent but forthcoming interesting changes will be new rules related to the introduction of new top-level internet domain names (so called new gTLDs) by ICANN in 2011. From a more local or national point of view the most significant developments are in e-government and e-justice regulations.
Don McAleese: At the moment, probably the recent introduction by the Irish Data Protection Commissioner of a Data Security Breach Code of Practice and also the general ramifications of the recent English Technology and Construction Court decision in the BSkyB – EDS case.
Francoise Gilbert: Most of my clients are global companies. As a result, any changes in the privacy and data protection laws in the countries where my clients do business are of great importance to my clients.
In addition, opinions published by the European Union Commission or the Article 29 Working Party have significant effect on my clients. In the information privacy field, any decision, opinion or regulation that emanates from the European Union Commission or the Article 29 Working Party have significant consequences on the content of the laws of EU Member States or on how these laws are interpreted. In addition, the laws of other countries such as EEA Members, Switzerland, and the numerous countries that have adopted data protection laws that follow the EU directives are also greatly influenced by decisions, opinion, directives, and other enactments that emanate from the European Union.
For the year 2010, for example, there were significant changes in the Model Clauses for transfers from Data Controller to Data Processor, as well as opinions from the Article 29 Working Party with respect to behavioural targeting.
Who’s Who Legal: Which countries are emerging as popular among clients to pursue their new technology? Which technological areas are facing increasing demand and investment in the emerging markets?
Paulo Brancher: In Brazil, software companies are booming, exporting services to other developed or emerging markets mainly in the financial and insurance areas. Mobile applications also demand for legal services on a constant basis.
Zbynek Loebl: Europe, North America and Asia are the primary areas of focus. Mobile applications and security are key interest areas of our e-commerce clients.
Don McAleese: Ireland continues to attract major new technology projects and players, particularly in the e-commerce, social networking, cloud computing, mobile and R&D space. There is also interest in Eastern Europe and India.
Francoise Gilbert: From the perspective of the creation of new technologies, clients look to outsource many of the developments out of the United States. In this case, Asia (eg India and China) as well as Eastern Europe (eg, Czech Republic, Bulgaria or Russia) provide valuable resources of outsourced services, which are used in the development of new technologies.
From the perspective of identifying new markets for new technologies, emerging countries are especially interested in new equipment, new applications, and new ways to be more productive, or for leisure purposes.
Emerging countries, where a large percentage of the population is below the poverty level, are significant consumers of mobile phones. Mobile phones and mobile applications are viewed by the population as the key to freedom, the ability to access the rest of the world, the tool used for communications, payment, entertainment, etc. Thus, emerging markets are significant consumers of mobile technologies and mobile applications, and the adoption rate of mobile technologies in these countries is significantly faster than in the rest of the world.
Who’s Who Legal: What challenges are presented by the inherently international nature of Internet and e-commerce law? How do you find reliable counsel in jurisdictions where lawyers do not have the same level of experience in this field?
Paulo Brancher: Data protection and tax are the most relevant challenges. There is a growing interest in matters regarding online gambling and its limitations. I usually tend to consult international directories or use my own network.
Zbynek Loebl: I have participated in discussions on the development of a new global system of online dispute resolution (ODR) of e-commerce and consumer disputes. This private initiative believes that it is necessary to focus on global cross-border ODR rather than just European or just American one. ODR rules for such a global system should include fact-based legal claims (eg, a product not conforming with its specification), available remedies and private enforcement (eg, via chargebacks) in order to minimise impact of different multiple jurisdictions potentially applicabe to a particular e-commerce transaction. Such ODR rules will be binding for the parties based on contract. In July 2010 UNCITRAL approved its new Working Group for cross-border ODR. The UNCITRAL Working Group will focus on the preparation of global ODR Rules from the inter-governmental point of view.
I think that we shall see more global initiatives like the two mentioned above, both private and public, which try to respond to the global nature of the internet from the point of view of a particular issue or area.
Regarding the second half of your question, I have developed over the years a network of worldwide contacts and if I need specialised local advice in the area where I do not know anybody suitable, I use this network for a personal referral and introduction.
Don McAleese: Generally, data protection, tax, compliance with local mandatory laws and jurisdiction/governing law issues tend to be the main legal challenges. Like most e-commerce practitioners, over the years I have built up a strong network of other e-commerce lawyers that I have dealt with on previous projects or who I know through mutual involvement in international technology associations such as ITechLaw, Society of Computers and Law, etc.
Francoise Gilbert: The differences between the legal regimes, legal culture, and enforcement in the different countries create the most significant challenges when dealing with Internet-based technologies. There are significant discrepancies between the laws or legal framework of the different countries, how the laws are enforced, the energy or lethargy of the judicial system and the police system. Thus what is acceptable or legal here may be prohibited elsewhere.
The second most significant challenge results from the discrepancies between the culture of the different countries, and the way individuals react to certain matters. For example while a typical French, German, or Spaniard will be attached to the protection of his privacy, an Indian may not be because the notion of personal privacy has evolved differently in Asia and in Europe. The specific culture of a country will often be reflected in its legal framework.
The difference between the legal regimes range from the “mild” to the “significant”. There are cases where the difference is so significant that it actually causes a conflict or a clash. For example, the e-discovery laws of the United States require litigants to provide, as part of the discovery phase, copies of emails that may be located out of the country. On the other hand, the blocking statutes of many countries, in particular in Europe, prohibit the transfer of these files unless specific measures have been taken.
Another example of the discrepancies and conflicts between the legal regimes of the countries is the issue of whistle-blowing. Under the US Sarbanes Oxley Act, companies are required to allow their employees to “blow the whistle” anonymously so that they can point out fraud within the company without being concerned with retaliation. Europe on the other hand does not permit a person to be accused of wrongdoing without the accused knowing the identity of the accuser. As a result multi-national companies have had to find ways to accommodate European data protection laws when implementing in Europe the anonymous whistle-blowing hotlines that were required by US law.
In the data protection area, there are significant discrepancies between the countries that have a developed data protection regime, and countries that have yet to adopt a general data protection law that applies to all data. The discrepancies create significant obstacles to transfers of personal data from a regulated country to a country that does not have regulations that meet certain threshold requirements. Companies need to use special clauses, corporate rules and other methods, even when transferring data internally. The law that protects an individual’s data trumps the
These discrepancies in approach have significant consequences for cloud computing, where the inherent nature of cloud computing is the movement of data from one server to another in order to balance the loads. When servers are located in different countries, arguably the laws of each of the countries where the servers are located would apply.
I find assistance with foreign laws that affect my clients primarily within the network of affiliates whom I have developed over the years. In some cases, our relationships date back 20 years.When I do not know anyone in a country, I ask colleagues whom they know and would recommend. I also rely on guides or surveys such as Who’s Who Legal, or Chambers.