Digitization has long since fundamentally changed large parts of everyday life. Driven by technological progress, digital transformation is fuelling economic processes and advancing at a rapid pace, with no end in sight. In this context, the past few months have been an impressive reminder that the free international movement of data is now just as important for the globalized economy as the free international movement of goods.
After all, it is not least the four major technology and Internet companies Amazon, Apple, Facebook and Google that are generating billions in and thanks to the borderless Internet. It is therefore not surprising that Facebook of all people – the billion-dollar company that was founded barely ten years ago and has been one of the driving forces of everyday digital life for more than a decade – was the catalyst for one of the most landmark judgments of recent years.
With its decision on the permissibility of transferring personal data to the USA on the basis of the so-called “Safe Harbor Principles”, the European Court of Justice has unceremoniously removed the legal basis from a practice that had been going on for years and created considerable legal uncertainty. Even several months after the ruling, there is hardly any way to do this that is not fraught with risk. Existing legal instruments are in danger of being declared invalid by the data protection authorities, and the “Privacy Shield”, the successor agreement, has yet to prove its practicality. Whether and when a legal basis will be found that meets the high requirements of the ECJ is therefore still written in the stars.
From orchid compartment to showstopper
It is therefore all the more important to be able to offer professional and sound advice in the field of data protection law, which has long been perceived as a niche area. In the coming years, hardly any company will be able to avoid comprehensive data protection compliance – not least because the entry into force of the European General Data Protection Regulation means that fines of up to four percent of the previous year’s global group revenue can be imposed.
So it is also clear: data protection violations can no longer be seen as a trivial offense in a digital and increasingly digitalized economy, in which data is also (rightly) referred to as the oil of the 21st century.
Especially in large-scale projects, data protection thus has the potential to become a showstopper. To prevent this from happening, companies and their consultants must master a wide range of challenges and always keep an eye on the big picture. This is particularly true, for example, for the comprehensive digitization of industrial and internal processes within the framework of the so-called “Industry 4.0”; after all, what is at stake here is nothing less than the interlinking of legal, technological and business management competencies. The associated investments promise high returns in the long term: competitive advantages, cost reductions and increases in sales, or even entirely new business models can be realized at the push of a button, so to speak, with the right technology. However, small and medium-sized enterprises in particular have been slow to exploit the potential of digitizing their processes and are not optimally prepared for the transition to the digital factory.
Step by step to legal certainty
As a first step, therefore, a comprehensive analysis of the performance of a company’s IT infrastructure is often required. From a legal point of view, this usually means checking existing contracts with IT service providers for any weaknesses, analyzing the scope of service agreements, clarifying liability issues and providing legal support for the implementation of any necessary contract amendments. The project and the associated requirements should, of course, be defined as concretely as possible in order to avoid subsequent renegotiations. For the advising lawyer, it is therefore indispensable not only to understand the language of IT consultants, but also to be able to relate technical and legal requirements to each other. It is also important not to lose sight of the legal boundaries, because the company-wide implementation of new technologies can be associated with high data protection and employment law liability risks in individual cases.
However, once the technological foundation has been laid and legally secured, the necessary follow-up measures can be taken in the next steps. The first priority should be to safeguard the company’s intellectual property (IP), because intellectual property rights, such as patents and know-how, are already the most important component of economic value for the majority of companies. Exploitation, protection and management of IP assets are therefore essential for the successful transition to Industry 4.0. Networking and digitization are forcing more and more companies to document their own know-how, as it will only be available to a limited circle of users in the long term – as has mostly been the case in the past. However, once the know-how is available in the IT systems, it is exposed to the constant danger of unauthorized access, for example through industrial espionage or cybercrime. Data protection and data security must therefore be essential building blocks of the “smart factory” right from the start.
The networked factory as a model
This is all the more true as the digital factory ideally does not only form a self-contained system, but is intertwined with contractual partners and other data suppliers in a variety of ways. For example, the exchange of daily updated capacity utilization figures enables maximum efficiency in the control of production and supply processes, and the digital transmission of design plans or technical requirements in conjunction with high-performance 3D printers can significantly change conventional value-added and supply chains. As a result, licensing issues are gaining in importance.
Against this background, there is a considerable need for adjustments to many supply contracts. Cross-company and intra-group licensing structures also need to be reconsidered and should be examined for optimization opportunities. Particularly in cases with an international dimension, this often entails complex liability and tax issues.
Especially the increasing communication from machine to machine (M2M) raises a multitude of liability issues. Possible sources of error here range from inadequate programming and faulty data links to simple transmission errors. The more densely interwoven the individual processes are, the stronger the individual dependencies. Even one piece of incorrect information or the failure of an IT system can have consequences worth millions. Liability management geared to the individual company and the special features of networked systems will thus be indispensable in the future to minimize potential legal risks.
The legislator is challenged
However, even sound legal advice cannot currently guarantee absolute legal certainty in the long term, because key questions central to digitization and a data-based economy have yet to be resolved. For example, it is still open whether, and if so in what form, there can be ownership of data. This is less about personal data and more about machine data, such as the telemetry data from automobiles and other networked machines that radio “home” during their operation.
In connection with autonomous vehicles in particular, it is also unclear who is to be held responsible for their misconduct and under what conditions (see Funk, p. 27). Finally, it is no less problematic that legal uncertainty also still prevails with regard to many “big data” applications and that the existing instruments and principles of data protection law cannot be consistently applied.
Legislators will have to address these and other issues if the legal questions associated with digitization are not to become a barrier to investment for companies. It is in the nature of things that national framework conditions can only partially have a formative effect. As the efforts to find a successor to Safe Harbor, the European General Data Protection Regulation coming into force in May 2018, the Know-How Protection Directive, or the strategy for a digital single market show, what is needed is at least a pan-European approach.
Consequences for legal advice
But the consultants themselves also face challenges, because clients now expect much more than just excellent technical expertise. Legal services are increasingly being joined by project management services, for example, as large IT projects in particular require continuous support. This affects not only law firms, but also corporate lawyers, because in Industry 4.0, the legal department above all is becoming the decisive interface. Corporate lawyers will thus also increasingly have to deal with digital issues. More than ever, therefore, cooperation in multidisciplinary teams must be a matter of course for lawyers.
However, clients also increasingly have high expectations with regard to the cost transparency of legal advice. The usual hourly-based billing model of commercial law firms is being put to the test in the course of digitization, because special software tools have now matured to the point where formerly personnel- and cost-intensive work steps can be automated. This so-called “legal tech” already makes it possible, for example, to analyze contracts for possible risks, to extract relevant information from them, to draft contracts automatically or even to outsource legal services completely. Intelligent tools, for example for contract management or rights administration, can also relieve legal departments and reduce the risk of legal loopholes.
The skilful use of legal tech thus not only leads to an increase in efficiency, but can ideally also help to develop new business areas and open up sources of revenue. Legal expertise can be offered as a digital service in the form of a software tool and consequently marketed with far greater reach and, above all, scaled.
The future of legal advice
The use of legal tech will thus be unavoidable and indispensable in the long term. In particular, it is to be expected that the tools will be adapted even more specifically to individual needs and that their functionality will be expanded. In this respect, there is particular development potential with regard to adaptive algorithms and the progressive improvement of artificial intelligence. So the more information an intelligent tool receives, the more reliable result-se it will produce in the future. This is one of the reasons why it is so important for law firms to address how legal tech will change their business early on and proactively seek to implement the solutions that are right for them.
But even if legal tech has the potential to permanently change the traditional role of the legal advisor, the development and use of smart IT tools offer lawyers many opportunities to actively shape the future of legal advice. The opportunities and possibilities offered by digitization should therefore be actively exploited by lawyers in particular.
Because many key legal issues have not yet been clarified at this time, the
clients will continue to have a high demand for consulting services in the years to come. In addition to curiosity and basic technical understanding, what is needed above all are creative and technically sound solutions that reduce legal risks as far as possible and make optimum use of existing scope for design.
Originally published in Business Guide for Young Lawyers 2016/2017.
© 2023 KPMG Law Rechtsanwaltsgesellschaft mbH, associated with KPMG AG Wirtschaftsprüfungsgesellschaft, a public limited company under German law and a member of the global KPMG organisation of independent member firms affiliated with KPMG International Limited, a Private English Company Limited by Guarantee. All rights reserved. For more details on the structure of KPMG’s global organisation, please visit https://home.kpmg/governance.
KPMG International does not provide services to clients. No member firm is authorised to bind or contract KPMG International or any other member firm to any third party, just as KPMG International is not authorised to bind or contract any other member firm.