Top 8 Tech disputes and enforcement risks for 2019
11 February 2019
Tech stories were never far from the headlines in 2018. With data privacy taking centre stage, the Cambridge Analytica-Facebook scandal prompted regulatory investigations in Europe and the US. The EU GDPR came into effect, sparking a deluge of compliance emails, and major organisations continued to suffer massive cybersecurity breaches. Technology giants in Europe and elsewhere remained under the spotlight, as fines of over EUR4 billion were levied. Here, we consider some of the key technology disputes and enforcement risks which we expect to be on the global agenda in 2019.
Data Misuse and Privacy
Consumer complaints to privacy regulators about data breaches often trigger regulatory investigations focusing on the security measures employed to safeguard customers’ personal data. Indeed, the Federal Trade Commission is, reportedly, in the process of considering levying a record-level fine on Facebook over the Cambridge Analytica scandal. But the victims of data breaches who are fearful of identity theft are now also waking up to the possibility of seeking compensation via class action claims. The Cathay Pacific data breach, for example, has given rise to class action suits against the airline by individuals pursuing actions in the EU under the GDPR, including claimants resident in Asia. This trend could be fuelled by two developments: legislation (such as the California Consumer Protection Act of 2018) offering private rights of action; and the increasing availability of funding from third-party litigation funders, who have traditionally facilitated class action litigation in other sectors.
Increasing Tech Regulation
Tech-specific regulation is currently limited but is likely to increase. This is apparent in the fintech space, where the emergence of cryptocurrencies and ICOs has attracted regulatory attention, as financial regulators seek to increase investor protection in these kinds of transactions. Algorithms, which are key to many tech companies’ business models but are little understood and commonly regarded as “black boxes”, may be another target for regulatory scrutiny and enforcement action. With increased regulation comes the potential of enforcement action, so organisations should keep abreast of the latest developments that may apply to their technology.
Operational Risks of Automation
The trend towards automation continues unabated, including, notably, in the mining industry, where specialised technology is leading to the development of so-called “autonomous” mines. But migration to new systems does not come without risk. For one thing, the GDPR imposes strict requirements on the automation of decisions which affect individuals. Failure to comply may result in substantial fines, such as the EUR 50 million fine levied on Google in January 2019. Ignoring the complexities of automation can also lead to IT incidents arising from coding errors, for example, which may result in data breaches or allow hackers to break into systems. Incidents of this nature are only likely to increase and call for specialised crisis management to mitigate civil and regulatory liabilities.
Big Data – Big Risks?
The use of big data is growing across a wide range of sectors, including artificial intelligence (“AI”), fintech, biotech, “ad tech” (i.e. digital advertising), and “mar tech” (i.e. marketing technology). There is an obvious data privacy angle to the collection, use and storage of big data. Companies are looking at new approaches to managing their data privacy risk appetite, including through methods such as differential privacy. But where big data is increasingly used – or purchased – to make investment decisions, investors will also need to consider whether such information was obtained legitimately and with regard to privacy, data security and trade secret laws. Under the new EU Trade Secret Directive 2018 which strengthened the rights of the owner of trade secrets, in Europe, we have observed an increase in trade secret- related proceedings and expect this trend to continue.
Technology giants are seeing increasing scrutiny by global competition authorities, including in the EU, the US, and Asia-Pacific. In Europe, the European Commission imposed a record fine of EUR 4.34 billion on Google for illegal practices regarding Android mobile devices to strengthen dominance of Google’s search engine. The acquisition of Shazam by Apple was cleared by the European Commission only after an in-depth investigation of the digital music industry. Other platforms, such as Amazon, are also being investigated for potential antitrust violations. Meanwhile, in the US, the Federal Trade Commission embarked on a landmark series of “Hearings of Competition and Consumer Protection in the 21st Century”, focusing on technology’s evolution. This series was modelled on a previous set of hearings during the 1990s tech boom, and the FTC has signalled that changes are certain to come. In Asia-Pacific, the Australian Competition and Consumer Commission (ACCC) announced in December 2018 that it is seeking to force Google to remove Chrome as the default internet browser from mobile phones and other devices. The ACCC also proposes to set up a watchdog to monitor how digital platforms such as Google and Facebook rank and display advertisements and news content. This development requires tech giants to review and revamp their practices, but may also open up new opportunities for other players in their field.
Unicorns and Pots of Gold
Investors and venture capitalists are always on the look-out for the next big tech start-up. But unicorn companies are so named precisely because they are rare and investing in unicorns is inherently an area of high risk for investment funds. China is setting the pace in Asia-Pacific, posting a 50% growth in the number of tech unicorns from 2017 to 2018 alone. But the path to success is often far from smooth and some investments can give rise to costly disputes, as we have seen – for instance – in the recent spat between electric car start-up Faraday Future and its main investor, Chinese real estate conglomerate Evergrande. The rise and fall of unicorn companies is likely to be the source of increased regulatory scrutiny and a regular stream of private disputes.
Enhanced Connectivity and Cybersecurity
Cybersecurity threats are clearly on the rise, as demonstrated by high-profile 2018 security breaches at a major hotel company, Google Plus and Facebook (to name only a few). Looking ahead, while new technologies such as 5G will accelerate connectivity and create a wide array of new services, they will also create the potential for many and varied cybersecurity threats. As volumes of dataflows increase, the data transmitted (such as medical identity information) will become increasingly sensitive or even trigger state secrecy concerns. Consequently, the arrival of 5G technology also demands ever-stronger security measures.
The delegation of decision-making to AI technology remains at an early stage but has potentially ground-breaking implications in fields ranging from medicine (e.g. handling the diagnosis process for a variety of illnesses) to law (e.g. using data from past cases to advise judges on evidence/sentencing). In Asia-Pacific it is China – with its unequalled access to a pool of big data which drives AI – which is likely to lead developments in this area. While the full impact of this technology remains to be seen, the use of AI may result in unconscious bias, which may give rise to either regulatory action or potential claims by those who were adversely affected by the decision.