Agenda

The common EU approach to personal data and cybersecurity regulation

Several sector-specific studies on EU data protection and cybersecurity frameworks can be found in the literature, but their differing legal domains have hindered the development of a common analysis of the different sets of provisions from a business perspective. We aim to demonstrate the existence of a core of common principles and procedural approaches referring to specific cybersecurity and data security technologies. Analysis reveals a coordinated regulatory model based on five pillars: risk-based approach, by-design approach, reporting obligations, resilience, and certification schemes. We also highlight the relationship between the main directives and regulations (GDPR, NIS Directive, PSD2, and eIDAS).

Speaker: Giuseppe Vaciago and Alessandro Mantelero

Alessandro Mantelero is an Associate Professor of Private Law and Law & Technology at the Polytechnic University of Turin (Politecnico di Torino). He is Council of Europe Scientific Expert on Artificial Intelligence, data protection, and human rights (CAHAI-Ad hoc Committee on Artificial Intelligence 2020-21, Guidelines on AI and Data Protection 2019, and Guidelines on the protection of individuals with regard to the processing of personal data in a world of Big Data 2017). and has served as an expert on data regulation for several national and international organizations, including the United Nations (UN–ILO, UN-OHCHR, and UN-DP), the EU Agency for Fundamental Rights,  the European Commission, the European Research Council Executive Agency, the American Chamber of Commerce in Italy, the Italian Ministry of Justice and the Italian Communications Authority (AGCOM).

Giuseppe Vaciago has been a lawyer of the Milan Bar since 2002, is Of Partner at 42 Law Firm and founder of LT42.  For the last 10 years, his primary focus has been IT law and cybercrime.  He has assisted many national and international IT companies.  Academically, he received his Ph.D. in Digital Forensics from Università di Milano and he is a Professor at Insubria University (Varese and Como), where he teaches a course on IT law.  He attended Fordham Law School and Stanford Law School as a Visiting Scholar to expand his studies in his own particular research area.  Giuseppe Vaciago is the author of many publications on cybercrime and cybersecurity, including both scientific journals and textbooks, which have been adopted by the university where he teaches.  He is fellow at the Cybercrime Institute of Koln and a member of the Editorial Board of the Journal of Digital Investigation.

This session is hosted by the Young Lawyers Committee will discuss: 

• What are the major changes in the way you balance your time between working from home and working from the office compared to before the pandemic/during the pandemic?
• What are the expectations of your firm for “face time” versus working remotely? How do you balance childcare and working remotely?
• How would you like things to be after the pandemic is over?
• What does business development look like in the age of a pandemic? 

This session will be an open table discussion on Governing of Digital Services and Digital Markets, led by the Committee Chair, Michael McDonald. 

The Tech M&A Committee's Chair Marco Pallucchini and Vice-Chair Samuel Klaus will present the Tech M&A Committee and its past, current and upcoming activities. Alethea Au and Steven de Schrijver will then present the current status of the ongoing Tech M&A Checklist project and lead the discussion on select topics thereof. In the discussion, we'll aim to identify specific topics of interest in order to address these in upcoming webinars and to further amend the Tech M&A Checklist where helpful.

Speakers: 

Marco Pallucchini, Committee Chair, MaPaLaw, Italy and Switzerland

Marco is specializing in M&A, corporate and general commercial law, international litigation. His clients conduct their businesses mainly in the following industries: IT and online advertising, software, IT-TMT.

Samuel Klaus, Committee Vice-Chair, Schellenberg Wittmer, Switzerland

Samuel Klaus is Partner in Schellenberg Wittmer's Information and Communication Technology (ICT) Group in Zurich, Switzerland. He represents and advises clients in technology and outsourcing projects, in software, licensing, and data protection-related matters, and regarding new technologies like Building Information Modeling (BIM), Artificial Intelligence (AI), Internet of Things (IoT), or Blockchain matters (DLT).

Alethea Au, Stikeman Elliott, Canada

Alethea Au is a member of Stikeman Elliott's M&A Group as well as of the Technology and Outsourcing Group. She has expertise on a wide range of issues in the area of M&A as well as IT, including technology exploitation (including development and commercialization) and e-commerce, licensing, joint ventures, business process outsourcing, general corporate commercial and corporate governance matters. Alethea has counseled corporate and private equity clients across various industries in complex matters related to M&A in respect of structuring, risk mitigation, divestitures, minority and majority investments, use of representation and warranty insurance, and related transactional and transitional issues.

Steven de Schrijver, Astrea, Belgium

Steven De Schrijver is a partner specialising in Corporate, M&A, and Technology at Astrea. He has 27 years of experience advising large Belgian and foreign technology companies, as well as innovative entrepreneurs and their customers, on complex commercial agreements and projects dealing with new technologies.  His expertise includes e-commerce, software licensing, cloud computing (SaaS, PaaS, IaaS), hosted services platform development and services, privacy law (including GDPR implementation), IT security, technology transfers, IT and BPO outsourcing, digital transformation, Industry 4.0, IoT, augmented and virtual reality, artificial intelligence, drones and robotics.

In light of the recent publication of the draft EU Regulation on AI, what are the committee's views on the regulatory approach adopted by the European Commission? 

This is a continuation of the AI Committee's Q1 discussion at the ITechLaw India Conference (and part of our 2020/21 Action Plan) on whether "strong" unitary (ie top down) regulation is an appropriate mechanism to regulate AI.  In particular we will be looking for international feedback from committee members compared with regulatory approaches adopted in their own national jurisdictions.

The conversation will be chaired by John Buyers, Osborne Clarke (AI Committee Chair) and Susan Barty CMS (Immediate Past Chair)

Session hosted by the Startup Committee

We are all familiar with the challenges - and expenses - faced by any technology company which begins to operate on an international scale. For an early-stage startup, even an initial review of foreign compliance requirements can seem too daunting, and pricey, to consider. The Startups Committee plans to compile a quick reference guide for international startup compliance, to help us all assist our clients when they contemplate the jump across borders. The guide will provide standard comparisons, as well as key issues to consider when entering a jurisdiction.

In this meeting, we will be discussing the structure and approach to the guide, key issues to be included, and seeking interest from contributors.

Speakers

• Axel Anderl, Dorda Brugger Jordis, Austria
• James Gatto, Sheppard Mullin Richter & Hampton LLP, United States
• Micahel Reid, DLA Piper, Canada

Topics for Discussion

• Data protection issues in the life sciences sector
• Representative actions on data protection issues
• Data sharing (e.g. the ICO Data Sharing Code of Practice)
• Data protection and AI
• Data protection developments throughout the world

Threat Monitoring in the Mainstream

1. Welcome and Introduction (Michael Schmittmann/Daniel Pitanga)
2. Topic-based conversation on the issue: Threat Monitoring in the Mainstream (Elisabeth Symons)

THREAT MONITORING IN THE MAINSTREAM

Online tools for scouring the web and dark web for threats are available to your clients, and their use raises issues relating to multiple areas of law - contract, intellectual property and privacy to name a few - and multiple jurisdictions.  After a brief overview of some of the available tools, a hypothetical fact pattern will be discussed with reference to how that scenario might be addressed in multiple jurisdictions.

HYPOTHETICAL

It is 6:00 p.m. on a Wednesday. One of your key clients calls. In the past week they have received several threats against their property and death threats made against the CEO, the other top executives, and board members. The client's security personnel have found a tool that will scan the web and dark web for threats. The General Counsel wants to discuss the issues because the CEO wants the tool in place by the end of the week. The General Counsel is also worried that she may be targeted.

QUESTIONS

1. Is it copyright infringement to scrape and analyze publicly available information?
2. What is the effect of asserting a prohibition on scraping in the terms and conditions for your site or platform?
3. Would the search terms used make a difference to your answers to question 1 or question 2?
4. Do you see any privacy issues if the scraping tool turns up personal information? Are there any exceptions that might apply?
5. If a business is conducting the searches rather than law enforcement, are there unlawful search issues that might prevent the search results from being used as evidence after they are turned over to the police?
6. What would be the business' response if the police asked the business to continue monitoring in relation to a given threat and turn over the results?

The Dispute Resolution Committee aims to investigate and inform ITechLaw’s membership about changes in litigation and ADR practices within and among their many jurisdictions.  Its new session will focus on two such areas.

1. Data-related mass actions: The Committee is embarking on a project to survey the lay of the land in this increasingly litigious area. This project will summarise the potential causes of action, procedural mechanisms for mass actions, recent developments, and anticipated developments in various jurisdictions. We hope that this will be an invaluable tool for all our members when engaging with clients on this very topical area.
2. Use of arbitrations to resolve disputes in technology industries: The discussion will explore the increasing use of international arbitrations as a means for resolving cross-border disputes.  A particular focus will be on the differences among jurisdictions in their reliance on arbitration, their preferred choices for the arbitral forum, and in the types of disputes that are submitted to arbitration.

We welcome your contribution during this Substantive Legal Conversation at this year’s World Technology Law Conference.