It’s a 2 x 3 matrix for what’s new in IT Law in 2018. First, there’s a lot happening at the intersection of financial services and IT law, and of course there’s GDPR and Brexit. Second, we’ll all be seeing more “Fourth Industrial Revolution” legal work (such as artificial intelligence (AI), robotic process automation (RPA), blockchain and digital reality).
2018 may also be a good year to take a step back and look at the big picture, and the macro-trends that will influence the next decade or so ahead. Consultancy Bain & Co recently offered a good view of what the 2020s may look like in their report Labor 2030: the Collision of Demographics, Automation and Inequality, which suggested that:
“The business environment of the 2020s will be more volatile and economic signs more extreme”.
In financial services, the Competition and Markets Authority’s review into UK banking current account providers has led to the implementation of open banking, an open application program interface (AP)I to allow third parties access to customers’ current accounts. PSD2 (the new Payment Services Directive) has effectively extended the requirement to all EU payment accounts and providers. MiFID II extends the new, more competitive regulatory regime for equities trading introduced by MiFID in 2007 to trading in fixed income, currencies, commodities, derivatives and most structured finance products.
Open banking, PSD2, MiFID II, blockchain and cybersecurity are all driving the Fintech revolution as technology increasingly erodes the boundaries between products and players along the value chain.
General Data Protection Regulation (GDPR)
With the implementation of the GDPR only a few months away, the rising bow wave of GDPR readiness legal work is reaching its peak as maximum in-house and external legal resource is applied. That bow wave will start to subside after the summer, but data law work of all types (data rights, data protection, data security and data sovereignty) will continue to be front of mind after 2018.
We’re starting to see GDPR work as a kind of “can opener” for a more strategic approach to data governance generally across organisations, underpinned by formal trust frameworks around data sharing and data use, and a growing role for technical standards on governance, such as:
- ISO 38500 (ICT governance).
- ISO 38505 (data governance).
- ISO 19944 (data categories and flows in cloud services).
The shadow cast by Brexit grows and morphs with each passing month at the moment, and the voice of the UK’s IT industry is at serious risk of being drowned out in the clamour. Following research showing digital technology services accounting for 16% of UK GDP, 24% of total exports and three million jobs, trade association Tech UK came down in 2017 in favour of “a bespoke free trade agreement” as the best way of managing the “needed regulatory continuity and negotiated access”.
If you view the EU as an economic elevator moving up through different floors towards complete integration at the top, then it’s clear that you get most of the benefits for goods (tariffs, mainly) on the lower floors, but for services (equivalence, establishment and standards, mainly) only on the higher floors (see Brexit and the economic elevator to integration). The real point is that the UK’s IT industry, like the economy as a whole, is overwhelmingly services-based, whilst most political discourse at the moment is focusing only on the lower floors (WTO, free trade area and customs union). A (shrinking) space definitely to watch.
Adding AI to [Cloud + mobile + social]
If PSD2,MiFID II, GDPR and Brexit are a highly visible alphabet soup of set pieces for IT law in 2018, then below the surface equally profound changes are happening this year. The well-established combination of [cloud + mobile + social] continues to carry all before it, and will shortly be joined by AI’s machine learning as the next technology at scale to move the global IT dial. As the “killer app enabler” of the Fourth Industrial Revolution, machine learning is already being baked into most software projects of any size, in some form or another. This in turn is speeding up development cycles through techniques such as:
- DevOps (next generation Agile).
- Containerisation (faster deployment of apps across environments).
- Service oriented architecture.
These developments will all raise novel legal issues for IT counsel.
Blockchain is suffering both by its association with bitcoin and the froth of the hype cycle at the moment, but away from the headlines the number of blockchain projects exploded in 2017. Blockchain’s USP is as a secure protocol for trustlessly (that is, without trusted third party intervention) recording the exchange of assets, and it’s only a question of time before one of its much vaunted use cases (for example, asset transfer registration, claims handling, trade finance or supply chain) takes off.
Digital reality (a mix of augmented reality, virtual reality, mixed reality and immersive technology) is ahead of blockchain in being at the cusp of mass market adoption in 2018. Like mobile, it will become part of our “always on” IT environment and will influence our communications, learning, training and interaction at home, and in the office. Consultancy IDC is forecasting growth in the digital reality market from $10bn in 2017, to $150bn by 2021. This will stretch copyright laws even further.