On 25 May 2018, the European Union welcomed the introduction of the General Data Protection Regulation (GDPR). This article reﬂects on our learnings over the past half year: how we have seen Australian organisations manage their compliance obligations, some of the intended and unintended consequences we have seen the GDPR have, and what we might expect to see in the coming months and years.
Data, Content + Privacy
Gilbert + Tobin’s expert lawyers advise on digital content, new media, privacy and data analytics. The legal and regulatory environment around these areas is increasingly complex, and phenomena like metadata tracking and the proliferation of data-gathering devices (the so-called ‘internet of things’) raise a great many privacy concerns. Our team is here to help your business navigate this challenging terrain.
Our team has extensive experience in commercial contracting and transaction structuring. It also boasts a deep understanding of privacy and data protection rules and norms, as well as thorough knowledge of the evolving intellectual property and competition implications when dealing with data.
As the number of providers sharing data and their respective data sets increases, the complexities around what information is quarantined and what is shared, and who owns what and can use what, exponentially increase.
This is an entirely new field of business. It requires innovative contractual, privacy, reputational and counter-party risk assessment and mitigation. Data-driven businesses require new contract solutions and systems for ensuring that end-to-end (including sub-contracted) processes and procedures are reliable, repeatable and demonstrable. We have structured, negotiated and assisted in the design and implementation of contractual and other risk mitigation measures to facilitate information sharing between entities and improve processes and procedures employed within entities.
- Through legal and regulatory advice across data collection, data protection and data sharing.
- Advice on the full range of regulatory concerns that can significantly shape contracts and alliances to deal with information and data including payments regulation, KYC/AML requirements and prudential regulation.
- Detailed advice on establishing innovative structures that can help clients protect commercial-in-confidence customer related information and unique analytics capabilities, while facilitating other data sharing between entities.
- Advice around competition regulation implications of data sharing. Often sharing is subject to restraints to ensure that the parties that are sharing data do not use that data to compete with the information provider.
- Assistance with data breach crisis management, law enforcement and other data retention requirements, cloud deployments (including offshore data centres and application-as-a-service), targeted online marketing and social network based marketing, other direct marketing and dealing with regulated audiences such as use of personal information about children and other persons not capable of giving informed consent.
- Our team also works across ‘business as usual’ privacy and data protection issues across many industry sectors, including electronic health, medical devices, mobile devices, remote monitoring and sensoring, broadband content, gaming and tracking and surveillance.