Adam Farr of Eden Legal will be at the Mobile World Congress again in 2015. It’s a mammoth show but invariably worthwhile for learning about new trends and tech. And networking.
For 2015 what are some of the legal issues relevant to MWC?
1. The Wearables Pavilion
It seems every big manufacturer (and some small ones) will have a watch. Nothing special to report about that – a smartwatch may be just a small phone, a peripheral to your normal phone, or a fashion item (more or less).
Of course, with sports or health wearables there are always issues around personal data. The applicable legal requirements may overlap: other than general data protection laws – which would require additional specific consent for processing of (sensitive) health-related data – the appstores’ specific developer conditions e.g. Apple Healthkit / Google Fit may in addition significantly restrict what types of data you can use or the ways in which it can be processed and shared. And none of this overrides national laws on what is a medical device and how it can be sold and used.
2. GSMA Innovation City
Expect to see “Internet of things” things everywhere. It’s not CES, but perhaps we’ll still get to have our pictures taken in a connected car. By a drone.
When our phone is also running and monitoring our house, then we really are talking about “privacy” rather than just data protection. So on the one hand, security and prevention of hackers, malware or unauthorized users become paramount. On the other hand, law enforcement agencies and government, who already regularly request communications and other data, may challenge providers to find a delicate balance between user trust and collaborating in the name of national security or crime prevention. And a connected car has the added challenge of being able to cross international borders and potentially fall under the jurisdiction of different states.
3. The Cloud Pavilion
Mobile is not so much about doing different things but about doing more anywhere. Take the examples of project management, collaboration, or email-alternative applications. Maybe we have already had a VPN or external email users, but enterprise applications should make us revisit our approach:
- who are we giving access to? Employees? Freelancers? Trusted external advisers? Customers? How are they authorized and authenticated?
- what levels of access are we granting? Internal and external users should not have access to all areas or functions. And even internally some should normally be available only to certain teams (e.g. finance, legal, HR). Also we still need to be aware of confidential information (are we entitled to share with independent contractors, third party collaborators, or even our own affiliates?) and our own IP – do we want to share with these people and are we clear on the terms on which they can use it? Are we certain that we own anything jointly developed using the application?
- do we have a social media policy in place for interactions? This might cover IP, confidential information, etiquette and acceptable use. And have we checked any limitations on monitoring employee communications under applicable data and labour laws?
- where is the data stored? If outside the EEA we may need consents for international transfers (or Safe Harbor, model contractual clauses, or some other method to ensure that a similar level of protection is in place). In any event, if using the cloud, we will need to ensure that we have a written contract with the provider committing to the correct level of physical, logical and legal security measures.
Employment and any relevant consultancy contracts will need to be reviewed to ensure that these issues are addressed properly.
4. The Mobile Money Pavilion
The financial services industry and its suppliers and developers may be accustomed to addressing issues of security, identification and encryption at a high level. Start-ups wanting to work with them need to, too. Like crowdfunding, mobile payments, blockchain and e-money will become more mainstream but therefore also more regulated (think KYC, anti-money laundering, deposit protection, identity theft and fraud prevention). Coming soon to a warranty and indemnity near you.
5. After the show…
Bars and hotel lobbies are great for networking but not great for making contracts. If something interesting comes up, words like “in principle”, “subject to contract”, “subject to approval of my management / shareholders / legal advisors” or “not here, not now” are good expressions…
Confidential information can be easy to divulge. Some NDAs require information disclosed orally to be confirmed in writing to be considered confidential; or if you don’t have an NDA then at least putting the recipient on notice may help give the information the necessary quality of confidence to have a chance of being legally protected. So it can be advisable to try to follow up in writing the next day.
6. And finally…
As usual at MWC, don’t get robbed in the city, do wear comfortable shoes, don’t eat bad food (no excuse in Barcelona) and perhaps see you there to chat through some of these issues.
Photo credit: http://www.mobileworldcongress.com/