Data economy and legal innovation
The second wave of legal tech

Posted by Adrian Haase

November 2016

Lawyers are often called the “carpenters” of a deal: less creative than founders and investors, incapable of pragmatic decision-making, constantly worrisome regarding potential risks, but essential for closing the deal. Many lawyers actually agree with this description of their profession and even enjoy their gatekeeper position between legal/illegal and deal/no deal, granting them ultimate power over any given transaction.

Two waves of legal tech

Recently though, legal scholars and lawyers have realized that relying on their gatekeeper position may very well place them in a reactive position and expose their business case to disruption. Legal tech innovations have begun to target those legal services that are very much based on standard procedures and can already be performed by computer software to a large extent. Software-supported due diligence proceedings in M&A transactions and litigation in model kit cases – such as flight delays or cease-and-desist orders – are just two examples of this ‘first wave’ of legal tech. Although legal tech enterprises have forced corporate law firms to provide standard services for considerably lower prices, they have not disrupted the underlying laws and regulations. Now, however, this transformative potential is being picked up by a ‘second wave’ of legal tech.

The playing field: Internet of Things and comprehensive Wi-Fi networks

Let me give you two examples: The expanding Internet of Things (IoT) and comprehensive Wi-Fi coverage are recent developments which lay the groundwork for further innovation that can be based on the (big) data generated in due course. While the IoT ostensibly relieves its users from daily duties, the data generated can potentially be used for numerous other purposes, such as predicting energy demand, supply-chain management for the food industry, and advertising targeted to specific households and consumers. And comprehensive Wi-Fi coverage in cities seems to offer a free service to the public, but it also raises data security issues. The system can – and is purposefully designed to – identify any Wi-Fi-enabled device within its reach (through its MAC address), regardless of whether it is actually connected to the Wi-Fi network. Combined with additional data (e.g. buyer IDs), specific data subjects are identifiable and could be targeted for commercial or even criminal purposes. In the past such security risks have led to restrictive regulations and created a legal environment often regarded as hostile to innovation.

Public-private partnerships for legal innovation

Therefore, the current and future challenges are securing services for consumers, stimulating strong business opportunities for innovative (startup) companies, and generating socially desirable side-effects when processing personal data. Many users of modern technology are open to location-based services such as traffic-control systems, predictive policing and even personalized advertisements, but are skeptical about making their personal data available to an unknown community of data processors. This diverse range of interests has created new forms of public-private partnerships in rule-making and standard-setting. Instead of taking the ‘Uber approach’ of widely ignoring domestic legal frameworks and lobbying for changes to them, many tech-based (startup) companies are increasingly working with public stakeholders to develop privacy and data security standards that encourage innovation and business opportunities. It is in innovative (startup) companies’ own interest to work alongside legislators and government agencies to influence standard-setting and to protect market positions. This is especially true in the face of recent policy proposals by foreign governments (such as mandatory backdoor access for government agencies, and forced cooperation to break encryption in the US, China and Russia) undermining the security and privacy of personal data for law-enforcement purposes and thus exposing individuals to governmental surveillance and criminal operations.

The state, in turn, needs public-private cooperation to give effect to several sections of the EU General Data Protection Regulation. From May 2018 on, controllers of data infrastructures will be obligated to “implement appropriate technical and organizational measures […] in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects” (Article 25). Article 32 stipulates a similar requirement for data security measures. Supporting the formation of an innovative IT security scene in Europe can strengthen the market position vis-à-vis competing legislations with policy proposals that are less liberal and regulated for government influence.

The road ahead

New developments such as the IoT and the spread of comprehensive Wi-Fi networks harbor huge opportunities for startups to collaborate with legal scholars and government agencies. With the guidance of law firms open to modern tech standards and familiar with cutting-edge business ideas (like Flick Gocke Schaumburg’s venture capital team), startups can lead the way in developing strong, innovation-friendly data security and privacy standards. After challenging the law firms’ business model during the first wave of legal tech, the second wave gives innovative (startup) companies the chance to design and shape future policy – and thus to influence society and favorably position their own business approach.