The general rule for in-house counsel is that as regulation becomes more complicated and pervasive, compliance too becomes more complex. It’s a relatively easy-to-understand rule of thumb of course, but it is one that is constantly bought into focus as international organizations increase anti-corruption, anti-money laundering and other compliance requirements. Now, though, privacy could well become the biggest compliance issue, as the data security of customers is finally given due respect.
The recent ECJ ruling against Google, which found that private citizens have a “right to be forgotten” online, has changed the game in terms of the relationship between technology giants and individual rights. Technology companies have bemoaned the regulation as something which will remove innovation and lead to a greater censoring of the web, but it also allays fears that many citizens have that their data is being surreptitiously used by big corporates and governments in potentially dangerous ways.
Search companies are now hard at work finding ways of complying with the ruling, identifying how best to hide particular search results upon request. But in a wider context, the use of customer/user data is likely to become increasingly regulated. As with any sort of regulation, there will also be localised forms of regulations which worldwide companies will have to deal with. Brazil’s Congress, for example, has discussed data privacy laws that would require Internet service providers to store user data on home soil, while the European Parliament passed a non-binding resolution for the cancellation of US-EU Safe Harbor framework that facilitates data transfers.
For in-house lawyers at companies affected by how they use customer/user data, or relate to the internet more generally (i.e. most companies), monitoring changes in how the internet is governed will undoubtedly be an important role of the in-house lawyer job. Greg Eslinger, Senior Manager Director at global risk consultancy Control Risks, notes how the handling of the rules of the internet are themselves being opened to further change, with the US announcing that it will relinquish control over the Internet Corporation for Assigned Names and Numbers, which manages the Internet’s domain registry.
As the governance of the internet enters into a period of transition, with different regions transitioning in different ways at different times, online privacy and data use is and will increasingly be a significant source of challenges for in-house legal teams.