This piece looks ahead to what we might expect as IT law developments in 2015.

Richard Kemp, Kemp IT Law[1]

Termed ‘the 3rd platform’[2], the convergence of data, cloud, social and mobile is “transforming not just the technology industry, but every industry on the planet”[3] and will continue to be the motor for global IT growth in 2015.  This is estimated at 3.8% but with little or no growth in older technologies.  Skewed in product terms towards 3rd platform growth it will stand at 13%.  In geographical terms China will account for 43% of global ICT industry growth in 2015 and one third of all smartphone purchases and online shoppers, benefiting the Big 3 Chinese internet and e-commerce companies, Baidu, Alibaba and Tencent.

Data

Next year, it’s all about data – big data, information governance and data regulation, protection, security and sovereignty.  Big data is all about using business intelligence and analytics software to harness the vast tides of information generated by the internet and predict what your customers are going to do next.  In 2015, the corporate world is playing catch up with big data: Gartner estimates that only 75 Fortune 500 companies will have got there by the end of next year[4].  These are complex and challenging projects to bring in.  They require substantial developments in organisations’ data architecture and underlying business processes as well as a structured approach to information governance around risk assessment, strategy, policy and processes.  In short, involvement of all stakeholders but close cooperation at the centre of the effort will be especially necessary between the Chief Information Officer’s team and the General Counsel’s team.

Data regulation becomes even more multi-faceted in 2015. In sectors in which the state takes a particular interest, like banking, insurance, healthcare and travel, platforms and data are becoming more directly, as well as indirectly, regulated.  In financial trading, not only are many more IT systems and services indirectly subject to material outsourcing controls, but transparency requirements for pre- and post- trade price data are being directly extended through MiFID II to most asset classes.

But it’s the triptych of data protection, security and sovereignty that’s really at the epicentre of things next year for the IT legal team.  Even money on whether the EU’s General Data Protection Regulation makes it to EU the statute book by the end of next year, but the issues are much broader than that: ‘trust’ – a word which resonates in this context with both visceral and specific anxieties about your personal data in other people’s data centres – has emerged as the single biggest issue, generating friction that spikes with every new revelation about hacking and compromise of personal data.  For the legal group, this will be about co-ordinating the technical IT, legal and organisational steps necessary for effective data security.  Expect also to hear more about data sovereignty (the power of the state to requisition data from commercial data centres) even if the debate will generate more heat than light in 2015 before calming down.

Underneath all this, one starts for the first time to get a sense of the almost constitutional law questions that IT raises as the government joins its databases up and each citizen’s life can be captured digitally in one place as a few GB of data.

Cloud

Data centres are the engine room of the 3rd platform, and for the first time “the Cloud is the new normal” says consultancy Forrester in its IT predictions for 2015[5].  At the top end, Microsoft (as of December 2014, the largest cloud services provider (CSP) to business[6]), Amazon, Google and IBM have the scale for global coverage.  But lower down, providers will increasingly weave together the IT elements they need – processing, memory, storage, software and the like – to provide the fabric of the computing services they supply.  This fabric is then made up into the services that customers want to buy.  Here developments in 2015 will be dramatic.  CSPs – like BT Compute, the third largest IaaS (Infrastructure as a Service) provider[7] - and partners in their contractual ecosystems will bring to market the next generation of Xaas (pronounced Zaas, or ‘anything as a service’) aiming to orchestrate, bundle and monetise a burgeoning range of services that the digital economy is driving[8].

All this will make CSP contracting, which most IT lawyers now have some experience of, increasingly challenging for a while. This is for three main reasons. 

  • The price of Cloud services will continue to decline and the value of tasks that customers entrust to the Cloud will continue to rise, making the risk mediation function of Cloud contracts’ service level and liability terms more difficult to negotiate in 2015. 
  • CSPs will increasingly be prime contractors, assembling for their customers a large number of subcontractors, all of whom are necessary for the final fabric and service.  So, if any subcontractor fails, the customer is at risk.  This will put pre-contractual and contractual customer due diligence of the CSP at a premium.  Customers should be asking how the CSP demonstrates key issues, such as sub-contractor resilience and redundancy; the process for subcontractor swap out; and practical safeguards against insolvency (perhaps it’s also now time to take a deeper look at the contractual boiler plate - those provisions at the back end where probability theory meets the drafter’s waning attention). 
  • Linking back to anxieties about data protection and security, how does the CSP demonstrate effective management of personal data to its customers?  Here the standards world is, in typically undemonstrative fashion, riding quietly to the rescue with ISO 27018.  This, the first standard to focus on protection of personal data in the public cloud, was published in July 2014 and will be widely adopted in 2015.  CSPs with ISO 27018 certification will steal a march in 2015.

Social

As social turbocharges its much heralded move into the corporate world in 2015, the accent will be on brand metrics, visuals rather than text, and with the fuzzy partition between home and work on IT devices continuing to challenge HR.

Mobile

Mobile joins everything up.  Wireless data will be the largest and fastest growing area of telecoms spending and according to Forrester “almost half of the world will have a powerful computer in their pocket and vastly different expectations from your business in 2015”. Apple’s strategic move into mobile payments (will it become the first company to reach a market capitalisation of $1tn in 2015?) through Apple Pay announced on 9 September 2014[9] will coincide with the UK Payment Services Regulator (PSR) established in April 2014 becoming fully operational from April 2015 and the likely completion next year of the overhaul of the EU Payment Services Directive[10].  All this will continue to bring mobile payments centre stage for IT lawyers, requiring aggregation of black letter law skills in financial services, telecoms, consumer and data protection law as well as IT contracting and intellectual property.

Just how far e- and m- commerce have come was brought home by the UK shopping stats around Black Friday and Cyber Monday in 2014 and Ofcom’s annual Communications Market Report published on 11 December 2014[11].  This ranked the British as the biggest internet shoppers in the world, each spending £1,968 online in 2014. This puts the size of the UK online retail market currently at around £125bn, or 8% of national income - a figure which is likely to grow significantly in 2015 – into context, and underscores the importance of the changes to digital content that the Consumer Rights Bill will bring about when enacted.

The Internet of Things

The 3rd platform will grow wings in 2015 – literally, as drones multiply, raising novel legal questions about use of airspace; and figuratively, as wearables (like Google Glass and Apple Watch), home sensors, virtual reality, 3D printers and robotics and other smart machines all become things internetted as part of the nexus of data, cloud, social and mobile forces.  This activity has provided the background for 2014’s acquisitions by Facebook (8 so far, including WhatsApp - mobile instant messaging - and Oculus - virtual reality), Google (34, including Nest Labs, Dropcam and Revolv – all in home automation), Apple (8, including Beats Electronics – headphones and music streaming) and Microsoft (9, including Capptain, Acompli and HockeyApp – all in mobile). This M&A activity looks set to continue in 2015.

Perhaps most startling for the future are the warnings by Stephen Hawking that dismissing the dangers of advanced artificial intelligence could be the “worst mistake in history”[12] and Elon Musk that “we should be very careful about dismissing artificial intelligence.  If I had to guess what our biggest existential threat is, it’s probably that”[13].  Pause for thought at least in 2015.