Trends in information technology law: looking ahead to 2020
This piece looks ahead to what we might expect as IT law developments in 2020.
As we hit the new decade from deep inside the fourth industrial revolution, we’re witnessing stunning transformation in the areas of cloud + artificial intelligence (‘AI’) + mixed reality. In 2020, the direction of travel of these technology developments will be easier to chart than the regulatory responses to them (seeking to balance security + convenience + privacy) and the gyrations in the business environment that are driving all this change (including trade + Brexit + Trump + cycle).
The gathering cloud
Research consultancy Gartner is forecasting the global public cloud market to grow by 17% in 2020, from $228bn to $266bn. Tighter integration that combines the cloud’s economies of scale, demand flexibility, utility pricing and geographical dispersion with the ‘intelligent edge’ – data from local datacentres, people’s devices and the huge rise in Internet of Things (‘IOT’) sensors – is behind this growth as digital transformation gathers pace and the flow of computing workloads off premises into the cloud becomes a flood.
AI algorithm capabilities have now reached or exceeded human parity in speech recognition, image recognition, machine translation and machine comprehension. Couple this with the scale and efficiencies of cloud-based AI as a Service (‘AIaaS’) (for example, Microsoft’s deep learning Project Brainwave reduced AI training dataset costs to $0.20 per million images in early 2019) and the rise of AIaaS looks set to be a key feature of 2020. We are seeing this already as enterprise customers and large AIaaS providers grapple in contract discussions with novel questions of IP ownership of the various layers of AI data (training, testing, operational, insights), what happens to customer data once ingested into the AI and aligning both sides’ AI ethics policies and best practices.
Mixed reality and digital twinning
The third stunning IT transformation we’re seeing is mixed reality: a shift in the way we interface with computing, from individual device responding to keyboard, mouse and fingertip towards connected devices responding to voice, gaze and gesture. This expanding of the human-computer interface is also behind the convergence of the physical and digital worlds, where people, things and spaces in the ‘real’ world will increasingly have a twin or representation in the digital world. These developments are happening in the business world today and are set to jump species to the consumer world, perhaps in 2020, where the big change will come with adoption at scale.
As well as developing rapidly themselves, each of these three key IT transformations – cloud, AI and mixed reality – is interacting and converging with the others, so whilst you can see the direction of travel over the next year or so, it’s more challenging to see further out beyond the first and second generation consequences of these changes. Recall Bill Gates’ famous quote (from his 1996 book ‘The Road Ahead’) that “we always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten.”
Key areas of IT legal development in 2020 (1): privacy and data regulation and policy
The Cloud, AI and mixed reality neatly frame what will be the key areas of IT legal development in 2020: data and software. Policy debates around data and information security will continue to intensify, particularly as large fines for breaches of the General Data Protection Regulation ((EU 2016/679) hit the headlines (Marriott’s £99m and BA’s £183m proposed fines by the UK Information Commissioner’s Office (‘ICO’) in July 2019 are straws in the wind here). The GDPR’s template of protecting individuals’ personal data as a fundamental right is increasingly being adopted internationally, for example with the California Consumer Privacy Act and Brazil’s General Data Protection Law coming into force on I January 2020 and 15 August 2020 respectively. Facial recognition, AI in the workforce, anonymisation and profiling will be particular areas of focus in 2020. That said, as at the end of 2019, the EU’s draft e-Privacy Regulation seems to have made little headway under the Finnish EU Council Presidency, and we will have to await the Croatian (first half of 2020) or German (second half) Presidencies before the new regulation is passed.
Whilst privacy and security will dominate the data legal landscape in 2020, other data policy and regulatory debates are also hotting up around the following questions:
- Should data be open or proprietary?
- Is data control a better yardstick than data ownership?
- Is data best seen as an asset or utility?
- Is data best seen as asset or liability?
- Should data and data-rich businesses be more closely regulated or left to market forces?
These debates are playing out at EU level in the context of copyright and competition law. In the copyright area, the EU’s Digital Copyright Directive ((EU) 2019/790) (due to come into force in June 2021) will extend copyright permitted acts to cover text and data mining.
In the field of competition law the ‘regulation v market’ debate, particularly, will be in the public eye as new anti-trust approaches to the market power that data confers are tested in the EU.
Another important strand in the policy debate is around taxing data businesses in the countries where their sales and profits arise and we can expect these proposals to work their way towards the statute book in 2020. These debates will be all the keener if economic growth goes into recession in 2020 or trade tensions heighten.
Meanwhile, market approaches to managing data risk continue to develop. In 2019, many organisations added AI and data science ethics policies, procedures and best practices to their data management toolbox of GDPR assessments and compliance techniques. 2020 will see more tools added to the box:
- data trusts and frameworks for anonymisation and compliant data sharing;
- trade secret policies and processes to protect AI output (see below);
- ‘end to end’ organisational data planning; and
- more widespread adoption of data technical standards (like ISO/IEC 38505-1 on data governance, ISO/IEC 19944 on data categorisation and use cases and 27018 on personal data in the public cloud).
Key areas of IT legal development in 2020 (2): algos and software
The fourth industrial revolution has thrown up a range of signature legal questions, including:
- ‘Should AIs be capable of having separate legal personality?’
- ‘Who owns computer generated (copyright) works?’ and
- ‘Who owns computer implemented (patentable) inventions?’.
These questions will continue to be explored in 2020.
How to capture and protect the value of AI outputs will also exercise the legal department. That value frequently resides in previously undiscovered correlations through their power to explain or predict (‘customers who bought this tended to do that’, ‘a patient with this is at risk of that’ etc, ‘these citizens may need that’).
These correlations are typically not protectible by copyright or database right, but are of great value as confidential information and trade secrets. One of the criteria for trade secret protection (enforceable across the EU since June 2018) is that the information concerned has been subject to reasonable steps under the circumstances to keep it secret. As another tool in the data management toolbox, organisations are therefore increasingly adopting trade secrets policies and processes which show the steps taken to keep AI outputs secret to maximise trade secret protection availability.
Perhaps the biggest thing on the software legal agenda for 2020 however is the ongoing Google v Oracle case where the US Supreme Court in November 2019 granted Google’s request to review lower courts’ decisions and is likely to decide the case in 2020. Billed as the copyright case of the 2020s in a dispute going back to 2010, the case centres on the extent to which Google infringed Oracle’s copyright when it copied across into its Android operating system code from Oracle Java application programming interfaces (‘APIs’). An interpretation by the Supreme Court in favour of Oracle will have a broad impact on the software industry’s use of APIs. This will be felt particularly in the open source software area, for example, in how the Free Software Foundation operates its popular GPL2, GPL3, LGPL3 and Affero GPL ‘copyleft’ licences.
Blockchain – the legals
Further out, blockchain – still short of widespread adoption in 2019 – will hit the mainstream, if not in 2020 then in the next couple of years. Anyone interested in blockchain should read the ‘LawTech Delivery Panel: Legal Statement on cryptoassets and smart contracts’ (November 2019), a model of drafting clarity that disguises exceptional legal creative thinking and provides a solid legal foundation for this technology under English law by concluding that there is no impediment to cryptoassets being property and that smart contracts can relatively easily be fitted into English contract law principles.
(And, as an aside, anyone looking for a cautionary tale in runaway IT systems should read the equally well written ‘Independent Review Following TSB’s Migration onto a New IT Platform in April 2018’ by UK solicitors firm Slaughter & May in October 2018).
And then further out still, there’s quantum computing (at this point, still just a dot on the horizon) which will upend classical computing based on the bit (binary digit) – which at any time has one value or state (0 or 1, on or off) – through the qubit, which through the magic of superposition and entanglement can be in any number of values or states simultaneously.
The business environment in 2020
If IT’s general direction of travel in 2020 can be charted with a bit more clarity than usual, and privacy and data policy predicted as the most important regulatory areas, the business environment in which IT and IT law and regulation will develop next year are anything but clear. First, from the UK perspective, what happens with Brexit is likely to shape the attractiveness of the UK as a place for technology business investment for years to come. This will particularly be the case with the services aspects of the longer range individual trading deals between the UK and the EU, the US and other trading partners -. Second, how nationalism and populism develop will leave their stamp on trade policy where IT has a huge and growing footprint. Third, the business cycle itself (growth restored or impending recession?) will significantly impact the uptake of new technology. And nowhere is this big picture uncertainty for 2020 more neatly book-ended than by the UK general election on 12 December 2019 and the US presidential election on 3 November 2020.