TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Does your website or application collect user data? Does your company sell that user data to other third parties, such as advertisers? Does your company disclose this practice to your users in a privacy policy or terms or use? If you answered yes to these questions, you are most certainly not alone. But is your disclosure sufficient? That is the question a new challenge is poised to answer.

In most transactions involving the sale or license of intellectual property, a buyer or licensee will request that a seller or licensor represent and warrant that such intellectual property does not infringe or misappropriate the intellectual property rights of a third party. This representation and warranty is often heavily negotiated in a license or purchase agreement because the seller or licensor wants to limit its obligations for breach of this representation to limit its liability under the agreement, whereas the buyer or licensee wants to keep this provision as broad as possible to ensure that it receives appropriate protection from third-party claims for the intellectual property it licenses or buys.

As we previously discussed, nobody is safe from cybersecurity threats, and as our colleagues last reported, the US Securities and Exchange Commission (SEC) has heightened its cybersecurity scrutiny, issuing an investigative report on cyber fraud against publicly traded companies and signaling it will pursue both bad actors as well as companies failing to implement controls to detect and prevent hacking. A victim of a data breach itself, the SEC is now demonstrating how it intends to pursue bad actors.

On January 15, the SEC filed a civil suit in US District Court in the District of New Jersey related to its own hacking against individuals and business entities in Ukraine, Hong Kong, California, Belize, Russia, and Korea. The SEC alleges in the suit that the defendants hacked into the agency’s Electronic Data Gathering, Analysis and Retrieval (EDGAR) system through a variety of means—including phishing emails and malware—and stole information (namely, publicly-traded companies’ earnings information). The suit further alleges the defendants then traded securities based on the stolen information before it became public. The SEC argues all defendants were necessary participants in the “fraudulent scheme” as some defendants were required to “obtain, through deception, material nonpublic information from the SEC’s EDGAR system” and others were required to “monetize the material nonpublic information by making profitable trades.” The SEC requests the district court to permanently enjoin the defendants from engaging in unlawful conduct[1], order the return of all profits and/or gains realized from the trading, and impose civil penalties[2] on the defendants.

The Hatch-Goodlatte Music Modernization Act was signed into law on October 11, 2018. The act has been termed a music industry peace treaty of sorts, as it is designed to address years of issues and compromise between music streaming technology companies, such as Spotify, and artists and record labels. The act had unanimously passed the US House of Representatives and Senate earlier in 2018.

In today’s connected world, companies rely heavily on their websites and mobile applications to reach consumers. There have been a number of lawsuits filed alleging companies’ websites and mobile applications are inaccessible to the visually impaired in violation of the Americans with Disabilities Act of 1990 (ADA).[1] As we last discussed, a federal court found Winn-Dixie had violated Title III of the ADA.

Every January, electronics manufacturers descend upon Las Vegas for the annual Consumer Electronics Show (CES) to showcase their latest and greatest forays in devices. Not surprisingly, there was no shortage of shiny fresh connected devices with new and evolving applications in everything from workouts and personal care to the more usual suspects of television and virtual assistants. With Internet of Things (IoT) becoming more ubiquitous, it was only a matter of time before legislation followed. On September 28, 2018, California enacted the United States’ first IoT law, set to go into effect January 1, 2020, just in time for next year’s CES.

Morgan Lewis will co-host an interactive master workshop on negotiations and contracting geared toward business leaders, sourcing professionals, and in-house counsel who work together on complex transactions such as digital transformations and vendor outsourcing. Edward J. Hansen, Vito Petretti, Donald G. Shelkey and Valerie A. Gross of our Technology, Outsourcing and Commercial Transactions practice will present and lead discussions on topics including:

Towards the end of 2018 we ran a series of Contract Corner blog posts on the GDPR and Data Processing Addendums. (See here and here.) December brought detailed guidance from the UK Information Commission’s Office (ICO) on contracts and GDPR compliance (the New Guidance), which replaces draft guidance previously issued as part of a consultation by the ICO in 2017 (the Draft Guidance).

The process of “going digital” has drastically affected the outsourcing market in recent years. During their webinar, Outsourcing Across the Globe—Going Digital, Ed Hansen, Simon Lightman, Barbara Melby, and Mike Pierides will discuss how to prepare for the future of outsourcing and leading trends that will impact outsourcing transactions globally in 2019. Topics will include the following:

  • Privacy considerations for Europe, China, and beyond
  • The increasing impact of automation
  • Using the contract to mitigate risk

The webinar will be held on Wednesday, January 23, 2019, from 12:00 pm to 1:00 pm ET (5:00 to 6:00 pm GMT).

Register for the webinar.

On behalf of the technology, outsourcing, and commercial transactions team at Morgan Lewis, we’d like to wish you and your loved ones a wonderful new year.

What would you like to hear about in 2019? Let us know by emailing your idea to techandsourcing@morganlewis.com.