TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

Russia has amended its main laws governing the internet to allow the government to restrict access to the internet and to control internet traffic in emergency situations.

Federal Law No. 90-FZ of 1 May 2019 introduced a set of amendments to the Federal Law on Communications and the Federal Law on Information, Information Technologies and on Protection of Information (the Amendments). The Amendments are colloquially referred to as the “sovereign runet law” or the “law on the secured internet.”

Russia’s Central Bank, the financial markets regulator in Russia, might soon receive the right to block websites. On 24 January, the State Duma, the lower house of the Russian parliament, approved amendments in the first reading to the Federal Law "On Information, Information Technologies and Protection of Information" and the Civil Procedure Code (the Proposed Amendments).

The Proposed Amendments are designed to give the Central Bank the right to block websites violating financial market legislation or used to maintain fraudulent activities.

Forbes has listed its top outsourcing trends in the Asia-Pacific (APAC) region for 2019. The APAC region has long been the dominant region for outsourcing, although it is facing competition from emerging outsourcing markets in other regions. Trends include the growing presence of outsourcing in Malaysia, shifting resource models, and personnel shortages.

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

The United Kingdom government’s Cabinet Office (the central procurement department for central government) is requiring major government suppliers to draft “living wills.” These are intended to safeguard the provision of services to the public sector in the event of the collapse of a supplier.

This measure follows the insolvency of outsourcing provider, and major government supplier, Carillion in January 2018. The well-documented Carillion collapse led to significant debate about the role of outsourcing within the UK public sector, with pronouncements about the extent to which outsourcing for the public sector has “fallen out of fashion.”

During their webinar, Hot Topics in Data Privacy Regulation in Russia, Moscow partners Ksenia Andreeva, Anastasia Dergacheva, and Vasilisa Strizh will discuss trends in data privacy regulations in Russia for the upcoming year.

Topics include:

  • News from the Russian data protection regulator (Roskomnadzor)
  • New laws and legislative initiatives in the data privacy field
  • Obtaining data subjects’ consents: views of the regulator
  • Formalizing cross-border transfers from Russia and to Russia
  • Localization rules: view from Roskomnadzor

The webinar will be held on Tuesday, November 27 from 9:00 to 10:00 am eastern time. You can register here.

From time to time, data controllers are confronted with the question of whether data subjects can raise claims for specific security measures against the controller under Article 32 of the EU General Data Protection Regulation (GDPR). These measures can be costly and cumbersome for the controller.

The Austrian Data Protection Authority (DPA) has decided that there is no such claim. In the relevant case (AZ: DSB-D123.070 / 0005-DSB / 2018), the DPA ruled on a claim by a data subject to pseudonymize personal data. The complainant had filed two complaints with the DPA alleging a violation of the fundamental right to data protection (Section 1 of the Austrian Data Protection Act) for an alleged failure to delete data or pseudonymize personal data. The respondents were two Austrian public authorities: the Federal Ministry for Europe, Integration and Foreign Affairs and the Federal Chancellery.

A significant fine imposed by the UK’s Financial Conduct Authority (FCA) on an established UK insurer is further evidence of the increased scrutiny being placed on outsourcing arrangements by the financial services regulator, and also of the importance the regulator places on issues that directly impact retail customers.

The FCA is the UK’s “conduct” regulator, with a focus primarily on the regular business conduct of financial services businesses, as compared to the “macro” focus (safety and soundness) of the Prudential Regulatory Authority (PRA) – although there is overlap between the stated remits of the FCA and the PRA, and outsourcing arrangements are subject to scrutiny by both bodies.

A shrinking in traditional outsourcing deal volumes since the United Kingdom's EU membership referendum vote on June 23, 2016, is being partially attributed to business caution following the “Brexit” decision.

According to consultants ISG, the traditional sourcing market in the UK pre-Brexit referendum had a deal volume of circa $900 million per quarter. However, the UK outsourcing market has only achieved this level of activity in one quarter since the referendum.

Washington, DC partners Giovanna M Cinelli, Kenneth J. Nunnenkamp, and Stephen Paul Mahinka and Boston partner Carl A. Valenstein recently published a LawFlash on the recent action taken by the Committee on Foreign Investment in the United States (CFIUS) to implement a pilot program under the Foreign Investment Risk Review and Modernization Act (FIRRMA). FIRRMA, which was enacted in August 2018, reformed the CFIUS screening process for foreign investment in the United States and, among other things, permits CFIUS to establish pilot programs to test the viability of certain of its provisions. The LawFlash addresses the objectives and the scope of the announced pilot program, including the countries and types of investments covered by the program. It also describes the new requirement for mandatory declarations "for certain transactions involving investments by foreign persons in certain U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies" implemented by the pilot program. The pilot program becomes effective November 10, 2018.

For more information on the pilot program, please read the LawFlash.