INFORMATION TECHNOLOGY: An Introduction
Technology’s diffuse and critical use makes IT law a varied and contentious practice area, spanning commerce and personal issues, such as data privacy.
After over a year with COVID, the technology sector itself has been resilient, with sustained investment and growth. Indeed, the pandemic encouraged digital adoption. For example, COVID accelerated virtual court initiatives and, while the return of ‘in person’ hearings is welcome and essential to achieving justice for some cases, it is likely that – as with businesses and at home – technology will play an expanding role. Nevertheless, negative impacts on the tech sector were also seen, such as supply chain and workforce disruption (especially in the first wave) and reduced demand from harder hit industries.
These COVID-related disruptions will likely feature in IT project disputes, as part of delay and termination claims, alongside familiar arguments about defects, scope creep and resistance to change. The long-running Post Office litigation illustrates the potential impact of system failures, where bugs were held to have caused a significant and material risk of accounting shortfalls for which postmasters were convicted. After an adverse civil court judgment, numerous convictions were quashed. Given the high stakes, parties often look to their contracts for applicable limitation and exclusion clauses. Recent cases have offered guidance – CISGIL v IBM on excluding wasted costs and the Supreme Court in Triple Point Technology Inc v PPT Public Company Ltd, also on liquidated damages.
IT law practitioners do not simply need to keep abreast of case law and legislative change: technological developments are fast paced and produce new issues of their own. For instance, the implications of artificial intelligence (AI) are largely unexplored, although some of the privacy, data processing and equality issues posed can be seen from recent legal challenges to the algorithm used by Home Office to stream visa applications and the use of facial recognition by police. Meanwhile, the hype around blockchain technologies has extended to non-fungible tokens (NFTs), used to prove ownership and originality of assets, such as the founder and CEO of Twitter’s first tweet (sold for US$2.9m). When advising clients, practitioners must appreciate popular misconceptions (for NFTs, about the rights normally purchased) and understand the actual technology and transactions involved.
Partly due to increased remote working, cybersecurity risks are pronounced. Ransomware and cyber-blackmail attacks are finding diverse targets such as Hackney City Council, the Salvation Army and the legal profession. When a barristers’ chambers was hit in summer 2021, they responded by getting a High Court injunction against person(s) unknown. More generally, IT lawyers support organisations in their preparatory activities, crisis management and dealing with the wider fall out.
Data claims arising from attacks and other sources remain prevalent, with some companies suggesting that the balance is tipped too far in favour of the consumer. Warren v DSG Retail Ltd pushed in the other direction – claims in breach of confidence, misuse of private information and negligence against a company following a data breach caused by an external, criminal third-party attacker were struck out. This case may well discourage other claimants’ cases because after-the-event insurance premiums cannot be recovered for such statutory claims, explaining why the others were pleaded. The future of class actions and whether damages for loss of control of data can be recovered without proof of such loss is under consideration of the Supreme Court in Lloyd v Google.
Regulatory intervention is a significant feature of IT law. Over the last year, the Information Commissioner’s Office fined companies for mass marketing emails and text messages without consent, as well as failures to keep personal data secure. The UK’s Competition and Markets Authority (CMA) has also asserted itself post-Brexit by pursuing Apple, Facebook and Google.
Looking ahead, the sector can expect further legislative and regulatory efforts. A new Digital Markets Unit (DMU) has been launched within the CMA, aimed at encouraging competition and innovation, and protecting consumers and businesses from unfair practices. The DMU is investigating codes of conduct between digital platforms and the third parties which rely upon them. The EU has proposed a new AI regulation, which sets rules for the development, placement on the market and use of AI systems following a proportionate risk-based approach. And the Online Safety Bill is progressing through Parliament, while the Law Commission is reporting further on autonomous vehicles.
What exactly comes to fruition remains to be seen, but it will likely lag behind technological change, leaving IT law practitioners to apply and develop established principles, and get creative themselves.