- At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
- Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
- Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
- Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
- Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
- In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
- Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
- Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
- We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
- We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
- Our regulatory specialists work alongside Kemp Littles corporate and commercial professionals to help meet their compliance obligations.
- With a service that is commercial and responsive to our clients needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
- At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
- We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
- Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
- We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
- We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
- For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
- Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
- The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
- Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
- Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
- We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
- Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
- Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
- Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
- Kemp Little is trusted by some of the worlds leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
- HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
- FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they dont give away to get you started.
Data Protection in the new world of Artificial Intelligence
A quick online search of “what is AI?” does not provide you with an easy answer; this is because artificial intelligence can have different meanings to different people. For our purposes, it is a computer system which is able to perform tasks which would normally require human intelligence.
To date, as lawyers, we have needed to deal with computers and machines which are capable of numerous and speedy computations and calculations – but these actions have all been governed by the direction of the programmer. Artificial intelligence, on the other hand, is the machine intelligently thinking, learning and making decisions and actions based on this thought and knowledge. From a legal perspective this phenomenon challenges many key legal concepts and means that we need to address how we apply core principles of personality and liability onto something the law is not yet ready to deal with.
Could an AI be a data subject?
A data subject is defined as any individual who is the subject of personal data. Typically we think of data subjects as employees, contractors, customers or individuals on a marketing database etc. A limited liability company is not a data subject for the purposes of the Data Protection Act 1998 (the DP Act) and neither is a computer system. An AI is capable of performing tasks which would normally require human intelligence and so could it be argued that an AI should be given some of the same protections given to humans?
The current DP Act’s definitions means that there is not going to be any personal data recorded in relation to an AI data subject because personal data relates to “a living individual” who can be identified from the data. Even if we can acknowledge that an AI has human intelligence and should be classed as an “individual”, and therefore a data subject, would we be able to go as far as to describe it as living? And, perhaps more importantly, should we? Given the new definition under the EU General Data Protection Regulation (GDPR) changes this to a “natural person”, that does not seem to be the direction of travel.
Processing data using Artificial intelligence
A much more real concern for businesses is the use of AI in the processing of personal data. Processing is very broadly defined and includes “obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data”. The first data protection principle, which requires fair and lawful processing, is often met through the use of consent. The individual will consent to the processing of their personal data and this will enable the processing to be fair. How can we obtain informed consent when the processing of the data is no longer a predictable response to a set of pre-defined instructions given to a computer programme by a programmer but is now the result of an autonomous machine which is learning and thinking for itself? The programmer no longer knows what the next processing operation might be because that is a decision taken by the AI. Consent is not mandatory in the UK for the processing of personal data, although it is often the easiest way to justify the processing. Without consent the data controller will (generally) need to show that the processing is necessary for a contract or is for legitimate reasons, provided these reasons are not outweighed by the privacy implications for the individuals concerned. However, given that we don’t know exactly what processing the AI might undertake in relation to the data it is given, how can we know that the processing is necessary? Similarly, without understanding the processing and what the privacy implications may be, how can that balance be understood and documented?
Impact of the GDPR
The current EU data protection regime is due to be replaced by the GDPR. There are several key changes in the GDPR which will affect those working within the sphere of AI.
The first is the requirement to implement Privacy by Design and by default. Businesses will be required to take data protection requirements into account from the inception of any new technology that involves the processing of personal data. An AI works because of its ability to process large volumes of data and quickly. IBM’s Watson – a computer capable of answering questions framed in natural language thanks to the vast database of information it has access to – is an example of this. If the AI is given access to personal data as part of that database, then the AI will be processing personal data and data protection requirements will need to be taken into account as part of its design. This may not always be possible when the machine itself is evolving as it thinks and learns for itself.
Thanks to the increased computing power of AI it may be possible that data which might previously not have been considered personal data, because from the data alone you could not identify a living individual, might become personal data because the AI has access to other information which, when processed together with that data, could be used to identify a living individual. This potentially increases the scope of personal data which might be available relating to a data subject.
The GDPR also restricts profiling which is the automated processing of personal data and the use of personal data to evaluate certain personal aspects relating to a natural person,for example analysing or predicting aspects concerning a natural person’s economic situation or personal preferences. Pursuant to Article 14(1) of the GDPR, data subjects have a right not necessarily to avoid profiling itself, but rather to avoid being “subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.” Recital 58 provides as examples the “automatic refusal of an on-line credit application or e-recruiting practices without any human inter- vention”. Consent to this profiling will need to be obtained and this will need to be considered well in advance of implementing these kinds of AI.
Are we ready?
Artificial Intelligence is a reality and with “big data” becoming “bigger data” all the time, is the legal data protection landscape ready for AI machines? The emphasis, we believe is going to be on ensuring the data con- trollers are able to build in parameters around privacy into the AI, and also in trying to obtain the necessary consents before transferring data to an AI. Consent can be tricky today, but with the GDPR, consent will become even harder to obtain.
As with other new technologies, the law inevitably plays catch-up and AI will surely throw up new situations that do not “fit” what was in contemplation for the GDPR. For example, whether the AI is capable of being a data controller itself, making its own decisions in relation to the processing of the data, or how we might impose any liability on the AI for anything it did in breach of the DP Act or the GDPR. Given the power of the technology, this is a field likely to see an emphasis on ethics as well as law.
This article was previously published in Privacy Laws & Business.