• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

How changes to EU data protection law could affect UK business

For nearly twenty years, UK data protection laws have remained fairly static, even in the face of considerable technological advancements, the rise of social media and the “big data” boom. The European Commission decided to address this gap between the law and technology by publishing a new draft EU data protection law (or the General Data Protection Regulation (the “Regulation”)).

Since the draft Regulation in 2012, the European Parliament and the European Council have both reviewed the Regulation and added their comments. So we now have, rather confusingly, three drafts of the Regulation and over the next few months, these three bodies will engage in heated negotiations with the aim of producing a final Regulation.

Once adopted, there will be a two year transition period before it becomes enforceable across EU countries including the UK by data protection authorities and the courts. While a two year grace period may sound generous, in reality given the number of teams that will need to be involved in helping a company comply with the new Regulation (such as IT, Marketing, Legal and Compliance as well as management and business teams) and the time taken to implement business change and new IT projects, two years can actually pass quite quickly. Therefore prudent businesses are considering and planning for the Regulation right now.

Scope for 'personal data' broadening?

An important change for UK businesses is the increased scope of the Regulation. Currently data protection laws only apply to data that directly identifies an individual and to data that identifies an individual when combined with other information held by the data controller (a data controller is the company that decides how the personal data is to be used). So pseudonyms, IP addresses and other unique reference numbers would not be personal data unless the data controller can combine with other information, like email addresses, which would allow those pseudonyms, IP addresses and reference numbers to identify an individual.

Under the Regulation, this will change and all data that identifies an individual, whether directly or indirectly, will be personal data. There is no longer a requirement for the company to personally hold another data set that would allow for re-identification. So any unique identifier or pseudonym will be personal data. Many businesses use pseudonymous data because they believe that this means that they can avoid having to comply with data protection laws, but this will no longer apply. So we should expect the Regulation will impact many more businesses than before.  

Pseudonymous data

One of the key issues being negotiated is whether there should be less stringent compliance requirements for pseudonymous data. All three legislative bodies agree that pseudonymous data is still a subset of personal data, but they disagree about whether pseudonymous data should be subject to the same requirements as “standard” personal data. It may be worth stressing that a more lenient approach to pseudonymous data is opposed by many of the data protection regulators and by privacy rights groups. To prepare for the new Regulation, businesses should start reviewing the types of data held: sensitive, personal or pseudonymous. Where possible, businesses should try to use pseudonymous data over personal data as it could benefit from less onerous compliance requirements.

Customer profiling

Pseudonymous data is frequently used for customer profiling and profiling is another area of contention under the Regulation. Profiling has been broadly defined as “any form of automated processing of personal data intended to evaluate certain personal aspects relating to a natural person or to analyse or predict in particular that natural person’s performance at work, economic situation, location, health, personal preferences, reliability or behaviour". This definition could potentially capture any form of data analytics and therefore would have significant impact for data-driven businesses.

The Regulation will require businesses to have either a statutory basis for profiling (e.g. for crime prevention or detection purposes) or the individual will need to have given his/her consent to being profiled. Most businesses will therefore have to rely on obtaining an individual’s consent, which will make it considerably harder to use personal data for analytics.

Under current laws, consent is often not obtained for profiling activities. This is because profiling is frequently carried out using pseudonymous data or profiling using personal data is permitted for a legitimate purpose of the data controller (provided this does not unduly infringe the individuals’ rights and interests).

Consent needed

So under the new data protection regime, consent will be needed for any personal data analytics and there will also be a new standard of consent. Consent must be freely-given, specific and informed - the individual must have a genuine choice as to whether to give consent and be able to withdraw consent without detriment. In practice this means that companies engaged in personal data analytics will have to tell individuals that they are carrying out profiling, what profiling activity is being undertaken and the implications of such profiling and then give the individual a genuine option to agree to or disagree with such use of their personal data.

Given the general public concern about how companies use their personal data, it is doesn’t seem too implausible to imagine that many consumers may refuse their consent to profiling. While it is obviously important to give individuals control over their personal data, the effect of this profiling provision could mean data innovations and analytics are stifled – even where it could improve people’s lives, such as health data analysis.

Companies will need to tackle this head-on and think carefully about their customer engagement and marketing strategies.  Gaining customer trust with appropriate customer terms and legally compliant consents will take on a greater importance to be able to continue to use and benefit from personal data.

This article was originally published on ComputerWeekly.com. For further information please contact Nicola Fulford.