Insight Service: Privacy, data protection and cybersecurity

OpenAI and Microsoft sued in US for $3 billion over alleged ChatGPT privacy violations

OpenAI and Microsoft are being sued in a class action lawsuit alleging that they violated the privacy of hundreds of millions of internet users by secretly scraping vast amounts of personal data to train their ChatGPT artificial intelligence chatbot.

The lawsuit, which was filed on 28 June in federal court in San Francisco, California, claims that:

  • OpenAI and Microsoft collected personal information from users of websites and social media platforms without their knowledge or consent.
  • The information includes names, addresses, phone numbers, email addresses and financial data.
  • OpenAI and Microsoft used this personal information to train ChatGPT, in violation of the US Electronic Privacy Communications Act which prohibits the interception of electronic communications without a warrant.

The lawsuit is seeking class-action certification and damages of $3 billion and comes at a time when there is growing concern about the privacy implications of artificial intelligence. Whilst in recent years there have been a number of high-profile cases in which AI companies have been accused of collecting and using personal information without users’ consent, this is one of the first major cases to challenge the privacy practices of an AI company. The outcome of the case could therefore have a significant impact on the development and use of AI in the future, including the laws which govern the collection and use of personal data by AI companies, and set a precedent for other legal cases against AI companies.

This case is a timely reminder that AI companies need to be transparent about their data collection practices and ensure they have a valid legal basis, such as consent, before collecting personal data. It is also a reminder that users need to be aware of the privacy implications of using AI-powered products and services.

If you would like to discuss any of the legal issues around AI, including the recommended actions to keep the AI operations of your organisation within the law, please contact Chris Perrin.

Working in the Indian Data Centre Market

Taj Mahal

In 2020, the Indian Ministry of Electronics and Information Technology announced its draft Data Centre Policy, designed to make the country more attractive for domestic and foreign investment into the data centre sector. In this article, Ed Cooke, Founder at Conexus Law, shares some of his experiences of working on Indian projects including some of the key differences in design and construction contracts.

The vision

The government’s vision is to make India a global data hub, primarily by promoting the data centre sector to give it infrastructure status and creating a benign regulatory environment. Plans also include establishing Data Centre Economic Zones with high-quality power and connectivity infrastructure, water and other utilities, and creating financial incentives, particularly for the use of Indian-manufactured equipment and hardware. In fact, certain state governments, such as the states of Tamil Nadu and Uttar Pradesh, have already announced state-wide policies to encourage data centre development.

Over the past few years, a number of global data centre operators have announced investment partnerships focused on the Indian market. These include the recently announced joint venture between Digital Realty and Brookfield Infrastructure Partners, Yondr’s venture with Singaporean Everstone Group, AdaniConneX (a JV of EdgeConneX and Adani Group), and announcements of hyperscale data centre developments by the likes of CapitaLand, Hiranandani, NTT, and STT GDC. In fact, Mumbai, Hyderabad, Chennai, Bangalore and Delhi are already well advanced as important locations to serve the increasing Digital Transformation among the Indian domestic market and the global communications market. Mumbai, in particular, has been the premier choice for hyperscale developments due to its infrastructure availability and proximate subsea landing stations.

Understanding the differences

At Conexus Law, we have recently been working for US and European based clients on the construction of hyperscale size data centre projects in India. As commercial and legal advisors specialising in technology infrastructure, one of our regular tasks is to help clients enter new markets.

This includes helping them to understand the legal, commercial and cultural differences compared to operating in their ‘home’ environment. We always work with local partners and it is a part of our work that we really love doing.

The Indian legal system is fashioned on English common law, but overlayed with Indian legislation and regulatory laws. Indian court judgments set precedent and so it is important to understand both the legislative and common law context in which you are working.

In our experience, most data centre construction contracts in India are either based on a bespoke form of contract or a FIDIC standard form (usually a Yellow Book). There are also other inevitable regional differences.

Areas to focus on

As an example, labour and the supply chain are a huge and complex area in India and we often get involved in advising clients on their approach to procurement, and to monitoring second and third tier suppliers. Performance security, bonds and third-party guarantees/letters of credit are extensively used on large construction projects in India and we play a role in monitoring these. Also structuring payments against milestones – in particular protections around advance payments – are, in our experience, common in India.

The quality and workmanship – and in particular compliance with local and international codes and standards – is an area of real focus and aligns with detailed staged and integrated commissioning processes. There are also a number of compulsory insurances required in India alongside those which would normally be expected by an international client.

Cultural considerations

When we are negotiating in a different country or culture, we work hard to understand how the approach of our negotiating partner might differ from your own. It is always risky to try to characterise a whole nation or culture by a set of rules and so there needs to be a lot of ‘finding your way’ with the relevant individuals. However, we find cultural frameworks such as the well-known Geert Hofstede index, can be useful as a starting point. For example, through that, we learn that Indian culture scores highly in relation to its appreciation of hierarchy. It is therefore important to establish early on where the individuals we are negotiating with fit and ensure that either negotiations on specific points are conducted at the right level. An alternative is to provide enough justification for our stance to enable the individual to take the decision back to his or her superiors and make a convincing argument. It is quite easy to cause offence by not respecting the hierarchical structure (perhaps by seeking to jump a level in order to get faster resolution of an issue). To the western negotiator who is often time pressured, negotiating can feel like a very slow process but it is important to temper frustrations for the long-term goal. Also remember, as with many Asian cultures, that the term ‘yes’ is often used to indicate understanding of the point being made, not agreement to it. In our experience, this can cause clients great difficulty when they report that an issue has been closed out, only to find it has not been.

In conclusion, investment in digital infrastructure is happening at scale in India and there is a vast amount of further potential in this market. In fact, investment in the Indian data centre market is expected to reach US$8 billion by 2026. There are inevitable challenges in meeting the demand of a very tech-enabled population and business sector quickly enough, with reliable infrastructure to overcome historic under-investment in the region, such as quality construction and availability of highly qualified labour. We are proud to be part of it.

The Queen’s Speech May 2021 – Legal Update

London Skyline

This year’s Queen’s Speech contained several points that are relevant to our clients and the sectors we operate in. We have pulled together a list of the relevant legislative proposals, some of which were already known about, or carried over from the previous parliamentary session. We will continue to monitor the progress of these and provide timely updates.

ADVANCED RESEARCH AND INVENTION AGENCY BILL

This Bill is about developing the Life Sciences sector so it attracts people and business from across the world. This includes increasing public expenditure on research and development to £22 billion and creating an Advanced Research and Invention Agency which will be focused on funding high-risk, high-reward research and development.

PLANNING REFORM

Reforming planning laws and improving building safety were central to the Queen’s Speech. The change in planning laws to increase the number of new houses being built was announced proposals for areas which will be designated for growth, protection or regeneration, with developments in growth areas being harder for local opponents to block. The speech also made reference to the ongoing overhaul of the Building Regulations system in the UK with The Building Safety Bill still going through parliament.

PRODUCT SECURITY AND TELECOMMUNICATIONS INFRASTRUCTURE BILL

This is designed to ensure that smart consumer products, including smartphones and televisions, are more secure against cyber-attacks, protecting individual privacy and security. It also includes a commitment to the roll out of 5G mobile data coverage and gigabit-capable broadband to support better telecommunications coverage and connectivity.

TELECOMMUNICATIONS (SECURITY) BILL

This will give the Government new powers designed to ensure the long-term security and resilience of the UK’s telecoms networks and infrastructure and minimising the threat of high-risk vendors. It will also strengthen the security and oversight of technology used in telecoms networks including the electronic equipment and software used across the network which handle internet traffic and telephone calls.

ONLINE SAFETY BILL

The Online Safety Bill has been highly publicised and aims ‘to make the UK the safest place in the world to be online’, improving protections for users, especially children, whilst protecting freedom of expression, making companies responsible for their users’ safety online, and supporting a thriving and fast-growing digital sector. This will likely mean working with the industry to ensure there are clear legal definitions of what constitutes harmful online content, setting out the responsibilities that companies of different sizes have to observe and establishing clear codes of practice.

GDPR Update – April 2021

Image of GDPR

The government has recently discussed reforming data protection law and diverging from the EU’s GDPR regulation. This move is designed to allow information to flow more freely and drive growth in the global digital economy. This is good news for anyone dealing purely with UK data as it should make reaching adequacy agreements with other non EU countries easier . However, anyone holding EU data will still have to manage their compliance with the EU regulation. Those companies that hold both EU and UK data (and this is not always a simple question to answer) will likely need to run a dual system, which may be complex and time consuming. Knowing which rules apply to your data sets and transfers will have never been more important.

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.
We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Covid-19.

Contact

For further advice on GDPR or pursing your contractual rights, please contact Philip Brown.

T: +44 (0)20 7390 0289
M: +44 (0)7887 538308
E: [email protected]

Conexus Law Launches New Service to Help Organisations Mitigate “Brexit Risk”

Conexus Law, the specialist provider of legal advice to businesses operating at the intersection of the built environment, technology and people, has launched a Brexit Contract Management and Audit Service. It is designed to help address the many unresolved issues following the Christmas Eve Agreement.

The new service will help organisations manage any potential contract risks and assess existing contractual arrangements that may require attention to ensure continuity of commercially viable relationships post BREXIT. It will include a full audit of all contracts including a review of standard terms and conditions (both signed and those under negotiation), and any bespoke contracts with both suppliers and customers, together with business contracts which touch every business area whether it be IT, purchasing, product, sales and marketing, office services, facilities maintenance, logistics or outsourcing.

In addition advice will be given as to whether a contract has a mechanism or opportunity to exit or re-negotiate its terms should this be necessary. While the service will focus on arrangements with EU suppliers or customers, it can include the full suite of contracts globally (including UK to UK contracts and UK to non-EU contracts).

Brexit will also impact trade between the UK and global markets and between the EU and global markets, with likely increased customs and duty requirements and costs. All of this will be taken into account when setting the scope of the contract audit.

Ed Cooke, Founder at Conexus Law, said: “Although The Christmas Eve Agreement gave some clarity, businesses continue to be faced with uncertainty. There are clear implications for many areas such as supply chains, imports and exports and employment that will affect the technology and datacentre sectors and our service will ensure full visibility of the commercial impact of Brexit on the business.”

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.

We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Brexit.

Contact

For further advice on mitigating Brexit risks, please contact Ed Cooke.

T: +44 (0)20 7390 0281
M: +44 (0)7535 123000
E: [email protected]

International business faces post Brexit data threat warns legal expert

Laptop with padlock

From 1 January 2021 the United Kingdom will lose its automatic status as a safe destination for EU data when it falls outside of the EU’s legal jurisdiction. This will affect all EU data to be transferred to the UK (or any ‘third country’ that is not an EEA member.)

According to Phil Brown, a specialist lawyer at Conexus Law, it is doubtful that transfers from the EU to the UK will be compliant with GDPR following court case in October which held UK law incompatible with EU law – and similarly no transfers to the US would be compliant following a judgement in July 2020 which rendered Privacy Shield invalid.

“This clearly poses a huge threat to international business and it is hard to see that it will be allowed to continue, although equally the contrasting views of Europe and the US as to data protection mean it is a difficult one to see resolved without wholesale legislative changes to either the European or US regimes. The UK is clearly more aligned with the rest of Europe, and so one would hope that the differences can be resolved swiftly and effectively but given the political implications of Brexit across Europe there remains a distinct lack of clarity,” comment Phil.

Phil has created a guidance paper on the subject which outlines the possible options for businesses and likely outcomes.

HOW CAN CONEXUS LAW HELP?

Businesses and individuals will need legal advice to help them understand the risks they may face and the options that may be open to them.
We are available to assist in reviewing the laws in many jurisdictions across the world, and to review specific contracts. We are also available to provide practical, business-orientated advice on how to best protect yourself from the ongoing commercial effects of Covid-19.

Contact

For further advice on GDPR or pursing your contractual rights, please contact Philip Brown.

T: +44 (0)20 7390 0289
M: +44 (0)7887 538308
E: [email protected]

 

Law firm warns of Post Brexit GDPR impact

Conexus Law, the specialist advisory firm that provides legal and commercial advice to clients who work in sectors where the built environment, technology, engineering and people converge, is urging companies to prepare for the strong possibility that the EU will fail to agree that the UK has an “adequate data protection regime” after the transition period at the end of the year. This will mean that businesses will face barriers transferring personal data to and from the UK to EU countries under GDPR. The warning comes on the back of the ruling by the European Court of Justice at the beginning of July that reversed the prior adequacy decision of the EU for the USA – rendering its Privacy Shield ineffective.

Ed Cooke, Founder at Conexus Law said: “The UK’s use of mass surveillance techniques, our Investigatory Powers Act, and our membership of the Five Eyes intelligence sharing community has raised particular concerns with the EU – especially in relation to the sharing of data with the US, and even more so given the recent Schrems II decision on the Privacy Shield scheme. What is clear is that once a decision has been made then companies will need to move quickly to ensure they are not severely impacted.”

Failure to reach an agreement would mean that companies will need to look at alternatives such as Standard Contractual Clauses and binding corporate rules. Ed reiterates that merely relying on consent is not really an option for most businesses.

“Each of these options has its challenges with consent generally viewed to be unworkable as it can be revoked at any time. Standard Contractual Clauses were upheld in the ECJ in its judgment on Privacy Shield, but the judges did cast some doubt on whether or not these offer suitable protection in all cases without businesses adopting further practical measures such as encryption, to ensure the protection of personal data,” explains Ed.

Conexus Law is advising companies to start preparing now. Companies should already have a full audit of what personal data they collect and where it is stored and transferred to, including back-ups that may be held by cloud-based providers with datacentres all over the world. This audit needs to include all suppliers and partners that data is shared with. The next stage is to look at standard contractual clauses and decide whether further measures are required based on the specific data being transferred. If not, consideration should be given additional methods such as encryption.

“It seems that an adequacy ruling under GDPR is being used as a BREXIT bargaining chip in relation to other unrelated diplomatic negotiations taking place. Unfortunately, businesses may end up bearing the brunt of this and I would highly recommend that they start to prepare now,” concludes Ed.

Fact Sheet: Update on Telecommunications Infrastructure (Leasehold Property) Bill 2019-21

The Johnson government plans to roll out UK-wide gigabit-capable broadband by 2025.

The Telecommunications Infrastructure (Leasehold Property) Bill 2019-21 is set to amend the 2017 Electronic Communications Code, so as to streamline the process by which network operators may gain access to multi-let residential properties.

It is hoped this will deal with the particular problem of the landlord who is unresponsive to requests to allow access.

COVID-19 to push growth trajectory of data centre industry, Data Economy

COVID-19 has changed the business landscape in all industries across the globe, and the data centre sector is no exception.

The data centre has emerged into the spotlight as the pandemic forces the increase of remote working and information from governments, causing the growth trajectory of the industry to scale up.

With data centre operators being established as key/ essential workers, data centre operators are facing a number of COVID-19 related challenges, including limiting routes for infection whilst providing continuity of service.

Taking a little trip down memory lane – pre-COVID-19 – the growth of cloud technology played a major part in the data centre sector’s success.

In 2018, global revenue from the wholesale and retail data centre colocation market amounted to around $38 billion, according to Statista; with industry revenues expected to increase to over $50 billion per year by 2023 – as an increasing share of global businesses adopts data collection and analysis into their strategy.

Ed Cooke, Founder of Conexus Law told Data Economy that the virus will not have too much of a negative impact on the data centre sector as its need becomes more prevalent.

“It is no secret that the use of social media, online videos, gaming and all other underling fundamentals to do with the Internet of Things (IoT) is all on track to boost the requirements for data, data processing and IT infrastructure,” he says when giving a general overview of the industry before the pandemic began.

“There were still great amounts of construction taking place in the tier one cities; France, London, Amsterdam and Paris and Dublin, and there has been growth occurring in other markets too – particularly in South America, the Nordics and in Africa, and quite a lot of expansion is happening in Asia.

He was right. In the last seven days, companies in the sector have still been announcing mergers and acquisitions as well as the beginning of a new data centre build in London by Netwise.

Despite all of this, Cooke says that there are some cracks that appear as there has been some constrain in the supply chain.

“There are very few main contractors out there who have expertise in building data centres securely, and they were over-reliant on an even smaller group of suppliers who would supply the equipment,” he explains.

“However, what is interesting about COVID-19 is that in many ways it will push the growth trajectory of the industry.

“People have had it demonstrated to them now that they can work remotely, and many companies have already had it demonstrated to them now that their business continuity plans are not what they thought they were.

“I suspect we will see an increase in the purchase of cloud technology and the purchase of IT infrastructure and backup systems.”

Cooke explains that he fears the supply chain may get even more constraint, as he predicts that businesses may be lost as a result of the virus.

“Many clients are now starting to think about what happens when construction starts again, there will be a real fight for resources both in terms of labour and spaces on the manufacturing lines of these equipment providers, the generator providers, the transformer providers.

“People will want to make sure that their project starts up again first. In the short term after COVID-19, it will be a bit of a battle.”

Cooke went on to explain that one of the other things that the industry is witnessing is the likes of big internet companies like the Microsofts of this world starting to take up the spaces that they had reserved in data centres.

COVID-19 effects on finances

Recently, US data centre power biz Vertiv cut its financial forecasts for the next quarter in response to the impact of the coronavirus outbreak on its supply lines.

HPE, Microsoft and Samsung have all warned that the virus is likely to affect their supply chains this year.

Facebook pressed the pause button on the construction of its Huntsville, Alabama data centre campus due to safety concerns over staff during the COVID-19 outbreak.

Cooke previously told Data Economy that the pipeline of new data centres is under threat as the supply of labour and parts have been paused by the international response to the COVID-19 pandemic.

All hope is not lost as companies like Tencent and CyrusOne amongst others have all pledged to donate money to combat the virus as well as offer support where it is needed.

Data centre businesses rally on markets fightback after governments around the world pour more than $1.5tr into economies.

Source: data-economy.com/light-at-the-end-of-the-tunnel-covid-19-to-push-growth-trajectory-of-data-centre-industry

Press Release: Conexus Law announces new team

Conexus Law, the specialist advisory firm that provides legal and commercial advice to clients who work in sectors where the built environment, technology, engineering and people converge, has announced a number of senior appointments that are joining founder, Ed Cooke.

Emma Cordiner specialises in Real Estate & Data Centre Leasing with over 15 years’ experience in the world of commercial real estate transactions, both in the UK and internationally. This includes acting for datacentre industry clients, advising during the negotiation and legal transaction phases of securing space in data centres to create global networks spanning multiple jurisdictions.

Husna Patel specialises in construction and engineering law with a strong legal background in transactional and advisory work. She has worked in-house at a global electrical equipment suppliers who frequently supply the technology and data centre sectors, and so has seen negotiations from both sides. Projects include commercial and residential property development, technology projects such as data centres, on- and off-shore wind farms, bio mass and bio fuel plants, and land remediation projects in the UK and internationally. She has particular expertise with engineering and international contracts, such as those based on FIDIC.

Marilyn Heward-Mills has over 20 years of employment law experience focusing on contentious and non-contentious matters. She started at the predecessor to WilmerHale in 1996 as a dual-qualified English and US lawyer. Marilyn is also a published fiction author and a qualified therapeutic counsellor.

Philip Brown has over 15 years’ experience as a lawyer working in the technology sector. His clients include data centres, telecommunications providers, software developers and platform providers and their customers. He has put cloud and software platforms into some of the biggest global brands and advised on telecommunications systems arrangements within the nuclear sector and consumer-facing technology providers.

Commenting on the new team Ed Cooke, founder at Conexus Law, said: “Conexus Law is founded on the belief that we can only deliver the best counsel if we have a strong understanding of the sectors’ challenges and the underlying technology and processes. Therefore, every member of the team has specific industry expertise and is a leader in their field. I am extremely proud of this amazing group of people and look forward to welcoming others as we continue to grow.”