Predictions 2013, and beyond: Part 9, Fashionably Late

December 13, 2012

{i}From {b}David Taylor{/b}, Partner, Hogan Lovells:{/i}

2013 –The Year the Internet changed, a tipping point with hundreds of new gTLDs starting to enter into the root. Time to see whether all the efforts with Right Protection Mechanisms will help to have a clean space or not.

2023 – Confusion over domain names as addresses finally lead to new super search engines that will enable us to find all that is genuine and avoid the rest which will become noise. The Internet will be the dominant communication medium.

2053 – The Internet as we know it will have been replaced as the primary form of communication and people will be connected directly to each other via thought communication.

{i}From {b}Paul Gershlick{/b}, Partner at Mathews Arnold & Baldwin:{/i}

2013 will see a backlash against the Information Commissioner’s Office practice of targeting easy wins in the public sector (particularly health care) and charity sectors, levying data protection fines that take money away from people’s operations and medicines and the charitable good work. There will be growing pressure on the regulator to work with people to educate rather than punish them, as well to focus more on fining private sector transgressors.

{i}From {b}Eduardo Ustaran{/b}, Partner, Field Fisher Waterhouse:{/i}

Making predictions as we approach a new year has become a bit of a tradition. The degree of error is typically proportional to the level of boldness of those predictions, but as in the early days of weather forecasting, the accuracy expectations attached to big statements about what may or may not happen in today’s uncertain world are pretty low. Having said that, it wouldn’t be particularly risky to assume that during 2013, the EU legislative bodies will be thinking hard about things like whether the current definition of personal data is wide enough, what kind of security breach should trigger a public disclosure, the right amount for monetary fines or the scope of the European Commission’s power to adopt ‘delegated acts’. But whilst it is easy to get distracted by the fascinating data protection legislative developments currently taking place in the EU, next year’s key privacy developments will be significantly shaped by the equally fascinating technological revolution of our time.

A so far low-profile issue from a regulatory perspective has been the ever growing mobile app phenomenon. Like having a web site in the late 90s, launching a mobile app has become a ‘must do’ for any self-respecting consumer-facing business. However, even the simplest app is likely to be many times more sophisticated than the early web sites and will collect much more useful and clever data about its users and their lifestyles. That is a fact and, on the whole, apps are a very beneficial technological development for the 21st century homo-mobile. The key issue is how this development can be reconciled with the current data protection rules dealing with information provision, grounds for processing and data proportionality. Until now, technology has as usual led the way and the law is clumsily trying to follow, but in the next few months we are likely to witness much more legal activity on this front than what we have seen to date.

Mobile data collection via apps has been a focus of attention in the USA for a while but recent developments are a clue to what is about to happen. The spark may well have been ignited by the California Attorney General who, in the first ever legal action under the state’s online privacy law, is suing Delta Air Lines for distributing a mobile application without a privacy policy. Delta had reportedly been operating its mobile app without a privacy policy since at least 2010 and did not manage to post one after being ordered by the authorities to do so. On a similar although slightly more alarming note, children’s mobile game company Mobbles is being accused by the Center for Digital Democracy of violating COPPA, which establishes strict parental consent rules affecting the collection of children’s data. These are unlikely to be isolated incidents given that app operators tend to collect more data than is necessary to run the app. In fact, these cases are almost certainly the start of a trend that will extend to Europe in 2013 and lead EU data protection authorities and mobile app developers to lock horns on how to achieve a decent degree of compliance in this environment.

Speaking of locking horns, next year (possibly quite early on) we will see the first instances of enforcement of the cookie consent requirement. What is likely to be big about this is not so much the amount of the fines or the volume of enforcement actions, but the fact that we will see for real what the regulators’ compliance expectations actually are. Will ‘implied consent’ become the norm or will web sites suddenly rush to present their users with hard opt-in mechanisms before placing cookies on their devices? Much would need to change for the latter to prevail but at the same time, the ‘wait and see’ attitude that has ruled to date will be over soon, as the bar will be set and the decision to comply or not will be based purely on risk – an unfortunate position to be in, caused by an ill-drafted law. Let that be a lesson for the future.

The other big technological phenomenon that will impact on privacy and security practices – probably in a positive way – will be the cloud. Much has been written on the data protection implications of cloud computing in the past months. Regulators have given detailed advice. Policy makers have made grand statements. But the real action will be seen in 2013, when a number of leaders in the field start rolling out Binding Safe Processor Rules programmes and regulators are faced with the prospect of scrutinising global cloud vendors’ data protection offerings. Let us hope that we can use this opportunity to listen to each other’s concerns, agree a commercially realistic set of standards and get the balance right. That would be a massive achievement.

{i}From {b}Tracey Stretton{/b}, Legal Consultant, Kroll Ontrack:{/i}

In 2013, the new costs management regime comes into force in the UK and legal costs will come under court scrutiny and control. A new strategic approach to managing the costs of e-disclosure and document review will be crucial, especially as data volumes continue to grow exponentially. Expect to see more real applications of Technology Assisted Review in UK cases and some court commentary on it as litigating parties work on protocols detailing when and how to use it. TAR combined with outsourced document review will be next innovative step in achieving a high quality document review that keeps costs in check.

Mobile devices and social media will continue to drive innovation and unleash entrepreneurial energy in business. Companies cannot afford to be lackadaisical about these phenomena – a formal practice for their use and an awareness of the evidence trail created is essential.

Changes announced to the European regulatory landscape in 2012, principally in the area of data protection and competition law, reinforce the need for proactive risk avoidance and robust compliance efforts by companies in the future. Central to these efforts will be a focus on monitoring and reviewing critical electronic information.

2023 – Dispute resolution could be an App on the CEO’s virtual desktop, lawyers will have avatars and judges might be electronic too.

{i}From {b}Rob Jones{/b}, Legal Consultant, Legal Technologies Kroll Ontrack:{/i}

In 2053, mind reading technology will become a reality and decoding brain activity could have serious ethical and privacy implications.

{i}From {b}Luke Barton{/b}, Business Development and Marketing Manager at web communications specialist Treat Digital:{/i}

With many predicting that mobile devices are set to overtake desktop PCs as the dominant global Internet platform, 2013 will see an increase in the use of responsive design. In short, responsive design is a way of designing and coding web sites with a fluid layout, so that images, navigation and other elements of the site adapt to the screen on which the site is being viewed to provide an optimal viewing experience.

Parallax scrolling is set to become a much more common method of navigating users around a site as designers and developers look for more interesting ways to engage users. The basic idea of parallax is having different elements scroll along different site lines (vertical, horizontal or diagonal). This gives users an increased sense of depth in the design. (

2013 will see more businesses tapping into the on-the-go market by taking advantage of location based services. By using the geolocation functionality of a mobile phone, businesses can provide people with location specific information and special offers and in turn customers can ‘check-in’ wherever they go and spread the word about your business in exchange for rewards.