Data privacy laws are a constant source of stress for companies around the world. Since the start of this year alone, major tech firms have been handed down fines totalling in the billions for noncompliance or alleged breaches. And the financial penalties are only set to soar as legislation continues to grow in both volume and complexity.

It’s essential for businesses to have the right technology at their fingertips to fulfil compliance responsibilities and maintain complete visibility of contractual obligations. As General Counsel, I know how stressful it can be if you’re not in a position to know where you, and the company which depends on you, stand with respect to your obligations to regulators as well as your clients and suppliers. So, today I’m going to dive into some of the latest changes to data privacy laws in the UK and US, how they’re going to impact businesses and why Luminance’s AI can empower lawyers to uphold the reputation of companies (whether in-house lawyers supporting their employers or external counsel advising their clients) and meet compliance challenges head-on.

1. EU-US Data Privacy Framework (DPF)

The agreement between the US and the EU to implement this new data transfer regime has been a long-awaited one, with many businesses keen to understand how data privacy will be impacted by these changes. In some cases, the real concern is how will this affect the day-to-day transfer mechanics and practical costs to businesses.

This decision is not likely to have a huge impact on the way companies are currently doing business. In fact, it may make it easier for businesses to transfer data! But there are two key takeaways here:

1. Individuals in the EU will now have the ability to file complaints if their data is handled incorrectly.

2. Standard Contractual Clauses (SCCs) are no longer, theoretically, necessary for data transfers and this change should streamline the data transfer process between the EU and US.

So, what does this mean for legal teams? Well, a potentially huge review task involving the analysis of massive document sets and assessment of current procedures to order to ensure compliance. This could include a review and update exercise of ensuring that documents are either in line with SCCs, which remain a valid mechanism, or identifying contracts which do not utilise SCCs and determining whether the DPF procedure is more appropriate.

Now, where do I see Luminance’s AI coming in to help? Luminance provides a complete overview of any organisation’s contractual landscape, automatically surfacing over 1,000 key legal concepts. This includes any data privacy obligations within contracts both pre- and post-signature. With specific regard to compliance reviews, the value is immediately apparent – no need for a time-consuming, manual review of large sets of contracts to assess and remedy your compliance with the new regime. It’s possible to swiftly (in minutes, in many cases) identify your position for you to action and, if necessary, resolve.

2. The US Data Privacy Law Deluge

Several US states are moving to implement data privacy laws similar to GDPR (at least conceptually, or thematically). This represents a monumental shift in the way US companies store, manage and use personal information. It also signals an alignment within the US to a global privacy best-practice approach. Proposed consumer data laws seek to provide the individuals, whether members of the public, consumers or employees, with greater clarity about how exactly their personal data is being used. These new laws pose a challenge for in-house legal teams, particularly for those in companies that operate across multiple states and may have to draft multiple contracts to remain compliant across different consumer data laws.

When legal teams draft new contracts which comply with relevant data privacy laws or create amendments and renewals in line with the shifting landscape, Luminance’s AI can be updated with an understanding of these new standards. Thanks to the system’s supervised machine learning, users with appropriate authority within their company (e.g. General Counsels) just need to highlight one example of the new ‘standard’ and Luminance can then compare how all other examples comply with or deviate from that position. Then, any other authorised users of the system (e.g. lawyers, paralegals and contract managers) can apply that now-institutionalised knowledge automatically via Luminance’s intelligent AI. This ensures contracts remain complaint with new mandates whilst the business itself experiences no costly downtime in order to update the AI’s knowledge of changing regulatory standards.

In the face of mounting pressures from evolving data privacy laws, it’s clear to me that legal teams can stay on the front foot with AI.

Get in touch to learn more here