In this article, we provide an overview of four major trends that we anticipate will have a significant impact on technology transactions through the remainder of 2018: data at the core, data protection and security, continuing demand for digital services, and regulatory responses.

DATA AT THE CORE

In 2018, the hot technologies appear to be those focused on new ways to gather, store, analyze and exploit data.  Connected devices are gathering vast amounts of new data, which are then stored on new cloud-based database platforms and analyzed using new advanced analytics tools, often to deliver products and services that didn’t exist a few years ago.  These new technologies are spawning entirely new categories of companies, such as fintech, insurtech, medtech and proptech, where digital-native startups are competing with and even disrupting established industry leaders. 

Connections and Data

In this technology-saturated business environment, companies face an expanding number of digital connections and an explosion of data.  As a result, value has shifted to how companies integrate, orchestrate and curate their connections and how they gather, store and exploit data to achieve their missions.

This shift in value naturally shifts the focus for technology transactions lawyers.  Increasingly, technology transactions lawyers are looking beyond technology services, requirements and rights to integration, governance, decision rights, and outcomes.  We also anticipate continued focus on data governance, privacy compliance and cybersecurity risk management to protect the value that companies have created in data.

Big Data Analytics

The value of data is being unlocked with machine learning, artificial intelligence and other big data analytics tools.  Those tools are delivering business value by producing actionable insights and augmenting human skills in judgment-based functions.  One key fact is that the big data analytic tools “learn” instead of being programmed.  As a result, it is often difficult or even impossible to limit how they use data or to explain why they deliver the insights that they deliver.

The exponentially growing power and wider implementation of big data tools demand attention in related technology transactions.  The resulting insights produced may not be protected by intellectual property laws at all and therefore must be protected in different ways than traditional outputs.  The big data tools must be restricted to the rights that the contracting parties have in the input data and, under some laws, only to explicable insights.  Transactions must be designed around desired possible insights not a promise of meeting “requirements.”

DATA PROTECTION AND SECURITY ISSUES CONTINUE TO DRIVE NEGOTIATIONS

Privacy and cybersecurity requirements continue to be among the most hotly contested areas in technology transactions.  The evolving law and technology in this area will continue to drive these negotiations as customers and providers alike scramble to meet requirements and develop reasonable contract terms and allocations of risk. 

As described separately elsewhere in this booklet, 2018 will be another year of adapting to new privacy and data security requirements.  In the United States, individual states and regulators have been active drivers of new legal standards.  In the European Union, the General Data Protection Regulation (GDPR) introduces new legal standards, such as data protection impact assessments, privacy by design, restrictions on profiling and automated decision-making, data breach notification requirements, data portability, the right to be forgotten, and a host of other technical and organizational measures, with more laws following.  China’s new Cybersecurity Law (CSL) requires that data collected or generated in China during business operations be stored in China unless the entity subjects itself to a security assessment and shows that cross-border transfer of the data is necessary for its business. 

The Internet of Things, biometrics such as facial recognition, and other emerging areas that rely on regulated data will continue to drive new legal requirements and create new risks in technology transactions.  Given the rapid pace of change accompanying these newer technologies, the continued string of high-profile data breaches with traditional technologies and the heightened requirements for compliance described above, 2018 is a good year for re-evaluating existing technology provider selection and due diligence practices, confirming that security and privacy standard clauses are up-to-date and refining the process for ongoing monitoring of third parties.

DEMAND FOR DIGITAL SOLUTIONS CONTINUES TO GROW

We see businesses in all sectors continuing to quickly adopt digital solutions for existing processes and to use digital technologies to develop new business models. 
Adopting cloud computing appears remains top of the agenda in the near term.  Infrastructure as a Service (IaaS) cloud models continue to replace traditional data centers.  Software as a Service (SaaS) cloud models are now readily adopted for even mission-critical, core applications, such as finance, human resources, customer relationship management, inventory and other “Enterprise Resource Planning” (ERP) systems.  If done well, each requires a technology transaction.

On the near horizon, and in proof of concept, is automation of manual processes.  Technology referred to as “robotic process automation” (RPA) is being used to automate rules-based processes, particularly in “swivel chair” applications.  Artificial intelligence (AI) is being used for voice recognition, chatbots and other pattern-matching work, with more advances to come.

As described elsewhere in this book, these technology changes are changing outsourcing.  Cloud, RPA and AI are increasingly allowing automation of repetitive tasks and some analytical work that is currently outsourced.  Traditional outsourcing service providers are being challenged to integrate these new technologies while maintaining required levels of quality, consistency and speed.  At the same time, faster change is reducing the willingness of customers to agree to the longer terms that traditionally allowed outsourcers to recover large initial investments.

On the far horizon are blockchain and other forms of distributed ledger technology (DLT).  Blockchain and DLT are discussed separately in this book.  The possibilities for blockchain to provide a trusted repository and facilitate trusted transactions without intermediaries appear limitless. 

EXAMPLES OF REGULATORY RESPONSE

Interoperability of Data

Interoperability of data allows competitors to share digital data effectively.  In the United Kingdom, the interoperability of data is central to the Small and Medium Sized Business (Finance Platforms) Regulations, whose impact will continue to grow in 2018.  Essentially, under these regulations, banks that refuse to finance small business on terms that are acceptable to the small business will, subject to consent of the proposed borrower, be required to pass the information about the loan applicant to designated finance platforms, which will provide access to this data to lenders participating in the platform.  The aim is increased competition and the availability of financing to small businesses in the United Kingdom.  This type of initiative is unlikely to be a one-off; businesses should consider how new digital technologies might be adopted to share data among competitors in a rapid and open way.

Antitrust Controls on Data Platforms

We see increasing interest in 2018 by antitrust authorities in businesses using big data.  Issues that might be relevant to the authorities are whether there is, in fact, anything unique about data that can be freely obtained from consumers and others and whether data businesses are innovating, offering customers new solutions. For example, the European Commissioner for Competition is looking at whether, in effect, one market participant’s control of data excludes new competitors.

Trump Administration

Actions taken and actions proposed by the Trump administration will have a direct, and potentially profound, impact on the sourcing industry.  These include:

  • US Tax Law.  The US “Tax Cuts and Jobs Act,” signed December 22, 2017, will directly impact the economics and structure of cross-border sourcing arrangements.  Both customers and providers should evaluate existing and planned sourcing arrangements to determine whether they can take advantage of these changes.  For example:
    • Changes to the rules governing the deductibility of asset purchases may drive changes in whether the customer or provider acquires and retains ownership of equipment and software.
    • New concepts with exotic names—such as “GILTI” (global intangible low-taxed income), “FDII” (foreign derived intangible income) and “BEAT” (base erosion and anti-abuse tax)—may drive changes in how sourcing transactions are structured, whether services are delivered from US or offshore locations, how services are delivered to a customer’s non-US affiliates, and how charges are invoiced and paid. 

The effects are complex and will vary from deal to deal and company to company, so it is important to consult with a tax adviser.  (For more information, please see our January 9, 2018 Legal Update How the Tax Cuts and Jobs Act Will Impact Outsourcing.” which is on www.mayerbrown.com.)

  • H-1B Visas.  The Trump administration has proposed changes in the rules governing H-1B visas and has stepped up its enforcement of the existing rules governing those visas.  The stated intent of the Trump administration is to avoid depressing US worker wages and to limit visa awards to what the administration calls the “best and the brightest.” However, as a practical matter, the actions will significantly impact technology service providers, especially Indian heritage providers.  The preferred service delivery model of many providers relies heavily on bringing offshore resources, particularly Indian nationals, to the United States using H-1B visas.  For example:
    • The US Departments of Homeland Security and Labor are actively enforcing the “right to control” obligation of employer sponsors of H-1B visa holders, which requires the provider to directly supervise day-to-day activity and personnel actions.  Failure to do so can result in denial of visas and even debarment of the provider from the H-1B visa program. 
    • The US Department of State is scrutinizing H-1B visa support documentation supplied by the customer in order to detect fraud.  To ferret out abuses, the agency is directly contacting the customer to verify the job details of the H-1B resource and the genuineness of the documents being presented by the provider.
  • Political Uncertainty.  Finally, as we noted last year, the sourcing industry is impacted by political uncertainty in both the United States and abroad.  The Trump administration has repeatedly promised to protect American jobs by making major changes in trade agreements, regulations, corporate taxes and visa restrictions, all of which may ultimately impact outsourcing models based on global labor arbitrage.  As we just discussed, these are not idle threats—the administration has already taken decisive action in at least two of those areas.

In addition, in our view, the political climate is accelerating the move to the cloud, “as-a-service” offerings, robotic processing, artificial intelligence, utility offerings and other sourcing models offering cost savings not based on offshore labor arbitrage.  While these sourcing strategies may result in the elimination of American jobs, they cannot be attacked as offshoring jobs to foreign countries.