Bloomsbury Professional catch up with author, Paul Lambert.
What first garnered your interest in IT law?
The constant innovation, product and service development, branding, the ability of garage start ups to appear from no where to scale globally in very short time periods – and the whole host of legal, technical, process and practical issues which all of this creates. Technology also means that even the largest companies cannot sit still and must continually innovate and sometimes pivot significantly.
What impact will Brexit have on our Internet regulations?
This is a real hot button topic. While legitimate focus has been garnered around the GDPR go live data in May 2018, the national legislation following on from the GDPR has been quite a contentious process. While the new Data Protection Act 2018 and the GDPR are intended to lay out a clear path, Brexit has the potential to throw a spanner in the works. UK Inc would wish for a seamless transition from pre- to post-Brexit in terms of data flows and business processes. Business wishes that trade, particularly services e.g. financial services, with the EU continue unhindered.
However, having the DPA18 as an equivalent of the GDPR (and time will tell if it is fully equivalent and compatible) is not sufficient to permit data transfer from the EU to a non-EU country. The EU transfer rules require that the EU has undertaken an assessment and made a decision that the recipient country (in this instance the UK) has adequate protection for personal data. This process of assessment and decision on adequacy or non-adequacy often takes years. This issue of a period without a positive adequacy decision is, arguably, the biggest threat to the UK in the immediate post-Brexit environment.
The EU adequacy issue received far less attention than it deserves.
What are the biggest risks affecting data security?
Arguably the percentage of resources dedicated to data protection and to data security has not kept pace with the risks. More resources and prioritisation is needed. The GDPR goes some way along the way to help to improve this. However, organisations must internally prioritise too as a part of culture and process, in addition to following the GDPR.
Dedicated bad actors have often been focused on direct financial gain. There are increasing examples of less direct targeting. Recent attacks on democratic systems, including voting systems, and voter universes, signify a move away from pure or direct financially motivated attacks. Large organisations as well as state entities need to ramp up more – and begin to anticipate these attacks and vulnerabilities in advance.
There is a slight advantage to some extent. Election dates are set and pre-determined. Attacks are therefore more predictable in temporal terms than many other types of random time attacks.
What is the next big development in IT law?
New forms of personal data collections. New forms of assessing protection of, and processes of, data collection and data processing.
More legal actions relating to personal data, including collective plaintiff actions.
Paul Lambert is the author of Gringras: The Laws of the Internet, Courting Publicity: Twitter and Television Cameras in Court, International Handbook of Social Media Laws, A User’s Guide to Data Protection: Law and Policy