At a recent seminar discussion on smart buildings, I was reminded of the Mr. Robot episode where the general counsel of a multinational corporation, which is being targeted by a hacker group, has her futuristic apartment hacked. In case you haven’t been watching, Mr. Robot is USA Network’s psychological thriller about a young programmer who works as a cybersecurity engineer by day but by night is a vigilante hacker.
Famously dramatized by the disembodied voice of HAL in Stanley Kubrick’s 1968 film 2001: A Space Odyssey, artificial intelligence has been the subject of humanity’s existential angst for decades. Although Elon Musk warns that those fears may be justified, one of the biggest pushes for advancing artificial intelligence to-date has been to market it for purposes of day-to-day corporate efficiency. Nearly every IT vendor is seeking to make a name for their proprietary AI tool by offering AI as a Service to the majority of businesses who are not developing AI in-house, but who want to leverage the benefits of AI’s automated decision-making, data analytics and cost-savings. In the business context, AI has yet to pose the threat of refusing to “open the pod bay doors,” but customers are faced with the challenge of exposing the vendor’s AI to data amassed by their entire enterprise, thereby allowing the algorithms to learn from and evolve based on information that may be private, proprietary and heavily regulated. The most common solution to this conundrum is for customers to contract for ownership of all machine learning models, bots and other outputs that result from the AI’s presence in the customer’s environment and processing of customer data. But what are the implications of this “all for one” approach to ownership of the fruits of machine learning? What, if any, innovations in AI are lost when lessons learned are retained by a single entity?
The long awaited and, one hopes, much prepared for new General Data Protection Regulations (GDPR) are just a few short months away from becoming law. To help companies look at the practical steps they need to take now in order to be ready, Pillsbury will be presenting “#ReadyforGDPR?” on February 20 from Noon – 1:00pm EST. We will discuss how these new laws will significantly impact companies doing business in Europe, even those without a physical EU presence, and the latest feedback from enforcers as to what will trigger fines. We hope you can join!
Does Artificial Intelligence (AI) matter?
“AI is probably the most important thing humanity has ever worked on. I think of it as something more profound than electricity or fire.”
—Sundar Pichai, Google CEO
Oracle recently published a policy document entitled “Licensing Oracle Software in the Cloud Computing Environment” which sets out specific requirements on customers when licensing various Oracle programs and using them in the following cloud computing environments:
- Amazon Web Services
- Amazon Elastic Compute Cloud (EC2)
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (a.k.a. the General Data Protection Regulation or GDPR) will, as most business people are probably aware of by now, come into force across the EU on 25 May 2018.
This will be the case in the UK (notwithstanding Brexit) and every other member state, since EU regulations have direct applicability. In other words, they do not need an act of parliament in the member state to make them into law. By contrast, EU directives are not directly applicable. When passed they still need legislation to be passed before they become part of national law. The current regime of the 1995 Data Protection Directive, and the UK’s Data Protection Act of 1998, both of which are due to be replaced next year, are good examples of this.
To complete the picture, from a UK regulatory perspective, in terms of what is changing, the government has introduced a Data Protection Bill which is currently passing through parliament. The Bill does not replace GDPR in the UK. Instead it seeks to make the UK’s own data protection laws “fit for purpose” in a digital age, replacing 1998 Act and, amongst other things, implementing the “GDPR standards across all general data processing”.
- The European Union Court of Justice (“CJEU”) to rule on the validity of Model Contractual Clauses (“MCCs”) following referral by the Irish High Court.
- The Irish High Court has “well-founded” concerns that there is no effective remedy in US law for EU citizens whose personal data is transferred to the United States and the use of MCCs does not eliminate those concerns.
Tim Wright, Partner and Antony Bott, Special Counsel, in Pillsbury’s Global Sourcing & Technology Transactions Practice look at some of the issues to be considered when procuring and sourcing robotic process automation software and solutions
The Future Is Now
You can’t move in the outsourcing industry without hearing about Robotic Process Automation (RPA). And while it might sound like terminology cribbed from a sci-fi novel, the truth is that RPA is already here, and it is transforming the way modern businesses operate. Along with related developments in machine learning and artificial intelligence, automation as a whole has been characterised by the former chief scientist of Baidu as being “as transformative for society as electricity.” Fuelled by continuing developments in computing power, big data, storage and connectivity, the opportunity for companies is to save money, while operating more effectively, scalably and compliantly—it is, in many senses, a compelling opportunity.
The Fourth Industrial Revolution is the term coined by Klaus Schwab, the founder and executive chairman of the World Economic Forum, to describe the fourth major industrial era since the first industrial revolution which took place in Europe and America in the 18th and 19th centuries. Industry 4.0 comprises a collection of transformative technologies, what Schwab refers to as “emerging technology breakthroughs,” such as automation, artificial intelligence, the Internet of Things, digitalisation, use of composite materials, autonomous vehicles, quantum computing and nanotechnology with industrial/commercial applications.
Although not a new technology, many commentators would include additive manufacturing (AM) in the list of transformative technologies making up Industry 4.0. Until relatively recently, however, AM’s adoption was largely confined to development of prototypes with industrial uses rather than full scale manufacturing. This started to change with the expiration of certain key patents around a decade or so ago, to the point that today – although still in its infancy – AM has reached an inflection point as lower costs and technical advances have put it in reach of a greater number of businesses and consumers.
Those of us who have been grappling with how best to approach GDPR compliance in outsourcing and other commercial contracts will be all too familiar with Article 28 of the GDPR. Article 28.3 builds on the limited obligations that existed under the existing regime but also include some significant enhancements to the minimum processor obligations to be addressed head on in the contract.
Processor’s obligation to notify infringing instructions
One requirement of Article 28.3 in particular, has provided clients and counsel alike with a degree of angst since the final draft of the GDPR was published in May 2016, and further back still for those of us who had followed the negotiations and multiple redrafts of the GDPR prior to its final publication.