Technology Sector Publications: Best of 2021

In the United States, there are two primary laws – we refer to them in this article as the eSignature Laws – that make it possible to present information and sign agreements and other documents electronically in circumstances where a written document and a "wet" signature would previously have been required.

These two laws bring with them new challenges and, more importantly, potential liability. The design of a system for signing electronic records, or delivering notices or disclosures electronically, requires a detailed understanding of the interaction between electronic processes and legal requirements.

This article assists businesses in identifying the core issues that must be addressed to ensure the legal sufficiency of transactions conducted on eSignature platforms.

On March 29, 2021, the US Commerce Department’s Bureau of Industry and Security (BIS) revised the US Export Administration Regulations (EAR) to implement export control changes agreed to by the United States and other members of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, a group of 42 countries that seeks to harmonize global export licensing policy.

Among the more significant changes, BIS has revised the reporting obligations for the export, reexport, and transfer of encryption software and commodities and revised License Exception Encryption Commodities, Software, and Technology (ENC) in ways that are expected to reduce the regulatory burden on software and hardware developers under export controls. These changes may also impact mandatory filing determinations for foreign investments subject to review by the Committee on Foreign Investment in the United States (CFIUS).

In this article, we explore the changes to encryption reporting requirements as well as how these changes will likely impact business operations an investments.

Our series, Practical Compliance, is dedicated to investigating issues facing company leadership and counsel regarding some of the latest changes to data privacy laws in key jurisdictions around the world. As countries – as well as US states – address privacy concerns, they are taking an array of approaches, resulting in a patchwork of differing laws and regulations. Companies based in the United States with international operations must monitor continually changing privacy laws that apply to those operations.

In this issue, we highlight key points about new data privacy requirements in three important jurisdictions – the European Union, China, and Brazil – with an emphasis on action steps for compliance officers.

In the European Union, the General Data Protection Regulation (GDPR) has been in force since May 2018. In summer 2021, the European Commission published new Standard Contractual Clauses for transfers of personal data from the European Union to third countries, such as the United States.

In August 2021, China finalized its Personal Information Protection Law (PIPL), which will enter into force on November 1, 2021. PIPL consolidates and clarifies requirements regarding use of the personal information of Chinese residents.

Brazil’s General Data Protection Law (LGPD) has been in force for a year, although the penalties provided by the law did not become enforceable until August 2021. This is Brazil’s first comprehensive data protection regulation and is similar to the EU’s GDPR.

Remote work is here to stay. Long after the COVID-19 pandemic abates, many of us will remain in a work-at-home model, at least part of the time.

According to a January PwC survey, 83 percent of employers now say that the shift to remote work has been successful for their companies, compared to 73 percent in June 2020. More than half of employees (55 percent) would prefer to be remote at least three days a week even after the pandemic.

Technology has made this transformation possible, largely by increasing the number of ways that employees can communicate and collaborate remotely. With any advances in communications technology, however, attorneys should consider how they may affect the application of the attorney-client privilege and the attorney work-product doctrine.

Because the pandemic and remote work have ushered in so many new communication technologies so quickly, it is important to consider the implications for employee communications, especially among remote workers in large corporations. This article offers 10 suggestions for safeguarding privilege and work-product protections in today's (and tomorrow's) remote work world.

Nearly a year after the decision of the Court of Justice of the European Union (CJEU) in the Schrems II case, on June 21, 2021, the European Data Protection Board (EDPB) published its final Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.

By explicitly acknowledging the validity of assessing the risk in practice of transferring data from the EEA to the US, these long-awaited Recommendations will come (almost) as a relief for many US data importers struggling to comply with Schrems II. For other US importers, the Recommendations will further complicate GDPR compliance.

In all cases, US data importers should expect to devote further time and resources to documenting their assessments of the risks posed by transferring to the US personal data that is subject to GDPR. 

While the Recommendations’ detailed guidance will be useful to businesses and privacy practitioners as they conduct or update their transfer assessments, the scope and detail of those assessments will require a sustained effort. To learn more, read our article here.

Federal statutes and regulations that currently govern how the US Patent and Trademark Office processes applications – namely 35 U.S.C. § 115(a) regarding the inventor’s oath – have not kept pace with technology. The original statute governing inventorship, for example, was enacted in 1952. 

Artificial intelligence is notable among the new technologies posing fundamental questions about the viability of the inventor’s oath. Congress could eventually determine that AI-invented inventions should be patentable, and if so, Congress would need to intervene and propose legislation to include AI as an inventor under the patent laws. Globally, we are seeing a variety of approaches to this fundamental question.

Read more here for the latest developments.