Data protection and technology sourcing

Developments in technology, business practice and implementation require the technology sourcing practitioner to understand characteristics of the technology deployed, how data is used and transferred and the nature of the IT solution in the context of the sector in which it will operate. To explore the scope of further aspects of technology sourcing transactions, see:

•
Technology sourcing—IT outsourcing—overview
•
Technology sourcing—Cloud and technology sourcing—overview
•
Technology sourcing—Technology and service integration—overview
•
Technology sourcing—Financial services and technology sourcing—overview
•
Technology sourcing—Public sector technology sourcing—overview

Data protection applicability to technology sourcing arrangements

Data protection laws in both the EEA (the EU plus Iceland, Norway, and Liechtenstein) and UK seek to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly. To help ensure that, both EEA and UK data protection laws impose a large number of obligations on those ‘processing’ personal data and on controllers of such processing. ‘Processing’ is broadly defined to include doing most things with data, including storing, deleting, collecting, disclosing or using it.

One of the key protections under both EEA and UK

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest TMT News

CMA publishes MoUs for digital markets regulatory coordination

The Competition and Markets Authority (CMA) has published four memoranda of understanding (MoUs) to formalise regulatory coordination with key UK authorities under the Digital Markets Competition Regime. The MoUs involve the ICO, the Bank of England and PRA, the FCA, and Ofcom. They outline collaboration frameworks for enforcing the Digital Markets Competition Regime and addressing shared responsibilities in overseeing digital markets, ensuring coherent approaches to regulation and compliance.

Commission seeks feedback on Apple's EU DMA interoperability measures

The European Commission has issued preliminary findings to Apple regarding two specification proceedings under the EU Digital Markets Act (DMA). The Commission has proposed measures for Apple to ensure interoperability of connected devices with iPhones and to enhance transparency in third-party interoperability processes. The Commission aims to enforce Apple's obligation to provide free and effective interoperability with iOS and iPadOS features, as mandated by the DMA. Two public consultations have been launched, seeking feedback on these measures until 9 January 2025.

Ofcom proposes update to general information gathering policy

Ofcom has announced a proposed update to its general information gathering policy, reflecting new processes and additional powers acquired since 2005. The regulator has stated that this policy will explain how it exercises its statutory information gathering powers under various Acts, including the Communications Act 2003 and Postal Services Act 2011. Ofcom has clarified that the policy will not apply where separate guidance exists, such as for the Network and Information Systems Regulations 2018 and the upcoming Online Safety Act 2023 powers.

The rise of dupe culture—the challenges for brand owners

IP analysis: Dupe culture is reshaping consumer behaviour, creating both challenges and opportunities for brands. By embracing innovation and engaging with consumers, brands can leverage this trend to strengthen their market position. In the face of growing demand for alternatives, the key lies in demonstrating why genuine products are worth the investment, whether through superior quality, ethical practices, or unmatched durability. Forward-thinking brands that adapt to this evolving landscape will not only withstand the rise of dupes but can thrive because of it. Written by Mark Kramer, partner, and Autumn Gibson, associate, at Potter Clarkson.