TECHNOLOGY, OUTSOURCING, AND COMMERCIAL TRANSACTIONS
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS

As 2018 comes to a close, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips. If you don’t see a topic you are interested in below, please let us know, and we may feature it in a future Contract Corner.

The United Kingdom government’s Cabinet Office (the central procurement department for central government) is requiring major government suppliers to draft “living wills.” These are intended to safeguard the provision of services to the public sector in the event of the collapse of a supplier.

This measure follows the insolvency of outsourcing provider, and major government supplier, Carillion in January 2018. The well-documented Carillion collapse led to significant debate about the role of outsourcing within the UK public sector, with pronouncements about the extent to which outsourcing for the public sector has “fallen out of fashion.”

During their webinar, Hot Topics in Data Privacy Regulation in Russia, Moscow partners Ksenia Andreeva, Anastasia Dergacheva, and Vasilisa Strizh will discuss trends in data privacy regulations in Russia for the upcoming year.

Topics include:

  • News from the Russian data protection regulator (Roskomnadzor)
  • New laws and legislative initiatives in the data privacy field
  • Obtaining data subjects’ consents: views of the regulator
  • Formalizing cross-border transfers from Russia and to Russia
  • Localization rules: view from Roskomnadzor

The webinar will be held on Tuesday, November 27 from 9:00 to 10:00 am eastern time. You can register here.

From time to time, data controllers are confronted with the question of whether data subjects can raise claims for specific security measures against the controller under Article 32 of the EU General Data Protection Regulation (GDPR). These measures can be costly and cumbersome for the controller.

The Austrian Data Protection Authority (DPA) has decided that there is no such claim. In the relevant case (AZ: DSB-D123.070 / 0005-DSB / 2018), the DPA ruled on a claim by a data subject to pseudonymize personal data. The complainant had filed two complaints with the DPA alleging a violation of the fundamental right to data protection (Section 1 of the Austrian Data Protection Act) for an alleged failure to delete data or pseudonymize personal data. The respondents were two Austrian public authorities: the Federal Ministry for Europe, Integration and Foreign Affairs and the Federal Chancellery.

A significant fine imposed by the UK’s Financial Conduct Authority (FCA) on an established UK insurer is further evidence of the increased scrutiny being placed on outsourcing arrangements by the financial services regulator, and also of the importance the regulator places on issues that directly impact retail customers.

The FCA is the UK’s “conduct” regulator, with a focus primarily on the regular business conduct of financial services businesses, as compared to the “macro” focus (safety and soundness) of the Prudential Regulatory Authority (PRA) – although there is overlap between the stated remits of the FCA and the PRA, and outsourcing arrangements are subject to scrutiny by both bodies.

A shrinking in traditional outsourcing deal volumes since the United Kingdom's EU membership referendum vote on June 23, 2016, is being partially attributed to business caution following the “Brexit” decision.

According to consultants ISG, the traditional sourcing market in the UK pre-Brexit referendum had a deal volume of circa $900 million per quarter. However, the UK outsourcing market has only achieved this level of activity in one quarter since the referendum.

Washington, DC partners Giovanna M Cinelli, Kenneth J. Nunnenkamp, and Stephen Paul Mahinka and Boston partner Carl A. Valenstein recently published a LawFlash on the recent action taken by the Committee on Foreign Investment in the United States (CFIUS) to implement a pilot program under the Foreign Investment Risk Review and Modernization Act (FIRRMA). FIRRMA, which was enacted in August 2018, reformed the CFIUS screening process for foreign investment in the United States and, among other things, permits CFIUS to establish pilot programs to test the viability of certain of its provisions. The LawFlash addresses the objectives and the scope of the announced pilot program, including the countries and types of investments covered by the program. It also describes the new requirement for mandatory declarations "for certain transactions involving investments by foreign persons in certain U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies" implemented by the pilot program. The pilot program becomes effective November 10, 2018.

For more information on the pilot program, please read the LawFlash.

The seventh edition of Data Protection & Privacy, published annually by Getting the Deal Through, provides answers from practitioners around the globe regarding key questions in international privacy and data protection laws and regulations.

Our colleagues Ksenia Andreeva, Anastasia Dergacheva, Anastasia Kiseleva, Vasilisa Strizh, and Brian Zimbler contributed this year’s Russia chapter, providing insight on a wide variety of issues under Federal Law No. 152-FZ on Personal Data dated 27 July 2006, the main law governing the protection of personal data in Russia. This comprehensive chapter is a go-to resource for understanding the legislative framework for data protection and privacy in Russia, including the obligations of data controllers and data processors and the rights of data subjects.

The full edition is available online with additional chapters covering various jurisdictions around the world.

This week we welcome new partners to our outsourcing and commercial transactions practice, Mike Pierides and Simon Lightman. The arrival of Mike and Simon, along with associate Sarah Bryan, adds further strength to our outsourcing and commercial transactions team and brings our capabilities to the firm’s London office. Mike and Simon will lead the expansion of our practice in Europe, the Middle East, and Asia, where both have extensive experience representing a wide range of clients on major outsourcing and complex commercial transactions.

The first edition of Blockchain & Cryptocurrency Regulation 2019, published by Global Legal Insights, provides in-depth analysis of the developing arena of the regulation of blockchain and cryptocurrency, and country-by-country analysis of issues including government attitudes and definition, cryptocurrency regulation, sales regulation, taxation, money transmission laws and anti-money laundering requirements, promotion and testing, ownership and licensing requirements, mining, and border restrictions.

Continuing the firm’s thought leadership in this emerging field, Morgan Lewis lawyers Vasilisa Strizh, Anastasia Kiseleva, and Dmitry Dmitriev have written the chapter providing insight on the approach in Russia.