18 Dec 2018

Big data and breaches may define 2019

Looking to the year ahead, Baker Botts' London and Brussels lawyers highlight data issues as a major trend expected to dominate 2019.


The year 2018 has been defined in the legal world by Brexit and its ongoing uncertainty for deals, data privacy and M&A, the energy and technology sectors and their convergence through to recessionary risks and increasing national security screening measures, say the firm’s international partners.

Big data

Catriona Hatton, partner-in-charge Brussels office practice group chair of antitrust & competition law (firmwide), says  ‘technology markets will continue to attract increased antitrust scrutiny as antitrust regulators grapple with the challenges of if and how to regulate ‘big data.’ We may also see EU and other jurisdictions looking to review deals where a major company acquired a small innovator, many of these deals currently escape review where the target company has little or no revenues.’ Neil Coulson, intellectual property partner and department chair (firmwide) explains, ‘the new EU ePrivacy Regulation is the next big piece of EU regulation set for 2019. The ePR is still awaiting more clarity on its final form, despite being scheduled to come into force at the end of 2019 and, as a result, EU businesses face ongoing uncertainty on this, in addition to already dealing with the implementation of GDPR. Two things we do know: it will be extra-territorial in scope with GDPR-esque levels of fines.’

Breaches and incidents

Mr Coulson warned, ‘2018 saw a number of high profile data breaches and such incidents show no sign of slowing down. Whereas the default reaction used to be organizations burying their heads in the sand, there is now a general obligation to disclose when they have experienced a major personal data breach to data protection authorities. This puts cybersecurity and data policy firmly on a corporation’s radar at the highest level.’ Mr Coulson explained, ‘data privacy and protection has impacted more than just big technology. The extra-territorial scope of GDPR makes it applicable to all international transactions and the penalties for non-compliance, now put data diligence at the forefront, rather than it being an afterthought. We are likely to see an increase in M&A deals falling apart because of this potential for inherited liability for lack of compliance.’