Lawyers discuss data protection and contractual issues surrounding evolving technologies
Rapid advancements in technology are creating exciting opportunities for many businesses. New payment technologies will allow for instant transfer of funds and settlements of payments and give rise to innovation opportunities for financial institutions. Many companies are also taking advantage of the rapid acceleration in cloud technology which allows them to meet all their storage needs securely and cost-effectively.
However, these evolving technologies are not without risks, so legal departments must do due diligence to cover all bases.
Cloud technology raises multiple contracting and other legal challenges for legal departments. According to Robert Percival, a technology law partner at Blake Cassels & Graydon LLP, “one-size-fits-all” terms and conditions can often create problems when they do not align with corporate policies.
“For in-house counsel, the challenge is trying to get the software provider that you’re dealing with directly to move on certain points because it’s already stuck with the terms of its upstream contract with the infrastructure provider,” says Percival. Service contracts may appear relatively short, but there are often links to supporting terms and conditions, which can sometimes permit the service provider to change the terms and conditions unilaterally without notice and consent. These changes create a significant risk to the user, Percival says.
“If anything does go sideways and it’s the fault of the service provider, your recourse is going to be significantly restrained by the liability terms,” he says. Larger organizations used to dealing with more traditional technology service providers often get frustrated when providers reject their request for changes to the cloud contract.
In-house counsel examining contracts for cloud providers would be advised to target specific concerning issues rather than red-line the entire agreement, Percival says. While you may not prevent unilateral changes to terms and conditions, it may be worth exploring the option to put guardrails around how that change can occur.
“Thinking a little bit strategically about how to approach these issues may give you the ability to negotiate some of these things,” says Percival.
Data security is another primary concern because agreements with cloud providers often allow for the aggregated use of data, creating sensitivities.
Jurisdictional concerns can be complex with cloud technology when companies use servers in different parts of the world. In-house counsel may face challenges in creating compliant contracts, so a keen understanding of the digital platform and local law is necessary.
Percival anticipates a continued evolution of cloud technologies, which will bring new levels of risk to businesses.
“Technology is a funny thing because it often makes our lives a lot easier, and it makes business a lot easier, but it’s complex and figuring out what’s going on and asking the right questions is part of the challenge,” he says.
In the payments technology space, lawyers must consider various legal issues concerning customer data, privacy and liability in the event of a data breach. In-house counsel must also navigate commercial issues for matters such as fees, contracts and exclusivity commitments.
“The first step is to understand where you fit into the payment ecosystem, and then you will understand what questions to ask in terms of who is touching your data and who is responsible for obtaining customer consent,” says David Feldman, a partner at Blakes.
Different players within the payments technology ecosystem will face varying challenges. While large players may have all the security measures in place, newer entrants to the market may not have the same controls.
“It’s important at the outset to understand who you are doing business with, so you can conduct appropriate due diligence and select the right partners and the right suppliers for your payments system,” says Feldman, who works with several large banks and other financial institutions.
Feldman recommends engaging experts to monitor data security practices and setting up a secure, fast and reliable system. This system will also protect the company from risks and liabilities that may arise.
Interac Corp. is busy preparing for the arrival of Canada’s Real-Time Rail, as the network provider takes on a new role as a vendor to Payments Canada. The system is expected to launch in 2022 and will offer live, irrevocable payments around the clock as part of the government’s vision for a modernized payments system.
“The role of the Interac legal department must naturally shift and adapt to meet our obligations,” says Cindy Cross, chief legal officer at Interac. “Building trust in the system will be a key challenge to ensuring Canadians feel confident in using RTR once it is live.” Cross says that protecting the interests of Canadians remains paramount for Interac as choice and convenience increase through the expansion of real-time payments and in other areas such as digital ID.
“Interac will draw on our competitive advantages, including connections to nearly 300 financial institutions, deeply integrated platforms, products and services, and our trusted brand,” says Cross.
With new entrants coming into the market regularly, Feldman anticipates the rise of other technologies in the payment space. People are always looking for ways to make the payment process easier and safer, he says.
“The industry is changing rapidly. So, I think that underscores the importance of working with people in the industry who understand the issues and the evolving landscape from a business perspective as well as from a legal perspective,” says Feldman.