Tech & Sourcing @ Morgan Lewis

Morgan Lewis’s technology, outsourcing, and commercial transactions team often advises on transactions where there is some form of intellectual property being transferred from one party to another party. This may be due to a corporate transaction, a cooperation or joint venture arrangement, or some other form of commercial agreement.

The EU-US Data Privacy Framework (DPF) became effective on July 10, and on the same day, the European Commission adopted an Adequacy Decision relating to the DPF, as a successor of the EU-US Privacy Shield. While only those companies subject to the jurisdiction of either the Federal Trade Commission or the US Department of Transportation are eligible to self-certify their compliance with the DPF, the scope of eligibility is likely to broaden in the future.

In our prior post in this two-part series on less commonly discussed technology commercialization options, we addressed how open-source software (OSS) providers may make money on their products. In this Part 2, we’ll look at another technology commercialization strategy, white labeling.

As part of our Spotlight series, we invited litigation partners Dana E. Becker (Philadelphia), Shon Lo (Chicago), and Krista Vink Venegas, Ph.D. (Chicago), to talk about recent trends and issues in IP-related and other commercial litigation that would be of particular interest to our readers. Dana, Shon, and Krista are deeply knowledgeable practitioners in the IP and commercial contracts space who handle a broad spectrum of leading-edge and high-profile litigation for our clients.

As part of our Spotlight series, we welcome Todd Liao, a partner in our Shanghai office who works with clients on a wide range of complex commercial and financial transactions and legal issues involving China. Todd is a thought leader on issues facing tech firms doing business in China, recently publishing articles on new measures for online advertising in China, data privacy, and key drivers of Asia’s tech scene. We caught up with Todd to discuss data privacy regulations in China and cross-border data transfers.

The US Federal Trade Commission (FTC) recently proposed expanding its Negative Option Rule to all subscription agreements. Businesses offering subscription services would be required to make it at least as easy for consumers to cancel a subscription service as it is to sign up for it. For example, if a consumer can sign up for a service online, then the consumer must also be able to cancel it online in the same number of steps (and not be required to cancel in person).

The European Union’s General Data Protection Regulation (GDPR) requires companies to monitor and comply with some of the strictest privacy laws in effect. Now, the European Commission is refocusing efforts and oversight on ongoing investigations under the GDPR. Going forward, companies may want to focus even more intently on their compliance as the EU steps up investigatory procedures.

As we reach the end of the year 2022, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.

The UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) on December 20, 2022, announced fines totaling £48.65 million ($59 million) on TSB Bank plc (TSB) for operational resiliency failures, after an IT upgrade led to customers being unable to access core banking services.

The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further facilitate trans-Atlantic data flows. The Draft Adequacy Decision mirrors the executive order, which established safeguards relating to the handling of personal information in the course of signals intelligence activities. If and when adopted, the adequacy decision will impact contractual requirements and processes by restoring data flows through a new Trans-Atlantic Data Privacy Framework.