Digitalization is transforming the relationship between businesses, individuals and governments. Digital transformation requires businesses to be on guard against regulatory penalties and reputation risk — and to do so at the rapid pace that digital enables.
What EY can do for you
Digitalization is transforming legal and contractual relationships between businesses, individuals and governments. In today’s world, the amount and value of data is growing exponentially, and organizations are facing complex challenges in protecting it. New regulations have established more demanding obligations for companies, new rights for data subjects and sanctions in case of breach.
Data loss events and the evolution of artificial intelligence (AI) are also attracting significant media attention as concerns about data ethics, cybersecurity and data privacy are increasing among consumers, employees and the general public. Digital transformation requires general counsel to be on guard against possible regulatory penalties and reputation risk – and to do so at the rapid pace that digital enables.
The EY Digital Law team can help identify and address risk areas and meet the legal challenges in the following:
AI has become increasingly pervasive as have ethical and legal issues surrounding its use. The EY Digital Law team provides legal advice on a spectrum of issues associated with AI including:
- Regulatory compliance: EY Law teams help companies to navigate and implement regulations surrounding AI and the collection, use and storage of data, including the General Data Protection Regulation (GDPR), EU Artificial Intelligence Act and compliance in the pharmaceutical sector. “Responsible AI” policies may help to provide guidance on legal compliance and ethical principles.
- Intellectual property: EY Law teams can assist clients in securing ownership in AI software or the results of AI itself. License agreements on data play a crucial role here.
- Data privacy and cybersecurity laws: AI can pose privacy risks to individuals in cases of unauthorized use, access to personal data or data breaches. EY Law teams assist in conducting privacy impact assessments (PIAs) to help identify and manage these risks.
- Employment law: We provide guidance to help organizations manage risks that may happen when AI systems reproduce and amplify existing biases in the workplace, such as racial or gender bias. Automation has also led to concerns about the impact of AI on employment and workers' rights. New AI technologies can also be subject to co-decisioning, where we support in communication and negotiation with workers councils.
- Contract law: EY Law teams help draft relevant agreements including clauses on liability, licenses and privacy.
Clients can turn to EY Law teams for their data privacy needs and gain greater confidence in their data protection programs. EY Law professionals in over 90 jurisdictions work with EY digital and privacy consultants to advise on the legal, business, IT and cybersecurity elements of data privacy programs. Relationships with governments and privacy regulators help shape the guidance provided and better prepare clients for the future.
EY Law teams can help clients with:
- Handling of data (including non-personal data) as an asset through data license agreements
- Data mapping and data governance to understand and utilize data along the lifecycle, as well as implement data laws like GDPR or the EU Data Act
- Regulatory mapping to better understand and assess legal and business risks in each country
- Global coordination of cross-border assignments in data privacy (DP) law and local support for affiliates within multinationals
- DP compliance program review and maturity assessment
- Standardizing of DP governance and legal privacy frameworks
- DP compliance program development and helping with implementation, including roadmap and governance design, technology, drafting of policies and procedures, training, coaching and reviewing
- Data breach prevention and management
- Cross-border data transfers (e.g., data transfer impact assessments (DTIAs), development of transfer frameworks, certification and code of conducts, standard contractual clauses (SCCs), binding corporate rules (BCRs))
- Compliance support in cloud computing (e.g., security, contractual and transfer requirements)
- Privacy by design in digital product development
- PIAs for data-driven projects (e.g., e-health platforms, tools processing sensitive or criminal data and AI projects)
- Representing clients before data protection authorities and other government bodies
- GDPR (e.g., art 42/Europrivacy) and ISO 27701 certification support
- Vendor management and data privacy compliance assessments
- Outsourcing of data protection office and services
Intangible assets, such as intellectual property, data, brands and technology, are of increasing strategic importance to businesses. To reach their full potential, businesses must appreciate how regulation varies across operating environments. International IP and technology-related issues include:
- New IP rights stemming from digital transformations
- IP as a core asset of digital business models
- Due diligence into IP-backed asset financing and security interests over IP assets
- Protecting trade secrets and know-how
- IP challenges in 3D printing
- Tax aspects in the allocation of IP rights
- Licensing, joint venture and collaboration documentation
- IP-backed asset financing and security interests over IP assets, including royalty monetization agreements
- IP due diligence and verification
Taxi, hotel and financial services regulations are illustrative examples where new digital and sharing economy business models collide with regulations. Digitalization often makes human work superfluous, and triggers specific employment law topics.
EY Digital Law team can help clients identify risk areas and plan to meet the challenges of transformative change, encompassing the legal aspects of regulation in terms of the digital transformation both generally and specific to your sector in the following areas:
- Financial services
- Employment regulation
- Retention and localization duties
- Pharma and healthcare
In practice, digital’s ability to transcend borders is part of its appeal. However, laws are grounded in a world that is defined with borders, and within them, ever-changing laws concerning data privacy, trade, transactions, IP, crypto currencies and more.
An organization’s digital platform is a bridge to its customers and, with it, an organization must confirm that it is not only compliant with e-commerce laws and regulations but also is protecting its interests as it contracts via its digital platform. EY’s integrated law and tax services are particularly critical as the tax and legal aspects of an online business are so entwined, and can help clients:
- Address consumer protection and competition laws as e-commerce capabilities develop and evolve
- Build the legal framework of an e-commerce business by drafting legal agreements for use online
- Protect digital intellectual property appropriately
- Facilitate compliance with global data privacy requirements for a digital business
- Advise on the contractual basis for contracting online, including preparation of user terms and conditions and use of digital signatures
- Assist with the contractual agreements required to get the client’s digital premises off the ground – including software licenses, website design agreements and R&D agreements.
EY Data Permissions Navigator
Use this intelligent data privacy risk management platform to address privacy risk, make the right data-use decisions quickly and unlock the value of your data.
EY member firms do not practice law where prohibited by local laws.
Our latest thinking
Like what you’ve seen? Get in touch to learn more.