For Paolo Balboni, EU regulation could not have come at a better time. Since the passing of the 2018 General Data Protection Regulation, his Milan-based business ICT Legal Consulting has been “opening offices . . . and multiplying partnerships” around the world.
“[The cloud and GDPR] have been a very good business opportunity,” he says. And it is not just his own firm benefiting. Balboni, who specialises in data privacy law — including contracts related to cloud computing — says that the EU’s groundbreaking data rules have created new opportunities across the legal community.
With more companies adopting cloud services, and more regulations governing them — in Europe, the US and elsewhere — business has blossomed for lawyers specialising in the field.
GDPR rules mean that any company transferring data from clients across borders must ensure its cloud service provider takes responsibility for the process. If there were a data breach, for example, the transferring company could face a fine from a country’s data regulator or a lawsuit from clients, resulting in work for lawyers.
Legal advisers were not slow to spot the demand. “Two years before GDPR, everyone started to smell money,” says Balboni. “All the big firms . . . started practising data protection law.”
Tom Rubin, a data privacy law lecturer at Stanford University, noticed a growing interest in cloud computing from his students when his seminar on data privacy attracted a capacity audience. “I have been forced to turn students away,” he says. “It’s a very good time to be practising internet law. Students have an interest in the policy and in the business [opportunities].”
Since the passing of GDPR, all businesses dealing with European clients have had to take a closer look at their contracts with cloud service providers to limit liability in case of a data breach, says Balboni, while similar legislation on the other side of the Atlantic has made compliance imperative in the US.
Lawyers specialising in the field have therefore been in high demand in the US, says Richard Caira, a partner at North Carolina-based Morningstar Law Group and a cloud computing expert.
Despite increasingly relying on the cloud for their everyday operations, companies are responsible for the services they provide to their clients, and might need to offer compensation if there is a cloud problem, Caira explains.
Companies may also look to shift the burden of liability to their cloud providers to mitigate the impact of fines, says Balboni, noting that such moves result in more work for legal firms. “You are going to see more and more litigation in years to come,” he says.
Since the introduction of the GDPR in 2018, European data protection authorities have levied €272m in fines, with more than half of those penalties imposed by Italy and Germany.
Some €159m of those fines were levied in the 12 months to January 2021 — an increase of nearly 40 per cent on the first 20-month period after GDPR came into force, according to research by DLA Piper, a law firm.
Lawyers specialising in data privacy law and negotiating cloud computing contracts are likely to become more numerous, agrees Andrea Moriggi, founder of CyberLaws, a European network of legal experts.
“We don’t have a comprehensive ‘cloud law’ that governs cloud computing altogether,” he says. “There are a lot of grey areas, which is why a lot more legal battles will take place and lawyers will be hired.”
But while legal professionals may be faced with more cloud-related work, lawyers themselves can be slow to adopt new technology, observes Nicole Black, legal technology evangelist at MyCase, a cloud computing platform for law firms and author of Cloud Computing for Lawyers. “Lawyers are not technologists, they are risk averse,” she says.
By resisting the cloud, lawyers run the risk of regulatory and disciplinary actions if a problem occurs, she adds. A 2019 report by the American Bar Association found that roughly one in two lawyers in the US uses cloud computing, with 11 per cent of those surveyed saying they do not know whether they use the cloud or not. The association warned that few of the law firms using cloud services acknowledged the cyber risks involved.
“The poor results in the cyber security category should be a major concern for the profession,” said the ABA report.
Black says that the pandemic has accelerated the move to the cloud for some law firms, adding that her platform has seen solid demand as lawyers adopted cloud services to assist doing business from home.
Holly Gummerson, a lawyer at Gummerson and Nickolaus Law Office in Colorado, moved her client files and case management system to Black’s MyCase cloud service in January. “Maybe because I’m younger, the transition to the cloud was easy,” she says.
“In Colorado, everything is going digital,” she says, adding that even judges have embraced the cloud. “They love Zoom.”