On the latest episode of Cockpit Counsel, Tim Parilla - avid pilot and Chief Legal Officer (CLO) at LinkSquares - is joined by Andy Dale, General Counsel (GC) and Chief Privacy Officer (CPO) at Alyce, to discuss emerging privacy regulations and the evolving role of in-house counsel in an increasingly digital business environment. They also shared their perspectives on the changing dynamics of risk tolerance and liability in light of novel privacy concerns. Here are a few key takeaways from their conversation.
Prepare for More Widespread Regulations
A lot has changed since the emergence of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Prior to these laws, legal teams across industries were primarily concerned with the protection of sensitive financial information. Today data privacy initiatives encompass a much broader set of requirements related to how companies collect and manage data in virtually any way and for any purpose.
The current challenge for in-house legal teams is how they should be incorporating these regulations into legal agreements, considering the vast majority of U.S. states and a number of regions across the world have yet to impose their own data privacy regulations. Regarding this challenge, the best approach is to be aggressive about contractual compliance with the GDPR and CCPA, even if their rules don’t necessarily apply in the context of a specific agreement or relationship.
Andy and his team at Alyce have encountered this issue directly on more than one occasion, having a relatively small European client base while also working from contracts with built-in GDPR compliance safeguards. “If we decide to change a key sub-processor that’s going to process personal information, I should tell my customers,” says Andy. “If they object, I need to hear that objection, even if I’m not processing EU data.”
The bottom line: no one wants to be caught unprepared in the event of a data breach or any situation that might lead to a violation of existing rules.
As far as any new rules that are sure to emerge in the near future, Tim anticipates a frequently changing environment, “where [regulations emerge from] this patchwork of states, and somebody’s going to do one thing that another state didn’t do. Then everyone is going to add that thing whether it makes sense or not.”
Legal’s Role Within the Company Culture
The role of in-house counsel is inevitably becoming more nuanced. Speaking on the evolution of in-house legal work, Andy points specifically to the growing importance of establishing the legal team’s role within the greater context of the company culture.
Throughout his career in legal work and data privacy, Andy has discovered the value of building trust with executives and privacy champions across an organization and then using that trust to establish a mutually beneficial relationship between Legal and the rest of the business. Andy says, “I think the main thing that I’ve learned and picked up, is to start early setting what the culture is going to be on legal in the business. Are we off in a corner saying ‘no?’ Are we available on Slack all the time? What’s the balance?”
This is critical in a sales-focused environment. A legal team’s ability to collaborate can have a significant impact on the sales team’s performance. It’s about finding the sweet spot between risk mitigation and closing deals. Are we doing our best not to be the barrier to sales? The relationship can be fraught if you don’t get that culture right,” says Andy.
Liability and Risk Tolerance
Legal’s responsibilities remain grounded in risk mitigation and contract negotiation. The explosion of new concerns around data privacy, as well as the unpredictable and ever-changing regulatory environment, have complicated how legal teams are expected to evaluate liability. Because customers are increasingly focused on the possibility of a data breach, the current trend is to inquire aggressively about the processing of personal data -- and we don’t blame them.
Contracts themselves are changing significantly in light of data privacy concerns, and legal teams need to work harder than ever before to help clients understand the environment and the reality of the associated risks. Tim and Andy have run into this issue frequently, particularly in negotiations related to limitation of liability. While they each have taken a slightly different approach, their methodologies converge at the clear communication of what either party in a negotiation should assume responsibility for in the context of the agreement. Because data privacy is a diverse and evolving field with fluctuating regulations, it’s ultimately about cultivating more reasonable expectations and flexibility in customers who are increasingly wary about these issues.
“I’m going to take responsibility for the things that are within my control, but we’re in a world of changing laws, constantly, and I don’t know what’s coming next, so [liability] has to be calculable against the revenue that I’m getting,” says Andy. “I think more and more people are understanding that.”
Check out the full episode of Cockpit Counsel here.
For even more on the topic of data privacy, tune into Andy’s podcast, The Data Protection Breakfast Club, which he co-hosts with Pedro Pavón, Global Policy Director around Data Privacy at Facebook, and can be found on podcast streaming platforms.
More About the Webinar Series
Climb into the cockpit with pilot and LinkSquares Chief Legal Officer Tim Parilla, as he invites legal leaders aboard to share advice that will help you navigate even the most turbulent times of in-house counsel work.