International Data Protection law firm

Back to TMC - Technology, Media & Communications

The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced lawyers who will deliver practical advice. Our team of experts includes former regulators who have been right at the heart of the development of the legal landscape in this critical area.


Clients turn to CMS to advise on global data privacy, protection and information security projects. Leading multinational companies, many of which hold large amounts of sensitive data and are heavily regulated, instruct us to advise on multi-jurisdictional projects.

Global AND local

Our teams are flexible in that they handle both large multinational projects but can also deep-dive for niche, country-specific advice. The teams are on the ground in over 40 countries, speak the local language and understand the local laws – but crucially in a global context.

Pragmatism and business acumen

CMS has a knack for turning legal advice into practical solutions that make sense not just to your legal teams, but to your other employees, such as the HR function, or software engineers.

Please reach out to any of our Technology, Media and Communications and data protection lawyers should you have an issue to explore. to find out more about data protection and data regulation offerings.

For the very latest legal updates delivered directly to your inbox, sign up to the Law-Now subscription service now.

GDPR En­force­ment Track­er Re­port 2022
What a year for GDPR en­force­ment: 2021/2022 saw vari­ous land­mark cases...
Data Law Nav­ig­at­or
Use the Data Law Nav­ig­at­or for a quick look at data pro­tec­tion laws in...
CMS Breach As­sist­ant app
A head start dur­ing the first crit­ic­al hours of a data breach


GDPR En­force­ment Track­er Re­port
A warm wel­come... the fourth edi­tion of the GDPR En­force­ment Track­er Re­port – the an­niversary edi­tion cel­eb­rat­ing five years of GDPR.In the five years since the GDPR be­came ap­plic­able its power­ful frame­work for im­pos­ing fines has cer­tainly helped to raise aware­ness and en­cour­age com­pli­ance ef­forts – just as the European le­gis­lat­or in­ten­ded. At the same time, the risk of fines of up to EUR 20 mil­lion or 4% of a com­pany’s glob­al an­nu­al turnover can also lead to fear and re­luct­ance or ig­nor­ance about com­pli­ance is­sues.We still be­lieve that facts are bet­ter than fear.This is why we con­tinu­ously up­date our list of pub­licly known fines in the GDPR  En­force­ment Track­er and star­ted the GDPR En­force­ment Track­er Re­port as an an­nu­al deep dive ap­proach to provide you with more in­sights in­to the world of GDPR fines.As in the three pre­vi­ous edi­tions, the GDPR En­force­ment Track­er Re­port starts with the Ex­ec­ut­ive Sum­mary (also avail­able as a PDF ver­sion), fol­lowed by the “Num­bers and Fig­ures” sec­tion and the “En­force­ment In­sights per busi­ness sec­tor” (also in­clud­ing the over­arch­ing em­ploy­ment cat­egory. The “En­force­ment In­sights per coun­try” provide back­ground on the spe­cif­ic en­force­ment frame­work un­der na­tion­al law. Some re­marks on our meth­od­o­logy can be found at the very end of the re­port.
On the Pulse we­bin­ar series 2023 - Spring
Wel­come to the launch of the On the Pulse we­bin­ar series
Glob­al Life Sci­ences & Health­care For­um 2022 – re­cord­ings & present­a­tions
Un­cer­tain times, an evolving leg­al frame­work: man­aging risks and en­sur­ing so­cial re­spons­ib­il­ity in the life sci­ences & health­care sec­tor The risks of AI in the fu­ture of life sci­ences came un­der the mi­cro­scope at a land­mark leg­al For­um in Septem­ber.Health­care is ra­cing ahead in ad­opt­ing new tech­no­lo­gies across drug dis­cov­ery, de­vel­op­ment, man­u­fac­tur­ing and sup­ply chain but ex­perts pre­dict a tail-whip of dis­putes and con­tract fric­tion.Di­git­al trans­form­a­tion has the po­ten­tial to im­prove every as­pect of health­care and the pharma in­dustry but it also im­pacts data pro­tec­tion, IT se­cur­ity, con­tract design, li­ab­il­ity and reg­u­la­tion.The an­nu­al CMS Glob­al Life Sci­ences and Health­care For­um brought to­geth­er high-level in­dustry and leg­al ex­perts to dis­cuss sec­tor in­tel­li­gence and best prac­tice as well as is­sues ran­ging from cy­ber breaches and crypto­cur­rency wrangles to fall-outs over trade secrets and in­tel­lec­tu­al prop­erty (IP).“AI of­fers amaz­ing op­por­tun­it­ies to ad­vance life sci­ences and ush­er in trans­form­at­ive medi­cine such as cell and gene ther­apy, im­proved dia­gnostics and ana­lyt­ics but it also comes with con­cerns as leg­al and con­trac­tu­al risks are still be­ing un­der­stood and eval­u­ated,” says Nick Beck­ett, Glob­al Co-Head of CMS Life Sci­ences & Health­care Sec­tor Group“Sci­ence and tech­no­logy are mov­ing for­ward very quickly but we are find­ing that the de­tail and strategy of what to do to mit­ig­ate risks or re­solve them is lag­ging be­hind. These are crit­ic­ally im­port­ant is­sues that com­pan­ies need to ad­dress and the For­um ex­amined the im­plic­a­tions and solu­tions.”AI is boom­ing and a re­cent re­port by ana­lysts Grand View Re­search fore­cast that the glob­al AI in health­care mar­ket will grow from its cur­rent value of $10.4 bil­lion at a com­pound an­nu­al growth rate (CAGR) of 38.4% from 2022 to 2030. AI is fast be­com­ing a sig­ni­fic­ant ele­ment of every as­pect of health­care and leg­al de­part­ments and busi­ness units are be­ing chal­lenged to re­spond.The For­um, which was held in Brus­sels and on­line on Thursday, Septem­ber 29, had a packed agenda cov­er­ing tech­no­logy trans­form­a­tion, En­vir­on­ment­al, Sus­tain­ab­il­ity and Gov­ernance, sup­ply chain dis­rup­tion, reg­u­lat­ory frame­works and the chan­ging com­mer­cial land­scape.The scale of chal­lenge was evid­enced in the re­cent CMS Tech­no­logy Trans­form­a­tion: Man­aging Risks in a Chan­ging Land­scape re­port which re­vealed that 56% of cor­por­ate coun­sel and risk man­agers ex­pect an in­crease in AI-re­lated dis­putes, while 50% be­lieve that the use of AI tech­no­lo­gies will lead to risks and dis­putes that can­not cur­rently be fore­seen.Dis­putes will be driv­en by is­sues arising from IP and trade secrets, the use of AI, smart con­tracts, crypto­cur­ren­cies and cloud ser­vices, they be­lieve.“Or­gan­isa­tions are likely to see new types of risks and dis­putes emerge from the use of new tech­no­lo­gies such as AI and crypto­cur­ren­cies. Many busi­nesses are play­ing catch-up in un­der­stand­ing the risks as­so­ci­ated with these new tech­no­lo­gies,” says Lee Gluyas, Part­ner, CMS. “Whilst no busi­ness can elim­in­ate risks com­pletely, those that think ahead, plan early and act­ively man­age risk will give them­selves a sub­stan­tial ad­vant­age.”Fea­tured key­note speak­ers from the United Na­tions Health and De­vel­op­ment Team, gen­er­al coun­sel from lead­ing pharma com­pan­ies, Bo­ston Con­sult­ing Group, fin­an­cial ser­vices mul­tina­tion­al Aon and CMS sec­tor spe­cial­ists.
US ad­opts Ex­ec­ut­ive Or­der to im­ple­ment EU-US Data Pri­vacy Frame­work
After an­noun­cing a polit­ic­al agree­ment on 25 March 2022, the US gov­ern­ment has now an­nounced more de­tails on how it in­tends to put mass sur­veil­lance by in­tel­li­gence agen­cies on a rule-of-law foot­ing...
Tech­no­logy Trans­form­a­tion – Me­dia
The me­dia sec­tor is known to be highly com­pet­it­ive, with that com­pet­i­tion driv­ing in­nov­a­tion. Older me­dia busi­nesses have had to grapple with dis­rupt­ive new entrants. And those new entrants are con­stantly work­ing to de­liv­er bet­ter and more en­ga­ging con­tent and user ex­per­i­ences to main­tain their ad­vant­age. Di­git­isa­tion has changed how me­dia com­pan­ies in­ter­act with their audi­ence in ways we could not have ima­gined just a few years ago, but this comes with risk.This re­port is a deep dive in­to the data first pro­duced for the re­port Tech­no­logy Trans­form­a­tion: Man­aging Risks in a Chan­ging Land­scape. This saw over 500 cor­por­ate coun­sel and risk man­agers sur­veyed from mul­tiple in­dus­tries across the world. Here we look in de­tail at the 75 re­spond­ents from the me­dia sec­tor, and their per­spect­ives on the risks as­so­ci­ated with busi­ness-crit­ic­al tech­no­lo­gies, in­clud­ing emer­ging tech­no­lo­gies. What did we find? Me­dia is a dy­nam­ic sec­tor and can be an early ad­op­ter of many nov­el tech­no­lo­gies as com­pan­ies push for com­pet­it­ive ad­vant­ages to cre­ate and sat­is­fy cus­tom­er de­mand. As we look to the fu­ture, the sec­tor does seem un­der­prepared in some areas, which is a po­ten­tial cause for con­cern.Down­load the Tech­no­logy Trans­form­a­tion me­dia sec­tor re­port now to read aboutThe prin­cip­al drivers in the ad­op­tion of busi­ness-crit­ic­al tech­no­logy in the me­dia sec­tor­Con­fid­ence in man­aging tech-re­lated risks among seni­or me­dia ex­ec­ut­ivesFu­ture threats from new tech­no­lo­gies like AI and block­chain­Which plans and pro­cesses me­dia com­pan­ies are put­ting in place to pro­tect tech in­fra­struc­ture­Cul­tur­al bar­ri­ers to man­aging tech risks in the me­dia sec­tor­Preferred ap­proaches to dis­pute res­ol­u­tion in the me­dia sec­tor
CMS Ex­pert Guide to the im­pact of GDPR in non-EU coun­tries
The European Uni­on's Gen­er­al Data Pro­tec­tion Reg­u­la­tion (“GDPR“) is an in­ter­est­ing piece of le­gis­la­tion for sev­er­al reas­ons but es­pe­cially due to its ap­plic­a­tion to busi­nesses not con­nec­ted to the...
CMS Ex­pert Guide: Data Law Nav­ig­at­or
Data provides a whole range of op­por­tun­it­ies but also in­cludes new and unique risks for com­pan­ies, gov­ern­ments and in­di­vidu­als. From sec­tor-spe­cif­ic nu­ances to loc­al derog­a­tions from the EU GDPR, sim­ul­tan­eously...
Fa­cing the op­por­tun­it­ies and chal­lenges of a vi­brant life sci­ences sec­tor
Di­git­al ad­vances and in­nov­at­ive ther­apies are push­ing the bound­ar­ies of health and the leg­al world has to keep paceLife sci­ences are fizz­ing with in­genu­ity and in­nov­a­tion with re­volu­tion­ary gene and cell drug dis­cov­ery and di­git­al ad­vances push­ing the fron­ti­ers of glob­al health­care.But the trans­form­at­ive prom­ise is freighted with com­plex con­cerns over sus­tain­ab­il­ity, af­ford­ab­il­ity, di­git­al se­cur­ity, con­tracts and IP own­er­ship. The is­sues range from sci­entif­ic tech­nic­al­it­ies to ex­ist­en­tial and eth­ic­al ques­tions over Ar­ti­fi­cial In­tel­li­gence’s abil­ity to gen­er­ate ap­proaches free from hu­man hand.The chan­ging land­scape was brought in­to fo­cus at the CMS Glob­al Life Sci­ences and Health­care For­um 2022 where ex­perts high­lighted the chal­lenges and ex­plored guid­ing prin­ciples.The pan­el, chaired by CMS Lon­don part­ner Louise Boswell, heard that cur­rent eco­nom­ic pres­sures and geo-polit­ic­al shock­waves are ra­di­at­ing across busi­ness per­form­ance and sup­ply chains, which are cru­cial to com­mer­cial vi­ab­il­ity and the land­scape is be­ing fur­ther stressed by am­bi­tious goals to re­duce car­bon emis­sions.Laeti­tia Sz­a­ller, Gen­er­al Coun­sel & VP Busi­ness De­vel­op­ment at AM Pharma, told del­eg­ates that a new prag­mat­ism was needed when ne­go­ti­at­ing col­lab­or­a­tions with part­ner com­pan­ies and she em­phas­ised the need to cre­ate con­tracts with sup­pli­ers that are flex­ible enough to weath­er storms and pro­tect all parties from cur­rent and fu­ture pres­sures.“The real­ity is that you have to find a solu­tion,” she said. “It will come down to how do we share the risk and how do we share bur­den? Hav­ing your part­ner bleed out is not go­ing to be lead­ing to a happy end­ing.”The pan­dem­ic, the Rus­si­an in­va­sion of Ukraine have caused un­pre­ced­en­ted tur­bu­lence across sup­ply chains and Sz­a­ller ad­voc­ated for all stake­hold­ers to be in­volved in early stage dis­cus­sions to avoid the time and cost risk of chan­ging sup­ply chain part­ners be­cause of in­flex­ible agree­ments.The CMS Tech­no­logy Trans­form­a­tion: Man­aging Risks in a Chan­ging Land­scape re­port found that 56% of cor­por­ate coun­sel and risk man­agers sur­veyed were ex­pect­ing a rise in dis­putes in­volving AI over the next few years.The pan­el ses­sion also got valu­able in­sights in­to the com­plex­it­ies and dif­fi­culties of build­ing AI sys­tems in life sci­ences – the glob­al sec­tor is fore­cast to grow at 20% CAGR between 2022 and 2030 – from An­ita Prin­zie, Product Man­ager, Om­nia Tech­no­lo­gies Ma­chine Learn­ing.“We try to face the risks head on.” she com­men­ted. “We want to tap in­to the op­por­tun­it­ies to build valu­able di­git­al health apps that will sup­port much more per­son­al­ised ex­per­i­ences, which we all ac­tu­ally want.“There is more health data – just like we have in the re­tail sec­tor - but this data is very per­son­al. It's your per­son­al health data. So, when com­pan­ies ask us to help per­son­al­ise those health ex­per­i­ences, it is a yes but we have to look at the risks. We can­not jump for joy and just ap­ply whatever al­gorithm from the shelf.“It is very dif­fi­cult and is not only an AI prob­lem but an AI risk man­age­ment prob­lem.”She ad­ded that reg­u­la­tions over pri­vacy and data pro­tec­tion var­ied across coun­tries so the com­pany cre­ated core pro­grammes that can be amended for dif­fer­ent na­tions rather than con­struct new sys­tems for each coun­try.The pan­el, which in­cluded CMS part­ners Bri­an Sher and Tom De Cordi­er, dis­cussed a range of is­sues such as li­cens­ing agree­ments in a chan­ging en­vir­on­ment, in­clud­ing the freshly-min­ted sec­tor of col­lab­or­a­tions based on early stage in­nov­a­tion and re­search, ‘killer ac­quis­i­tions’, com­pet­i­tion law, reg­u­lat­ory com­plex­it­ies and IP rights.Nick Beck­ett, Glob­al Co-Head of CMS Life Sci­ences & Health­care Sec­tor Group, ob­served: “Ad­vances are com­ing thick and fast in life sci­ences so we need to make sure the leg­al sec­tor can re­spond pos­it­ively to en­sure that new tech­no­lo­gies and ther­apies get to the people that need them most.“Shar­ing sec­tor in­tel­li­gence and ex­per­i­ence is key to un­der­stand where fric­tion points arise and al­lows us to find solu­tions that em­power the sec­tor.“The en­tire CMS For­um was full of in­sights and know­ledge and we are com­mit­ted to util­ising best prac­tice and in­nov­at­ive ap­proaches to get the best for our life sci­ences and health­care cli­ents.”
APAC TMC Up­date – Au­tumn 2022
China Meas­ures on Se­cur­ity As­sess­ment of Cross-bor­der Data Trans­fer take ef­fect On 1 Septem­ber 2022, the Meas­ures on Se­cur­ity As­sess­ment of Cross-bor­der Data Trans­fer (Se­cur­ity As­sess­ment Meas­ures) be­came...
Di­git­al Mar­kets Act (DMA) comes in­to force on 1 Novem­ber 2022
The Di­git­al Mar­ket Act (DMA) was pub­lished in the Of­fi­cial Journ­al of the European Uni­on on 12 Oc­to­ber, and it will enter in­to force on 1 Novem­ber. Large di­git­al plat­forms that of­fer core plat­form ser­vices...
European data board re­com­mends re­form­ing leg­al frame­work for in­tro­duc­tion...
On 10 Oc­to­ber 2022, the European Data Pro­tec­tion Board (EDPB) ad­op­ted a state­ment on the design choices for a di­git­al euro from the pri­vacy and data pro­tec­tion per­spect­ive, stat­ing that its shares the...
European Com­mis­sion pro­poses new Cy­ber Re­si­li­ence Act
On 15 Septem­ber 2022, the European Com­mis­sion pub­lished its pro­pos­al for a reg­u­la­tion on ho­ri­zont­al cy­ber­se­cur­ity re­quire­ments for products with di­git­al ele­ments. This draft of the Cy­ber Re­si­li­ence Act...