International Data Protection law firm

Back to TMC - Technology, Media & Communications

The challenges arising from data are countless and inescapable in our maturing technological landscape. To future-proof your organisation, and unlock opportunity from your data, you need alert and experienced lawyers who will deliver practical advice. Our team of experts includes former regulators who have been right at the heart of the development of the legal landscape in this critical area.

One-stop-shop

Clients turn to CMS to advise on global data privacy, protection and information security projects. Leading multinational companies, many of which hold large amounts of sensitive data and are heavily regulated, instruct us to advise on multi-jurisdictional projects.

Global AND local

Our teams are flexible in that they handle both large multinational projects but can also deep-dive for niche, country-specific advice. The teams are on the ground in over 40 countries, speak the local language and understand the local laws – but crucially in a global context.

Pragmatism and business acumen

CMS has a knack for turning legal advice into practical solutions that make sense not just to your legal teams, but to your other employees, such as the HR function, or software engineers.

Please reach out to any of our Technology, Media and Communications and data protection lawyers should you have an issue to explore. to find out more about data protection and data regulation offerings.

For the very latest legal updates delivered directly to your inbox, sign up to the Law-Now subscription service now.

GDPR Enforcement Tracker Report 2024
A warm welcome to the fifth edition of the GDPR Enforcement Tracker Report...
Data Law Navigator
Use the Data Law Navigator for a quick look at data protection laws in...
CMS Breach Assistant app
A head start during the first critical hours of a data breach

Feed

13/11/2024
Impact of AI on insurance underwriting: the use of AI in tailor making...
The 1940s marked the beginning of the use of Artificial Intelligence ("AI") with the decoding of the Enigma machine following World War II, although its use in the insurance industry was only implemented...
11/11/2024
Using Artificial Intelligence to prevent fraud in South Africa
In a time where technology is front and centre, there is no question that artificial intelligence (AI) is transforming the world, especially in the insurance industry. On the one hand, fraudsters are...
06/11/2024
The role, opportunities and challenges of AI in detecting financial fraud
Artificial Intelligence (AI) is increasingly playing a pivotal role in combating financial fraud in South Africa, where the rise of digital banking and online transactions has brought both new opportunities...
06/11/2024
Curbing the emergence of deep fake scams: are insurance companies future...
The rapid emergence and development of Artificial Intelligence (“AI”) systems has become so prevalent a subject, it dominates discussions and dialogue across a broad spectrum of sectors that encompass...
30/09/2024
Bias in the code: How AI recruitment processes can land employers in hot...
Artificial intelligence (“AI”) is transforming recruitment processes as we know it, offering speed and efficiency. But what happens when an AI platform perpetuates bias? This risk is not only theoretical...
17/07/2024
Understanding South Africa’s Cybercrimes Act
In today's world, where technology is a big part of our lives, cybercrimes are increasingly impacting individuals, businesses, and governments alike.Even though cybercrime may not have a settled definition...
17/07/2024
The Rise of AI: Are your data privacy systems future fit?
Since the dawn of the new millennium, the rate of technological development has progressed at an unprecedented rate, and it has changed the way we live and the way we think. Through the emergence of technological...
11/07/2024
Digital identity and trust services
New safety requirements Thanks to the revision of the European eIDAS regulation, a true digital identity will be established at the European level, including the creation of a digital wallet to prove identity, store official documents and introduce new trust services. The growing de­ma­ter­i­al­isa­tion of exchanges, which gives everyone access to a wide range of goods and services, must go hand in hand with protecting users - citizens and businesses alike - against cybersecurity risks. It is only by providing a reliable, secure and harmonised framework for electronic identification and secure transactions that the EU will be able to meet the challenges of the "Digital Decade". With the revision of the eIDAS regulation, Europe is giving itself the means to achieve its ambitions. Why revise the eIDAS regulation? Regulation 910/2014 of 23 July 2014 (1), which essentially came into force on 1 July 2016, establishes a common framework for the mutual recognition of electronic means of identification and electronic signature systems to secure electronic transactions in the Union. After just a few years of application, the results are not up to the mark: a low number of notifications of electronic identification schemes, insufficient European interoperability and poor knowledge of the processes in place on the part of companies and individuals alike. Furthermore, while the needs of the private sector are growing, the eIDAS regulation still prioritises the needs of public service. It does not cover emerging uses in banking, finance, education, health, e-commerce, etc. The European Commission's "Digital Compass" plan proposes a new, more global trajectory. eIDAS 2: regulations tailored to a wide range of use cases The eIDAS 2 regulation should enable the development of new use cases. These include mobility (e.g., ticket verification, mobile driving licenses), employment (e.g., diploma certification), healthcare (e.g., electronic prescriptions) and online payments (e.g., strong authentication). In line with the real uses of individuals and businesses, the proposed regulation proposes an approach based on the following principles: large-scale experimentation and feedback to improve regulations and integrate them as effectively as possible within each member state. The test project, launched in April 2023, should continue until 2025, with an evaluation of project results and recommendations for implementing the regulations. What are the main benefits of eIDAS 2? From digital identity to the European digital identity wallet While eIDAS 1 has enabled the development of digital identity systems, notably with several levels of certification, elDAS 2 will go much further with the introduction of a Europe-wide framework for digital identity security. The European Digital Identity Wallet (EDIW) will enable people to:Prove their identity without resorting to national identity solutions alone. Store their data: the wallet can contain an electronic signature issued by a qualified service provider. Manage all their official documents in electronic format (e.g., driving licenses, medical prescriptions, university diplomas, residence permits). The data stored in the EDIW can be used for a wide range of services, such as car rental, airport check-in, university enrollment, apartment rental or opening a bank account. This digital identity wallet will be usable throughout the European Union, regardless of the country of issue. In addition, the major platforms will have to accept its use, notably to enable Internet users to prove their age. Digital identity service providers will be approved and monitored, and the EDIW will be supervised by a national trust authority, in France ANSSI.A digital wallet that creates value for EU businessesThis European framework should "create economic value by facilitating access to goods and services" and "significantly reduce the operational costs of electronic identification procedures" (2). Indeed, the system should facilitate the enrolment of new customers, while reducing the risks of cybercrime (identity theft, fraudulent payment, data theft). eIDAS 2 will thus support the digital transformation of small and medium-sized European businesses in complete security. Additionally, information from a single direction will reduce the administrative burden on public authorities and support the cross-border mobility of European citizens and businesses. Risks linked to the development of digital identity identified by the CNILWhile the digital identity wallet has various beneficial features, such as optional and free issuance, management left to the bearer, minimal use of data provided and easier access for citizens to their digital identity, the CNIL in France has warned against the risks posed by the proposal to create a "unique and permanent identifier" introduced by the European Commission. While this type of identifier facilitates the interoperability of national systems, it also gives rise to numerous risks of profiling, tracking of citizens and interconnection of files. The final version of the eIDAS 2 (3) regulation is silent on this point, even though many questions remain. What's new for trust services? Greater reliability of website authentication certificatesThe revision of eIDAS will enable authentication certificates to be issued on websites, reinforcing users' confidence in the quality of their content. Internet users will be able to rely more easily on authenticated sites, reducing the risk of fraud. The trust framework established by the revised version of the text includes some minimum safety obligations to be met along with rules for displaying data and other attested attributes. The obligation under French law to include certain legal notices on a website will probably have to be brought into line with these new obligations regarding the availability of qualified authentication certificates. New qualified trust servicesThe current list of trust services has been extended to include two new qualified trust services:the provision of electronic archiving services, defined as "a service ensuring the reception, storage, retrieval and deletion of electronic data and documents to guarantee their durability and legibility, as well as to preserve their integrity, confidentiality and proof of origin throughout the preservation period";the introduction of electronic registers, defined as "a sequence of electronic data records that should guarantee the integrity of these data and the accuracy of their chronological classification". Tougher requirements for advanced electronic signaturesThe revised text reinforces the security requirements and standards to be met by advanced signatures. These signatures must create an unambiguous link with the signatory, enable the signatory to be identified, and guarantee that the signed data has not been compromised. The means used to create these signatures must be under the sole control of the signing users (e.g., smartphone). Qualified remote signatures must meet the same requirements as those for advanced signatures but must be based on a certificate issued by a qualified trust service provider. While the eIDAS 2 regulation reinforces trust services, it should not be forgotten that these can be costly and complicated, and require the intervention of a qualified trusted third party. It is possible to argue that, if the European digital identity wallet proves effective, signatories could, in the future, be identified by this means alone in everyday transactions. The forthcoming entry of the revised regulation, and its first applications of digital identity in everyday life will, be a major step forward. This could lead to a merging of the notions of digital identity and digital authentication. To be continued... Key points: The new version of the eIDAS regulation, which will apply to entities will be published shortly in the OJEU. The amended regulation introduces the European digital identity wallet, which will enable users to prove their identity, store data and manage all their official documents. In terms of trust services, certificates for website authentication will be issued, new trust services will be introduced, and security requirements for advanced electronic signatures will be strengthened. Article published in Option Finance on 08/04/2024Reg­u­la­tion on electronic identification and trust services for electronic transactions within the internal market, or Electronic Identification and Trust Services Regulation, (eIDAS). Extract from the European Parliament's proposal for a regulation adopted  at first reading on February 29, 2024. The idea of creating a unique identifier appeared in the European Parliament's proposal of June 3, 2021, but is no longer expressly mentioned in the version finally voted on February 29, 2024. However, its use is not ruled out.
15/05/2024
GDPR Enforcement Tracker Report
The CMS Data Protection Group is pleased to launch the 5th edition In the six years since the GDPR came into force, this powerful framework to protect personal data has certainly helped to raise awareness and encourage compliance efforts – just as the European legislator intended. At the same time, the risk of fines of up to EUR 20 million or 4% of a company’s global annual turnover can also lead to fear and reluctance or ignorance about compliance issues. We still believe that facts are better than fear. This is why we continuously update our list of publicly known fines in the GDPR Enforcement Tracker and established the GDPR Enforcement Tracker Report as an annual deep dive approach to provide you with more insights into the world of GDPR fines.
12/04/2024
Reflections from Mobile World Congress 2024
Key takeaways from MWC 2024 and insights into The Mobile Century ‘Digital Generation’ publication. The GTWN and CMS are very proud to provide the transcript and recording of the recent GTWN/CMS webinar reflecting on the findings and insights of the Mobile World Congress as well as those written about in our flagship Mobile Century publication premiered at the Mobile World Congress, “Digital Generation’.
06/03/2024
The Mobile Century 2024
CMS is delighted to support The Mobile Century, a publication written by women in the digital space, published by the Global Telecom Women’s Network (GTWN). The Mobile Century provides a global perspective on the most important issues facing the digital technology sector, while championing the role and contribution of women leaders in bringing about meaningful change. These characteristics align closely with the professional and cultural values of CMS’ Technology, Media and Communications Practice. The promise and anticipation around Artificial Intelligence has captivated worldwide attention over the past year like no other recent technological revolution. Governments around the world have rushed to understand how they can respond to generative AI, ensuring that their industries are well placed to capture maximum value from this innovation, whilst also not exposing their populations to undue risks. This edition of The Mobile Century includes an insightful essay by CMS Partner and Co-Head of the TMC Sector Group, Dóra Petrányi on finding the appropriate balance between AI ethics and AI regulation. It also includes an inspiring fireside chat between Dóra and Francesca Rossi, who is a computer scientist, an IBM Fellow and the IBM Global AI Ethics Leader. At the same time, society is facing other new challenges, as the digital natives – those who only know a digital world – see all aspects of their lives transformed. As certain jobs and even professions are being transformed by digital technology, what does the future look like for those who are inheriting our digital world? What do governments, regulators and industry itself need to do to ensure the benefits of these technologies outweigh the risks that have emerged?At CMS, we continue to be honoured to support the GTWN and its flagship magazine The Mobile Century, which, once again, is dense with thought-pro­vok­ing articles from inspiring leaders. We hope the articles motivate you, as they do us, to think about our responsibilities and the wider impact of our companies on the world around us.
28/11/2023
International Digital Regulation Hub
Following the EU Commission plan “A Europe fit for the digital age”, we have witnessed a lot of digital regulations in the EU including DMA and DSA, AI Act, Data Act and there is still more to come. Whilst presenting companies with a tumultuous landscape to navigate, the legal obligations imposed also present opportunities to develop their business in a new digital framework safeguarding responsible business practices, fair competition and personal data. The CMS Digital Regulation Hub is home to our Digital Regulation Tracker Tool, providing an overview of the key regulatory instruments for area of law, sectors and business activities which are critical for decision makers as they adapt to the increasingly digital landscape. In addition to this unique tool, we explore the impact this tsunami of regulation is having for businesses across a variety of industries and how GCs can ride the waves to stay ahead of the curve. Our latest re­port il­lus­trates the key findings across Platforms, Content providers, Life Sciences & Healthcare, Energy & Infrastructure, Banking & Finance and Automotive industries. To discuss how to cope with the challenges of Digital Regulations and to explore the opportunities for your business, please contact one of our International experts.