Update
11.01.2022
Our Luxembourg Technology & IP-team has identified the five trends in the field of IP & technology law which will shape your agenda in the coming year.
  • 1. GDPR enforcement

    In the past year, the Luxembourg data protection authority (the CNPD) issued its first fining decisions, including one imposing a record fine of EUR 746 million on Amazon. More sanctions and investigations are expected in 2022. Focus areas include adtech (e.g. the use of cookies), Covid-19-related data processing, and international data transfers. For the latter, it is important not to forget to implement the new SCCs and to organise a data transfer impact assessment.

  • 2. Cybersecurity

    Cybercrime is nothing new, but the rapidly accelerating digital transformation (sometimes organised in an improvised fashion, as in the case of working from home) and the recent Log4j security vulnerability have led to an increase in criminal acts committed online through electronic communications networks and information systems. A multidisciplinary approach is required to tackle these types of offences, the legal aspects of which should not be neglected, from both from a proactive (IT governance policies, the contractual organisation of resilience throughout the value and supply chains, cyber insurance, etc.) and reactive (liability litigation, sector and data protection notification requirements, and regulatory investigations) perspective. In any case, laws and regulations in the area of cybersecurity are clearly increasing. A second Network and Information Security (NIS) Directive is in the works, and the myriad existing rules and regulations in the financial sector (e.g. CSSF Circular 20/750 and the corresponding EBA guidelines) will be embodied in the DORA Regulation (aka the EU's Digital Operational Resilience Act for the financial sector) in order to tackle IT security holistically and further foster the digital resilience of financial players.

  • 3. Digital transformation

    The Covid-19 crisis has further accelerated the need for digital client onboarding and a digital client journey, AI-based processes (e.g., chatbots and data analytics), and electronic signature and archiving solutions. The legal challenges raised by these phenomena and the responses of lawmakers, regulators and the courts are constantly changing. Many of these new developments are based on outsourced services and/or are made possible via cloud solutions. These in turn trigger sector regulatory issues and, in the wake of the CJEU's Schrems II judgment, raise data protection questions. The financial (including investment funds) and insurance sectors should be particularly attentive to the applicable sector regulatory framework. Many financial institutions had to be compliant with the EBA guidelines on outsourcing arrangements by 31 December 2021, and the CSSF will publish its revamped circular on outsourcing in the coming weeks. Furthermore, many insurance companies must comply with the EIOPA guidelines on outsourcing to cloud service providers, declared applicable by CAA Circular 21/15, which contains additional requirements as well.

  • 4. Protection of trade secrets

    Cybersecurity and data protection rules and regulations have raised awareness within organisations of the value of information and the need to protect it. Only if valuable internal information is adequately protected  can it benefit from the EU's harmonised and enhanced protection and enforcement regime for trade secrets, introduced by Directive (EU) 2016/943 (and the 2019 Luxembourg implementing legislation). Businesses are clearly more aware of this regime, integrating it into their overall IP protection strategy and, finally, enforcing it. 

  • 5. Open data

    Various legislative initiatives have been taken to support data economy by fostering the exchange of data, even when it appears difficult to reconcile with data protection. In the payment services sector and other financial sectors, open banking, reinforced by the Second Payment Services Directive, is on the rise. It goes without saying, however, that the open data movement is not limited to banking. More horizontal initiatives, such as the Data Governance Act, will further bolster data sharing and the reuse of public-sector data, even when protected by IP or personal data regulations. This act provides a framework for "data intermediation" services and encourages "data altruism", permitting individuals and companies to make data voluntarily available for the common good such as scientific research. In 2022, a major new legislative initiative, the Data Act, is expected, which will complement the Data Governance Act and aims to facilitate business-to-business data sharing, amongst other things.

  • Download

    If you would like to know more, read the extended version of the article published in the January edition of Agefi here.

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.