3 THINGS YOU SHOULD KNOW BEFORE ENGAGING A TECH LAWYER

Technology has become an essential part of our lives. It is weaved into almost every aspect of our human endeavours. The introduction of new technologies has birthed a new specialisation: a tech lawyer. Technology law deals with the intersection of business law, commerce and regulation and lawyers in this field are, in addition to a number of other things, responsible for helping startups and businesses use and implement technology in their businesses in a way that is compliant with the law. They provide comprehensive legal services that include commercial law, intellectual property law and strategic transactional advisory. 

Lawyers are an integral team of any business. A lawyer will provide vital assistance to your business from basic formation to compliance issues and even lawsuits and liability. A good lawyer can help you grow your business while a bad lawyer can mar your business. How do you choose the right lawyers for your business? The trick to choosing the appropriate lawyers boils down to a combination of many factors. While we have explored three basic things you should know before you hire a technology lawyer, please note that this is not an exhaustive or one-shoe-fits-all approach to hiring a tech lawyer.  

  1. Understand that speciality matters –  Like professionals in every other field, lawyers tend to specialise. Depending on the particular need of your startup at a point in time, it is important that you hire a lawyer who understands and has advised companies a number of times around your legal needs. You want a lawyer who is competent, responsive, and experienced with the types of legal issues you will need help with. Referrals are often the best place to start. Be wary of a lawyer who does not seem to speak the language of your business.  A general counsel may not be able to provide you with a boutique advisory for your startup financing when compared to a tech lawyer who has closed various venture deals. This knowledge that speciality is of utmost importance will guide you in hiring a lawyer that is most suitable for your company’s needs. There is no gainsaying that it is also crucial that you hire a lawyer who is licensed to practice in your jurisdiction.
  1. Hiring tech lawyers are expensive – Because the tech ecosystem is booming, the hourly rates of lawyers are high. Lawyers generally charge in one of three ways for their services – hourly, a flat fee, or contingency (percentage). Depending on your budget, it is important to keep in mind that the legal fees of tech lawyers are relatively high. There is a famous analogy making the rounds that tech is the new oil and consequently tech talents and related personnel are expensive given the demand. One factor that largely determines the cost of legal services is the complexity of your legal issue. It is extremely important to understand the fee structure of the lawyer you’ll be hiring, the time that will be spent on your legal issue and the expenses involved. As practicable as possible, it is advisable to hire a lawyer that falls within your budget and existing resources.
  1. Understand the scope of services that will be provided to you – Generally, a lawyer is often engaged to provide specific services to the client for a period of time. The only exception to this will be where the lawyer is retained as an in-house counsel – these are lawyers retained to handle a range of legal issues affecting the company. The engagement letter signed between the lawyer and the client is typically what determines and outlines the services the lawyer is required to provide to the client within a given period of time. Except for services specifically covered under your engagement letter, it shouldn’t come as a surprise when a lawyer quotes new fees for certain services.

Hiring the best-fit lawyer is essential to ensure you get the best result from your legal issue/need. These basic factors should be able to guide your choice and decision when hiring a technology lawyer for your startup.

TOP 10 BOOKS FOR THE TECH-SAVVY LAWYER

To better understand the dynamics of legal technology law and hone your skills as a tech-savvy lawyer, we suggest reading the following books:

  1. Technology Law by Mark Grossman

Mark Grossman offers readers the chance to learn a lot things about technology law in this book. If you’re a business person who wants a good overview of technology law, this book is for you. If you are a law student considering a specialty in technology law, this book will give you an easy-to-read overview of what technology lawyers do. Whoever you are, we recommend reading this book as it will give you an excellent overview of the field of technology law. 

  1. The Legal Aspects of Managing Technology by Lee B. Burgunder

The author focuses on essential technology law issues with particular attention given to a wide variety of contentious issues related to intellectual property rights, and the coverage of all other key topics such as e-commerce, privacy, antitrust and biotechnology. The purpose of the book is to help managers to understand the main legal issues related to technology management. 

  1. The Simple Guide to Legal Innovation: Basics Every Lawyer Should Know by Lucy Endel Bassli

Author Lucy Endel Bassli provides details on the legal ecosystem, the rise of legal operations (or legal ops), top innovation concepts lawyers need to know and more. For lawyers who are enthusiastic about responding to the demands of the twenty-first century legal marketplace, then this book is a must read. 

  1. Law and the Media by Tom Crone

This book covers the principles of law that are most likely to interest persons in the media, as well as guidance on the legal issues that are being debated such as the new forms of media, the Human Rights Act 1998, and the contentious issue of privacy. It is a valuable resource for individuals working in the media such as journalists, editors, producers, and media lawyers who must deal with a variety of legal difficulties. 

  1. Dispute Revolution by Kleros.IO

This book examines how justice systems have functioned throughout history, from ancient times to the present, and then uses cutting-edge technology to predict where they might be headed. The book aims to find out if decentralized justice solves a problem, and if it is possible to provide users with the appropriate incentives for users to be truthful. 

  1. Media, Technology and Copyright: Integrating Law and Economics by Michael A. Einhorn

Media, Technology and Copyright is an interdisciplinary work that applies economic theory to key issues in intellectual property law. The book’s chapters involve issues on digital rights with topics related to software, databases, and cyber-law, including digital rights management, file-sharing, music licensing, deep linking, framing, and contributory intelligence. 

Written in a non-technical language for an inter-disciplinary audience of lawyers, economists, students, artists, and professionals in the content industry, the book provides a comprehensive study for anyone interested in the issues surrounding intellectual property rights. 

  1. Understanding Privacy and Data Protection: What You Need to Know by Timothy J. Toohey

The author explores numerous topical issues and controversies, including the impact of U.S. government surveillance on privacy, biometric identifiers, cloud computing, the Internet of things, big data, and privacy by design. The book also provides a guide to the current cybersecurity landscape, including the significant impact of unauthorized data breaches, such as hacking attacks, on businesses and individuals. This non-technical book also describes some of the practical steps that may be taken to protect privacy and security, as these fields continue to evolve.

  1. FinTech Law: A Guide to Technology Law in the Financial Services Industry by Kevin C. Taylor

This book will serve industry professionals, technology law attorneys, entrepreneurs, technology vendors, and investors and venture capital groups in understanding the current state of the industry and the gap between regulatory and technological growth.

  1. The LegalTech Book: The Legal Technology Handbook for Investors, Entrepreneurs and FinTech Visionaries written by Susanne Chishti (Editor-in-Chief), Sophia Adams Bhatti (Editor), Akber Datoo (Editor), Drago Indjic (Editor)

Written by prominent thought leaders in the global fintech and legal space, the book explains key industry developments, and offers critical insight from the authors’ first-hand information and lessons learned. The book covers topics on the current status of LegalTech, applications of AI, machine learning and deep learning in the practice of law, cryptocurrency, cybersecurity and data, and many more. 

  1. Law and Autonomous Machines by Mark Chinen

This book lays forth a potential path for the co-development of legal responsibility and artificial intelligence, as well as the machines and systems that are powered by it. Scholars and practitioners of legal doctrine, ethics, and autonomous technology will find this book to be an invaluable resource. 

The importance of Privacy Policies and what should be included when writing one

A privacy notice or privacy information is a statement and a legal agreement that gives people vital information on their personal data and its processing. In doing so, it informs the data subjects of their rights and how their personal data is being collected, used, shared, stored, etc. Your privacy policy must be easily accessible and written in clear and straightforward language that can be easily understood by anyone.

Why You Need A Privacy Notice;

Privacy notices are a requirement of the law. The General Data Protection Regulation, as well as the National Data Protection Regulation (NDPR) mandates all data controllers and processors to provide the data subjects with a privacy notice prior to collecting their personal data. A data controller is one who determines the purposes for which Data will be used. So, if you have a website or an app(mobile or web) that collects personal information from its users, you are required by law to have a privacy policy. Apart from being a requirement of the law, a privacy notice creates a level of trust between a user and an organization.  

What To Include In Your Privacy Policy? 

  1. Information about your organization – It is good practice to include relevant details about your organization in the privacy policy. 
  2. The information you collect – Your privacy notice should outline the specific type of personal information you collect. This is because the definition of personal data is broad. In addition to stating the type of information being collected, your privacy notice should also include the sources from which the personal information of users is being collected/obtained, e.g., contact forms or from the collection of IP addresses and user’s location.  
  3. The contact details of a data protection officer in the organization – This person is responsible for overseeing the organization’s data protection strategy and ensuring compliance with the requirements of the law. The officer also serves as an interface that handles complaints and enquiries from users with respect to the organisation’s data processing measures. 
  4. Lawful basis for processing data – The law provides that organisations can only process personal data if there is a lawful basis for doing so. The lawful bases recognised by the law are:
  • If the data subject gives their explicit consent or if the processing is necessary;
  • To meet contractual obligations entered into by the data subject;
  • To comply with the data controller’s legal obligations;
  • To protect the data subject’s vital interests;
  • For tasks carried out in the public interest or exercise of authority vested in the data controller; and 
  • For the purposes of legitimate interests pursued by the data controller

Your privacy policy should specify which of the bases you are relying on for processing the personal data of users.

  1. Retention period – The law states that the personal data of users can only be retained for as long as the legal basis for processing is applicable, and in other situation, it specifies a maximum period for the retention of personal data. A privacy policy should specify the relative number of years for which personal data of the users will be retained.  
  2. Third parties with whom you share the personal data of users – Your privacy policy should state whether or not you will be sharing the personal data of users with third parties. 
  3. The rights of the data subject – Data subjects have rights under the law. It is imperative to include these rights in your document. Data subjects have the right to:
  • to obtain information on the processing of their personal data of access to their data;
  • to rectification of their data;
  • to the erasure of their data and to be forgotten;
  • to restrict the processing of their data;
  • to data portability;
  • to object to the processing of their data; and
  • not to be subject to a decision based solely on automated processing;

If you are yet to have a privacy policy on your app or website, now would be a good time to do that, and yes you should reach out to a Lawyer to help with your privacy policy.

Some Things You Should Know About Data Privacy And Security In Nigeria

Considering how the internet has made things a lot easier for the humans, personally identifiable information among other things are exchanged in cyberspace to aid seamless conversations and processes. People divulge their personal data when visiting websites, purchasing products, or even signing up for services. Putting out personal information could open up room for theft and other crimes that could potentially harm not just individuals but organizations as a whole.

Given several privacy breaches in Nigeria such as the case between NITDA and Truecaller, and the famous Facebook-Cambridge Analytics Data Privacy Scandal, the need to protect personal data cannot be overstated. This has prompted the implementation of various laws/legislation such as the Nigerian Data Protection Regulation (NDPR) 2019, Cybercrimes Act, and the General Data Protection Regulation 2018 to mention a few.

The overall legislation that extensively touches on data security in Nigeria is the NDPR 2019. It is in consonance with global best practices and standards and it regulates data protection and security in Nigeria. The Nigerian Information Technology Development Agency (NITDA) is the regulatory institution responsible for implementing the provisions of the NDPR 2019. The Regulation applies to residents of Nigeria, citizens of Nigeria residing outside of Nigeria, and organizations that process the personal data of such individuals. Other laws regulating data privacy and security in Nigeria include The Freedom of Information Act 2011, The Child’s Rights Act 2003, The Federal Competition and Consumer Protection Act 2019 to mention a few. The NDPR touches on the principles of data processing, the requirements of Data Compliance Officers, the requirement of data subject’s consent for collecting and processing data, requirements for the international transfer of data, rights of data subjects, and prescribes penalty for non compliance with the regulation.

Data Controllers: These are organizations or individuals who determine the purposes for which data will be used. They are required to develop adequate security systems including measures for protecting systems from hackers, firewalls, and employing data encryption technologies to protect data within their custody. Personal Data must be collected and processed in accordance with a specific, legitimate and lawful purpose consented to by the Data Subject. It must also be adequate, accurate, and without prejudice to the dignity of the human person; stored only for the period which it is reasonably needed, and must be secure against all foreseeable hazards and breaches. When a breach occurs, data controllers are to report such breach to the NITDA within 72 hours of becoming aware of the breach.

Data subjects must consent before any data is collected and such data must be collected and processed in a lawful manner, and the purpose for which such data is collected must be communicated to the data subject. Data Controllers are required to display on any medium of data collection, a conspicuous, intelligible and clear privacy notice. This notice informs data subjects of how their data is collected, used, retained, and disclosed.

In conclusion, the NDPR 2019 alongside other legislation regulates the protection of personal data in Nigeria. It ensures that individuals and organisations alike adopt the best practices in securing their personally identifiable information against risks and threats. Organisations that do not comply with the requirement of the regulation are liable to sanctions/penalties as prescribed in the Regulation.

Clauses to look out for in Your Technology Contracting Agreement

Clauses to look out for in Your Technology Contracting Agreement

The crux of a contract/agreement is the fact that it sets out the obligations, responsibilities, and expectations of parties to the contract, and governs the relationship between the parties, including setting forth the consequences of a breach and how conflicts may be resolved. Despite the fact that there’s been a call for the minimal use or total elimination of legal jargons in contracts, a typical tech contracting agreement should contain some of the following elements: 

  1. Scope of work

Every contract should set out the scope of work for which the employee is employed to perform. It should reflect and be clear as to the specifics of the work you’re employed to do. The scope of work clause is the most important section of the contract because it provides the details of what you’re employed to do. The scope of work would cover your job description, your deliverables and the specific objectives the project you’re employed to work on.  The scope of work clause may also cover the estimate of length of contract, including a timeline for project milestones, with details as to what each milestone actually involves, and the dates when the milestones should be delivered. Why it’s important to look out for this clause is because its absence could give your employer the leeway to burden with workload that could be outside your scope of work. It is also possible that the absence of this clause can limit ptogesssion and recognition since you do not have deliverables and milestones clearly spelt out. 

It is possible that along the way  they could be changes to your scope of work. It’s good practice to given your employer one free revision over your scope of work, and subsequently charge them for other revisions. 

  1. Term and Termination  clause 

A tech contracting agreement should specify the date when the agreement begins and when it ends. The agreement could also mention the conditions that may warrant an extension of the term of the contract. Your tech contract should also outline the events that would lead to a termination between both parties. It should also stipulate the length of notice required for a termination, and what would be obtainable in the absence of the required notice.  

  1. Payment/remuneration 

Your tech contract should contain the salary as negotiated between you and the employer, and the mode/manner of payment. Where the employment is of such nature that your payment/remuneration would be based off on key performance Indicators, it is important to ensure that objectives or targets needed to meet these key performance Indicators are clearly stated and defined. 

  1. Limitation of liability

A limitation of liability clause helps to manage risk in a contract. In a tech agreement, it limits the amount one party has to pay to the other party in case the party suffers loss due to unforeseeable damages in the technology, leading to the breach of contract. The clause generally has two components: Liability Cap and Exclusion of Liability. This clause is important and should be present in your tech contracting agreement. Parties would usually agree on the amount of maximum liability attached in case of a breach of contract. It is important that this clause is not so generic and should specify which liability it may exclude due to consequential damage. 

  1. Restrictive clauses and covenants 

It is very common to find restrictive clauses like non-compete and clauses governing intellectual property in a tech contracting agreement. Restrictive clauses become operative after termination of the employment and they exist to protect the business and clients of the employer. Sometimes, these clauses can impact future job opportunities in situations where you are prohibited from working with competitors in the same ecosystem for certain years. It is advisable to renegotiate some of these terms, where possible so they don’t hamper your progression in your field. 

Intellectual property rights are typically contained in all types of contracts. For a tech contract, most of the rights are kept by the employer, but there may be certain rights granted to the employee under the technology contract. An employee would usually sign a non-disclosure agreement. While this is good practice, it is important to take steps to ensure that your right of innovation and intellectual property rights are safeguarded under your tech contracting agreement.  

  1. Force Majeure clause

A Force Majeure clause (French for “superior force”) is a provision that allows a party to suspend or terminate the performance of its obligations when certain circumstances beyond their control arise, and makes performance inadvisable, commercially impracticable, illegal, or impossible. It is important that this clause is included in your agreement, with the critical indicators or circumstances clearly defined.