The Top Investors in African LegalTech Startups

The Top Investors in African LegalTech Startups

By Eliz’beth Layeni 

The legal industry has been known to be one of the few professions steeped in tradition. However, ever-evolving technologies and more particularly the pandemic has caused most law firms to adopt technologies in a bid to maintain their competitiveness. Legal technology, also known as Legal Tech, refers to the use of technology and software to provide legal services and support the legal industry. Legal tech in Africa is aimed toward two general directions: access to justice for low-income legal services consumers who cannot afford legal services as priced; and legal operations tech for firms to offer their services faster and more efficiently with the advantage of a reduced cost. While there is quite an impressive number of investors in the tech startup ecosystem in Africa, the legal tech ecosystem involves a high risk due to low demand from high-value consumers which subsequently results in low investor attractiveness. Currently, there is no reporting on legaltech-specific funding. Legal tech entrepreneurs have sought funding through existing funding channels and mechanisms in the startup ecosystem generally. We will examine some of the funding channels and/or investors in Africa that have invested in a legal tech startup: 

  1. HiiL Justice Accelerator

The Hague Institute for Innovation in Law (HiiL) has been credited with providing acceleration for justice innovations in Africa. It is the only startup program and innovation ecosystem builder in the world entirely dedicated to access to justice. It has supported over 120 justice startups globally. Startups such as DIYLaw in Nigeria, KYR Africa in Kenya, and LegalFundi in South Africa have benefitted from HiiL’s accelerator program. Entrepreneurs that have a justice innovation and are ready to scale and grow can apply for the HiiL Justice Accelerator program that offers seed funding, training and coaching. 

  1. Imvelo Ventures 

Imvelo Ventures is a Venture Capital and growth equity firm in South Africa managed by Capitec Bank. The Company focuses on innovation-driven ventures and entrepreneurs. The company has invested in the South African legaltech startup – Cliqtech. In 2021, it was reported that the Company invested in Legal Lens and BriefCo – both legal tech startups owned by Catherine Paulse and Yusha Davidson.

  1. Cataclysm Ventures

Cataclysm Ventures is the world’s first and only syndicate focused on investing in legal technology startups in EMEA and APAC regions. They invest primarily in the pre-seed and seed stages and across all areas of legal tech. The syndicate operates an opt-in model where investors can opt into any deal they wish. Once agreeing on how much investors want to put into the deal, an SPV (special purpose vehicle) will be created. The syndicate has an advisory board of industry experts that provides support in vetting deals. Investors who are interested in investing as part of the syndicate can do by so filling out a form on the syndicate website. Legal tech startups can also send their pitch decks to the syndicate for an investment opportunity. 

It will be great to note that outside the African continent, the legaltech ecosystem has had a good track record of investment and fundraising from investors – angels and VCs alike. For us to have a similar track record, there are quite a number of things we must get right, and until we do so, we may not be able to get the investor attractiveness we need.

3 THINGS YOU SHOULD KNOW BEFORE ENGAGING A TECH LAWYER

Technology has become an essential part of our lives. It is weaved into almost every aspect of our human endeavours. The introduction of new technologies has birthed a new specialisation: a tech lawyer. Technology law deals with the intersection of business law, commerce and regulation and lawyers in this field are, in addition to a number of other things, responsible for helping startups and businesses use and implement technology in their businesses in a way that is compliant with the law. They provide comprehensive legal services that include commercial law, intellectual property law and strategic transactional advisory. 

Lawyers are an integral team of any business. A lawyer will provide vital assistance to your business from basic formation to compliance issues and even lawsuits and liability. A good lawyer can help you grow your business while a bad lawyer can mar your business. How do you choose the right lawyers for your business? The trick to choosing the appropriate lawyers boils down to a combination of many factors. While we have explored three basic things you should know before you hire a technology lawyer, please note that this is not an exhaustive or one-shoe-fits-all approach to hiring a tech lawyer.  

  1. Understand that speciality matters –  Like professionals in every other field, lawyers tend to specialise. Depending on the particular need of your startup at a point in time, it is important that you hire a lawyer who understands and has advised companies a number of times around your legal needs. You want a lawyer who is competent, responsive, and experienced with the types of legal issues you will need help with. Referrals are often the best place to start. Be wary of a lawyer who does not seem to speak the language of your business.  A general counsel may not be able to provide you with a boutique advisory for your startup financing when compared to a tech lawyer who has closed various venture deals. This knowledge that speciality is of utmost importance will guide you in hiring a lawyer that is most suitable for your company’s needs. There is no gainsaying that it is also crucial that you hire a lawyer who is licensed to practice in your jurisdiction.
  1. Hiring tech lawyers are expensive – Because the tech ecosystem is booming, the hourly rates of lawyers are high. Lawyers generally charge in one of three ways for their services – hourly, a flat fee, or contingency (percentage). Depending on your budget, it is important to keep in mind that the legal fees of tech lawyers are relatively high. There is a famous analogy making the rounds that tech is the new oil and consequently tech talents and related personnel are expensive given the demand. One factor that largely determines the cost of legal services is the complexity of your legal issue. It is extremely important to understand the fee structure of the lawyer you’ll be hiring, the time that will be spent on your legal issue and the expenses involved. As practicable as possible, it is advisable to hire a lawyer that falls within your budget and existing resources.
  1. Understand the scope of services that will be provided to you – Generally, a lawyer is often engaged to provide specific services to the client for a period of time. The only exception to this will be where the lawyer is retained as an in-house counsel – these are lawyers retained to handle a range of legal issues affecting the company. The engagement letter signed between the lawyer and the client is typically what determines and outlines the services the lawyer is required to provide to the client within a given period of time. Except for services specifically covered under your engagement letter, it shouldn’t come as a surprise when a lawyer quotes new fees for certain services.

Hiring the best-fit lawyer is essential to ensure you get the best result from your legal issue/need. These basic factors should be able to guide your choice and decision when hiring a technology lawyer for your startup.

TOP 10 BOOKS FOR THE TECH-SAVVY LAWYER

To better understand the dynamics of legal technology law and hone your skills as a tech-savvy lawyer, we suggest reading the following books:

  1. Technology Law by Mark Grossman

Mark Grossman offers readers the chance to learn a lot things about technology law in this book. If you’re a business person who wants a good overview of technology law, this book is for you. If you are a law student considering a specialty in technology law, this book will give you an easy-to-read overview of what technology lawyers do. Whoever you are, we recommend reading this book as it will give you an excellent overview of the field of technology law. 

  1. The Legal Aspects of Managing Technology by Lee B. Burgunder

The author focuses on essential technology law issues with particular attention given to a wide variety of contentious issues related to intellectual property rights, and the coverage of all other key topics such as e-commerce, privacy, antitrust and biotechnology. The purpose of the book is to help managers to understand the main legal issues related to technology management. 

  1. The Simple Guide to Legal Innovation: Basics Every Lawyer Should Know by Lucy Endel Bassli

Author Lucy Endel Bassli provides details on the legal ecosystem, the rise of legal operations (or legal ops), top innovation concepts lawyers need to know and more. For lawyers who are enthusiastic about responding to the demands of the twenty-first century legal marketplace, then this book is a must read. 

  1. Law and the Media by Tom Crone

This book covers the principles of law that are most likely to interest persons in the media, as well as guidance on the legal issues that are being debated such as the new forms of media, the Human Rights Act 1998, and the contentious issue of privacy. It is a valuable resource for individuals working in the media such as journalists, editors, producers, and media lawyers who must deal with a variety of legal difficulties. 

  1. Dispute Revolution by Kleros.IO

This book examines how justice systems have functioned throughout history, from ancient times to the present, and then uses cutting-edge technology to predict where they might be headed. The book aims to find out if decentralized justice solves a problem, and if it is possible to provide users with the appropriate incentives for users to be truthful. 

  1. Media, Technology and Copyright: Integrating Law and Economics by Michael A. Einhorn

Media, Technology and Copyright is an interdisciplinary work that applies economic theory to key issues in intellectual property law. The book’s chapters involve issues on digital rights with topics related to software, databases, and cyber-law, including digital rights management, file-sharing, music licensing, deep linking, framing, and contributory intelligence. 

Written in a non-technical language for an inter-disciplinary audience of lawyers, economists, students, artists, and professionals in the content industry, the book provides a comprehensive study for anyone interested in the issues surrounding intellectual property rights. 

  1. Understanding Privacy and Data Protection: What You Need to Know by Timothy J. Toohey

The author explores numerous topical issues and controversies, including the impact of U.S. government surveillance on privacy, biometric identifiers, cloud computing, the Internet of things, big data, and privacy by design. The book also provides a guide to the current cybersecurity landscape, including the significant impact of unauthorized data breaches, such as hacking attacks, on businesses and individuals. This non-technical book also describes some of the practical steps that may be taken to protect privacy and security, as these fields continue to evolve.

  1. FinTech Law: A Guide to Technology Law in the Financial Services Industry by Kevin C. Taylor

This book will serve industry professionals, technology law attorneys, entrepreneurs, technology vendors, and investors and venture capital groups in understanding the current state of the industry and the gap between regulatory and technological growth.

  1. The LegalTech Book: The Legal Technology Handbook for Investors, Entrepreneurs and FinTech Visionaries written by Susanne Chishti (Editor-in-Chief), Sophia Adams Bhatti (Editor), Akber Datoo (Editor), Drago Indjic (Editor)

Written by prominent thought leaders in the global fintech and legal space, the book explains key industry developments, and offers critical insight from the authors’ first-hand information and lessons learned. The book covers topics on the current status of LegalTech, applications of AI, machine learning and deep learning in the practice of law, cryptocurrency, cybersecurity and data, and many more. 

  1. Law and Autonomous Machines by Mark Chinen

This book lays forth a potential path for the co-development of legal responsibility and artificial intelligence, as well as the machines and systems that are powered by it. Scholars and practitioners of legal doctrine, ethics, and autonomous technology will find this book to be an invaluable resource. 

The importance of Privacy Policies and what should be included when writing one

A privacy notice or privacy information is a statement and a legal agreement that gives people vital information on their personal data and its processing. In doing so, it informs the data subjects of their rights and how their personal data is being collected, used, shared, stored, etc. Your privacy policy must be easily accessible and written in clear and straightforward language that can be easily understood by anyone.

Why You Need A Privacy Notice;

Privacy notices are a requirement of the law. The General Data Protection Regulation, as well as the National Data Protection Regulation (NDPR) mandates all data controllers and processors to provide the data subjects with a privacy notice prior to collecting their personal data. A data controller is one who determines the purposes for which Data will be used. So, if you have a website or an app(mobile or web) that collects personal information from its users, you are required by law to have a privacy policy. Apart from being a requirement of the law, a privacy notice creates a level of trust between a user and an organization.  

What To Include In Your Privacy Policy? 

  1. Information about your organization – It is good practice to include relevant details about your organization in the privacy policy. 
  2. The information you collect – Your privacy notice should outline the specific type of personal information you collect. This is because the definition of personal data is broad. In addition to stating the type of information being collected, your privacy notice should also include the sources from which the personal information of users is being collected/obtained, e.g., contact forms or from the collection of IP addresses and user’s location.  
  3. The contact details of a data protection officer in the organization – This person is responsible for overseeing the organization’s data protection strategy and ensuring compliance with the requirements of the law. The officer also serves as an interface that handles complaints and enquiries from users with respect to the organisation’s data processing measures. 
  4. Lawful basis for processing data – The law provides that organisations can only process personal data if there is a lawful basis for doing so. The lawful bases recognised by the law are:
  • If the data subject gives their explicit consent or if the processing is necessary;
  • To meet contractual obligations entered into by the data subject;
  • To comply with the data controller’s legal obligations;
  • To protect the data subject’s vital interests;
  • For tasks carried out in the public interest or exercise of authority vested in the data controller; and 
  • For the purposes of legitimate interests pursued by the data controller

Your privacy policy should specify which of the bases you are relying on for processing the personal data of users.

  1. Retention period – The law states that the personal data of users can only be retained for as long as the legal basis for processing is applicable, and in other situation, it specifies a maximum period for the retention of personal data. A privacy policy should specify the relative number of years for which personal data of the users will be retained.  
  2. Third parties with whom you share the personal data of users – Your privacy policy should state whether or not you will be sharing the personal data of users with third parties. 
  3. The rights of the data subject – Data subjects have rights under the law. It is imperative to include these rights in your document. Data subjects have the right to:
  • to obtain information on the processing of their personal data of access to their data;
  • to rectification of their data;
  • to the erasure of their data and to be forgotten;
  • to restrict the processing of their data;
  • to data portability;
  • to object to the processing of their data; and
  • not to be subject to a decision based solely on automated processing;

If you are yet to have a privacy policy on your app or website, now would be a good time to do that, and yes you should reach out to a Lawyer to help with your privacy policy.

Some Things You Should Know About Data Privacy And Security In Nigeria

Considering how the internet has made things a lot easier for the humans, personally identifiable information among other things are exchanged in cyberspace to aid seamless conversations and processes. People divulge their personal data when visiting websites, purchasing products, or even signing up for services. Putting out personal information could open up room for theft and other crimes that could potentially harm not just individuals but organizations as a whole.

Given several privacy breaches in Nigeria such as the case between NITDA and Truecaller, and the famous Facebook-Cambridge Analytics Data Privacy Scandal, the need to protect personal data cannot be overstated. This has prompted the implementation of various laws/legislation such as the Nigerian Data Protection Regulation (NDPR) 2019, Cybercrimes Act, and the General Data Protection Regulation 2018 to mention a few.

The overall legislation that extensively touches on data security in Nigeria is the NDPR 2019. It is in consonance with global best practices and standards and it regulates data protection and security in Nigeria. The Nigerian Information Technology Development Agency (NITDA) is the regulatory institution responsible for implementing the provisions of the NDPR 2019. The Regulation applies to residents of Nigeria, citizens of Nigeria residing outside of Nigeria, and organizations that process the personal data of such individuals. Other laws regulating data privacy and security in Nigeria include The Freedom of Information Act 2011, The Child’s Rights Act 2003, The Federal Competition and Consumer Protection Act 2019 to mention a few. The NDPR touches on the principles of data processing, the requirements of Data Compliance Officers, the requirement of data subject’s consent for collecting and processing data, requirements for the international transfer of data, rights of data subjects, and prescribes penalty for non compliance with the regulation.

Data Controllers: These are organizations or individuals who determine the purposes for which data will be used. They are required to develop adequate security systems including measures for protecting systems from hackers, firewalls, and employing data encryption technologies to protect data within their custody. Personal Data must be collected and processed in accordance with a specific, legitimate and lawful purpose consented to by the Data Subject. It must also be adequate, accurate, and without prejudice to the dignity of the human person; stored only for the period which it is reasonably needed, and must be secure against all foreseeable hazards and breaches. When a breach occurs, data controllers are to report such breach to the NITDA within 72 hours of becoming aware of the breach.

Data subjects must consent before any data is collected and such data must be collected and processed in a lawful manner, and the purpose for which such data is collected must be communicated to the data subject. Data Controllers are required to display on any medium of data collection, a conspicuous, intelligible and clear privacy notice. This notice informs data subjects of how their data is collected, used, retained, and disclosed.

In conclusion, the NDPR 2019 alongside other legislation regulates the protection of personal data in Nigeria. It ensures that individuals and organisations alike adopt the best practices in securing their personally identifiable information against risks and threats. Organisations that do not comply with the requirement of the regulation are liable to sanctions/penalties as prescribed in the Regulation.