AI solutions for after-"Schrems II" turmoil
As you are all aware, the intersection of law and technology inevitably involves privacy and personal data protection issues. The recent judgement of the Court of Justice of the European Union (CJEU) in the “Schrems II” case on July 16, 2020, has shaken the global IT landscape. There have already been many publications regarding this judgement, but I would like to look at it from another perspective, which is the huge challenge for the legal departments and law firms around the world, to identify areas, where this judgement has an impact.
Since the judgment discarded the mechanism of the so-called Privacy Shield entirely and upheld the validity of the Standard Contractual Clauses (SSC), the mechanism of SSC seems to be one of the alternatives, which should be taken into consideration (without going into details). The invalidity of the Privacy Shield, which was commonly adopted by many companies requires EU companies to immediately review their agreements with vendors from third countries and renegotiate them. There are also other organizational challenges to immediately review and amend privacy notices or consent form.
This situation is a perfect use case for some of the Legal Tech tools, which are already available on the market. The combination of a contract management system and an AI-based contract review software may enable the review of a large set of documentation in a much shorter time, than when it would be reviewed by lawyers manually. Software such as Kira, eBrevia or Luminance, which utilize AI and Machine Learning to extract key data from a huge set of documentation, has been designed to assist lawyers in such situations. Having the right contract/document management system to store and quickly extract privacy documentation is no less important.
It is worth noting, that there is already an interesting tool, designed to review data processing agreements, developed by an innovative Swedish law firm Synch. Their DPA AI utilizes deep learning to review DPA in seconds and provides compliance report, which states which part of the DPA is not compliant with GDPR along with suggestions how to cure this non-compliance.
Another example of a tool, which may be helpful in such a case is SlothEye, which I mentioned in one of my last articles, as one of the most interesting Legal Tech startups in Central Europe with global aspirations. SlothEye team has also indicated after-Shremms II turmoil as a great use case for their software (Read here).
The views and opinions expressed in this article are those of the author's and shall not be deemed as an official position of any company or organization with which the author is associated with.