This is an important point, although I can imagine AI could be trained to spot things that don't belong or are unusual provisions in an NDA. This may be what you're getting at, but it's easy in a contract review to focus on reacting to what's there and it's harder to know what's missing. An NDA is a relatively simple, cookie-cutter types of agreement with widely agreed elements. Other agreements not so much. How would AI figure out what's missing?
That's an important point, but I assume an AI would use some sort of checklist, perhaps seeded by human lawyers, to spot expected-but-missing provisions.
51-156 minutes is crazy to review an NDA. If an NDA is well drafted, I can do it in about 10 minutes. If it's a bit of a mess, maybe 30 min. If it's worse than that, I can assess that in about 5 minutes and propose using a better form.
I am a transactional lawyer and I definitely would find value in an application that could issue spot an agreement in seconds. That said, just yesterday I spoke on a panel on the topic of how things can go wrong in a contract. We spent the majority of time talking about the dynamics and challenges that exist outside the agreement in the process of trying to memorialize the parties’ intent in a clear, concise, precise and reasonably complete manner. There are often significant challenges in terms of clearly obtaining the intent and relevant issues from the various stakeholders. And there are dynamics like relative negotiating leverage and psychology or other issues that can drive what the deal will look like regardless of pure legal issues. Also, since one never starts with a blank page, there is the contract template one starts with that must be evaluated against all this – what stays, what goes, what must change and how. Navigating these requires intangible skills, instincts, sensitivity to human dynamics, etc. It’s very much a human endeavor. So a key question is to what extent AI could help with all of these external issues. I have to think that’s much farther down the road. But having help assessing purely legal issues within the document would be a great supplement.
A buddy of mine is a wealth manager. His opinion is that this guy obtained significant ears because he predicted and profited off the '08 crisis, but that overall he's a
a bit of a "clown". As linked below, his main fund has a 10% performance of -6.45% and he's basically always bearish.
Is your buddy one of the very few beating the market or is he one of the many with clients who would be better of just tracking the S&P 500? Because if the latter, he is just as much of a clown, just one whose strategies by accident happen to be less bad for their clients.
The number of ‘wealth managers’ who add value for their clients (which can also be done by reducing risk in exchange for lower yields or in several other ways) is very small and the remainder are leeches.
Here is a great article by one of the top EU privacy attorneys out there explaining the interplay of the ePrivacy Directive (which governs use of cookies) and the GDPR, which often get confused. https://privacylawblog.fieldfisher.com/2018/gdpr-plus-e-priv...
The cookie banners are required by the ePrivacy Directive, not the GDPR or its predecessor, the Data Protection Directive. ePrivacy has been around for years. Directives are EU-wide “directives” to each member state (country) to enact their own version of it. Therefore, both ePrivacy Directive and the old Data Protection Directive resulted in varied laws from country to country making compliance a challenge. Part of the purpose of the GDPR was to create consistency by replacing a directive with an EU-wide regulation. They have the same plan for ePrivacy and already have published an ePrivacy Regulation for review and comment. The ePrivacy Regulation was supposed to be passed at the same time as the GDPR, but they’re behind so people are expecting it in 2019. There is a recognition that the cookie banners have been a failure, and it is expected the ePrivacy Regulation will get rid of them (but there will still be TBD consent requirements around use of cookies).
There is much confusion. Cookies are governed by the ePrivacy Directive, not GDPR. ePrivacy regulates email, phone, text and other communications – not personal data per se. It prohibits setting a third party cookie on a device without first getting consent. It also requires consent for email marketing, which, when collected in the context of a sale to a customer (and some other restrictions) may be opt-out (this is often called a “soft opt-in”). Otherwise, the consent must be opt in. This is getting confused with the GDPR.
Both in how companies are complying and in the public discourse, I’m seeing a jumbling of ‘consent’ and ‘notice’ that doesn’t align with my understanding of the intent and reading of the law. Under the transparency principle (Art. 5) and disclosure obligations (Arts 13 and 14), there are a variety of things that must be disclosed to a data subject at time of collection. See https://gdpr-info.eu/ for easy access to the law’s text. That’s what privacy polices (increasingly called privacy notices) are generally used for. Many companies are trying to either make you click something to prove they’ve notified you or add language to the notices saying “by using this site, you consent to this privacy policy”, which is a form of ‘consent’ they are deciding to collect themselves. Separately, a controller is supposed to have a legal basis for processing personal data (Art. 6). Consent of the data subject is only one of six legal bases. Legitimate interests of the controller is the other common basis for a business and is expected to be relied up on increasingly since the GDPR makes collecting valid consent harder and it has the downside that it must be tracked and can be withdrawn (which also must be tracked). Consent as a basis is not allowed to be buried in a privacy policy. It must be called out separately with a separate consent for each purpose the data will be used for on an opt-in basis. The policies and these consents all are supposed to be presented in as simple and plain English as possible and it’s encouraged to use layered notices/policies to convey quick summaries with an ability to drill down. To add to the complexity, email marketing is governed by the ePrivacy Directive (responsible for the cookie banners) and requires consent. Each country has its own enactment of ePrivacy so compliance is very complex. Also, under the GDPR, a data subject has an absolute right to object to direct marketing regardless of the basis being relied upon. Much of this flurry of email privacy policy updates and/or consents to marketing are conflating ePrivacy and the GDPR. What I see right now is a bit of a mess as companies try to figure out what compliance looks like and balance full disclosure (transparency) with simple, easy, plain English disclosure.
I'm an attorney leading (from a legal standpoint) a SaaS provider's GDPR compliance effort. There most definitely is an administrative burden (setting aside whether you think that burden is merited). The SaaS provider is acting as a processor for its business customers (so fewer obligations than if it were controller) and there are many admin requirements. The GDPR is an accountability framework and one must be prepared to demonstrate not just compliance but often how one got to the compliance decisions they landed on. One must maintain processing records, implement DPA's and a variety of other things. The GDPR is not a privacy law, it's a data protection and personal rights law, which is much broader.
