MHC Tech Law: Commercial law review 2016

16 Jan 2017

Image: Gajus/Shutterstock

The team at Mason Hayes & Curran reviews the main events of 2016 and the impact they had on the world of tech law, while noting the future trends of 2017.

There were some important developments in the privacy, technology and intellectual property sectors in 2016. The introduction of a new way to transfer data between the EU and the US, known as the ‘Privacy Shield’, now fills the void created by the invalidation of the previous ‘Safe Harbour’ regime.

In a similar vein, preparation for the adoption of the new European General Data Protection Regulation (GDPR) is ongoing and affecting thousands of businesses.

Brexit will force many UK and Irish businesses to re-examine their IT and commercial contracts.

2016 also saw new laws and court rulings from Europe impacting the areas of e-signatures, the digital economy and the resale of software.

Key topics in 2016 included:

1. EU-US Privacy Shield and introducing the GDPR

Privacy Shield

In July 2016, the European Commission adopted the replacement for the EU-US Safe Harbour scheme, the so-called ‘Privacy Shield’. This is the new, EU-approved mechanism for the transfer of personal data between the EU and the US. The Shield framework seeks to protect the fundamental rights of individuals whose data is transferred to the US and to provide legal certainty for businesses.

While businesses can self-certify with the US Department of Commerce, the Shield imposes greater obligations on them and provides for stronger monitoring of, and enforcement against, participating companies by US authorities. In addition, EU concerns over US surveillance have been addressed through commitments and written assurances made by US authorities, and by reforms in US surveillance laws.


The European GDPR will replace the current EU Data Protection Directive in May 2018. The GDPR will comprehensively regulate data protection throughout the EU, with the exception of data processed for law enforcement purposes. It builds upon familiar concepts and rules in the existing EU Data Protection Directive, but in many ways it goes further; having a wider scope, raising standards and increasing sanctions.

As the GDPR will capture both data and companies that previously fell outside the realm of EU data protection regulation, and impose extremely high potential fines, many businesses have spent 2016 busily preparing for the introduction of the GDPR and making their internal processes compliant.

2. E-sign on the dotted line: New rules on electronic identification

In July 2016, a new EU regulation establishing electronic identification and trust services for electronic transactions kicked in. This regulation, known as eIDAS, repealed the existing EU Directive for electronic signatures that had been in force in Ireland since 2000 through the Electronic Commerce Act.

The new regulation directly applies across all EU member states and does not require national law to implement it. It aims to provide a harmonised regulatory environment and encourage user convenience, trust, and confidence in digital transactions and interactions.

3. What does Brexit mean for IT and commercial contracts?

The United Kingdom’s vote in June 2016 to leave the European Union dominated news headlines for much of the year. The UK and remaining member states of the EU will soon commence a series of complex negotiations to determine the terms of the UK’s formal withdrawal.

While the exact nature of the UK’s future relationship with Europe remains uncertain, businesses need to develop a legal strategy to manage the inevitable disruption resulting from the UK’s intention to trigger Article 50 and leave the EU. For example, Brexit will affect three key provisions in most IT and commercial contracts: termination, governing law and data protection.

4. EU Court: When can you resell software?

There was an important European case in 2016 in the context of software. The Court of Justice of the European Union (CJEU) was asked to determine whether a resale of used copies of computer programmes was lawful. The defendants in the case argued that the principle of exhaustion of the distribution right permitted them to resell a copy of a program on a non-original material medium, such as a floppy disk. The CJEU confirmed that the lawful initial acquirer of a copy of software, accompanied by an unlimited user licence, can resell that copy and his licence to a new licensee.

However, this does not apply if the original material medium of the copy that was initially delivered to him has been damaged, destroyed or lost. In other words, the initial acquirer cannot provide his backup copy of that program to a new licensee without the permission of the original rights holder.

What’s on the horizon for 2017?

2017 is set to be another big year for technology, data protection and intellectual property law.

The EU will continue to implement its Digital Single Market Strategy and proposals banning geoblocking of content will be in the legislative pipeline.

We are also likely to see organisations continue preparing for the implementation of the European GDPR and seeking professional guidance on GDPR compliance. Given the increasing interest around the internet of things (IoT), and in particular the privacy and security challenges inherent in IoT devices, we expect it will be a busy year for EU data protection authorities, seeking to balance the interests and rights of businesses and consumers.

The content of this article is provided for information purposes only and does not constitute legal or other advice.

Tech Law is a weekly series brought to you by Irish law firm Mason Hayes & Curran, whose legal tech team advises the world’s top social media organisations and emerging start-ups. Contact a member of the MHC Technology team or visit for more information.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.