A Law Lesson From Harry Potter

Recently, I caught up with a classmate from my alma mater, the National Law School, who was visiting London. We spent the evening ruminating over the last two decades we had spent in the legal profession. My classmate bought the first round to celebrate his recent appointment as the global general counsel of a large conglomerate, which includes numerous technology and technology-enabled services companies.

The question we considered was: Would we have been better off going to Hogwarts (the School of Witchcraft and Wizardry from the Harry Potter book series) rather than to law school? Could an Albus Dumbledore-equivalent have equipped us better with spells such as Wingardium Leviosa¹ or Expelliarmus² had we been taught Defense Against the Dark Arts or Divination, rather than three courses of constitutional law or two courses of administration law at law school, where like so many other lawyers we had spent coffee-powered all-nighters learning spells of res ipsa loquitur and trying to figure out the differences between ratio decidendi and obiter dicta?

1 Makes an object levitate
2 Knocks an object such as a weapon or wand out of an opponent’s hands

As the discussion progressed, we wondered to what extent a general counsel is required to be a clairvoyant wizard or soothsayer. How often do we need to be mindful of a potential risk? The reality is that the general counsel role has changed and today it requires responsibility for ensuring stakeholders are fully aware of all business risks, both present and future. In a way, we are often required to predict the future. However, the problem is that lawyers, just like doctors, rely on past events to predict future problems. Just as a doctor would recommend vaccination and inoculation based on their analysis of past symptoms of a disease, the in-house lawyer often uses past disputes, regulatory actions and controversies to predict future risks. Here is where precedent plays such an important part of what in-house counsel rely on in performing their jobs.

The key challenge that we identified in the IT and technology-enabled business services sector is that there has historically been (a) an absence of litigation, as most controversies and disputes get settled behind closed doors as stated in most IT and business services contracts; and (b) over the last 20 years, the industry has self-regulated by adhering to its own code of practices, which lead to the relative absence of regulatory oversight. Given these two factors, we agreed that it is difficult for lawyers to accurately predict the next controversy or potential risks in the world of technology and technology-enabled services. So the question facing the in house lawyer is: Which teacup or crystal ball can one gaze into in order to predict the next big storm? What could we learn from the past debacles of other industries?

As the evening progressed, my classmate and I started to reflect on the risks posed by the lack of a dedicated regulator overseeing the IT and other technology-enabled business services companies. The reality is that most aspects of modern life are affected by regulation. Regulation influences how people and societies eat, drink, travel, work, play. and generally. This is true for less developed as well as advanced economies. The strategic importance of regulation in daily life is increasing rapidly in all countries around the world as the effects of globalization and dynamic technological development grow in their extent and intensity, and national economies and societies become more interconnected and interdependent.

We started to discuss the recent deliberations at the World Economic Forum in Davos that has produced an interesting line of thought, one that to our minds affects the in-house legal departments of IT services companies. The question relates to self-regulation and its effect on the sector. Some of the largest and most valuable companies in the world today are technology companies. The technology sector has grown in a laissez faire environment that results in an absence of industry-specific regulations. Much of the industry today operates largely through self-regulation and contractual obligations undertaken on behalf of their clients.

Given the amount of economic activity and commerce generated by these IT companies (which is similar in scope to that of the banks and financial institutions), and their corresponding impact on world trade and the world economy, a parallel can be drawn between these two industries when it comes to the size of these companies and their impact on our daily lives.

The banking crisis of 2008 that shocked markets caused the largest bankruptcies in history, and plunged a host of national economies into a deepening recession that shattered the illusory promise of the finance sector leading late-modern capitalism. Today we find that future generations are burdened with horrific levels of debt as political leaders in countries across the world scramble to cobble together various rescue and bail-out packages underpinned in several instances by dubious methodologies and assumptions, in desperate attempts to instill higher levels of investor confidence and get credit markets moving again. Many have argued that it was the lack of effective regulatory oversight that led to the global meltdown. Large and powerful financial institutions had complex and dubious commercial practices that escaped the regulatory dragnet. It was argued at Davos that, because of the banking crisis, there should be stronger IT industry specific regulators to monitor and control these powerful companies and their activities.

One of the reasons why technology companies have grown so tremendously over the last decade is because of their impact on our everyday lives. In many areas these companies have changed the way we live and how business is conducted. There are many ways that the economic activities of these companies impact every day life and commerce. I often order groceries thousands of miles away through a few clicks (and at the lowest price) while on holiday because I know that when I return I need to feed a bunch of hungry kids. It is well known that consumers today indulge in window shopping, and once they see something that they like they pull out their smart phones to search for a better deal on Amazon and dozens of other apps. Similarly, in cities across the world people have stopped struggling, negotiating and begging with licensed taxi drivers to take them to the destination. Apps such as Uber and Lyft have diluted monopolies through clicks. Drivers of today, in addition to providing you a decent service, go the extra mile to earn positive feedback, which was unheard off under the taxi regime. However such forces disrupt the existing order and the manner in which business is conducted. A recent controversy erupted in New Delhi where an Uber taxi driver raped a woman. That led to numerous reactions from regulators who wanted to regulate the company (Uber argued it was not a transportation company and therefore not subject to regulation) and ultimately caused Uber to suspend its services in the Indian capital. On the very same day, the Thai government banned Uber from operating in Thailand and imposed stiff financial penalties on drivers who use personal vehicles for commercial use. Similar bans have been imposed in Spain, and regulatory action is being considered in numerous other countries.

The question for general counsel in the technology sector is: Are we a hair-trigger away from the next controversy? Will it lead to a slew of controls being imposed by powerful regulators or the creation of an industry-specific supra regulator? What would be the impact of such a measure on the industry? History has taught us that the actions or inactions of the weakest link in the industry often trigger regulatory action. We certainly witnessed that in the banking and finance sector over the last few years.

At Davos, business leaders of large technology companies were warned that the disruptive nature of the sector and its impact on everyday life could potentially suffer the same collapse in reputation as some large banks endured in recent years unless they rapidly change their policies and approaches. This warning was directed at the influential heads of technology companies, such as those in Silicon Valley, who were told that they need to recognize that self-regulation would not be sufficient to stave off public alarm about issues such as privacy, taxes and antitrust.

In Europe, as in many other parts of the world, there has been a growing acrimony toward several such large technology companies. Amazon, Google and Facebook have come under severe criticism related to taxation and protection of data. European Parliament is investigating Google for antitrust violations. On another front, the UK information commissioner undertook regulatory action against Google because Google’s Streetview vehicles harvested geographical information about the location of various Wi-Fi networks, which led to Google being asked to sign up to undertakings. Uber, the taxi app company, has also faced protests from different groups across Europe. It could be argued that there has been a growing trend of such regulatory actions.

The banking crisis over the last five years has shown the world that trust in large institutions can diminish very rapidly when deteriorating market confidence affects their ability to raise capital and do business. Recent events have shown — and regulators take this view — that the economic activities of such large companies could adversely affect the fabric of the world economy. The collapse of Lehman Brothers and their fallout was well documented. The surviving financial institutions and the entire banking sector have been in the glare of the public eye and are subject to significant regulatory oversight.

While self-regulation has been a common practice up until now, the question for general counsel and in-house legal departments of IT companies is whether self-regulation could end up triggering the downfall of the industry.

With the new European data protection directive on the horizon, most in-house teams are trying to grapple with the implication of such potential changes. These rules have been so long in the making that many wonder what shape the final regulation will take. The question also arises whether such regulations will be effective in addressing the industry’s challenges, which will only grow in the future. However, it is increasingly clear that many of these technology companies that relied on their clients to regulate them will need to amend their position. In the future it is well possible that such technology companies that process such data may well have to amend that position, where they will directly come within regulatory purview.

I am not advocating that the industry today needs powerful regulators. However if I were a betting man, I would wager that in the next few years we will witness existing regulators using more regulatory controls and potentially an industry-specific regulator that dictates how the industry operates. In-house legal departments should brace themselves for such an eventuality. Such changes will probably gun for greater accountability for senior officers of the company. Could this lead to a suspension of a license to operate? Or could the company be liable for fines (a time-trusted mechanism adopted by regulators)? It is a little difficult to predict such measures, let alone guess at their consequences.

Many technology companies have already diversified into financial products and hence are already subject to stringent regulations where the board and senior officers of the company remain responsible to the most stringent regulators in the world. Such companies have already got a taste of such regulatory measures. Others who slowly and gradually venture into this area are coming to grips with the disappearance of laissez faire practices and its implication on commerce.

As the evening drew to a close and we settled the tab, the question that remained unanswered for both of us was: If there was an industry-specific regulator in the future what would be our attitude? Would the industry regard it as Lord Voldemort? Or would such a regulator play the role of Professor Snape — a hidden guardian angel of Hogwarts? Could such regulatory measures be a spell of Avada Kedavra which acts as a death knell for the industry, or an Impedimenta slowing down the growth of the industry. If such regulators were indeed created, one would hope that they have the necessary powers and resources such that they don’t end up being Riddikulus.

As we bid farewell to each other, that question remained unanswered. But we left with the realization that what law school did not teach us, the last two decades of Financial Times and Harry Potter may have just done the trick.

The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of Genpact