EY Law LLP
EY Law Limited (EY Law) focuses on helping clients to get where they want to be.
We encourage a legal “design thinking” approach where legal input is provided early in the design phase so regulatory, contractual, reputational and other risks can be identified and addressed before they become roadblocks.
One stop digital law shop. We bring a deep knowledge of privacy, technology, e-commerce, intellectual property, consumer protection and media/entertainment laws and regulations together in one place.
Deep digital experience. We have extensive experience advising on a range of digital technologies, including online platforms and mobile apps, cloud and IoT solutions, AI, biometrics and wearable devices, AR/VR, social media and digital marketing, blockchain and more.
Agile, practical and commercial with a digital mindset. We look for “yes”, not “no”. Our first-hand knowledge of the demands and constraints of the modern business environment means we focus on identifying issues, crafting responses and facilitating informed decision-making. We also understand and are passionate about the opportunities of the digital age.
Highly integrated with EY network. We bring “the whole of EY organisation” to EY Law clients, working closely with other service lines to provide broad-based support for digital change. We also work closely with the EY Digital Law counterparts around the globe, sharing knowledge to leverage global insights for our clients.
EY Law services
Trust - privacy, data protection & cyber
EY Law helps clients optimise the value of their data assets with pragmatic and commercial advice on privacy, data protection and cybersecurity issues. We work closely with privacy professionals across EY and EY Law’s global network to help implement organisation-wide privacy programmes. Services include:
- advice on NZ privacy laws and codes
- General Data Protection Regulation (GDPR) applicability and implementation programmes, documentation, gap assessments, third party agreements, data processing issues
- privacy breach notification readiness checks and response plans, third party contract review and amendment, data breach simulations
- privacy and trust implications of digital technology: data analytics, data sharing and data monetisation initiatives; cloud, blockchain and IoT solutions; data-driven business models and data sharing arrangements
- AI and data ethics policies and governance frameworks, AI ethics workshops and briefings, liability and compliance issues
- privacy management frameworks, policies, processes, and contracts
- consumer and employee-facing privacy policies, terms and conditions, call centre scripts and online customer journeys
- privacy Impact Assessments and implementation of Privacy by Design
- use of cloud services, data security, sovereignty and international transfers
- privacy and data ethics training and awareness programmes for all levels
- digital marketing and social media marketing campaigns and programmes.
We speak regularly on privacy-related topics, including at IAPP events and other client privacy and public forums.
Customer Experience - online, mobile, e-commerce & entertainment
- “health checks” of online customer experience and consumer protection law issues, including apps, websites, portals etc.
- drafting of back-end agreements (with developers, software and platform owners etc.) and “front-end” customer contracts (including user-friendly terms & conditions, privacy policies and notices)
- advice on consumer protection and marketing law (including Anti-Spam requirements) and review of advertising claims and marketing and customer-facing materials
- establishment of e-commerce services and electronic contracting, including reviewing online sales processes and drafting terms and conditions of sale
- advice on social media, native advertising and influencer agreements
- digital and online marketing, loyalty programmes, social media, promotions and anti-spam obligations
- content licensing, acquisition and rights clearances
- drafting and negotiation of IT outsourcing, procurement and SaaS agreements
- software development and licensing
- support, maintenance and service level agreements
- outsourcing, including regulatory requirements (e.g. RBNZ)
- escrow agreements
- hardware supply agreements
- hosting and facilities management
- contracting for artificial intelligence and blockchain
- reviews of laws in applicable jurisdictions where data is stored offshore (“in the cloud”) and advice on data sovereignty risks and solutions
- advice on agile contracting
- open source licensing reviews
Intellectual Property protection and licensing
- IP identification, protection and commercialisation
- infringement risk/freedom to operate assessments
- licensing, joint venture and collaboration documentation
- copyright and digital content licencing
- new IP rights stemming from digital transformations
- trade secret and know-how protection
- IP challenges in 3D-Printing
- “CIO upfront: What should you be doing to manage your GDPR risks? (CIO NZ, 6 November 2018)
- “OK Computer? Ensuring safe and fair use of algorithms” (CIO NZ, 27 August 2018)
- “The evolution of Initial Coin Offering regulation in New Zealand” (EY Asia-Pacific Digital Law Newsletter, August 2018)
- “AI algorithms and personal information: a riddle, wrapped in a mystery, inside an enigma” (Privacy Unbound, August 2018)
- “Application of Australian Privacy Law to NZ Business” (LegalWise, 5 July 2018)
- “New Zealand’s Privacy Bill: Keeping up with change or a missed opportunity?” (Data Guidance, June 2018)
- “Q & A on the NZ Privacy Bill” (Data Protection Leader, April 2018)
- “Does our new Privacy Bill have enough teeth? Time to have your say!” (Blog, LinkedIn, 21 March 2018)
- “Balancing innovation and privacy in the health sector” (Blog, LinkedIn, 16 January 2018)
- “New outsourcing policy from NZ Reserve Bank introduces challenges for both NZ banks and service providers” (Digital Law Privacy & Security Update Oceania, Nov-Dec 2017)
- “Another week, another massive data breach” (Blog, LinkedIn, 11 September 2017)
- “Your face as your PIN” (Blog, LinkedIn, 13 September 2018)