LexTalk World Interviews Vânia Tarkiainen. EdVânia is a tax lawyer, businesswoman, social analytics professional with a master's degree in Compliance with certification in CCP/IABFM (Certified Compliance Professional) and DPO (Data Protection Practitioner Officer) certified by EXIN. She is a specialist in Data Protection Law (PDPL, LGPD and GDPR ), with expertise in Harvard, and also has extensive experience in different startup models in Brazil, Chile, Saudi Arabia and the United Arab Emirates. She is currently co-founder and CEO of Data Privacy Consultants, a firm driven by the challenge of protecting, adapting and implementing data security. Its characteristics are skillful, ethical, safe work, in compliance with current regulations. The main purpose of this organisation is to promote the transformation and awareness of the organisational culture of its clients, through the implementation of solutions aimed at business integrity.
Host: Tell us about a complex legal issue you worked on. Describe the complexity and tell us how you approached it?
EdVânia: Unlike millennium’s generation, lawyers from the old school like me, need to change the traditional conservative mentality to adapt to the increasingly dynamic business environment. This means that lawyers need to be prepared and empowered to develop new types of skills, with solutions that are not limited to the traditional practice of law.
In fact, it's a real paradigm shift. The need for multidisciplinary knowledge is the great challenge of the current legal market, and goes far beyond the knowledge of laws, jurisprudence, and doctrine. Today, knowing the law is a minimum condition, but not enough for full legal service. We need to combine specific technical knowledge with modern service characteristics, such as service customization, customer proximity and multi-area expertise such as administration, economics, technology, and understand the specificity of the customer's operation. It is this mix of skills and competencies that will be the differential to ensure an evolution in the market, as well as generate value for the business.
In short, today's professional is someone who, besides being an expert, is also multidisciplinary. The demands of the market in our days are different, and professionals need to be able to meet them. The concept of “good lawyer” has changed, and now, they need to be multifaceted and go beyond the law itself. In this globalized world, the modern lawyer should have mastery of various subjects, entrepreneurial mentality, strategic vision, and escape from the dogmas of traditionalism and conservatism that characterized the exercise of the profession in the past.
Because of that, instead of studding only laws, I’m always looking for extracurricular issues I have studied in multiple respected universities to get competence manage business in modern world, such as the fintech course in Harvard, master of compliance in IMF business school etc. or like now that I’m learning about metaverse and preparing myself to manage new technology entering the market.
Host: In the era of legal technology, what are the most used tools for you?
EdVânia: I like to go hand in hand with technology, so I try to use some software and apps to facilitate the day-by-day business, such as time and of personal data management. And obviously, apps for communication, data storage, electronic signatures, and others.
By the way, I have a novelty for 2022, which will be told firsthand here to you, is that my company, Data Privacy Consultants will be headquartered soon within the Metaverse, were our office is already under construction.
According to Bill Gates in 3 years all meetings will take place in the metaverse, he already is developing a VR to have meetings in the metaverse. In fact, anticipating what is to come and empowering yourself for these new challenges it´s the most effective way to avoid succumbing in a market that is constantly moving.
Host: What legal issues should our legislators consider when facing the needed regulations for the metaverse?
EdVânia: The metaverse has been working for a long time within the game’s world, but since Facebook announced last year the "Goal" of becoming a metaverse company, starting the race to the others be there, as well.
But what is still to be explored are the legal challenges associated with this issue. Typically law will follow new business with delay. Some questions that will need answers before the creation of this "parallel reality" are related to:
I- "Personal" Data Protection
The volume of data collected in the Metaverse will be infinitely greater than the already immense amount of information processed by users of large social networking platforms. What will be the legal limits for the processing of data that will now also be from your body language to your physiological responses. What will be, and IF there will be, a point for the permission of the processing and sharing of this data? Or can the data collected from Avatars be considered "personal data"?
II - Intellectual / Industrial Property
Another issue will be intellectual property. In the case of the creation of "skins", figures, emblems, inside the Metaverse will belong to whom? Metaverse platform, Avatar, Avatar owner?
Usually, Courts and the Copyright Office generally deny records of works not created by humans, meaning that an (AI) system cannot be named as the inventor of a patent. If such creations are considered AI creations and not human creations, certain types of intellectual property protection may not be permitted.
III - Personality Rights as Honor / Image / Privacy
To interact on the Metaverse platform the user will need to use an Avatar. A virtual representation of yourself. In the hypothetical situation of, within this environment, users, represented by their Avatars, incurring offenses, the questions that will need to be answered are:
1. Honor, Image, and Privacy are very personal rights. How will "unwanted" interaction between Avatars be handled?
2. Considering the time a user will spend on the platform through their Avatar, could we say that the Intimacy of this is Inviolable?
III - Validation of Contracts / Civil
One of the bets of this new world is to facilitate business in virtual environments. Meetings with "avatars" of CEOs of various companies, in different parts of the world, can be held at the same table and virtual environment, also on the purchase and sale of real estate and virtual land. Will contracts "signed" within the Metaverse be valid outside of it? Who will be the certifying and validating authority of these documents?
As you can see, these are just some of the many questions that comes from this new reality, that our legislators smust be thinking about how legalize it.
Host: What have been the biggest difficulties that small businesses and startups face with to be compliant Data Protection laws?
EdVânia: The greatest difficulty of these small companies is the lack of financial resources. The eternal dilemma about manages the scarce resources and complying with the large demands coming from the market and laws.
Some of my clients are startups in the health business, that deal with sensitive data. Beside that, they are also located in several countries, such Europe, with a strict and advanced data protection culture and others, like UAE and Saudi Arabia, which until yesterday, they didn’t even have laws about it, and suddenly they incorporated it in the legal system, given only 6 months as vacattio legis to be compliance, despite incurring heavy fines and even jail, like in Saudi Arabia, which includes 2 years in prison for those who cause harm by leaking sensitive data.
Eventually, some of these startups transfer sensitive data between countries, and these transfers must be made following data protection laws and knowing about the nuances resulting from those different laws. Adapting this companies to that has been a challenge that requires from professionals who advise them, a constant and holistic learning of the various legal environments, it is worth saying, that it is not enough just to understand GDPR for example, it is necessary to specialize in LGPD, PDPL, HIPPA etc., looking at the small nuances of each law and how to integrate international companies to each individual legal system x countries with lack of data protection laws... As you can imagine, this professional, so well prepared, who invests a lot in his training and software that helps them in the integration of compliance in all these laws, cost dearly, and how do startups pay it?!
Host: What are the possible solutions to mitigate such difficulties?
EdVânia: Thinking about this problem, our team has developed a manual that had allowed the small business owner to use their own needs. Our company plat form contains all the documentation templates necessary for the correct adequacy of data protection laws. We are trying get process and tools to our customers, supporting them in their business.