Tech it easy: LegalTech applied

How Legal Technology will disrupt the way lawyers work day by day

Everybody is talking about LegalTech, but what does it really mean and what is LegalTech applied?

By Alessandro Rubino

The term LegalTech refers to a set of technologies that law firms shall adopt and implement in order to stay up-to-date with the new working schemes of the 2020’s and to be able to support their clients with the ever-growing information technology related legal issues.

Generally speaking “legal technology” refers to a set of tools, ranging from AI based software to document automation programs, used by law firms to improve their internal processes and increase the efficiency and effectiveness of their services.

The first LegalTech applications were designed in the early 2010’s, aiming to assist law firms in acquiring clients, monitoring workflow, restructuring the IT architecture, using online space, the cloud, and speeding up relationships with clients and institutions.

Some of these technologies, mainly software, have helped law firms to better adapt to clients’ needs, enabling them to operate and provide services more efficiently, e.g through remote assistance. In the second decade of 2000, LegalTech applications have considerably expanded through the use of new technologies, such as blockchain and artificial intelligence, or smart contract, identified by many experts as the technologies that will bring unprecedented changes to the legal profession, turning the lawyer into a “tech lawyer”.

The rising technological development which has involved traditional professions, in the form of legaltech, fintech, insurtech, represents an industry trend also at corporate level. Alongside tech boutiques, also in-house companies’ legal departments are experiencing new technological developments and starting to adopt more tech-savvy solutions to speed up business.

Here below we will examine in deep the definition of LegaTech, covering the top 3 key aspects to understand LegalTech applied.

  • The key application fields of legaltech
  • Big Data and Artificial Intelligence use cases
  • LegalTech and lawtech: what is the difference?

1. The key application fields of LegalTech

legaltech applied technolawgy

Based on the experiences so far in Italy and Europe, LegalTech applications can be subdivide in 4 main areas depending on the main assets used:

  1. Law firm management: this is the area in which law tech offers advanced management systems for law firms, such as managing teams and workload;
  2. Practice management: these are the management systems that include applications for practice management;
  3. Practice execution: these are platforms and software that support lawyers in carrying out their specific operations;
  4. Legal services delivery: these are online platforms that provide services, either in the form of documents or as a marketplace for consultancy.

Each macro-category above, can be further subdivided in relation to specific tasks. Over the years, the LegalTech industry has grown to include, on the one hand, software and technological tools that simplify legal practice for lawyers; on the other, digital tools that simplify the acquisition and management of legal services for clients by reducing or eliminating the need to consult a lawyer (or making it easier to find the right one quickly).

Sector specific applications

With regards to the industry sector-specific applications, among the main areas of interest in the LegalTech scene we find:

– Regulatory compliance: providing support to comply with the applicable regulatory rules within the financial transactions ecosystem, e.g. compliance with regulatory reporting requirements, market agreements, asset management (investment funds, Sicafs and Sicavs);

– Fintech, Regtech and Insurtech : from open banking to cryptoactivity/cryptocurrency, firms engage in the blockchain sector through the creation and use of cryptocurrency and cryptoactivity, smart contract as well as in the open banking and PSD2 sector.

– Alternative finance – from traditional crowdfunding to Ico/Sto: Crowdfunding is an increasingly effective method of collecting finance from alternative sources. Equity and debt offerings can be an asset for companies that need financial resources. Ico and Sto are an effective way to raise capital and exploit the potential of the blockchain.

2. Big Data and Artificial Intelligence use cases

Law firms will increasingly need to provide qualified assistance to their clients on innovative issues such as artificial intelligence liability and data-based behavior modeling. Other areas where they will be engaged are e-commerce and online business, corporate and M&A, i.e. assistance in corporate and commercial law matters with a focus on the specific needs of high-tech companies.

At a higher level, LegalTech is the legal industry’s way of achieving digital transformation, i.e. using software and technology to simplify operations, become leaner and satisfy modern customers.

Existing solutions and main applications

The LegalTech industry includes the following software solutions and technologies:

  • Workflow software tools
  • Artificial intelligence / machine learning algorithms (AI / ML)
  • analysis software tools and big data
  • customer experience solutions (CX)
  • cloud technology
  • distributed accounting technology (DLT)

Areas of application:

– AI / ML document review: data-trained algorithms that analyze legal documents in many areas, from risk management to mergers and acquisitions and compliance cases;

– document and contract management platforms: tools that simplify or automate the creation of templates, negotiation of clauses and content analysis;

– Workflow tools: systems that allow lawyers to digitize and automate workflows;

– smart contracts: autonomous execution clauses in legal contracts enabled by DLT, Internet of Things (IoT) and others;

– e-discovery tools: solutions that simplify and automate e-discovery steps, such as machine learning algorithms that collect and process documents to be reviewed and finalized by a lawyer;

– legal chatbots: automatic tools based on AI / ML engines that allow users to get answers to basic legal questions in a chat or messenger;

online markets: digital platforms that help clients to find the right lawyer faster;

cloud-based databases: data is collected in a single data warehouse that employees in all departments can access;

Data security – ensuring the highest level of security for legal documents with DLT.

3. LegalTech and lawtech: what is the difference?

Finally, it is time to highlight the difference between LegalTech and lawtech. Some experts believe that the two terms have different purposes: the first refers to software and technologies that lawyers use to simplify their work (e-discovery, revision of the AI / ML document) while lawtech includes products for their clients (legal chatbots, online consultancy services markets). Other lawyers believe that lawtech is not an appropriate name for the industry, as it implies the subject matter of the law in general rather than an industry. In several publications, lawtech and legaltech are used interchangeably, although the term LegalTech seems to prevail and to be most commonly used in the worldwide legal technology scene.


This post is part of TechnoLawgy Guest Post series and has been written by the brilliant  Alessandro Rubino, Practising lawyer  & Legal of Innovation. Access the italian version of this post here.

If you are a interested in sharing your expertise with TechnoLawgy international readers hit the Contact button above.   

Get the latest #Privacy and #LegalTech news on > TechnoLawgy Telegram channel <

, ,

Cyprus GDPR implementation: local peculiarities

The implementing Law and the interplay with GDPR

by Christiana Markou

Another EU country has adopted a GDPR implementation law: the Law on the Protection of Natural Persons with regard the Processing of Personal Data and on the Free Movement of such Data, Law 125(I)/2018 ( “the Law”) was published in the Official Gazette of the Republic of Cyprus on the 31st July 2018.

The purpose of the Law is the effective application (or implementation) of some of the provisions of the General Data Protection Regulation (GDPR). The Law responds to Recital 8 of the GDPR, which allows Member States to implement elements of the Regulation into their national law and to provisions in the GDPR allowing or obligating Member States to expand upon, adapt or deviate from the rules of the Regulation. It only comprises thirty-seven (37) provisions and must be read together with the Regulation, which remains the main piece of legislation governing data protection in Cyprus.

Key features and peculiarities of the Law

Data Processing by Courts & judgements databases

There are a few provisions in the Law that deserve to be highlighted. One of them is Section 5(a), which specifically renders the data processing performed by courts in the exercise of their duties for the purposes of the administration of justice (including the processing necessary for the issuance and publication of their judgements) permissible and lawful. This however does not cover the processing inherent in the operation of databases of judgements by private parties who offer a service to lawyers or the public at large. These entities must ensure that the processing they perform can come under one of the lawful bases of processing listed in Article 6(1), GDPR.

Minors lawful consent

Additionally, the Law, through Section 8(1), takes a rather liberal approach in relation to children deeming them as capable of offering valid consent at a younger age than the one specified by the GDPR, which is 16 years. Notably, the chosen age of 14 years in the Law coincides with the age over which children can be criminally liable in Cyprus as per Section 14 of the Cyprus Criminal Code, Cap. 154.

Biometric data processing

Another provision of the Law, namely Section 9(1) explicitly introduces a prohibition for the processing of genetic and biometric data for the purpose of health and life insurance and also clarifies that when the processing of such data is based on consent, separate consent must be secured for any further processing. This mirrors the Cypriot legislator deeming genetic and biometric data of increased sensitivity. Notably, the Insurance Association of Cyprus has suggested the inclusion in the Law of another derogation from the prohibition of Article 9(1) GDPR, specifically one permitting the processing of special categories of personal data for the purposes of conclusion and performance of insurance contracts. The particular suggestion has not been taken up by the Cypriot legislator and it seems that the GDPR places significant restrictions; insurance companies have to be secure the explicit consent of data subjects in order to process health data concerning them (despite the fact that such processing is strictly necessary for the conclusion and performance of the insurance contract requested by the data subject). Explicit consent entails significant administrative burden, which insurance companies would prefer to avoid. Most certainly, the GDPR is eligible to an interpretation that achieves a fair balance between the interests of the insurance companies and sufficient data protection, yet this requires the co-operation of all relevant stakeholders.

Data transfers outside EU

Section 17(1) is another notable provision. It introduces an obligation for controllers and processors to inform the Commissioner about their intention to transfer special categories of data (such as health data) to third countries (outside the EU) in certain cases. This is important for organisations or businesses in the medical sector which often send blood (or other) samples outside the EU for testing. When the country to which the data is exported is not one for which the European Commission has issued an adequacy decision based on Article 45, GDPR, the Cyprus Commissioner will have to be informed prior to each such transfer. This entails considerable administrative burden, which can be avoided by eliminating the health data exported or through anonymozation, amongst others.

GDPR 1st year implementation report: how is it going?

It is noteworthy that the Cyprus Data Protection Commissioner (“the Commissioner”) has recently published certain statistics on the application of the GDPR during the first year of its life.

According to those statistics, the Commissioner has received 464 complaints (146 of which concerned unsolicited commercial communications) and 55 data breach notifications. The authority has issued 20 decisions, nine of which imposed fines of a total of nearly €37,000 Euros. Furthermore, the Commissioner conducted nine 9 investigations on its own initiative.

These numbers reflect Cyprus as a small Member State of the EU; in other Member States, there have been much more enforcement actions, some of which have led to multi-million fines.

This post is part of TechnoLawgy Guest Post series and has been written by the brilliant  Christiana Markou, Practising lawyer  & Assistant Professor at the European University Cyprus School of Law. For a more in-depth report on Cyprus GDPR implementation click here.

If you are a interested in sharing your expertise with TechnoLawgy international readers hit the Contact button above.