Welcome. It's so nice to hear people talking and it's so nice to see people in person. I think one of the reasons we decided to do this event in person was, I don't know about you, but we've pretty much had enough of webinars and it's really, you know, thank you very much for taking the effort to actually come along and see us and you know, we really enjoy that. As I know, obviously, one intends to come to these events, but it's not always possible because things come up on your day. So just want to say thank you very much for coming along. We've got quite a lot to get through. I was just going to explain what we're going to talk about in the format of this. We're very pleased to have a leading industry speaker, in fact, two or three leading industry speakers who come from outside to talk. The first stage, we do a short keynote or so and then we're going to have two panels. The first of those panels is going to talk about data privacy and intellectual property. which regards to about 25 minutes and then we'll have roughly about a quarter of an hour or so of Q and A. Now we've got enough content to talk but feel free when we get those Q and A think of questions, challenge, inquire. And, you know, we may be able to answer every question but if we can't, we'll certainly pick it up after the event. And then we'll have the second panel which will deal with competition, tax and talent as well. So there's some very, very interesting topics in that, in the same format. So 25 minutes of the panel and then we'll have a quarter of an hour or so for some Q and A or we'll just carry on that panel and then after that, we'll have the networking. We're not going to talk about talk at you for an hour and a half. So, while during those sessions, do think of any questions and we'll hopefully make as interactive as possible. I would also mention I would be remiss if I didn't there's a camera, I think somewhere in the room and it's recording the panel, but it's not recording you as the audience. But if you ask a question, the audio will pick it up. So if you ask a question and perhaps you don't want that shared in any way, as part of part of the follow up, just, just let us know it's absolutely fine. But we're not recording every movement. So just to introduce our three speakers, Lauren Walker, who is doing our mini keynote today is managing director, head of Data Analytics UKI and Europe for Accenture Song has held multiple roles. Both the IBM and Equifax spinoff separately and then two international. She's one of the top leaders in data in the UK And that's judged by peers in the data IQ data 100 as whole held all all sort of titles you expect, Chief Data Officer, Chief Operating Officer, if there's a title or a role, she's probably held it. We also have Can Ertürkan Senior legal counsel, privacy at Getir and you can explain a little bit more about what he does, but he leads the group's Europe and privacy work stream will come and he will explain more about some of the operational challenges that he's come across. And last but not least Simon Hay who is an investor and board advisor, but had 25 years at dunhumby And if you don't know dunhumby they run Tesco Club Card and also help program in the US. And I think Simon was his first full time employee and that went on to operate in 84 countries that company. So he knows a little bit about leadership and some of the pressures in that space. But before we get on to some of the legal issues and such, and Simon, obviously you referenced there in the concept of dunhumby and what have you, but what's your experience with organizations and how they handle data strategy and culture and how do you basically try and get on top of all this because it's culture is so important or is it? Well, that's an opening question. Thank you for that. The I'm a great believer in the old, you know, maxim that culture. eats strategy for breakfast, the the only people who wake up and think about strategy is a CEO everyone else just goes to work and does a job but that's at home or or, or in the office. And I think the, the the the world of data, you know, data, you know, in my youth was a byproduct of computing. It, it was just something that was thrown off by the act of automating some process and some work, you know, think of banks keeping your balances and the like and really, During the transition of the last 20 years has been the recognition that actually data is a valuable asset in its own, right? And I think what Lauren is, you know, a lot of things that uh saying in her interruption is, is has the consumer marketplace, the consumer market mindset kept up with that. Uh have governments kept up with that? I mean, you know, what, what is the chances for government to actually understand the power of AI? And, you know, it's very easy to get caught up with the uh uh ChatGPT as the latest uh version, version of it. But AI exists in many forms already and it's been around for, for quite a while, but it's not understood, it's not legislated. And of course, the I guess the reason we're here is what does it mean in the context of, of the legal world. And there are some organizations and uh Sarah, my colleague from dunhumby arrived a minute or two ago and knows this better than, than myself some organizations absolutely understand the value, the privacy, the IP, how to protect it, how to secure it, how to monetize it, etc. But sadly, that is I think unusual rather than being the norm I came across a company transaction recently between two multinational companies that was in the billions of dollars. And there was really very limited, even though data and systems were going to move from one to the other. There was no real definition of, of data, data terms, data terminology in the transaction of that size. So, you know, the legal world hasn't always kept up with some of these pieces. So it, it moves incredibly fast. And I think, you know, the challenge for all of us is a keeping up and b getting ahead of this, right. So what do we need to do inside organizations with our partners with, you know, the world illegal with governments to, to try and you know, to ride this for the benefit of, of every organization, every citizen in every form. One of the things I also do is work with some charities. We're trying to create interconnected human data to help solve cancer, right? So there are things that AI will do eventually that they're going to be incredibly beneficial for society. I'm, I'm much more an AI optimist than a pessimist. But why is it complicated? And there are all the challenges along the way, not least privacy, but Simon, thank you very much. The challenge here, of course is, is I want to make sure we cover all the different topics here. And um we, we'll definitely come, come back to some of those themes. But and uh declaring my, my interest here, I, I do focus on privacy, but I'm not going to privacy first just because I haven't mentioned in privacy. But it is an important topic. Nils who covers these areas in privacy practice in Germany and also in the EU how important is privacy in the context of data as an asset and what's going on in the EU? It's a tough question. What's going on in the EU, we come to other things going on in the UN. Simon AI not regulated. Not yet, eu soon. So that's, that's a brief outlook. Yes. Happy news for everyone here, uh, with product services and so forth and in the EU, on data protection. I think it's when it comes and when, when we talked about data as an asset and data protection, this for a data protection lawyer is kind of weird to say, data asset and data protection. How does it go hand in hand? Because I mean, apparently you want to monetize, you want to commercialize data on the other hand, uh for those not super familiar, too familiar with, with data protection, data protection, I mean, apparently it's, it's one of the fundamental rights to protect filth data not to exploit it, not to use it in an unlawful way. Yes, there are rules around it in, in the GDPR and in the UK uh GDPR which is I think five years now into play and giving us still a good steer on how companies can challenge or can, can, can drive through the challenges of, of monetizing. The data it's a principle based law. So I think what, what went well in the eu on on the GDPR itself is it's principle based, it's technology neutral. So I think it gives us still a good good tool to work around the challenges when we talk about data as an data, as an asset in, in data protection. And of course, everyone in this room, yes, of course, data protection will only apply or the data protection rules will only apply if we talk about personal data in the first instance, and when we talk to clients about certain projects, for example, food equipment manufacturer with these ovens, for example, you would typically not, not see why would it be a data protection concern? If data was generated by that oven and the customer gets a nice dashboard to see what heat level is average, when do I do maintenance and these kind of things typically? Yes, it's, it's machine data. So you would not assume data protection plays a big role. But however, if you ask them the business, well, can you actually find out who operated that often? How often? And can you see basically what's the root cause of the often going wrong? Then you are in scope of the GDPR because at least at this stage and, and on this point, you have someone behind that often who was using it. So you have data protection, at least on an employee basis so employee data protection, Lauren, I was really, I really loved your intro and, and all the all the buzzwords you had created buzzwords on my mind, cookies and AI and, and all these kind of things. Excellent. Uh but 11 of the concerns and one of the challenges of course is we are we are focusing yes, of course on consumer data, but also in the employee data is of course fully in the scope of the GDPR and one of the concerns of authorities when it comes to GPS tracking and the logistics space in particular, which is quite an interesting area. So that's uh certainly going on. Again, GDPR is a principle based law. You will never find no company will ever find the answer. Does it say yes, you can do that or no? Which I think is good to know we have some flexibility in the GDPR to do what we can to monetize. hr I've, I've won. You, you had a lot of figures and statistics which I quite liked. I got one statistic for you and everyone in this room will know what I'm talking about. The privacy notices or cookie policies, cookie notices, everyone is, is facing. And of course, the challenge for companies is yes, you need to have that. You need to inform everyone what you do with the personal data. That's one of the key rules which makes it challenging if you have a data pool and you don't know really, what do I want to do with that data later on? Because then you cannot inform the prospective people. But Lauren, the number I have for you is 74 and the 74 is someone apparently calculated how much days it takes for someone to read all the privacy notices in one year if you serve the website as a normal user. So that's, that's my number for you, which is and we can certainly discuss discuss about the if is it, is it something that is more burdensome for, for everyone? Because I think most of the users would? Yes. So that's I think one of the parts and I liked as Simon, when you mentioned, I mean, the the cultural aspect in a privacy, heavy data driven businesses, I think one of the key challenges I think what we see working well at, at, at clients is when there is a solid foundation in terms of yes, we got our, our data governance structures, we got our policies or procedures, we got our trainings that's going well. You can prepare basically for the everything that is in order the chaos comes in. Of course, when the business challenges you with new topics and wants to explore for the use of personal data. So I think the data governance and the cultural aspect not cannot be underestimated in, in organizations also from a GDPR perspective. So I'm interested, Can looking over to you at I don't want I will not challenge you and ask what Lauren also stated. I was listening, of course, will the price of the milk change? When I visit the G app, I will not ask you that question. But I will ask you, I'm interested. Of course, I think for global companies like the governance and you as a privacy in-house privacy person, you're the go to person. How, how, what is the challenge for you? It gives you Thanks for the question. Before I start, I wanna talk about what we do and where we are operating as to give you a bit of context if you don't heard about us. We are a commerce company operating in Europe, US, UK. I'm saying UK because of the Brexit and the new regulation, of course, and Turkey, which is an additional country for most of the European and American companies because we started this adventure from Turkey. That's why everything started over there. And then we moved to Europe US UK. Of course, when you're dealing with all these different legislations, even though there are similarities between all this regulation. And also considering that there are new regulation that is talking about nonperson data. So we stopped even talking about it, talking about personal data, but also non personal data as well. And when you are a commerce company or any e-commerce company data is a big, big, big asset for you. One of the biggest assets you can ever imagine because that's how you build your metrics. That's how you build your basically services. the biggest challenge around this for us was to understand all these different regulations, especially in US that are state based different legislation. In addition to what we had in Europe, UK and Turkey and try to find a model that works for all because we didn't want to go ahead with just saying, OK, we will just comply with GDPR and that's the best law ever. So if we comply with that, then, then we won't have any problem. That was the approach we have taken, we looked into each legislation, I think maybe because of our advantage over knowing Turkish legislation from the start and knowing something that no one knew and started from there, maybe also gave us a bit advantage as well. But in order in, in addition to all the challenges and everything, I think the key issue is to find the right people internally. And when I'm talking about people, I'm not just talking about myself and legal people, I'm talking about tech people, product people, data people, infotech people, and having a dedicated data governance team involving all these people. So we are just not talking about personal data, we are talking about all the data that is managed by the company. And from the first moment that new stage is introduced in the app or in the operations because we also have couriers, we also have many operative sites other than the tech side. So I think, yeah, in order to mitigate the risk of these challenges problem, uh we have a dedicated team from all the backgrounds you can think of. It's also challenging to work with these, this many backgrounds because some people don't have legal background, I don't have a tech background. So when someone is talking tech, I need to understand them. So this takes time and it took time for get it as well. We had to work, sit together, understand each other and try to understand what the other person is saying because they are looking this from a completely different of uh point of view than me because I'm just trying to make everything compliant. But for them, they have other metrics. Uh So yeah, I think the biggest two challenges uh overcoming all these regulation pile of relation issues and uh having a strategy that works for all and also having a dedicated team from all the departments you can think of. Uh so that this is not just a legal or tech or info tech issue issue, the integration as well as obviously companies invest develop, but they also acquire new businesses as well. Uh Also you can do, you know, purchase of shares and stock. Yes, but you also put you, sometimes you, you purchase assets and, and uh as opposed to the stock and that raises issues from, you know, privacy perspective and how have you come across those, those sorts of issues. And we, we did, of course, uh since I joined, get it, it's, it's been 2.5 years and in this 2.5 years, including the recent Gorillas acquisition, I think we made more than 15 acquisitions in the last 2.5 years and half of them were Turkish companies, half of them were us UK eu companies. So for me integrating a new company is can be challenging, but we already did this lots of times as we knew this from Turkey, we have a dedicated M&A team as well. So in addition to our dedicated data governance team, we have a dedicated M&A team. So we have around 80/90 lawyers all around the world. So we don't really rely on fully external council. We have our dedicated teams internally as well. And uh when we were working on all these deals from the start, we had a strategy on how to do things. Of course, these strategies can change every day as you are all aware some day you can say this and then the next day it can change. But from the start, if you have a uh plan to do things, this is really important. The second thing is you need to assess the data. That was one of the biggest challenges when we acquired new companies because there is no data compatibility between the systems, even though we acquire this company. And they are doing the same thing we are doing with a different app structure. All of their data structure is completely built different, which was the problem. But well, now we know that these can be issues even before acquiring a company. So that's why we started asking these questions even before the deal is closed and make ourselves ready for this kind of compatibility questions as well. Of course, I'm not gonna talk about like er I identifying gaps, mitigating risks. You can find all this information from any textbook about acquisitions. This is like pretty basic thing. But uh after doing all this, I think the communication is the last and most critical point both externally and internally you, as Simon said, you need to inform people, you need to give them information but sufficient information, you cannot just go to customers, employees or anyone and say that OK, this is what it is now deal with it. I think it's a really important point about this communication point because if you have a, you know, a software or a type of content, it doesn't necessarily relate to an individual or person but because it does, I mean, it's not what you could obviously have a data asset which is not relating to individuals clearly, but in the context of, you know, personal information, communication being key. But there's a nice segue there, which is a little bit artificial but I think we're going to use it, which is, you also talk about acquisitions and you talk about data and some. But from an IP perspective, David seamless, seamless, I thought so, I've sort of stitched together. It's, it's bad, badly sown but, but it works. So from a, from an IP perspective, I mean, it's slightly Pandora's Box there. And uh Lauren raised the point about the challenges of IP and we've seen it before with Google and other channels, challenges uh the AI models. But how, how do you protect uh intellectual property and data? And, and what are the challenges in that interest? I mean, certainly as part of due diligence on an acquisition, you'd ask questions about who owns IP. And, but what are the things we should think about? I think that the good news is that from the point of view of protecting data as an asset, there are ways in which it can be protected. I'll just highlight three here in the UK and in the EU we have database, right? No, that was introduced way back in 1997 and I would say it's been little used and little understood really over the last quarter century or so. But that's very rapidly changing in line with the hugely increased value of of data sets. So that's one thing to focus on. You've got to be able to show that there's been a substantial investment in obtaining verifying or presenting the contents of the database. That's the key threshold criterion. So database rights are really being focused on much more than they were before. The second thing I mentioned is breach of confidence. So it's very well established that a collection of data can be protected as confidential information, even though individual components of the data set are out there in the public domain. So you can protect the collection. There are real practical difficulties around breach of confidence though I've handled many claims for infringement of trade secrets and and so on and proving that the data has been taken can be extremely difficult and those kind of claims are often very expensive and you never really know how it's likely to pan out until you've got disclosure which you have in the UK and the US, but not in Continental Europe. So that's the second point to mention. And then thirdly, I think the most reliable way of protecting data is through contract. Where you sharing data with someone else, if you've got a contract that sets clear parameters as to how it's going to be used for how long it's going to be used. What happens when the relationship terminates, that's really, the best form of protection you can have, but obviously, it's not always the case that you're in a contractual relationship with the party that has taken or is using your data. And what about aggregating data sets is that I know, you know, there's, there's derivatives of data and there's lots of different data sources and I suppose, how do you sort of identify what the, what may be protected by copyright or, or other rights? Yeah. So, I mean, I've advised clients several times who are in the business of aggregating data, um particularly from their own customers. There was a, a client in the oilfield services industry a few years ago and they were setting on about 50 years of data relating to the location and extent of the world's oil and gas reserves. So hugely valuable, much of that information had come from clients and customers. And if you can get to the position where you've got consent to everything that you plan to do with that data aggregating it, analyzing it, commercializing it, that's the best possible position, but obviously, it's not always possible to, to get that kind of contractual consent. Where you can't get the consent necessarily then to try and assess the risks, I would suggest doing an audit of, you know, what is the risk profile of this data set? And how could you try to mitigate those risks there just to , I mean, coming back to Can and Nils here a little bit because there's a bit of throwing a regulatory grenade in. we, we, we talk about GDPR and then, and then there's other nonperson information law like the EU Data Act and others. But do you see some tension there between those laws and, and some of the intellectual property rights that, that David was discussing? Yeah, absolutely. I think there's a lot of attention not only by the lawmakers in the European Union who basically come together to uh to, to draft these nice laws called the Digital Services Act, the Digital Markets Act, EU Data Act, AI Act. You name it. So, and and we haven't even talked about all the security acts that are there. Uh So N I S two is basically the brand new. When we talk about data as an asset, you want to protect that asset, not only by intellectual property, you don't want to protect only the person, the natural person, but you want, I mean, it's, it's the asset you want to keep it really safe. So the I T security part should not be underestimated uh which is also then heavily regulated in particular in for critical infrastructures. But the EU Data Act and what, what David mentioned, this basically is, is one of the aspects agreeing on making data available that may be protected, may work if you, well, you got to get together and agree on that. So the EU Data Act is maybe one of the new regulations not enforced yet. It's still in draft and, and, but supposedly finalized in the, in the next month, companies will have at least a year to implement that. So you don't have to worry. So it's gonna be similar to GDPR. So you will have some, some some transition time. However, the the challenge will be when we now talk about regulated data that is nonperson data. That will really get tricky because of the fact, you also just mentioned that there will be a or you there is aggregated data in the world, particularly oil and gas industry. And the rights of the data users under the data act will mean that they can ask basically the data holder, give me access to that data and also not only give me access to that, but also please provide it to a third party to a service provider who may have. Well, so, so who will see the benefit may be the the repair shop uh for your automobile. It could be one of the beneficiaries. Is that limited to, to personal data only or is it, is it any data? No, I mean the the key idea is to make data as an asset, make it transferrable, make it easily accessible. That's one part. But and this is then the tricky challenge and coming back to your question is that tension? Yes, there is tension because the GDPR rules which applies to personal data, they will not be touched basically by the by the EU Data Act. But yet we see that tension in in various points because for example, the the ones who hold the data often hold it on behalf, maybe also like the cloud service providers. For example, they may hold the data on behalf of the customers. They don't do anything else. They are not under the GDPR in particular, not entitled to grant access to that data. Now the Data Act comes and says you must share certain data with, with certain recipients. So there is tension and from industry, there's a lot of feedback during the consultation process from all industries because it's an, it's an uh it's a law that will apply to all industries, not only to certain sectors. So there was a lot of feedback because of the unclear interface between other laws and also on the definitions, what data is covered, what products are covered. So certainly to watch out for and we are very in the eu very open for for new legislation. It just makes you think with automotive companies, right? We were, we were kind of saying earlier, all the Telematics and now beyond, I think David, we were talking about it was the, how you set the seat in your car, who's driving the car, who's listening to what? And even if we bring in the phone, how many of us are plugging in our iphone or Android phone rather than using the system in the car itself. So, it's quite, that's quite interesting. Exactly. The tension that you just mentioned. And I think 11 last word on this, I think it's, I mean, the European Union took the approach because they just, first of all, so too much data is in the hands of very big companies to put it this way. Plus there's so much more you can make out of the data if you make it accessible to, to others to the users, but also to third parties. So I think it's a, it's a nice idea in, in, in general, but of course, it will have troubles and there will be general uh clauses where everyone thinks. OK, I'm I'm not sure what to do with it. So you got to follow risk based approaches, you have to follow guidelines that may be out there. But in, in my view as a GDPR lawyer, I think we also have to transition our mindset to becoming more of a generalistic data lawyers because they go hand in hand and it's going to be a challenge and one more question to the panel then if you have any questions uh open up to the floor. But David, quite often, I think organizations and clients ask no. but I can use that data, it's publicly available. We're scraping data that is, is that possible or, or, or can you do it? What, what are the, I'm, I'm sure you all know it's a fairly common misconception that just because some something is out there and available on the internet, that means you can use it and do what you like with it. Not surprisingly, as an IP lawyer, I would say that that is not necessarily the case and uh in terms of data scraping, the sort of obstacles that you can run into our database rights and there's a very respectable school of thought that a website is a database for the purposes of the regulations yet to have conclusive, you know, legal decisions on that point. But I would expect that we will soon. And so database rights is one concern and contractual terms and conditions of websites. is another if you care to look at a website quite often, but probably more often than not, there will be terms hidden away in there that say that uh you're only allowed to use it for your own personal purposes, not for commercial use, et cetera, et cetera. Now, there's a question mark as to whether that's contractually binding on the user. But again, it's, it's an area that I would expect to see explored through judicial decisions in the near future because we, we're seeing so much more litigation being commenced around data scraping. Thank you very much. Well, just, just to, to take a, take a pause there, we have a couple of roving mics. you not necessarily need them but oh, that you get a gold medal for asking a question very quickly. But anyone else, if you have any questions, just have a think about it. And when you, I don't know if anyone's got the mic, but thank you, Kate. And if you're happy to, obviously you may not be happy to but uh do say your name and your organization or you or you can remain anonymous because we're privacy lawyers here. Hi, good afternoon, everyone. My name is and my professional affiliation is an asset management technology consulting EY and my academic affiliation is a phd student in a regulation. So, and in that second capacity, I have a comment and a question. So Simon, you kind of triggered me when you said so casually that AI is currently unregulated because that's what almost everyone thinks and at least in the financial domain that is a total misconception. It's, it's, it's monumental. Because my two, which is almost 10 years old, it applies directly to AI, I mean, they don't use the term because they remain technology neutral. It's actually a pretty brilliant piece of regulation GDP R does as well and there's a monumental body of scholarly work and we have some soft laws from ICO. I think at least two or three. You know, you gentlemen probably know this better which directly link the provisions of, of GDPR to to AI. And there's at least a dozen of soft laws internationally up including China, which one way or another explicitly or implicitly relates to AI in financial domain. So I think it's, it's really quite fascinating that most people even in the Biz so to speak, have this belief that until the EU AI Act becomes the law, it's unregulated, whereas in fact, it, it largely is already. and my question is to one of the three gentlemen from Eversheds I mean, either one of you. So Neil, you said rightly about principles based regulation. I think that essentially all modern financial regulation is principles based. But I'm really curious about the current ongoing shift to outcomes based regulation because I think the EU AI Act is in fact an outcomes based regulation because you're not told what to do, what not to do. Even softly, it's more like if something goes wrong, this is, this is how we define what goes wrong and this is how we define penalties and they are, they're eye watering higher than GDP R. So, could you comment briefly on that? Are we seeing a pretty rapid evolution of regulation from principles to outcomes based in emerging technologies arena? That's a tough question to be honest because I mean, as we all know, the I I act as it currently stands is, is still I mean, I, I'm not sure whether this is going to be the final version we currently see and what is regulated, I mean, it is regulated to some extent that it says, ok, there's some AI on the market we don't want at all like a, like AI that is really, uh, manipulative manipulating your behavior. So that will certainly be on the blacklist and then you will have the risk, risk AI risky AI, let's put it this way that is regulated and where you need to, um, ensure to the housekeeping. I mean, similar rules as GDPR, I think the, the concern I see currently and also from, in particular, from the software industry is we as a software company, we put general purpose AI on the market. We don't know what basically the users do is that, is this something now that shall be regulated? Are we the ones who have to comply with all of that? Because we don't know what the outcome will be. We provide you a tool. We shouldn't be the ones who put the AI software on the market, that are regulated. It's the ones who use it. And I think in the air I currently, this is a little bit the misconception or unclear to what extent is really the one who is providing the on general purpose AI on the market. Are they the ones who are the target and potentially target off the fines and all the documentation? So that's hopefully somehow answering, answering question. And I mean, also to your point, I, I totally agree. Yes, we have rules and regulations governing AI best example, Italy who shut down C G BT for data protection reasons. So, even if we don't have like currently an, an act regulation called AI Act or, or, or the like, a lot of things flow into that from IP to trade secrets to potentially patterns whatever. So there is a lot of regulation and I, and I'm not sure, I think we also talked about this in the UK, there will not be a UK AI Act because of the fact when I got this wipe, I may got it wrong because of the fact there are laws that are already regulating AI to some extent if you wanna on that. Yeah. No, I think it's true that the, the, uh, the UK recently issued this white paper, which you probably know. And, they're slightly taken an alternative approach to the eu, and that they're saying, well, exactly this point, a lot of laws already already regulate discrimination and what have you actually, what we're basically gonna see if we can identify any gaps and then we're gonna get the poly filler out and we'll fill the gaps rather than having an EU AI specific legislation. But, I mean, I suppose the, the points that I make is that there isn't any AI specific regulation yet. But you're actually right. It was like when the internet came out it's like, oh, well, the internet is not regulated. Well, we got defamation, right. And we've got copyright and so it's, it's applying those principles to, to new technologies and the, uh, when you mentioned the outcome point, yeah, I think people do get very hung up on the definition of AI, and like if it, if it's got AI on the tim, right. It's regulated. But if it hasn't got AI on the team it's not regulated. No, like if it's discriminatory and, and, and it's got bad outcomes. Surprise, surprise, you're gonna be caught. But I think people sometimes are going to get caught out and thinking, well, because it's not called AI, then we're ok. So I think it's changing that mindset a little bit. But, anyway, I don't want to get the very very good question, but I also don't want to get dragged down too far down the AI rabbit hole because we, any other questions, but I guess in a way without getting dragged down the rabbit. Yeah. Yeah. Yeah, of course. I understand the data legislation. But you say in terms of AI itself that, you know, that what are the boundaries between AI and machine learning analytics? Right. So you're absolutely right. We can't make certain decisions in certain ways, certain outcomes. But if you don't know what the technology, what's happening inside deep learning models, neural networks, large language models, et cetera, then you don't know what data they're using, what outcomes they're creating, right? And that's the blurriness of that, that uh where it isn't regulated, right? So where, where are the boundaries that we need to consider and where do we need to build them? Where is the hole, where are the holes that we need to find them? Yeah, I know. Simon, you mentioned that, you know, come from a leadership perspective is that you know, there's a classic thing, as you say, well, I'd like to tell you how it works, but it's just a bit too complicated. And, and actually a lot of regulatory bodies now that's not gonna fly because they've, they've actually, well, they have had for a while now, some really smart people who are technical regulator, they're not just that they, they're engineers and the software engineers. And and you mentioned sort of having to know what's going on on the shop floor and, and I think, would you say that's still true? I mean, certainly, you know, for the chief data officers, but I think ultimately up to the CEO, right, that we should try our luck with one of the uh CEO S of major financial institutions and, and ask them questions. Do they understand every single data aspect that's used? And how is the customer data use? How is it aggregated? How a decision is made? You know, how, how a mortgage applications processed, not processed, you know, what happens to that data, etcetera. And I think that's the challenge is you can't just say it's, I don't know, I don't understand, right? Because this is the, you know, where actually the, you know, this is the coalface and I think as data practitioners, you know, as a CEO or a or a CEO of a data led business, you've got to understand it at that granular level, right? What's the latency of the data? What's the source of the data? What's the you know what transformations are done to it? What, what, what uh mathematics algorithms, you know AI is applied to it? What is the basis of that? What's the training data, you know, is it trained? Is it untrained? Is it supervised, unsupervised, et cetera? Right. So I think the days of just of saying sorry, this is someone else's, you know, it's, it's a tough, it's a tough gig for, uh, for non tech, uh, CEO S but they're gonna have to they're gonna have to get the, uh, get to learn pretty quickly. I guess if you're the CEO of British gas and you don't know, people are out installing prepayment meters. You'd probably think that his chances knowing what's going on with the data might be, uh might be challenged to just pick on someone. I mean, just, just reading off those questions. I mean, you want to take note of all those questions because you, you know, you read those off quite matter of factly, but they were very, very good questions that you were just really off there. Um So maybe one more question if anyone has one or we will go to the record. Yeah. Yeah, you could, yeah, obviously. Oh, good. Sarah Chief Legal and Risk Officer at I was really intrigued. Lauren in particular talked, you know, some really cool facts about, did you know? And I heard sort of this murmur of, oh, sorry, sorry around, but I guess I'm really interested in, you know, the piece around value exchange, which we haven't touched on quite so much and how that links into data ethics. because done, right. You know, GDP are some of the real tenets of it around transparency around consent, you know, actually, to, to, I think, to really, for data to really deliver as an asset, there has to be something around ethics in there. There has to be something around value exchange. I'd, I'd love to sort of get your thoughts around it. What, where's the tipping point? And, and where are we on that tipping point between people going? Oh, dear. This is a bit scary pull out to saying actually, you know, I'm ok with that because I understand and trust how the data is being processed. And I really like what I get out of it. So I'm cool with that. I interested in your thoughts is to have the tipping point. I mean, I love the question because this is where you start, you know, you have your data head on, but you also think about what motivates any human being to share anything, right? There's an element of vulnerability and there's an element of trust. And so the brands and the companies that you work with, whether it's your, as you take the employee point or whether you're an employee or you're representing your company or as an individual consumer, what brands do you actually trust just by nature of the way they've marketed. And they've taught you over the years that you've heard about this brand that there's someone that actually stands for you. Um and then who has actually proven that time and time again in selling you a product or service that you feel is actually giving you that fair value exchange of like I pay this much and I get this, I'm on this particular mobile carrier and you know what they promised me the best network in the UK and it even works in water in the Lakes District. You know, so fantastic. How did you do that? But it doesn't work in central London. What happened there? So I think what we're seeing is a lot of the companies that have set the bar, obviously those with quite a bit of data from a retail perspective. But then took that to the next level of how am I actually mining that data to then begin to understand what is the next thing that you actually want and how do you want it and where do you want it? And it's only the companies that said, I know I now have to change the way my company works to do that. It's no longer just an I T technology that I buy and I have a bunch of data scientists creating models that never see the light of day. And I think that's what I saw a lot in my time at I B M is a lot of Cio S and CTO S buying huge amounts of kit and none of that really ending up in the hands of the marketeers who are building the experiences, whether it was on the web or on the app that actually brought that to life. And so we're still in the process right now where we're trying to connect, someone bought this amount of tech that someone's tried to, you know, amortize or do whatever to. And there's a lot of data in there. But actually, and this is a big for me when I went to agency side is there's a lot of data that actually is not in the hands of the brands. It's in the hands of the agencies or other partners who act on their behalf. So that's part of my crusade coming to the the role I'm in now is trying to help brands and organizations realize how much of what is your actual data is not inside your firewall for lack of a better word. And I think once that starts to be managed, you can actually say what is the experience that my brand can give rather than just a product and to your point earlier about kind of the microwave uh the the ovens and so forth. If we think about the different work, it's a, it's a hot day today maybe. But those of you that may be buying fans or air conditioners, right? Or we look about the the meters, what is in your home now that you used to see as a manufactured white good product that all of a sudden it's gonna tell you a lot more about your house than you ever did before. And how is that actually going from merely you buying a product to you buying a service and some sort of experience. So we see a lot of companies saying I don't wanna be known just as a product. I wanna be known as an experience and I'm gonna start expanding what my brand does beyond just the thing I sell. And I actually represent in some ways what apple's done, right? They're much bigger than selling some hardware at the end of the day, which is where they started. So I think that's the other thing, use all that information to create a value exchange that actually allows you to change your brand, but it takes a long time. And I think that reorganization of people becomes really critical. And the realization as you said that there's folks that kind of understand data that are more running the business units. It's not to mention the fact that uh I think like you were saying, you have these forums for a legal team, a privacy team, a risk team, the financial team. I mean, that's what we had at. We were, we had our data governance board and we started saying, OK, what is the risk we're going to take on this? But now I understand with the principle this is how this is gonna map out to the data. So I think that's, yeah, it's basically people, I guess hopefully that jives with a little bit of what you were thinking, but I don't know if you're allowed to answer back. Well, that I think with the timing, I close this panel for the moment, but it doesn't mean the conversation can't continue both afterwards and also in the coming days. But, but these are, there's a lot in here to unpack and, and we're already scraping the surface. Not scraping data though. Glad to hear it. Thank you very much for the panel one. I think the, the team are gonna change, I think and, and we'll move on to panel two. So the, the theme of this second panel is competition, tax and talent. And there's, there's quite a lot in here as well. So, buckle up. Thank you, Kate. Yeah, hopefully, the beard is a clue, Ben, so I, I, I won't introduce. No, I will introduce even though you can read on behind me. But we're joined by Ros Kellaway who's a very, very experienced competition lawyer and heads the competition team and also Ben Jones who is head of global tax. Well, you've been quietly listening to, to the discussion there and, and also being very patient. I know probably going, looking at the clock going on with it. But how, how do you see sort of data and privacy and competition law sort of interacting? Is competition antitrust stuff relevant at all or is it just a bit of a red herring? Ok. That's a good question. Well, I think for a long time, data privacy practitioners and competition lawyers saw themselves in separate boxes and they didn't really talk to each other too much and, you know, uh, they, they saw themselves as part of very different, legal regimes if you like. But I think that has changed hugely and there are still a lot of areas where the interaction between the two spheres of law is difficult. But notwithstanding that it is now absolutely clear, I think to all competition lawyers, that data is enormously important from a competition law perspective. And it and that the data, the availability of data, how it's held, how it's gathered what's done with it can change the competition landscape for those who hold it and those who don't, those who have access to it and those who don't absolutely fundamentally. And I think there is no doubt in my mind as a competition practitioner that data is an enormously important issue for all antitrust regulators. I like to think actually that here in the UK, the CMA has proved that it's slightly ahead of the curve. I mean, in 2016, it produced what now looks like a paper with extraordinary foresight about the use of algorithms in connection with antitrust and many, for many antitrust practitioners. I would count myself among them in 2016 and 2023. I thought, gosh, this is an incredibly erudite piece of work, you know, what should I be making? Reading it, trying to understand it, trying to see what, what the points were that they were making and now in it and now we think about things like the impact of ChatGPT and the a clear advent of AI, we have the, the chair of the German cartel authority saying that he finds the prospect of the impact of AI in the technology sector and on competition. Terrifying, frightening, I think was the word that he used. It is very clear that regulators, competition regulators have to understand what the impact of data is on the parameters of competition and how that the rules will interact with data privacy. So if you were if you describe this concept of the haves and the have nots, so the haves being those people who have the data sets and, and the have nots and I suppose you could have a situation where you've got a innovative company that actually has got some great ideas and wants to be creative, but they feel that they haven't got the data to sort of put in their machine to, to really make it run. Do they have any avenues available to them? Well, they're coming, it will be the answer to that. I mean, in the eu context, I would say that uh things are a bit more advanced because we've we've got actually got the Digital Markets Act which will come into force in the beginning of May and that will regulate certain large gatekeepers. Only some of them, not all of them, certain large gatekeepers have. You've got to be big. You've got to have a big impact on the internal market. You've got to business users to reach their end users and you've got to have an entrenched and durable position. In other words, you've really got to have market power. When I say big, you've got to have EU turnover above 7.5 billion or average market capitalization or equivalent fair market value of at least 75 billion in the last financial year. And these businesses will be subject to a code of conduct and that will have a lot of boos and votes in it. I won't go into them all. But it will include things like allowing third parties to interoperate with the gatekeepers own services in certain situations, allowing business users to access the data that they generate in their use of the gatekeeper platform. Provide companies advertising on their platform with the necessary tools and information allow business users to promote their offers. I mean, you get the flavor of it. I won't go through every everyone. But basically, the idea is to level up the very unlevel playing field and particularly for consumers. But also for businesses that need access to that data to, to compete. So it should, it should represent quite a, quite an important rebalancing piece of law. And in the UK, we also, I think the latest information is that in the next fortnight or so we will actually see a new uh digital and competition law bill tabled and that will do a similar sort of thing, but arguably it's more flexible and I think it's a good job that it is because it's not got the same thresholds that I've just described for, for eu businesses. It's looking more qualitatively if you like at whether a firm has achieved significant size or scale, whether the firm is an important access point to consumers, whether the firm can use the activity to entrench or protect its market power or to extend its market power into a range of other activities, whether it can determine the rules of the game, it will almost certainly catch the same people that the eu will catch. But there is this going to be this extra ability to look at whether there are additional reasons why some of these very large firms would, in addition, it catch other firms as well that could qualify using that kind of description about the firm. So my view is that the regulation in the UK will be more specific. It won't be a flat code of conduct like the sort of thing that I read out in the eu context, it will be regulation that is customized for the business being regulated. So, you know, what that particular business needs to do will actually be stipulated by the digital Markets Unit. And the C MA that should be, that's, we've never seen that. And, and then we were talking about on the last part about uh, M&A and acquisitions and databases and things and what would be sort of uh things that you'd be flagging the clients in the concept of acquisitions. And OK, well, I think it's now also fairly clear. I mean, if you look at cases around the world brought by competition authorities, it is clear that around the world, competition authorities recognize that the accumulation of a large data set will often support in some way or another a dominant position. And the question is how it does that and can you spot it? And that goes back to Simon's point that business leaders really and people involved in these acquisitions, they really need to understand what it is that they are looking at buying, what does not just what does it do, but what could it do? Because we've got, you know, a decision like there are a couple of French decisions. The French competition authority is actually a really assertive and aggressive authority, I can say confidently. And so you see them finding, for example, E D F who use their customer database that they got because they were at the public provider of regulated electricity tariffs using that data, even though the energy markets were supposed to be opening up using that data to entrench their position in relation to electricity supply. But also leveraging off that database to get into gas and various other activities that they, they wanted to access in my experience when businesses buy another business because they've got a fabulous data asset in there. Insufficiently often. Do people say to the advisor, is there a potentially an antitrust issue here? I mean, obviously if it's, there's a merger clearance going on, it may well come out and be discussed, but sometimes there isn't a clearance and there isn't that process going on, but there may yet be a serious competition risk posed by what's often a seen as a leveraging opportunity. I mean, uh we've obviously also heard uh a little bit of reference to AI which is obviously the new thing on the block. What sort of risks do you see? Do you see from a antitrust perspective with, with AI or aren't there any? Well, I, I don't think Andreas M would say AI is really frightening as the chair of the, you know, the without a really good reason. And I think the, the, the risk that he sees in particular is that in tech markets, what you tend to see at the beginning is a sort of muddle with a lot of players and there's no clear and suddenly the leading players emerge and they shoot literally into the stratosphere and that is what everybody wants to use. And so what he sees, I think is an extra development in relation to potentially the get the gatekeepers that they identified in, you know, that the EU will identify under the Eu Digital Markets Act. Also now accessing and developing and exploiting AI in a way which locks others out. And in fact, entrenches even more the dominant position can. Yes. So I think that's probably what the regulators see as risk number one, but there's a couple of other risks as well because there isn't any question that uh algorithmic systems can facilitate collusion by competitors. And we've got some cases on that. We've got an online poster case here in the UK quite a small case. But basically pricing algorithms were used by competitors in order to affect a cartel that they'd agreed on outside of that conduct. Algorithms can definitely be used to detect and respond to price deviations. If they, if people are actually wanting to collude on price, it enables firms to set prices by using the same third party software through which they can exchange information, they learn to collude tacitly which is can be incredibly difficult to detect. And furthermore, I think companies with a dominant position can, can use algorithms to entrench their market power, for example, and competitive prices, they could be algorithms and AI can be used to price discriminate, charging different prices to different consumers based on different customers, perceived willingness to pay, which I was really pleased you called out because if that's a dominant business doing that, they've got a massive problem. And I, I think the other thing is that AI can make decision making very, I think the word is probably intrans parent unt transparent, not sure, not transparent. So that you can't actually see where there are competition violations going on. So if you're going to be using AI, you need to be really careful that you've thought through these collusion risks, the possibility that you may be dominant and that this may be, you may be using AI in a way which is an abuse. And above all, watching out for discriminatory pricing practices, the tat collusion makes me a bit nervous and I'm sure that's probably what we experienced with our family members, brothers and sisters, a lot of collusion that goes on. But we, we'll come on to Ben in a minute but there's obviously a lot in there that Ros has mentioned, but I mean, Simon or Lauren or you want to add on that. I mean, I'm not, I'm not expecting you to suddenly say, oh yeah, I know some behavior and, and, but, but I do you, do you see this as something that the client and, and organizations you've been in that they regularly consider this or I mean, some don't show, I don't think, I don't think enough because it goes back to are enough people informed. And I think this is the biggest, the biggest point because there's a lot of very excited technology vendors that are out there selling to a lot of excited folks who have the best interest in mind about what is the cool stuff I can do? And even even if it's not breaking the law, there's other things around. Did you write an algorithm that actually discriminates because of the people that actually wrote it? And we didn't really think about that or the data that we have is actually almost discriminatory by nature because of how we've collected it. And I remember working with Equifax and it was around the underbanked and, and there is no credit score for the underbanked and, and if you decide that you really like cash or Bitcoin or something else, it isn't, you know, basically a traditional way of coming up with a FICO score, you actually feel like why am I am trusted? Why, why can't I get a mortgage? Why can't I do this or that? So I feel like it's a little bit as, as old as time in terms of if you don't have all the dimensions of different people thinking about if we do this AI, what is the regulation? What is the actual impact on the consumer? What's the impact on the employees who are doing this? Yes. So I, I, I just think it, we actually need a bit of a reformation around how do we actually work as teams across these disciplines? And where can we create the forums, like you said, from a leadership perspective where we actually instigate, we need to have this conversation and we're seeing more and more companies ask for basically ethics and AI in their new digital transformations. And they're saying we need a stream that's looking at this to bring people together, which I think is great. It's not, it's not the majority. Yeah. And I suppose also in regulatory compliance uh structures. So different compliance towers and of course, you, you can kind of get this like, well, well, that I'm not responsible for that. But when, of course, actually the uh communication and collaboration across these teams is so important. But then on from a tax perspective, data is an asset. You know, I think it's, it's generally accepted that although maybe exceptions, data is a pretty valuable asset. I mean, are tax authorities getting wise this or they just uh yeah, not really recognizing it. And just sort of, we've got, we've already got enough money in the tent. Yeah, they're fine. They're all right. They're done. They don't need to tax anymore. Uh No, this is much like the legal world. It's a super topical issue in the tax world. But I noted Ros comment earlier about data lawyers and competition lawyers being in separate boxes, tax lawyers and tax professionals are a separate building. So I appreciate, I appreciate the people in this room may not be following all the topical issues in the world of tax. So I'm gonna tell a little story and I keep it short and keep it interesting if that's not an oxymoron in the context of tax. And hopefully you leave a little bit more informed about the world of tax. So as I said, super topical issue because essentially of the value that is being driven by data by large digital companies. And it's, it's the wider context of what what's called in the tax world, the digitalized economy where this debate has begun. But actually at the heart of it is the value that is extracted from the data that is collected from people around the world. And we'll come back to that back to that in a minute. But essentially the key issue in the world of tax is it is not so much whether or whether data and digital businesses are taxed. It's, it's where they're taxed and who gets the right to tax all of this new exciting stuff that is being mined from people around the world and the, the issue before we get on to the proposed solution is essentially that, you know, the, the sort of the web of domestic law that makes up the international tax code was essentially designed in the 19 twenties, right? In the 19 twenties, no one knew what the internet was. No one could even predict it. No one knew that you could sell to a customer from London on in, you know, in Australia. No one understood this concept of data as an asset or as a valuable asset. You know, they were selling widgets, sticking them on boats, selling, putting them in a warehouse in another country and selling them from that warehouse. It was a bricks and mortar physical presence tax system. So quite logically at that point in time, you, you became taxable where you had presence where you had a warehouse where you had an office where you had people, right? The internet's rewritten all of that you can now, literally, as I say, sit here, I could put something online, someone could buy it or I could sell my services to a country far away. And you know, and that's a transaction for me. I've made money out of that. Where should I be taxed on that right now? Current rules the world we live in right now, more or less the UK because that's where I am fine. That makes sense in a way and might say that that's logical. I'm the one generating that revenue, the issue that you have with the advent of the internet, the advent of the digitalization of the economy and the advent of new data being a valuable part of that is that you have all these countries around the world, the governments and the tax authorities saying actually the only reason or one of the main reasons you're making money is because you've digitally projected into my country and you've interacted with my populace. You've gathered their data and taken that and sold that monetized that somehow. But I can't touch a penny of that because you don't have any physical presence in my country whatsoever. And I as the government of, you know, ABC ABC country with a billion users of a social media platform or a, you know, a digital business, think that actually I should have my fair share of that, right? So that's where the debate started. And because there is no, there's no international tax code. As I said, there's no one person that legislates tax for the world, there's 100 and X countries all trying to do their own the best by their own sort of local government. You needed someone to coordinate some kind of initiative to allocate tax fairly and we'll come back to whose view of fair really matters in this kind of equation. But the OECD took on this challenge, this comes back to the value exchange. It is, it's like who, who should have this value, you know, should it be the customers or their taxing jurisdictions or the, or the companies that create the clever algorithms and come up with the, the, the idea and probably the right answer. The equitable answer is, is a bit of both. But at the moment, that's not what the systems deliver. So the OECD we basically tasked with, you know, come up with a solution to this issue and this was in 2013, they still haven't come up with a solution to this issue. This is not an easy issue to, to, to solve. It's not easy because you need everyone's agreement. Now, there's a massive elephant in the room of getting everyone's agreement. You can't get anything done internationally. I think almost in any sphere without the US S cooperation, where do 70 80% of these large value generating tech companies find their base and where are they taxed in the US? So there's been this political back and forward for the last 10 years basically saying please Mr Us, whoever's in power at any given time. Do you mind if we have some of your tax revenue and the, and the, the Trump answer to that is no, get lost. But the Barack Obama answer is, well, I think about it. The, the Biden answer is right. Well, ok, but can I have a little bit back in return? But it's intensely political? It's not, it's not some dark office building where tax geeks hang out. It's literally, you know, halls of the white office, white house type stuff. See, tax is interesting, I promise you. This is so, so while this has been going on, it's been going on a very long time, you know, countries have sat around thinking, well, this, this isn't working for me. I'm still, you know, the digital economy is not shrinking, it's not staying still. My data is, you know, my populace's data is still being extracted. So I need to do something about this. So the we went through a range of years of a whole load of kind of what, what you called unilateral measures, but essentially countries doing their own thing and trying to grab their share of tax. And the whole point of the OECD initiative was to stop this because if you get 100 next countries doing their own thing, they're all going to be different. It can be an absolute nightmare for any business. You know, like a getter of the world trying to just do the same thing 100 times over in 100 different jurisdictions, you basically want to know that you're gonna be treated the same way in every jurisdiction. And if you're gonna be treated in 100 different ways and taxed in 100 different ways, an absolute nightmare way of doing business. But that's the direction of travel right now. Unless the OECD sort that out. And I said the story would be short and I'll stop in a minute. But, but in, in the middle of that, just to bring it back to kind of ross as well, we had the whole kind of spat with, with, with, with the Trump administration where, you know, the, the French went ahead with what's known as a digital services tax, which is part of a unilateral measure to try and bring tax by reference to users and customers in a jurisdiction back into France. Donald Trump said that is anti competitive. I'm going to impose a whole load of tariffs on things like French wine and cheese and stuff like that coming into France, you know, so this is so this is just like this is really the obscure world of tax making your cheese more expensive in the US. This is, this is the real world. It is important. That was the thing that really struck me that so, you know, long story short and coming to the end of the story essentially where we are right now is the way the last couple last year or so, there has been a coalescence around a sort of solution to this problem, which which is a set of complicated rules, which I won't describe what you tend to describe. Now, they sort of broadly called pillar one and pillar two OECD B E P solutions. But that seek to allocate profit between jurisdictions. But what the US have managed to achieve over the course of 10 years of negotiations to take this from a concept that covered everyone down to a concept that covers essentially businesses that have a worldwide revenue of over 20 billion and a and a and a profit margin of above 10% thereby really restricting it down to about 100 businesses in the world. And the open question at this stage because those rules are developed but not implemented is whether that's going to be enough for the rest of the world, you know, can they really stop there? Will they really say in the face of the massive escalation that we've seen of the digital economy of data as an asset and of, of its value and the runway that inevitably is still to go on that in terms of kind of upward curve in value and how people use that? Are they just going to say that's enough for me, India China UK Europe to, to, to be intent that tax is taxed in the right place or do we, do I need to go at this again? Do I need to come out with a whole load of other tax measures? And, and ultimately, we and I discuss this, this is bottom line stuff at the end of the day. If, if there's a, if there's a whole load of unilateral taxes that make doing business in this way unprofitable, then you're not going to do business in this way, you know, and there have been examples of unilateral measures that have caused big tech businesses to reverse out of jurisdictions because the what, because what they do in that jurisdiction is not profitable because of the tax imposed. So I know that tax is boring and it's someone else's problem. But ultimately, you get your, you know, your, your geek in another room in another building saying actually, we, we're losing money because of tax doing business in this jurisdiction or it's just so expensive to do this business model across 100 different countries. Let's not do it. But ultimately, it can a spill into the commercial world and b spill into, you know, the legal world in terms of, you know, the fundamentals of in the business. So that's my little tax story. That's why tax is important. Well, Bernard, you know, fantastic to be able to explain that in simple terms that even I understand which is, which is, you know, that my level as well. Yeah. Yeah. And, and, and obviously that's, you know, that is tax, of course, is important in the context of society and responsibility community and E G as well about, you know, obviously taxes go to pay for health care and education and everything else and that those that are underprivileged and the vulnerable. So whilst, I mean, you said it, but the value exchange point comes back again, you know, you've got, if you've got like in India of the world, heavily engaged digital interaction. A billion plus people now the most populous country in the world based on the F T thing I saw today, they're giving that stuff away largely for free. Unless they get something out of it personally. Or the country can extract some form of tax revenue to give back to society in a, in a governmental way. Yeah. Yeah. I mean, and, and on the topic of ESG Simon, actually allowing data and making data available to people who really need it for, for good causes and something quite this your heart as well. But I think you, you mentioned you and this will be the final point. I think before we get questions on the floor, but I think you're involved in a brain tumor charity. Is that correct? And what's your involvement in that? Well, the uh I'm a trustee of that and it like a tax story, right? I'll try to make it a very short one. There's been some amazing developments in cancer treatments and immunotherapies and you know, that actually come from data analytics around genetics, sequencing the G N O proteins and the like, sadly, brain cancer, brain tumors hasn't really benefited, benefited from that. It's more complex and of course, there's a herd mentality of the drug organizations, their commercial organizations they want to play in the places where you've got, you know, the largest disease states and you're likely to get answers and solutions, right? So brain cancer is smaller, incredibly, uh it's the largest cancer killer of, of under forces and you've got to get through the uh the brain blood barrier. So one of the uh the the real truths about brain cancer is, is data, is probably one of our best hopes of solving it. But we need to create, you know, proper interconnected human data. And that means tracking humans over time. It means tracking people who have brain tumors and who don't have brain tumors and trying to assess what biological changes took place that led to, to, you know, a tumor developing because reality is something as complex as a brain tumor will only be solved by, yeah, stopping it before it happens or at the or at the very early stages. But so, so we basically as a as a charity decided that uh no one's tackling this in the world of drugs. And uh the big technology companies are uh you know, very busy, you know, doing advertising and marketing and uh important society work like that. Uh So we thought we'd try and actually start it. So we, we're getting NHS data NHS digital data that itself is, is sadly complex and difficult and hard. 80% of missing data, we haven't talked about missing data, but 80% of brain tumor data on the NHS is missing. What type of chim you have, which is quite an important piece of record. So getting organizations like the NHS, which is multiple organizations to capture the right type of data is uh is key, but we're really just trying to go out there and sort of lead the way and get other people. We've got Pancreatic Cancer UK. Now collecting this data, we've got thousands of patients actually every day recording how they feel. And uh because, you know, the typical cancer conversation is you haven't seen your surgeon for three months. How do you feel? How have you felt? Right. Of course, there's immense complex stuff going on which if you can record and you can share and you can make it database. Look, it's I won't go much but it, it's an example of where data can really be used to change outcomes for patients, uh both in terms of their care, the interaction. So, you know, data is an amazing commercial tool. It can also be incredibly powerful for citizens. It's where things like AI will be really powerful for us because it allows us to look at vast quantities of longitudinal data. And uh you know, I think we've probably yet to really see you know, sort of governments and, and non-commercial organizations really see the power of, of data. You know, if you look at like the, it doesn't matter any country but the UK if we actually thought of, you know, put the citizen at the center and said what, you know, what are people consuming in terms of health? What are they doing? You know, social care, education and the like, we as an organization, as a government, solve it by silos, what we're seeing by organizations, like get some of the things that you know, we were talking about earlier is it only when you bring these, these, these pieces together, even what the conversations we've had around law today, right? What have in the past have been separate disciplines? Actually, they have to work together now because of the complexity of society, because of the complexity of data and technology. So I think it's just an example and I think when organizations start to see the potential E S G benefits of, of really using their data assets, their capability for, you know, a broader good, that's going to be incredibly exciting too, going back to why I'm an optimist about AI rather than a pessimist about. And there's got to be a point there about you can be forced to open up your data set. But actually, you, you can, you can actually make it available for, for good uh proactively. You don't have to wait for a law. Yes. So, you actually, you know, if you're facing some challenges, you know, if you're doing good as well, but, and, and obviously, obviously that could help pave the way for how you might make data available as well. So you can do it in the sandbox way that will help trial those sorts of things. But, but, but then you get into things like risk. So for example, you can imagine like NHS organizations, you know, the degree of thinking which they do about risk, you know, rightly. So back to, you know, data and privacy and those things. But again, you know, if it's gonna take two years for an organization to make a decision, then that's another two years before we can get the data in the right place before you can deploy the technology, right? So how we balance all of these difficult ethical, legal privacy, government or society things all together, right? It's, it's a complex interrelated world and uh relying on the uh the politicians to help us, you know, navigate through it is quite a big bet for us all, isn't it? So just I think moving on to, any questions that then we might have. Oh, thank you. OK. Do you have the microphone? Yeah, I hope this is a question on pillar two of the OECD. So am I and from a partner? What, what chance does Europe have to set tax legislation, regulatory legislation if we haven't got any AI champions? Because I understand ChatGPT has spent £12 billion up until December to get to where it was and, and it has another 10 billion already spent from Microsoft. So is going to take billions and time and effort and the whole ecosystem for, you know, if we don't get cheese and wine, that's kind of devastating. But if we don't get AI competitive edges means death, right? For European companies, because we'll need that AI it's like, it's like having the US have the internet and, and not having in Europe. So ultimately that, you know, we can say, ok, here we have this tax legislation and we have the regulations but the sanction is then say, well, fine, don't take our product and we need the product. Yeah. So you know how is this all going to fit together if we don't have a, have a European UK champion in this space? Thank you very much. Can I make a comment on that anyone like to anyone know how many employees open AI has the producers of ChatGPT four. How many, how many might you guess someone who's got works for accenture with 800,000 employees. Open AI has 300 employees a year ago. It had 200 I think it's have gone from uh like 100 million to 10 million. It's actually a revenue declining company. Its valuation has gone from 100 million to 100 billion, right? So the interesting thing is I don't think it takes, it doesn't take an organization of 800,000 people sometimes you might argue it's, you're less likely to get no disrespect to an accenture. And but what I mean? So, so, so, I mean, funnily enough, I'm working with an incredibly smart bunch of 200 guys in Krakow in Poland who I think have got something that, that their AI outs me Facebook AI on Facebook data, right. Straight out the can is an untrained, unsupervised way. Uh So yes, I mean, I entirely agree with your point about we need champions, but it doesn't have to be organizations of 100,000 employees, right? We need to create the right environment that uh you know, the right brains out to the right uh academic institutions, the right education come together to do this thing. Sorry, I interrupted. No, no, not at all. I wasn't sure I got excited. I thought it was a tax question but I think, I think it's more about the, you know, the, if someone sort of championing, as you say, and, and, and fighting the Europeans corner compared to sort of perhaps the slightly less regulated environment of the US. So it's certainly on the tax front. It's not, it's, it's not about shutting it down. It's just about finding the right allocation of, of, of value and, and taxing revenue, but that doesn't inhibit the activity. It just inhibits the ability of authorities to collect revenue from it at the end of the day. I think it's probably more perhaps rather than Phil's territory in terms of what might actually stop, stop activity progressing. I suppose my, my answer to that would be, I think without the type of regulation that's in the Digital Markets Act, the fact the prospect of European, if you like Western Europe in the broader sense, businesses based there being shut out is much higher and it remains to be seen whether the uh sort of code of conduct that they want to introduce is adequate or not. But it strikes me that the things that are in it should allow should not inhibit innovation. It should actually make innovation easier, subject to what the data privacy people do. Thank you. Thank you for that Ross. So I see one more question here, but Oh, excellent, excellent. Thank you very much. Right. So don't leave me on here. There's better be a tax question. We, we've seen a lot of transfer pricing issues with IP rights. Are we seeing anything similar with data? Because if data is an asset, it's a valuable asset. And you know, if you've got a parent, a US parent taking that value from markets all over the world at the moment, it's not being taxed as I as I see it. Yeah, like IP rights. Yeah, it's so sorry. The first answer to that is I don't think we're yet seeing as in revenue challenges that playing out in the way that it, it should and probably will and for the benefit of those in the room who perhaps don't know quite what we're talking about in terms of transfer pricing. It's essentially the the international system of ensuring that related party transactions are uh are taxed or, or, or, or undertaken at arm's length. So if you're transferring data from Europe to the US, for example, you make sure that the US pays full value for that data. Uh And then that value can be taxed in the hands of the, the European sort of group companies. But I think that will be, you know, the next big, you know, once you alongside the other, the other main topical issue in tax or the main big ticket issue is transfer pricing and in particular in the context of intangibles because it's so hard to value and you can get so such a degree of differential between one person's view of the value of, of an intangible and the others. And so there's always in a transfer pricing dispute, there's always one tax authority and another tax authority. And the one that feels that they're missing out on tax will find an expert to say that their data or the IP is worth several billion more than the other person who said it was valueless and, you know, we're just collecting it because we have to sort of stuff. So, so yes, is, is my answer. I think that although we haven't seen that borne out in very high profile case cases at the moment, that's got to be alongside everything that's going on in the context of the tax authorities, understanding better the digitalized economy and, and data as a valuable asset within it. That's got to be their next line of attack unfortunately. Well, so you have to, yeah, you have to, you have to be reasonably comfortable internally when you're, well, it comes back to the interchange of the legal and the, the tax world because you got to understand whether you do have an asset that's, that's changing hands. And one thing I always struggle with legally, you know, when data is in a cloud and it's not necessarily in a single location and everyone has access to that cloud. Is that really going between borders? And at the end of the day, it comes down to sometimes it comes down to how the contracts are drafted and what's actually happening. But at the end of the day, get internally comfortable on what is going across the border and some form of sensible valuation associated with that, you can probably fend off a tax authority challenge. but they're always gonna have a different view and it's gonna be often multiple millions of, if not billions in, in, in between the different positions. There isn't the transfer. The price has been around for 30 40 50 60 years. And you know, it's always a big company issue, but it's more problematic in relation to, uh, you know, data and a type of new asset which people don't really know how to put value on and can't even legally track where it is at any given time. Half the time there isn't a, there isn't a good answer yet but it'll, it'll, it'll no doubt play itself out between the court system and, you know, professional advisors working out what they think is more or less the right way of treating these assets. I was gonna ask you, I know you have a question, but if I may, I would, if you could ask it in the Drinks Arena because I'm also conscious of, uh, people may have things to go to and no one wants to go to an event where it goes on too long. Uh, and I also, I'm very grateful for the panel this time as well. So, I was gonna draw this second panel to, to an end and if you could put your hands together, thank you very much.