WM Risk Series
Risk – Data breaches. Whistleblowing. Defective products. Political turmoil. Economic shocks. Social media. Each year businesses face an ever-growing host of risks from every part of society.
What should in-house counsel’s role be in monitoring the wider risk environment? What contribution can you make to the business? And how do you balance the need to do things right with the desire to do the right thing?
Our #WMRiskSeries of publications below offer guidance to navigate the increasingly tricky risk environment, the potential impact on your business and how Walker Morris can help.
Visit our WMRiskSeries on LinkedIn.

How to manage the ever changing risk landscape
Join us for our annual in-house counsel training session which this year will investigate how […]
Join us for our annual in-house counsel training session which this year will investigate how best to deal
with potential legal risks to your business in the current climate.
Data breaches. Whistleblowing. Defective products. Political turmoil. Economic shocks. Social media. Each year businesses face an ever-growing host of risks from every part of society.
However, the biggest threat is approaching them in silos. Risk can’t be compartmentalised. To contain it and reduce it you need to zoom out. Step away from the micro and take in the macro. Put down the microscope and take out the telescope. Make the links that people typically miss.
What should in-house counsel’s role be in monitoring the wider risk environment? What contribution can you make to the business? And how do you balance the need to do things right with the desire to do the right thing?
This is the go-to event for General Counsel and Heads of Legal to understand the proper way to assess and respond to legal risk. You’ll hear from experts across the firm, as well as other risk specialists and senior in-house counsel. You’ll also be able to listen and contribute to a panel discussion about what legal’s role in risk management should be in 2018 and beyond.
This event will give you the guidance you need to navigate the increasingly tricky risk environment. Included in the day will be the opportunity to book a short surgery session with one of our experts to address any pressing issues.
Visit our #WMRiskSeries for more legal guidance.
WHEN
Wednesday 17 October 2018
9:30am – 3:30pm
WHERE
Walker Morris LLP
Kings Court, 12 King Street
Leeds, LS1 2HL
To book your place please email kiri.richardson@walkermorris.co.uk

Coronavirus and employment law – practical advice for[...]
The full effect of the coronavirus on the UK workforce has yet to be seen. […]
The full effect of the coronavirus on the UK workforce has yet to be seen. Aside from the adverse impact on business in general, employers face having to ensure that their staff are protected as far as practicably possible, as well as dealing with the clinical impact of the virus on the workforce (sick employees), but also the wider knock-on effect of precautionary measures such as social distancing and self-isolation. None of this is helped by the ‘fear factor’ which has given rise to panic behaviours such as food stockpiling.
Below, we set out some practical steps for employers and look at some frequently asked questions. Our Employment Team are on standby to help with your queries as and when they arise.
Initial practical steps
Employers have a duty to take steps to ensure the health and safety of their workforce and to ensure a safe system of working and must take the threats posed by coronavirus seriously. This can be done by adopting the following steps:
- Keep staff regularly updated on what is being done to reduce risks of exposure and to mitigate the effects of coronavirus in the workplace
- Check that managers know the symptoms of coronavirus and have a clear understanding of the absence/sickness procedures (including around sickness reporting and sick pay)
- Think through the steps that would be taken if an employee was confirmed as having the virus including isolation/self isolation and taking advice
- Ensure there are adequate handwashing facilities with hot water and plentiful soap (and don’t allow the soap to run out!)
- Encourage staff to wash their hands regularly and put up awareness posters about handwashing, coronavirus symptoms and action
- Provide hand sanitiser (assuming of course that you can obtain it!) and tissues for staff, and encourage them to use them
- Consider if protective face masks might help people working in particularly vulnerable situations (this is in line with ACAS current advice)
- Stay up to date with Government advice and ensure that it is followed. Web links should be provided as the advice is frequently being updated by HM Government
- Consider options with regards to home-working or agile/remote working. Ensure that your IT is fit for purpose and will facilitate home/agile working
- Consider what preparatory steps should be taken at this point in the event of a lockdown. For example, if you don’t have a Home-Working Policy/Agile Working Policy now is a good time to introduce one
- Ensure that people are treated fairly and vulnerable groups are taken into account
- Check that all staff (including contractors) contact numbers and emergency contact details are up to date.
Self-isolation and sick pay
The most common queries are around sick pay and self-isolation. Put simply, if the employee can still work from home during a period of self-isolation then they will be entitled to be paid because they are still working.
The Government and ACAS have stated in their official guidance that if NHS 111 or a doctor advises an employee or worker to self-isolate, they should receive any Statutory Sick Pay (SSP) due to them. If the employer offers contractual sick pay, it’s good practice to pay this. Boris Johnson has announced that, in these circumstances, SSP would be payable from day one of sickness but, at the time of writing, this had not been implemented by legislation.
If the employee is not actually sick but the employer has asked them not to come to work because of concerns that they may be affected by coronavirus, they will be entitled to their usual pay.
Absence due to concern about exposure
Some employees may resist attending work because they are worried about exposure to the virus. Employers should handle such concerns very sensitively but firmly. For example, if the employee is more vulnerable (e.g. they are over 60, have underlying health conditions or a weakened immune system) then their concerns may well be understandable. It may be possible to allay their concerns by making some adjustments, for example, to their hours to enable them to travel on public transport out of rush hour or allowing them to work from home on an agile basis. Alternatively, the employer could allow them to take some time off as holiday. If no agreement can be reached and the employee insists on not coming to work (and they are not sick) then there is no legal obligation to pay the employee.
Ultimately, if an employee refuses to attend work it could lead to disciplinary action. However, exercise great caution when dealing with pregnant or otherwise high-risk employees as there is a risk of discrimination claims (pregnancy/pregnancy related/disability claims). If there is a genuine health and safety risk posed by being required to attend work then disciplinary action might lead to a constructive dismissal or detriment claim. The key is to act reasonably, listen carefully to your employees, follow current government guidance and avoid placing employees at undue risk.
Bear in mind that if there is a vulnerable individual in the workplace (e.g. someone undergoing chemotherapy) it would not be appropriate to tell other staff about this unless the individual wishes the employer to do so as this is obviously sensitive personal data/information.
Employees with caring responsibilities
Employees are entitled to reasonable time off work to help someone who depends on them (a ‘dependant’) in an unexpected event or emergency (such as coronavirus). For example:
- if they have children they need to look after or arrange childcare for because their school has closed
- to help their child or another dependant if they’re sick, or need to go into isolation or hospital
There is no statutory right to pay for this time off, but some employers might offer enhanced pay in this scenario. The amount of time off an employee takes to look after someone must be reasonable for the situation. For example, they might need to take 2 days off to start with, and if more time is needed, they can then take it as holiday. Again a sensible approach needs to be adopted in such circumstances.
Covering sick employees
It is possible that an ‘all hands on deck’ situation may arise where employers need to utilise every resource available and change an employee’s duties or hours to cover for their sick colleagues.
Many contracts of employment give employers an express right to vary duties and hours (although this is always subject to the implied term of trust and confidence so such changes will need to be reasonable under the circumstances). Employees are also under an implied duty to obey lawful and reasonable instructions which can be helpful in certain situations. It is important to consult with affected employees before changing hours or duties to avoid the risk of employment claims but clearly and in extremis, virus related absences will provide a powerful business case for changes on a short-term basis.
Further advice
The Government and ACAS guidance for employers is being kept under constant review as the situation develops. This is an incredibly challenging time for employers but rest assured that employment law allows for flexibility and a fair balance between the needs of the business and the interests of staff in unprecedented situations such as this. More often than not, the key to getting it right is in having solid business reasons for decisions and then in successfully navigating a fair procedure.
Our employment team are here to assist and advise with any queries or concerns that you may have. Please contact David Smedley, Andrew Rayment or Laura McLellan.

Coronavirus and contractual obligations: What businesses need to[...]
Walker Morris’ Commercial and Dispute Resolution specialists James Crayton and Gwendoline Davies offer essential legal […]
Walker Morris’ Commercial and Dispute Resolution specialists James Crayton and Gwendoline Davies offer essential legal and practical advice for businesses concerned about Coronavirus and contractual obligations.
What is the commercial context?
By the end of February 2020, new cases of Coronavirus/COVID-19 reported outside China exceeded new cases in China. Despite international efforts to contain the virus, the World Health Organisation formally declared the outbreak to be a public health emergency of international concern and the number of international confirmed cases continue to soar daily. In Europe, many countries have been placed on lockdown (with some taking more draconian measures than others) and vulnerable people have been advised to stay at home. For some, the lockdown is set to continue for at least a number of weeks, whereas countries such as Italy which is a few weeks ahead of the UK, have now started to relax the measures, with some shops such as children’s clothing shops being allowed to reopen. In the UK, sporting and social events have been postponed and cancelled; schools and many offices have closed, and strict guidelines are in place encouraging people to stay at home unless travel is essential and/or work cannot be performed from home. Quite apart from those suffering with or succumbed to the illness, there is no doubt that the human impact of this virus is significant, and is being felt increasingly close to home. But what about the impact on businesses?
It is estimated that some 60 million people in China have faced travel restrictions and around 55 companies in Shanghai alone reported in mid-February that their global operations had been affected – largely by a shortage of manufacturing workers [1]. With businesses around the world being heavily reliant on trade with China, and with existing supply chain inventory now becoming depleted or exhausted, economies and businesses across the world are starting to experience the knock-on effects.
The Port of Los Angeles, the busiest port in the US, expects to report a 25% drop in business for February 2020 [2] and the US Central Bank slashed interest rates in the face of mounting concerns about the economic impact of the virus. In the UK, JCB halted its production line and cut staff working hours because a shortage of components from China has meant that production forecasts cannot be fulfilled. Fiat Chrysler has warned that some of its European plants could be forced to cease production and Nissan has closed a factory in Japan. These are just a few recent examples of the countless reported incidences in which the Coronavirus is impacting international trade.
Apart from the impact on individual businesses, there are a number of factors which, together, mean that the worldwide economic impact of Coronavirus is likely to be more severe than has been the case with other, past epidemics: increased globalisation over recent years; the growth of China’s economy to more than 16% of global GDP; China’s output amounting to around a quarter of the world’s manufacturing; China’s dominance in certain industries (including high technology, electronics and robotics, automotive components and production, pharmaceuticals, and second tier supplies such as batteries and other underlying components); downward pressure on costs; increased outsourcing; and so on.
Over the coming weeks, therefore, businesses are likely to become increasingly concerned about the impact of the Coronavirus on their supply chain arrangements and commercial viability, and many businesses are likely to be feeling the effect already.
Whether or not contracts or common law remedies allow parties flexibility within, or the ability to terminate, arrangements which are affected by the virus, and by the resultant economic climate, will be key.
What do businesses need to know?
Frustration
The English common law doctrine of frustration provides that, on the occurrence of a ‘frustrating event’, parties are no longer bound to perform their obligations and a contract is therefore effectively terminated.
A frustrating event is one which: occurs after the contract has been formed; is so fundamental as to go to the root of the contract; is neither party’s fault; and renders further performance impossible, illegal or makes it radically different from that which was contemplated by the parties at the time the contract was made.
Importantly, however, the doctrine operates within very narrow confines and the courts will not lightly relieve parties of their contractual obligations.
In particular, frustration is not available where a contract has otherwise made express provision for the consequences of the occurrence of the event in question; where an alternative means of performing the contract is possible; or if the contract merely becomes more expensive or less commercially viable to perform. The bar for a successful frustration claim is high.
In addition, because no one party is at fault in an incidence of frustration, neither party may claim damages, and if a party incurred obligations before the time of frustration, it remains bound to perform them [3].
It is possible, however, in light of the scale of the outbreak and the unique underlying economic context, that the impact of the Coronavirus could, depending on the facts of individual cases, found successful frustration claims.
Force majeure
Where frustration does not apply or cannot be established, an express force majeure clause may otherwise excuse one or more parties from performance of a contract following the occurrence of certain events which are outside a party’s control. There are some important points to note:
- A force majeure provision cannot be implied – an express clause will be required.
- A force majeure clause may have a variety of consequences. For example, it may enable the parties to terminate the contract altogether; it may allow the contract or liability under it to be suspended while the force majeure event continues; it may provide for the adjustment of certain terms as a result of changing economic or market conditions; and/or it may allow for the extension of contractual deadlines.
- The China Council for the Promotion of International Trade has reportedly been issuing ‘force majeure certificates’, which seek to shield companies not performing contractual duties from liability by ‘proving’ force majeure. Businesses should note, however, that such certificates in themselves are not conclusive in the English courts, and the usual components of a force majeure claim will still need to be established:
- The burden of proof is on the party seeking to rely on the force majeure clause.
- The term ‘force majeure’ has no recognised meaning in English law and should therefore be expressly defined in the contract. Commercial contracts typically define exceptional events such as ‘acts of God’, natural disasters, terrorism, strikes, government acts, building collapse, fire, and the like as force majeure events. Clauses vary as to whether they are ‘exhaustive’ (where all the events that could count as force majeure are listed), or ‘non-exhaustive’ (where the events listed are illustrative examples of the types of circumstances outside the control of the parties that may count as force majeure). The International Chamber of Commerce includes epidemics within its sample exhaustive force majeure clause – a fact which may be of evidential value in cases where there is a ‘catch all’ provision within the clause and there is a dispute about whether the Coronavirus is caught.
- Depending on the wording of the clause, a party seeking to rely on a force majeure clause may need to prove that it has taken all possible or reasonable steps to prevent or mitigate the effect of the force majeure event.
- Force majeure provisions also often include specific notification requirements and/or timescales which, if not strictly complied with, may prevent an affected party relying on the clause altogether.
- Finally, following a recent Court of Appeal case [4], to successfully rely on a force majeure clause a party must be able to prove not only that the event in question caused the contractual breach/non-performance, but also that it was the only cause. A party cannot invoke force majeure if it would not otherwise have been ready, willing and able to perform its contractual duties if the exceptional event had not occurred.
What practical advice arises?
Where, as a result of the impact of the Coronavirus, a business wishes to extricate itself from, or avoid potential breach of, or re-negotiate the terms of, a contractual arrangement, frustration or force majeure might well assist. Neither of these are necessarily easy options, however, and specialist legal advice will be required.
The following practical tips represent good practice generally, when it comes to anticipating, attempting to cater for, and reacting to an uncertain and ever-changing commercial marketplace.
In terms of existing arrangements:
- Parties concerned about the potential effects of the Coronavirus on any aspect of their business or supply chain should undertake an urgent contract review. As well as checking for the existence and terms of any force majeure provisions, parties may wish to confirm the existence and implications of any other contractual provisions which may assist. These might include (non-exhaustively) break clauses, price adjustment clauses, variation/no-oral modification clauses [5], limitation/exclusion of liability clauses [6], dispute resolution clauses [7], material adverse change clauses, and the like.
- When reviewing existing contracts, parties should note that what appears, on the face of it, to be a force majeure clause, may in fact be an exception or exclusion clause; or it may be a clause which covers contractual frustration. Each of these types of provision has different legal and practical implications, and specialist advice will be needed.
- Where supply chain or other contractual issues do arise, parties should consider commercial and reputational risks, alongside legal issues. For example, in such exceptional circumstances, parties may wish to consider being flexible about restructuring deals or debts so as to preserve relationships, even where there is no legal right or obligation to do so.
- Any business wishing to invoke force majeure (or to ascertain the validity of any force majeure claim made against it) should ensure compliance with any specific notification or other contractual requirements and time-scales.
- It will be prudent for any party wishing to rely on or to rebut a force majeure claim to keep clear records of all relevant factual and economic evidence as the effects of the virus unfold.
- Parties should also consider the potential for alternative ways of performing affected contractual obligations and/or for mitigating any loss or damage.
- As well as primary contractual arrangements, parties should check their various insurance contracts. In some cases, invoking or receiving a force majeure or a frustration claim can impact insurance policies. In particular, parties should ascertain any notification requirements.
- Finally, businesses should also consider their duty of care to employees (and, potentially, to visitors). Employers should monitor the development of the outbreak and government advice carefully, and should take proportionate action. Failure to do so could expose the business to employment contract claims, negligence actions, health and safety/regulatory claim and/or could invalidate insurance policies.
In terms of new arrangements:
- Parties should seek to specify the kind of events that they consider to be within the scope of force majeure. They should be defined precisely and, where relevant, should capture industry-specific, as well as more general, risks.
- The English courts do not look favourably on reliance on force majeure clauses to escape contractual obligations that have simply become more expensive or difficult to perform. Parties can, however, negotiate and expressly provide for a clause of this kind.
- To offer flexibility, parties should consider including within the contract a specified time period after which the contract terminates automatically; or providing for one or more of the parties to have an option to terminate; or both.
- Parties should consider providing for the terminating party to have some form of redress, for example if goods or services have already been paid for at the time of the force majeure event.
- Customers should consider seeking provisions which give them priority in the event that a force majeure event impacts on the supplier’s ability to supply – so that the customer is first in the queue for scarce resources in a time of force majeure, and is first to have supply recommenced following the end of the force majeure event.
- Where parties are part of a supply chain, complexities can arise where each contract in the chain has different terms and/or is subject to different governing laws. When negotiating new deals, parties should aim for consistency and suitability across the chain, wherever that is possible and bargaining position allows.
- An appropriate ADR (alternative dispute resolution) clause should be considered so as to come into play in the event of dispute over force majeure or similar clauses and frustration arguments.
WM comment
Relying on a purported force majeure or similar clause, or attempting a frustration claim, is not an easy, nor by any means a guaranteed, ‘get out’ for contracting parties when times get tough. By far the better advice is to try to anticipate, at the point of drafting, the types of circumstances in which the parties may require flexibility to renegotiate key terms; may wish to extricate themselves entirely from the arrangements; and/or may wish to avoid or limit liability for any breach or non-performance, and then to cater for those eventualities in the contract.
Other commercial issues which the Coronavirus has highlighted to businesses are the risks of becoming overly dependent on any one source or country of origin for vital supplies, and the delicate balance which should be struck between cost and the supply chain resilience that comes from shoring-up with increased inventory. Undertaking an end-to-end review of the supply network will help businesses to determine the right level of redundancy to build into their chain, so as to offer maximum flexibility and facilitate business continuity in the face of Coronavirus or any other unexpected and significant event. Contracts which tie parties into exclusivity need to be carefully considered in this context.
If you would like any further advice or assistance in relation to any of the issues raised in this briefing, please do not hesitate to contact James or Gwendoline, who will be very happy to help.
[1] The Manufacturer, 25 February 2020
[2] Financial Times, 2 March 2020
[3] the Law Reform (Frustrated Contracts) Act 1943 does, however, provide some limited scope for parties to recover monies paid under the contract prior to the frustration
[4] Classic Maritime Inc v Limbungan Makmur [2019] EWCA Civ 1102
[5] See our earlier briefing for further information on variation/anti-variation provisions
[6] See our earlier briefing for further information on limitation/exclusion clauses
[7] See our earlier briefing for further information on dispute resolution clauses

New EU Directive banning unfair practices in food[...]
The European Parliament, the Council and the Commission have reached agreement on a new set […]
The European Parliament, the Council and the Commission have reached agreement on a new set of rules that will ensure protection for small and mid-range agri-food [1] companies against practices contrary to good faith and fair dealing often metered out by stronger buyers (large retailers and processors). It has long been a source of concern that the food supply chain is vulnerable to unfair trading practices due to stark imbalances between small and large operators. Often farmers and small producers in the food supply chain do not have sufficient bargaining power to defend against the practices.
The EU Directive 2019/633 on unfair trading practices in B2B relationships in the agricultural and food supply chain (the Directive) will cover agricultural and food products traded in the food supply chain, banning, for the first time, unfair trading practices imposed unilaterally by one trading partner on another. Other practices will only be permitted if they have been clearly agreed between the parties involved.
What is the effect of Brexit?
The Directive will be in full force by the end of March 2021 and the UK will be treated the same as any other non-EU country in the world. Specifically:
- any farmer exporting agri-food to the EU that is being subjected to illegal practices by the buyer will enjoy the same protections as an EU farmer; and
- any agri-food importer or a manufacturer that is buying agri-food from an EU supplier will fall within the remit of the Directive and therefore will have to ensure that its buying operations comply with the terms of the Directive.
What are unfair trading practices?
The Directive provides for a list of unfair trading practices that are abusive and prohibited in all circumstances:
- late payments (later than 30 days after the end of the agreed delivery period or the date on which the payment is due for perishable food products or later than 60 days for non-perishable products);
- last minute order cancellations;
- unilateral changes to the terms of the supply agreement;
- refusal to enter into a written contract;
- requiring payments from the supplier that are not related to the sale of the products;
- requiring the supplier to pay for the deterioration or loss of the products on the buyer’s premises;
- unlawfully acquiring or using trade secrets of the supplier;
- threatening to carry out acts of commercial retaliation; and
- requiring compensation from the supplier for the cost of investigating customer complaints when there is no negligence or fault on the supplier’s part.
The Directive also provides for a grey list of unfair trading practices that are prohibited unless they have been agreed “in clear and unambiguous terms in the supply agreement or in a subsequent agreement between the supplier and the buyer”:
- returning unsold products to the supplier without paying;
- charging payment as a condition for displaying or listing the supplier’s products;
- requiring the supplier to bear the costs of discounts on products sold by the buyer as part of a promotion (unless the buyer, prior to the promotion, specifies the period of promotion and the expected quantity of products to be ordered at the discounted price);
- requiring the supplier to pay for advertising by the buyer;
- requiring the supplier to pay for marketing by the buyer; and
- charging the supplier for staff to fit out premises used for the sale of the products.
Which businesses will be affected?
The new rules will cover micro enterprises, small and medium-sized enterprises (SMEs) and mid-range enterprises in the food supply chain that have an annual turnover less than EUR 350 million. The rules will cover retailers, food processors, wholesalers, cooperatives or producers’ organisations, or a single producer, any that are engaging in the unfair trade practices identified. The Directive adopts a dynamic approach, so that smaller operators are only protected against unfair trading practices in cases where these originate from larger businesses. This means, for instance, that micro enterprises will be protected against SME buyers and SME suppliers will be protected against mid-range buyers and buyers larger than that.
WM Comment
In addition to this Directive, the new Agriculture Bill 2019-21 which is currently going through Parliament contains a section entitled ‘Fair Dealing with agricultural producers and others in the supply chain’ which deals with very similar issues and provides the Secretary of State with power to make regulations to introduce obligations that promote fair contractual relationships between primary producers and the business purchasers of their products. It is therefore clear that there is a general movement towards enshrining in law the prohibition of unfair trading practices.
[1] Agri-food products has a very wide definition and includes everything from vegetables to honey, dairy to meat, cereals and grains, amongst many other things.

The end of LIBOR: Commercial contract risks
Many businesses will have loan agreements and other commercial contracts that include provisions tied to […]
Many businesses will have loan agreements and other commercial contracts that include provisions tied to the LIBOR interest rate. LIBOR will be phased out by the end of 2021. Walker Morris’ Commercial Dispute Resolution specialists Gwendoline Davies and Louise Norbury-Robinson offer proactive, practical advice on the contractual risks associated with the loss of LIBOR.
Loss of LIBOR: What do businesses need to know?
Following on from the rate-fixing scandal of the mid-2000s, the Financial Conduct Authority (FCA) and the Bank of England have confirmed plans to phase out the London Interbank Offered Rate (LIBOR) by the end of 2021. LIBOR is the benchmark used by many financial institutions to set interest rates.
LIBOR is to be replaced, for GB Sterling, with an updated version of the Sterling Overnight Index Average (SONIA). SONIA, which is based on actual transactions (as opposed to the estimates on which LIBOR is based), is less likely to be open to manipulation.
However, worldwide, $ trillions in loans, including UK mortgages, credit card debt, business loans, investments and many other types of commercial contracts, are tied to LIBOR. So, on a practical level, what will the phase-out mean for businesses?
What are the practical implications?
The key issue is how existing contracts which refer to LIBOR and which are due to continue beyond the end of 2021 (known as legacy contracts) will work.
In some cases parties will simply agree to amend their legacy contracts to refer to SONIA or some other appropriate rate or calculation; and in some cases contracts will allow a party to impose terms or a substitute rate to address the issue. However, many loan agreements and commercial contracts will not have envisaged, and will not cater for, the cessation of LIBOR. Many other loans and contracts will include provisions which were intended, at the time the contract was made, to deal with temporary interruptions to LIBOR and there is a significant risk that such clauses (known as fall-back provisions) might not work or suit the parties when LIBOR is permanently unavailable.
For example, reference bank rate fall-back provisions (which rely on a number of reference banks providing quotations which enable a rate to be calculated) will not work if banks are unwilling to take on the liability of providing quotations to be applied in contracts on a permanent basis. Other provisions, known as historic screen rate fall-back provisions, substitute a fixed contractual interest rate for what was the LIBOR floating interest rate. It is easy to see that, in some cases, that could entirely alter the economics of a contract – potentially to the significant detriment of a party. Finally, cost of funds fall-back provisions allow for calculation of an interest rate by reference to the costs of funding incurred by lenders. Such provisions can be unsatisfactory and imprecise because lenders’ costs of funding are generally calculated on a portfolio, rather than an individual contract, basis.
Nevertheless, where any loan agreement or commercial contract contains fall-back provisions which are unambiguous on their face, fundamental principles of contract law [1] mean that it would be unlikely that a court would interpret or imply terms so as to re-write how the contract should operate in the absence of LIBOR.
It seems inevitable, therefore, that disputes will arise over the coming months and years in relation to some legacy contracts. As this situation is largely unprecedented; and because, as the law stands, the courts are unable to undermine clear contractual wording based merely on commercial common sense and contemporary factual circumstances, it will be difficult to assess the merits and likely outcome of such disputes/litigation.
What steps can businesses take?
It is therefore essential that businesses understand and, where appropriate, devise strategies to deal with, the impact on their loan/contractual arrangements of the loss of LIBOR. There are some practical steps that businesses can, and should, take without delay:
- Businesses will first need to be able to identify and locate every contractual provision that is LIBOR-linked. For large businesses – particularly those operating across different offices, divisions, systems and/or on a multi-national level – that could seem like a daunting challenge. However, there are workable solutions. For example, by using the same technology and approach that litigators adopt during the disclosure/e-disclosure exercise in complex data- and document-heavy cases or regulatory investigations, comprehensive and effective contract reviews can be taken across all of a business’ records and operating systems. This way businesses can discover and document – and even categorise and organise – every LIBOR-linked item.
- The next step will be for LIBOR-linked items to be reviewed to determine whether and how they can withstand the loss of LIBOR. For example, do contract terms allow sufficient flexibility for a suitable replacement rate or mechanism to be agreed or imposed? Do any fall-back provisions work in their current form? Are amendments required; and, if so, does the contract allow for variation, and on what terms?
- If there is a risk that existing arrangements will not be able to withstand the loss of LIBOR, what are the options for the parties in terms of terminating the contract? Is there an early termination (or ‘break’) clause? Is there any scope for arguing that the contract has been frustrated [2]?
- Buy-side firms (such as private equity funds, mutual funds, life insurance companies, unit trusts, hedge funds, and pension funds) and financial advisers and intermediaries should ensure that they understand their customers’ exposure to LIBOR. They should devise investment strategies that take into account the costs to, and practical implications for, their customers, including offering alternative products where possible.
- Alongside the decision to withdraw LIBOR, the FCA has set out its core expectations of regulated financial services firms in relation to the fair treatment of customers. Those expectations cover firms’ governance and accountability; their communications with customers; the offering of new products with risk-free rates or alternative rates; and acting in customers’ best interests. Where businesses are concerned about loans and investments, they should assess whether their lenders or other financial services firms have acted in accordance with the FCA’s expectations.
- As well as considering individual contractual arrangements, businesses should assess whether the loss of LIBOR affects internal and structural matters. For example, a change in the benchmark rate could affect the value of all borrowings across the business and of any portfolio investments. It could, therefore, result in the need for new standard/precedent documents; new processes; new risk management systems; new reporting; and new training requirements for employees.
- It is clear that any business potentially affected by the loss of LIBOR in 2021 should take urgent specialist financial and legal advice. Expert assistance with the planning and taking of practical steps to understand and proactively deal with the issues will help to make the transition from LIBOR as painless as possible.
For further advice and assistance in relation to the loss of LIBOR and the potential impact on your commercial contracts, please do not hesitate to contact Gwendoline, Louise or any member of Walker Morris’ Commercial Dispute Resolution team.
[1] See our recent briefings on contract interpretation and implying terms for more information and advice.
[2] See our previous briefing on frustration.

Formation of contract and enforcement of terms: What[...]
Gwendoline Davies, Head of Commercial Dispute Resolution, and James Crayton, a partner in the Commercial […]
Gwendoline Davies, Head of Commercial Dispute Resolution, and James Crayton, a partner in the Commercial Contracts Team, offer practical advice arising from the recent case of Volumatic v Ideas for Life [1], which highlights the risks of doing business in the absence of a concluded contract.
Why is this case of interest?
In the commercial world, so much is about contacts, communication and keeping up with changes, competition and advances in products and technology. As such, at the outset of many ventures, relationships are positive and parties are eager to get on with doing business together, often before legal documentation is put in place. As this recent case demonstrates, however, there are some real risks associated with proceeding in this way – even in the context of long-standing commercial relationships.
What practical advice arises?
- Key risks are that, without a concluded contract, parties lack certainty or common understanding as to the terms which govern their business relationship. As happened in this case, significant problems can also arise when a party seeks to actually enforce what it believes to be binding contractual terms.
- An understanding of the basics of commercial contract law is crucial for managing those risks (as to which, see below). In addition, an awareness of the likely practical scenarios in which informal commercial discussions may arise for a particular business will be key to getting the balance right between being able to quickly obtain sufficient comfort to enable parties to proceed with their plans, and becoming legally bound when that is actually required.
- Commercial parties should review their negotiating practices and be aware of the risks associated with informality. On the one hand, the lack of any specific requirement for formality and/or documentation means that contracts can be formed orally and by conduct as well as in writing; and it is therefore important that parties should not discuss terms or act in any way that is inconsistent with their contractual intentions in case a contract comes into effect prematurely, inadvertently or on unsuitable terms. On the other, and as shown by this case, the fact that an intention to create legal relations is a necessary component of any valid contract can mean that, depending upon the particular circumstances, it can be a costly mistake to assume that a contract has come into being at all.
- For large organisations, it can be important to ensure that different teams are aligned to the same position – so that, for example, operational teams behave consistently with the procurement teams if a contract is not yet meant to be binding. Equally, before committing resources and expenditure to perform a particular transaction, businesses should be clear that any counterparties have actually committed to their side of the bargain.
- Ideally, parties should communicate their intentions clearly when negotiating. If you do not intend to be bound until a formal document is signed or further terms are agreed, the relevant party would be best advised to expressly and prominently label correspondence and draft agreements as “subject to contract”. This includes email correspondence. Even stronger disclaimer language could be used when appropriate, for example “we have no intention to enter into a binding agreement until both parties sign an agreement in writing”.
- “Subject to contract” or equivalent language is a strong indicator that parties do not intend to be legally bound, but it is not conclusive. A court will look at all of the parties’ words – and conduct – when deciding whether or not a contract has been formed in any particular case.
- It is essential that businesses educate their staff as to the risks of both inadvertent contract formation and of conducting business (and therefore going on to incur expenses and responsibilities) on the assumption that contractual backing exists when in fact it may not.
Formation of contracts: back to basics
A contract is formed when all of the following key elements are present: offer; acceptance; consideration (that is, money or money’s worth); certainty of terms; and intention to create legal relations.
In a commercial context there is a rebuttable presumption of an intention to create legal relations and the burden is on the party claiming that a binding contract has been made to prove the intention to create legal relations. That can be evidentially difficult in the absence of any express agreement. Equally, however, where there is any express agreement, the burden of proving that there is no contractual intention is a heavy one [2].
Contracts can be made orally (face-to-face or via some communication medium such as the telephone); via an exchange of e-mails or other correspondence; or they can even arise by virtue of the parties’ conduct. Crucially therefore (with some limited exceptions) contracts can be formed without any written documentation or other formality whatsoever.
A lack of understanding about the formation of contracts can have devastating consequences. For example, a party may have invested significant time and money in a project on the understanding that its opposite number was contractually bound to the scheme, only to find that no binding obligations are actually in effect and that its opposite number can walk away scot-free, leaving the project to collapse, at any time. Similarly, a party may be operating under the assumption that key terms (say, as to price, limitation of liability or termination options) are still to be agreed, only to find that their conduct, or something they said to their opposite number several weeks ago, has committed them contractually to what is now an unfavourable deal.
The recent case of Volumatic v Ideas for Life covers many of the issues that can arise, and is a cautionary tale for all commercial contracting parties.
What happened in this case?
The claimant manufactured a product, a component part of which had been provided, for several years, by the defendant. When the claimant wanted to upgrade its product in 2004, it required a new and improved component from the defendant, and the parties commenced negotiations accordingly.
Various draft contracts were sent between the parties, but nothing was signed or completed. In 2005 the parties reached agreement in a meeting about the way forward. Neither party asserted that a binding contract had come into being at that meeting. Following the meeting, the parties drafted and signed an agreement (the agreement) which related to the design and production of the new component and which provided for various stages of works and payments. The agreement also provided that, subject to certain conditions being satisfied, the defendant would transfer intellectual property rights (IP) to the claimant. The agreement also stated that a formal legal document would be drafted in due course. The parties proceeded to do business together.
It was not until 2016 that the claimant sought to enforce the term of the agreement that the defendant would transfer the IP to it. The dispute then arose as to whether the agreement amounted to a legally binding contract.
The High Court held that there was no intention to create legal relations and that, in the absence of that essential element, the agreement was not an enforceable contract.
The following key points arise:
…on the issue of intention to create legal relations
- Whilst the starting point in commercial cases is that there is a presumption of the requisite intention to create legal relations, the presumption can be displaced either by express evidence to the contrary or by an objective assessment of the parties’ intentions.
- In making that assessment, the court will consider not the parties’ subjective intentions, but rather what was communicated between them by words or conduct and whether that leads objectively to a conclusion that they intended to create legal relations [3].
- A relevant factor is likely to be the degree of precision with which the alleged agreement is expressed. Vagueness and uncertainty may be grounds for concluding that there was no intention to create legal relations and, as mentioned above, the existence of an express agreement will make it more difficult for a party to prove that there was no such intention.
- In this case the judge placed emphasis on the facts that both parties had confirmed that no contract came into being at the 2005 meeting, and that the agreement merely recorded the consensus reached at that meeting. The detail in the agreement, and the fact that the parties had had input from legal representatives were not sufficient to establish a finding of intention to create legal relations.
…and on the issue of the parties’ conduct over time
- The judge decided that, even if the agreement had been binding, the claimant would be estopped from relying on it in 2016 by the parties’ conduct in circumstances where both parties had acted as though the agreement were not contractually binding for some 11 years. The judge considered that it would be unjust or unconscionable for the claimant to renege on that position now.
- The judge also explained that, even if the agreement had been binding, he would have refused to make an order for specific performance of the IP transfer term. Specific performance is an equitable remedy. That means that it is a remedy underpinned by fundamental fairness and awarded by the court at its discretion (as opposed to a legal remedy that is available as of right to a successful claimant). When exercising its discretion, the court will apply certain key principles of equity, including: the maxim of ‘clean hands’ (that is, anyone looking to equity for a remedy must be free of wrong doing him/herself); that equity will not suffer a wrong to be without a remedy (where fairness requires, a remedy will be provided even if one does not exist by right at law); and – as was relevant here – the doctrine of ‘laches’ (delay), which is predicated on the fact that delay can cause detriment and unfairness in itself, and so an equitable claim may be barred if it is not brought within a timely manner.
- For all these reasons, therefore, and despite many years working together productively, the claimant could simply not require the defendant to transfer the IP to it as it had hoped.
Further advice or assistance
In the vast majority of commercial cases, the best advice will be for parties to wait until a formal written contract has been completed before they start work or otherwise invest any significant time or money. In today’s fast-paced business world that is not always possible or practicable, however, and so for further advice, or assistance in relation to any of the issues covered in this article, please do not hesitate to contact Gwendoline Davies or James Crayton. If you think training would benefit your organisation, please contact Gwen or James, who would be happy to assist.
_______________
[1] [2019] EWHC 2273 (IPEC)
[2] Edge Tools & Equipment Ltd v Greatstar Europe Ltd [2018] EWHC 170 (QB)
[3] as per the test set out in the leading case of RTS Flexible Systems Ltd v Molkerei Alois Muller GmbH & Co KG [2010] UKSC 14

Duty of care to protect customers? Legal and[...]
Social and commercial context Reports of violence on the high street are on the rise. […]
Social and commercial context
Reports of violence on the high street are on the rise. Unfortunately, even the briefest of internet research reveals a worrying number of incidences of violence in the UK. Within just the last year there have been: a stabbing in a supermarket; armed robberies at Barclays on Vauxhall Bridge Road, at Cambridgeshire Building Society in Sawston and at a Clydesdale Bank in Glasgow; a lethal knife attack on Harlesden High Street; separate killings, knife attacks, boiling water and acid attacks on shopping streets in Colchester; violence, gun crime, drugs and prostitution forcing businesses to close in Swansea High Street; and armed robbery at a Co-op store in Greater Manchester, to mention but a few.
Figures reported by The British Retail Consortium (BRC) show some 2,500 incidents of verbal abuse and anti-social behaviour, and 600 violent incidents (one in four of which involved a knife, gun or another weapon) across the retail industry as a whole. With the risk of robbery being greater for banks and building societies, the issue of violence on the high street is perhaps of even more importance for retail financial services firms.
Why is this case important?
Most major lenders will be well versed in the vital work that is needed to protect their employees and premises. However, the recent case of Al Najar & Ors v The Cumberland Hotel (London) [1] (the shocking case in which three sisters were brutally attacked at the former Cumberland Hotel) gives rise to additional concerns for lenders, and indeed for any business inviting customers or guests into its premises, because it considers the extent to which such businesses owe a duty of care to protect their customers.
What can retail lenders do?
As is explained in more detail below, the High Court concluded in this case that a business owes a duty to invited guests/customers to take reasonable care to protect against injury caused by the criminal acts of third parties.
The increasing incidences of violence on the high street and the current focus of the Government and retail industry bodies on this disturbing trend [2], not to mention the greater risk of robbery, mean that it is likely, were the question to arise in a case in the retail financial services context (as opposed to the hospitality context of the Cumberland Hotel case), a court would find that the risk of violence to staff and/or customers would be reasonably foreseeable.
The key for responsible retail lenders will therefore be to ensure that they take sufficient steps to safeguard not only their staff, but also their customers. Such measures as are appropriate will differ from lender to lender, and potentially even from branch to branch, but they could (non-exhaustively) include:
- undertaking detailed and regular security/risk assessments;
- implementing such, policies/procedures and security measures as are necessary to address any risks identified
- keeping such policies/procedures and measures under review and up-to-date and ensuring that they are followed at all times (perhaps by undertaking random spot-checks)
- ensuring that security staff are properly trained or qualified as appropriate, and that all training and qualifications are kept up-to-date and under review
- ensuring that security equipment is up-to-date and in full working order at all times
- ensuring that all other staff are trained so as to be alive to the risks of violence to staff and customers, and that they are aware of security measures and procedures to be followed in the event of any incident
- implementing, and ensuring that all staff are aware of and use, a reporting system for incidences of violence or related matters.
Cumberland Hotel case: Cause for concern
In this case the attacker accessed the hotel room of three sisters and carried out a theft and violent hammer attack, inflicting critical and permanent injuries on all three sisters. The sisters took legal action alleging that the hotel’s security had been insufficient. The High Court considered whether a business owes a duty to invited guests (or, by analogy, to any customers) to take reasonable care to protect against injury caused by the criminal acts of third parties; and concluded that it did.
The High Court undertook an up-to-date review of the circumstances in which the law of England and Wales may impose liability arising from omissions (such as, here, an omission to take steps to prevent the danger of a theft and violent attack). The court decided that the correct approach was to apply the ‘omissions principle’ identified by the Supreme Court in the 2018 case of Robinson v Chief Constable of West Yorkshire [3], namely: “In the tort of negligence, a person A is not under a duty to take care to prevent harm occurring to person B through a source of danger not created by A unless (i) A has assumed a responsibility to protect B from that danger, (ii) A has done something which prevents another from protecting B from that danger, (iii) A has a special level of control over that source of danger, or (iv) A’s status creates an obligation to protect B from that danger.” It concluded that, by inviting guests to stay, a hotel assumes a responsibility to protect guests from danger as per (i) above.
A duty of care can, therefore, arise. Again by analogy, a duty of care could potentially also arise on the part of banks, building societies, financial advice firms, shops, bars, restaurants, cinemas, theatres, arenas, local authorities or indeed any business which invites guests or customers into its premises.
In this particular case, however, the hotel escaped liability overall, as the High Court decided that security was taken seriously at the hotel and that the hotel did take reasonable care to protect its guests. The hotel was not, therefore, in breach of its duty.
Next steps
Walker Morris will monitor and report on any key legal and practical issues arising from the rise in violence on the high street. In addition if, as they have threatened, the sisters pursue an appeal of this decision against the former Cumberland Hotel, we will report on the outcome.
In the meantime, however, if you require any further information, or if you would like any assistance and advice which can be tailored to the needs of your business, please do not hesitate to contact Louise Power, or any member of Walker Morris’ Banking & Finance Litigation Team.
____________
[1] [2019] EWHC 1593 (QB)
[2] A group of retail industry representatives has signed an open letter urging the UK Government to do more to tackle rising levels of violence and abuse towards shop workers. The letter has been published to coincide with the Government’s call for evidence into violence and abuse towards shop staff.
[3] [2018] UKSC 4, see para. 34

Duty of care to protect customers? Legal and[...]
Social and commercial context Reports of violence on the high street are on the rise. […]
Social and commercial context
Reports of violence on the high street are on the rise. Unfortunately, even the briefest of internet research reveals a worrying number of incidences of violence in our shops, businesses and streets. Within just the last year alone there have been: a stabbing in Waitrose; a lethal knife attack on Harlesden High Street; separate killings, knife attacks, boiling water and acid attacks on shopping streets in Colchester; violence, gun crime, drugs and prostitution forcing shops and pubs to close in Swansea High Street; and armed robbery and a stabbing with scissors at Co-op stores in Greater Manchester, to mention but a few.
Figures reported by The British Retail Consortium (BRC) show that 115 people are attacked, with many more threatened, across the industry every day. Recent quarterly figures show 2,500 incidents of verbal abuse and anti-social behaviour, and 600 violent incidents, one in four of which involved a knife, gun or another weapon. The BRC has also reported that the financial cost of crime to the industry is a massive £1.9 billion; not to mention the human cost suffered by affected employees and their families, and the detrimental publicity and wider negative impacts such crimes can have on an already beleaguered high street.
A group of major retailers and industry bodies has signed an open letter urging the UK Government to do more to tackle rising levels of violence and abuse towards shop workers. The letter has been signed by the Association of Convenience Stores, the BRC, Asda, Marks & Spencer, John Lewis, WH Smith and Boots. It recommends tougher sentences for attackers, reviewing police responses to incidents and changing the out-of-court, fixed penalty system, which it says is failing. The letter has been published as the Government closes its recent call for evidence into violence and abuse towards shop staff.
The importance of the Cumberland Hotel case
It is clear that vital work is needed to protect retailers’ employees and premises. However, the recent case of Al Najar & Ors v The Cumberland Hotel (London) [1] (the shocking case in which three sisters were brutally attacked at the former Cumberland Hotel) gives rise to additional concerns for retailers, and indeed for any business inviting customers or guests into its premises, because it considers the extent to which such businesses owe a duty of care to protect their customers.
What can retailers do?
As explained in more detail below, the High Court concluded in this case that a business owes a duty to invited guests/customers to take reasonable care to protect against injury caused by the criminal acts of third parties.
The increasing incidences of violence on the high street and the focus of the Government and industry bodies on this disturbing trend, mean that it is likely, were the question to arise in a case in the retail context (as opposed to the hospitality context of the Cumberland Hotel case), a court would find that the risk of violence to staff and/or customers would be reasonably foreseeable.
The key for responsible retailers will therefore be to ensure that they take sufficient steps to safeguard not only their staff, but also their customers. Such measures as are appropriate will differ from retailer to retailer, and potentially even from store to store, but they could (non-exhaustively) include:
- undertaking detailed and regular security/risk assessments
- implementing such, policies/procedures and security measures as are necessary to address any risks identified
- keeping such policies/procedures and measures under review and up-to-date and ensuring that they are followed at all times (perhaps by undertaking random spot-checks)
- ensuring that security staff are properly trained or qualified as appropriate, and that all training and qualifications are kept up-to-date and under review
- ensuring that security equipment is up-to-date and in full working order at all times
- ensuring that all other staff are trained so as to be alive to the risks of violence to staff and customers, and that they are aware of security measures and procedures to be followed in the event of any incident
- implementing, and ensuring that all staff are aware of and use, a reporting system for incidences of violence or related matters.
Cumberland Hotel case: Cause for concern
In this case the attacker accessed the hotel room of three sisters and carried out a theft and violent hammer attack, inflicting critical and permanent injuries on all three sisters. The sisters took legal action alleging that the hotel’s security had been insufficient. The High Court considered whether a business owes a duty to invited guests (or, by analogy, to any customers) to take reasonable care to protect against injury caused by the criminal acts of third parties; and concluded that it did.
The High Court undertook an up-to-date review of the circumstances in which the law of England and Wales may impose liability arising from omissions (such as, here, an omission to take steps to prevent the danger of a theft and violent attack). The court decided that the correct approach was to apply the ‘omissions principle’ identified by the Supreme Court in the 2018 case of Robinson v Chief Constable of West Yorkshire [2], namely: “In the tort of negligence, a person A is not under a duty to take care to prevent harm occurring to person B through a source of danger not created by A unless (i) A has assumed a responsibility to protect B from that danger, (ii) A has done something which prevents another from protecting B from that danger, (iii) A has a special level of control over that source of danger, or (iv) A’s status creates an obligation to protect B from that danger.” It concluded that, by inviting guests to stay, a hotel assumes a responsibility to protect guests from danger as per (i) above.
A duty of care can, therefore, arise. Again by analogy, a duty of care could potentially also arise on the part of retailers, banks, bars, restaurants, cinemas, theatres, arenas, local authorities or indeed any business which invites guests or customers into its premises.
In this particular case, however, the hotel escaped liability overall, as the High Court decided that security was taken seriously at the hotel and that the hotel did take reasonable care to protect its guests. The hotel was not, therefore, in breach of its duty.
Next steps
Walker Morris will monitor and report on any key developments arising from the Government’s recent call for evidence, and the industry’s open letter, concerning violence within the industry. In addition if, as they have threatened, the sisters pursue an appeal of this decision against the former Cumberland Hotel, we will also report on the outcome.
In the meantime, however, if you require any further information, or if you would like any assistance and advice which can be tailored to the needs of your business, please do not hesitate to contact Gwendoline Davies or any member of Walker Morris’ specialist Retail Team.
________________
[1] [2019] EWHC 1593 (QB)
[2] [2018] UKSC 4, see para. 34. See also another recent article, published in the Commercial Litigation Journal, which looks at the Robinson case and the extent to which it challenges received wisdom about the implication of duties of care in tort.

GDPR, ePrivacy and cookies: an update
One of the key changes introduced by the EU General Data Protection Regulation (GDPR) on […]
One of the key changes introduced by the EU General Data Protection Regulation (GDPR) on 25 May 2018 was a higher, more stringent, standard of consent, requiring a statement or clear affirmative action by the data subject. As the Information Commissioner’s Office (ICO) explains in its Guide to the GDPR, the change in definition is only the starting point for the GDPR standard of consent. For example, there are specific provisions on keeping records of consent, clarity and prominence of consent requests, the right to withdraw consent, and avoiding making consent a condition of a contract.
For many organisations, this has meant reviewing the lawful basis or bases likely to be most appropriate for their processing of personal data and looking to identify alternatives where consent is difficult to obtain. In this briefing, Walker Morris data protection and privacy experts Jeanette Burgess and Andrew Northage consider the changing landscape and practical implications in an area which continues to be dependent on consent: the use of cookies.
Cookies – which laws apply and what has changed?
Prior to the GDPR and the new UK Data Protection Act 2018, which sit alongside each other, the relevant UK legislation applicable to the use of cookies comprised the Data Protection Act 1998 (which implemented the EU Data Protection Directive [1], the predecessor to GDPR) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), which implement the EU ePrivacy Directive [2].
The PECR complement the data protection regime and contain, among other things, specific rules on cookies and similar technologies. As the ICO explains in its Guide to PECR, the basic rule is that organisations wishing to use cookies must: tell people the cookies are there; explain what the cookies are doing and why; and get the person’s consent to store a cookie on their device. The following definition of consent in the Data Protection Directive used to apply: “… any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed”. The consent also had to be “unambiguously given”.
A new EU ePrivacy Regulation (replacing the ePrivacy Directive and therefore the PECR) was originally intended to apply at the same time as GDPR, to form a comprehensive package, but progress has stalled in Europe. Among other things, including bringing fines in line with those under GDPR, the draft ePrivacy Regulation proposed substantial changes to how consent for cookies is obtained, which could spell the end of the traditional cookie banner. The ICO has said that the PECR will continue to apply until the ePrivacy Regulation is finalised, but with the following GDPR definition of consent: “… any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
As part of an apparent tidying-up exercise designed to ensure that the data protection legal framework functions properly after Brexit, the PECR were recently formally amended to refer to the GDPR definition of consent [3].
What does this mean in practice?
Until the ePrivacy Regulation is finalised, regrettably the ICO is unlikely to update its stand alone May 2012 cookies guidance, which would have helped provide some welcome and much needed clarity on applying the new standard in this area. That guidance is, however, still directly referred to in the ICO’s recently updated Guide to PECR mentioned above, which does cover changes made by GDPR. We understand that the cookies guidance is still being referred to because the ICO considers that it is still instructive overall. However, in relation to the issue of consent, it is clear that things have now moved on. In particular, simply continuing to use a website is not enough to signal user consent. In reality, many organisations are still playing catch-up when it comes to cookie compliance.
Key points to take away from the ICO’s Guide to PECR are:
- To be valid, consent must be freely given, specific and informed. It must involve some form of unambiguous positive action – for example, ticking a box or clicking a link – and the person must fully understand that they are giving you consent.
- You cannot show consent if you only provide information about cookies as part of a privacy policy that is hard to find, difficult to understand, or rarely read.
- Consent does not necessarily have to be explicit consent. However, consent must be given by a clear positive action. You need to be confident that your users fully understand that their actions will result in specific cookies being set, and have taken a clear and deliberate action to give consent. This must be more than simply continuing to use the website.
- To ensure that consent is freely given, users should be able to disable cookies, and you should make this easy to do.
- You should take particular care to ensure clear and specific consent for more privacy-intrusive cookies, such as those collecting sensitive personal data such as health details, or those used for behavioural tracking.
- There are exemptions for certain types of cookies, but it is still good practice to provide users with information about these cookies, even if you do not need consent.
- The PECR apply to all cookies, even if the data is anonymous.
- If your cookie data is not anonymous, you will also need to comply with the Data Protection Act 2018 and the GDPR (it is assumed that this is a reference to compliance with the wider provisions of those pieces of legislation, i.e. not just in relation to consent).
The Guide to PECR contains a link through to the ICO’s consent guidance, which is contained in its Guide to the GDPR. Its detailed guidance on consent goes on to explain in more detail what is meant by the different elements of the GDPR definition of consent. Regarding what is meant by ‘unambiguous indication (by statement or clear affirmative action)’, note in particular the following:
“The key point is that all consent must be opt-in consent, i.e. a positive action or indication – there is no such thing as ‘opt-out consent’. Failure to opt out is not consent as it does not involve a clear affirmative act. You may not rely on silence, inactivity, default settings, pre-ticked boxes or your general terms and conditions, or seek to take advantage of inertia, inattention or default bias in any other way. All of these methods also involve ambiguity – and for consent to be valid it must be both unambiguous and affirmative. It must be clear that the individual deliberately and actively chose to consent.”
In explaining what is meant by ‘explicit consent’ (which can legitimise automated decision-making, including profiling), the detailed consent guidance makes a distinction between the data subject signifying agreement by a statement (which would count as explicit consent), or by a clear affirmative action (which would not).
Importantly, the detailed consent guidance also states that, if you need consent to place cookies, this needs to meet the GDPR standard. However, you may still be able to consider an alternative lawful basis such as legitimate interests for any associated processing of personal data.
One further issue that can cause compliance headaches in relation to cookies is that the limits of currently available technology mean that, for many organisations, cookies are often placed without the user’s consent. This includes, for example, when they are placed immediately, i.e. before the user has had a chance to consider and select their consent options, or where the technology is unable to differentiate or disapply cookies to match user selection.
Given that the ICO recognises the various issues surrounding cookie consent, it is more likely to use its remit to educate non-compliant organisations, than impose financial penalties.
WM comment and practical advice
GDPR has not altered the fact that you still need consent to place cookies on a user’s device. The GDPR sets a high standard for consent but, as the ICO explains, the biggest change is what this means in practice for consent mechanisms.
The higher GDPR standard means that you need clear and more granular opt-in methods, good records of consent, and simple easy-to-access ways for people to withdraw consent. Organisations should ensure that their consent mechanisms meet the GDPR requirements on being specific, granular, clear, prominent, opt-in, documented and easily withdrawn, and that they follow the key points set out in the ICO’s Guide to PECR in relation to cookies specifically. Remember that you need to name any third party controllers, such as advertising partners, who will rely on the consent. Cookie consent management tools and other IT solutions may assist. Contracts should be reviewed to ensure that any obligations and other provisions in relation to consent are clear and are being met by the relevant party in line with GDPR requirements.
Should you have any queries or require any assistance in relation to any of the points raised in this briefing, please do not hesitate to contact Jeanette or Andrew, who will be very happy to help.
_______________
[1] Directive 95/46/EC
[2] Directive 2002/58/EC
[3] The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419)

When is the law not the law?
Commercial Dispute Resolution team looks at recent Supreme Court cases which significantly restate some of […]
Commercial Dispute Resolution team looks at recent Supreme Court cases which significantly restate some of the key principles underpinning much commercial litigation. To see the full article please click here.
First published in the Commercial Litigation Journal in the May/June 2019 edition.

Contracted out leases: What are they and what[...]
Specialist Real Estate Litigator David Manda explains ‘contracted out’ or ‘non-protected’ leases of business premises. […]
Specialist Real Estate Litigator David Manda explains ‘contracted out’ or ‘non-protected’ leases of business premises. In particular, David looks at some of the issues that can arise on lease expiry and offers practical advice for landlords and tenants alike.
What is a ‘contracted out’ lease?
When referring to a ‘contracted out’ or ‘non-protected’ lease we are referring to a lease of business premises which has been excluded from the security of tenure provisions in the Landlord and Tenant Act 1954 (the 1954 Act).
Under Part II of the 1954 Act, where a tenant has been occupying a property for the purpose of running their business, the tenant would ordinarily have a statutory right to renew their tenancy at the end of the lease. However, the parties can, subject to following the correct procedure (which is explained below), agree that this ‘security of tenure’ is excluded, meaning that the tenant will not have the benefit of a statutory right to a renewal lease at the end of the lease term and therefore cannot apply to the court for a renewal lease where it is unable to agree terms with the landlord.
What are the issues?
Whether or not a lease should have 1954 Act security of tenure protection is an important consideration for the parties at the grant of a new lease, given that the landlord may want to retain the ability to choose its tenants whereas the tenant may need to protect its position in the market which may be closely related to its location. A number of factors may affect the decision, including the bargaining power of the respective parties, the economic climate, and any future business plans. The decision should be taken with appropriate legal advice.
Where a lease is contracted out it will come to an end on the contractual expiry date – but what happens if the tenant does not vacate by that time?
A tenant that remains in occupation might be a trespasser/tolerated trespasser; a tenant on sufferance; a tenant at will; or a periodic tenant – all of which have different, and potentially problematic, legal and practical consequences.
How to avoid problems – Practical tips
Given the potential consequences of a tenant remaining in occupation after a contracted out lease has expired (more detail as to which is explained below), the parties may wish to consider taking the following steps:
- Whether you are a landlord or a tenant of business premises, ensure that you have a system in place to review your property portfolio on a regular basis.
- Review your strategy for any properties where the contractual terms of the lease are expiring at least 12 months and, preferably 18-24 months, in advance. Landlords will want to avoid the problems associated with unwanted tenants remaining in occupation, and early consideration of an exit strategy will allow sufficient time for tenants to assess alternative properties and the costs involved.
- For landlords, where any contracted out lease has expired then consider whether it is necessary to put a rent stop in place. Where a rent stop is required, ensure that any property/managing agents are instructed accordingly.
- Where the parties wish to enter into a new lease then any negotiations should start as early as possible. Consideration should be given as to whether a tenancy at will should be entered into to ‘regularise’ any occupation by the tenant after lease expiry and pending completion of a new lease.
What is the procedure for contracting out?
Where a lease is to be ‘contracted out’ of the 1954 Act, a specific procedure must be followed. Any failure to comply with this procedure will mean that the tenant will have the benefit of a statutory right to renew. Given the consequences that may flow from this, it is important to seek advice and assistance from an experienced real estate lawyer. In summary, however, the procedure can be broken down as follows:
- The landlord serves a written warning notice on the proposed tenant confirming the statutory rights that the tenant is about to sign away. A copy of the lease/agreement for lease to be entered into is usually attached to this warning notice.
- The tenant then makes a formal declaration confirming that it has read and understood the warning notice.
- The parties then enter into the relevant lease, which must be endorsed with details of the warning notice and the tenant’s declaration.
The landlord’s warning notice must be served 14 days before the tenant is contractually bound to enter into the lease. This effectively acts as a cooling off period for the tenant to consider its position. Once the 14 day period has lapsed, the tenant can make a simple declaration. However, where the parties are not able to or do not want to wait 14 days, the tenant can sign a statutory declaration, which will need to be signed and witness by an independent solicitor. The latter is often the process used as it is best practice to ensure the procedure is completed as close as possible to when the relevant lease is in the final agreed form and where no further amendments will be made.
Post-expiry occupation
Generally, a tenant which has remained in occupation of the property following the expiration of its contracted out lease is vulnerable, especially where its legal status is as a trespasser, tenant on sufferance and/or a tenant at will.
Where a tenant refuses to vacate as legally required and becomes a trespasser, the position is relatively straightforward for the landlord and steps can be taken to regain possession, which may include court proceedings.
A tenancy on sufferance arises when a tenant wrongfully remains in occupation of the premises after its lease has expired and the landlord has not confirmed whether or not it is willing for the tenant to remain [1]. This type of tenancy is created by operation of law and can enable the landlord to recover possession.
In other circumstances, a number of factors may influence the legal status of a ‘tenant’ who has failed to vacate by lease expiry. Whilst each situation will be fact sensitive, there are some general questions to consider (such as, has the landlord indicated a desire to recover possession; are the parties engaged in ongoing negotiations regarding a new lease; and/or has rent been demanded and accepted by the landlord?). Where factual investigations suggest that an occupier may be a periodic tenant, security of tenure protection under the 1954 Act may apply. That can make it very difficult (if not impossible), not to mention time-consuming and costly, for a landlord to recover possession.
WM Comment
Given the above, it is vital to seek legal advice at an early stage and preferably before any contracted out lease expires. Walker Morris’ Real Estate Litigators specialise in advising both landlords and tenants on all aspects of portfolio management and are experts in providing comprehensive exit strategy advice, including the effective management of lease terminations and resolving any dilapidations issues.
_________________
[1] Remon v City of London Real Property Co. [1921] 1 KB 49

Pooling resources and risk: Key considerations for retail[...]
To survive – even thrive – in uncertain times and in a challenging market, retailers […]
To survive – even thrive – in uncertain times and in a challenging market, retailers need to be open-minded to opportunities for improving efficiency and targeting growth. One option that many high street names are choosing in the current market is the joint venture.
James Crayton and Gwendoline Davies offer a quick checklist of some of the key practical points for any retailer considering pooling resources and risk with a potential partner.
Retail joint ventures – practical considerations
Marks & Spencer with Ocado; Walmart with Eko and MGM; Burberry with Coty; H&M with Jimmy Choo, Versace and others; Debenhams and Li & Fung… they’re all doing it – should you?!
There’s no doubt that there can be significant advantages for retailers who decide to pair up with suitable partners, whether that be in terms of increased buying power improving supply chain efficiency (à la Debenhams and Li & Fung); the pooling of infrastructure and marketplace resources and risk (M&S and Ocado); or the reinvigoration and expansion of a brand (H&M with luxury fashion labels, and multiple retail/celebrity collaborations), to mention just a few.
Joint venture arrangements can, however, also involve real risk. If a joint venture partner doesn’t turn out to be the right ‘fit’, or if financial, strategic and/or operational interests and objectives diverge and differ over time, the consequences to the balance sheet and to the brand can be devastating.
If you are wondering whether a joint venture might be a viable option for your retail business, check out our list of some key points to consider.
Checklist
- First and foremost, the selection of the right joint venture partner is critical. Detailed research and due diligence of all aspects of a potential partner’s business and ethos should be undertaken.
- There is no specific meaning of ‘joint venture’ in English law. The parties therefore need to decide, at the outset, on the form that the venture will take. Will the arrangement take the form of a new legal entity (such as a limited company, a partnership or a limited liability partnership), or will it be a purely contractual arrangement (which might take the form of a co-operation agreement or which might involve licensing or franchising arrangements)? As well as specialist legal advice, advice on the tax implications of the various different possible structures may be needed.
- What assets/resources will each party bringing to the venture and how can they be safeguarded? For example, what existing data and intellectual property rights will be used and are they adequately protected? What warranties and indemnities will be given in relation to assets/resources contributed, and to whom? What will be the impact on the partners’ respective existing businesses of sharing resources such as employees, IT, real estate and contacts? Are any external funding arrangements required?
- What exactly are the returns on their investment that each party expects? For example, how will newly generated IP rights be utilised and protected; and how are any profits to be dealt with – re-invested; shared; in what proportions?
- Are there any wider legal or regulatory issues to consider? For example, is there any risk of the new venture falling foul of UK and/or EU competition/merger control? Is it a cross-border venture and if so have all jurisdictional/international aspects to the deal been properly considered and covered off? Are there any listing rules or industry-specific regulations with which the new venture must comply? Are there any TUPE [1] implications if employees are being transferred to the new venture; and how are any share scheme or pension scheme arrangements to be dealt with?
- Are the parties entirely clear, and in agreement, about how key decisions relevant to the joint venture and all aspects of its business are to be made and by whom? Clear governance/deadlock provisions will be needed and can minimise the potential for dispute.
- In case disagreements do occur, dispute resolution provisions should govern the resolution of any issues that arise both during the life of the joint venture and potentially for a specified time thereafter.
- The soon-to-conclude Ocado/Waitrose partnership is unusual in that it has continued successfully for nearly 20 years. Joint ventures are most often successful when they are relatively short-term, as short-term arrangements can have immediate impact and remain relevant in a fast-moving market, plus the risk of diverging interests giving rise to commercial or operational disputes is minimised. The parties should, ideally, agree at the commencement of any joint venture its duration; and should, at the very least, include suitable arrangements for termination at the instigation of either party.
________________________
[1] Transfer of Undertakings (Protection of Employment) Regulations 2006

Parent liability for international subsidiaries and jurisdiction disputes:[...]
Following the Supreme Court’s recent decision in the high profile Vedanta Resources v Lungowe litigation, […]
Following the Supreme Court’s recent decision in the high profile Vedanta Resources v Lungowe litigation, Walker Morris’ Commercial Dispute Resolution specialists Nick Lees provides an essential update on parent company liability for international subsidiaries and jurisdiction disputes.
Why is this case important?
Whether a UK parent company’s duty of care may extend to foreign subsidiaries has hit the legal headlines a number of times recently [1]. The Lungowe case concerns pollution and environmental damage allegedly caused by an international subsidiary based in Zambia. It centres on whether, and how, the claimants could make their pollution problem a case for the UK courts, and a liability for the UK parent company.
The case has gone all the way to the Supreme Court on jurisdictional issues. The decision has important implications for international corporations, which need to be able to understand and assess intra-group liability and may need to navigate jurisdictional hurdles when it comes to the hearing of any claim.
What are the practical implications?
Following both the Court of Appeal’s and the Supreme Court’s judgments in this litigation, international corporations should more confidently be able to assess their intra-group operations and liabilities. They should also be better able to understand the jurisdictional hurdles which will need to be overcome before litigation can be pursued in the UK in cases where there are no contractual links or English law jurisdiction clauses on which to base a claim.
The Supreme Court’s decision in Lungowe demonstrates that, whilst every case will be decided on its own facts, the UK courts will not permit parties to be used merely as anchors, and claims to proceed in England and Wales, where there is no sufficient and genuine factual or legal link to this jurisdiction, but neither will they readily turn away proceedings where that could result in injustice in a foreign jurisdiction.
The decision also clarifies that, whilst the UK courts will not rush to fix UK parent companies with the liabilities of their overseas subsidiaries, the liability of parents in relation to international subsidiaries is not a distinct category of negligence which requires detailed judicial analysis, and no special rules apply. If a claimant can establish a sufficient level of managerial intervention and control in relation to a subsidiary by its parent, then it has taken the crucial first step through the necessary jurisdictional gateway.
Finally in this case, the Supreme Court warned litigants to conduct jurisdiction disputes in an economical and proportionate manner. Jurisdiction disputes must be confined to issues of law; and complexity of legal debate, as well as voluminous and tactical disclosure, should be avoided. The Supreme Court suggested that if proportionality warnings are not heeded, litigants and their professional advisers may face costs consequences.
The story so far
In 2017 [2] the Court of Appeal stated that the correct methodology for ascertaining whether or not a UK parent company will be liable for the operations of an international subsidiary is:
- first, to ask whether the damage complained of was foreseeable; whether there is a relationship of sufficient proximity between the parent and its subsidiary; and are the circumstances such that it is fair just and reasonable to impose a duty on the parent for the acts of the subsidiary [3]?
- then, to consider factors identified in the case of Chandler v Cape plc [4], which could help to determine whether the parent company had superior knowledge/expertise in respect of the harm and whether it was fair to infer that the subsidiary would rely on the parent deploying that knowledge/expertise to avoid the harm.
Because the Court of Appeal found that the UK parent company in this case could be found liable for the negligence of its international subsidiary, it followed that the substantive claim could be pursued against the parent in the UK courts. The UK parent defendant raised a jurisdictional appeal to the Supreme Court on the following grounds:
- that it was an abuse of EU law to rely on Article 4 of the Brussels Recast Regulation [5], as the claimant had done, to establish the ‘necessary or proper party’ jurisdictional gateway which allowed the UK parent to be sued as an anchor defendant [6] in the UK.
- that, contrary to the lower courts’ findings, the claimant’s pleaded case and supporting evidence showed no real triable issue against the UK parent defendant.
- that England was not the proper place to bring the claim.
- that there was no real risk that the claimant would not obtain access to substantial justice in the Zambian jurisdiction.
What did the Supreme Court decide?
The Supreme Court held:
- Article 4.1 of the Brussels Recast Regulation confers a right on claimants to sue an English-domiciled defendant in England, free from jurisdictional challenge. Any express or implied exceptions to that right, plus any abuse of law allegations, must be construed narrowly.
- The summary judgment test [7] applies to determine the question whether there is a real triable issue against a UK parent defendant. The liability of parent companies in relation to activities of their subsidiaries is not a distinct category of negligence but a matter for consideration on the facts in each case, possibly at trial following disclosure having been given. On the facts in this case, there was sufficient evidence supporting the view that the claimant’s case was arguable. The decisions of the lower courts therefore stood.
- To determine whether or not England is the proper place to bring the claim requires a summary examination of connecting factors to other potential jurisdictions. The search is for a single jurisdiction in which the case may most suitably be tried. Where there is a risk of irreconcilable judgments resulting from separate proceedings, that is a relevant factor, but it is not a ‘trump card’ in favour of UK jurisdiction (as the lower courts had held). In this case the UK parent defendant had offered to submit to the Zambian jurisdiction (along with the subsidiary), so the whole of the case could be tried there. That meant that England was not the proper place after all. However…
- …Even if a court concludes that a foreign jurisdiction is the proper place, UK proceedings may still be permitted if cogent evidence shows that there is a real risk that substantial justice may not be obtainable in the foreign jurisdiction. There were access to justice issues in Zambia, so proceedings in the UK would be allowed.
The UK parent defendant’s jurisdictional challenge therefore failed.
In addition to its findings on the particular issues before it, the Supreme Court took the opportunity to provide judicial comment at the highest level on the conduct of jurisdiction disputes. Echoing sentiments that were also expressed by the Court of Appeal earlier this year in another jurisdiction dispute [8], the Supreme Court warned litigants to conduct jurisdiction disputes in an economical and proportionate manner. Jurisdiction disputes are, of course, the ‘fight before the real fight (that is, the substantive dispute) begins’. They must be confined to issues of law (and not the re-exercise of a lower court’s discretion); and complexity of legal debate, as well as voluminous and tactical disclosure, should be avoided. The Supreme Court suggested that if proportionality warnings are not heeded, litigants and their professional advisers may face costs consequences.
Further advice
If your business encompasses overseas operations, please do not hesitate to contact us for further information or advice. Specialist lawyers from Walker Morris can advise you on corporate structures and policies to minimise the risk of intra-group liabilities, and in relation to the resolution of local or international disputes.
_________________
[1] See our earlier briefing for more detailed information
[2] [2017] EWCA Civ 1528
[3] That is, the ‘three-stage test’, established in Caparo Industries plc v Dickman [1990] 2 AC 605, for imposition of a duty of care in tort
[4] [2012] EWCA Civ 525 – factors: were the businesses of the parent and subsidiary in a relevant respect the same; did the parent have, or ought the parent to have had, superior knowledge or expertise in respect of the harm complained of; did the parent know, or ought the parent to have known, that the subsidiary’s system of work was insufficient or unsafe; and did the parent know, or ought the parent to have known, that the subsidiary relied upon using the parent’s superior knowledge/expertise for the subsidiary’s protection?
[5] That is, Regulation (EU) 1215/2012 of the European Parliament and of the Council of 12 December 2012
[6] an anchor defendant is a person who is made a defendant for the primary purpose of vesting jurisdiction so that the claim may be pursued in a certain court
[7] That is, the court considers that the claimant has no real prospect of succeeding on the claim; or that the defendant has no real prospect of successfully defending the claim or issue; and there is no other compelling reason why the case or issue should be disposed of at a trial
[8] Kaefer Aislamientos SA de CV v AMS Drilling Mexica SA de CV and Ors [2019] EWCA Civ 10, and see our briefing for further information

Execution of documents: UK banks focus on Treating[...]
Executing documents in today’s fast-paced, technology-driven world In today’s mortgage market, consumers are increasingly used […]
Executing documents in today’s fast-paced, technology-driven world
In today’s mortgage market, consumers are increasingly used to conducting their social and financial lives at the click of a button. Despite conveyancers, consumers and lenders all moving towards increased digitisation, the live issue of the validity of signatures on conveyancing and court documents is one that spans both electronic and traditional execution methods.
The Law Commission has recently considered legal and practical issues associated with the execution of documents, particularly electronically, and whether current law is fit for purpose and for modern commercial practice. The Commission’s conclusions were published in a report on 4 September 2019 [1].
At the same time, financial services firms throughout the UK will be aware that a campaign group, ‘Bank Signature Forgery Campaign’ (BSFC), has alleged that signatures have been forged, by a number of firms and/or their legal representatives, on court and other legal documents that have been used to repossess properties and to recover debts.
What are the allegations?
BSFC’s founder has claimed in the press and on social media that he has gathered evidence of several different signatures being recorded against the name of a person within a law firm which acts for financial services firms [2] responsible for signing legal documents. He has claimed to have identified 20 different people within a number of firms all of whom appear to have different signatures used against their name. The suggestion is that, as a systemic practice, employees within firms have forged signatures to facilitate or speed up the legal process – for example where the case-handler or other designated signatory might be off sick, on leave or otherwise unavailable.
Several firms have so far publicly denied any involvement in systemic signature forgery and have reiterated their commitment to treating customers fairly.
With the allegations having been put to the Serious Fraud Office, the Financial Conduct Authority and the National Crime Agency; and with the Treasury Select Committee, the All-Party Parliamentary Group on Fair Business Banking, and the Police and Crime Commissioner for Thames Valley all pressing for an investigation (albeit no investigation has yet been confirmed), it is important that firms – and, crucially, their customers – correctly understand the legal issues.
Policy, practice and protection of professional reputation
The law is a profession in which it is essential that the public can place its trust. It is critically important that any allegations levied against it are addressed publicly.
In today’s consumer-focused and heavily regulated environment, financial services colleagues and their legal representatives involved in the recovery of payments and/or possession from customers, are professional people required to adhere to high standards of conduct. In carrying out their job roles they will be concerned to preserve their professional and commercial reputation. Both at an industry level and internally within firms, comprehensive policies, procedures and staff training should be in place to ensure that individual employees and/or legal practitioners know exactly the legalities and formalities associated with executing court papers and other legal documents. It also bears noting than an individual colleague would have nothing to gain from departing from their firm’s execution policy; and in fact could face significant personal and professional sanctions for doing so.
The preparation and signing of documents in these circumstances is also, in the vast majority of cases, a matter of standard process and procedure – with the content of documents simply being taken from account information already on-boarded within the lender’s systems, and with law firm or lender colleagues then executing documents in accordance with specified policies and practices.
In addition, of course, in the interests of practicality and efficiency for clients and customers, it is standard, industry-wide approved practice that execution policies allow for more than just one specified signatory.
From a practical and professional perspective, therefore, it is highly unlikely that the systemic forging of signatures is occurring or accepted within the UK’s financial services industry. It is certainly not something which the author has ever encountered during many years’ practice in Banking Litigation.
Nevertheless, the BSFC allegations are creating noise with consumers via social media, with many borrowers believing that if there are potential differences or discrepancies with signatures on their mortgage or court documents, then they can get out of making mortgage or loan repayments, justify missed payments and/or unravel court judgments that have been made against them. So what actually is the legal position?
What is the legal position?
Signature valid in any event
It is interesting to note, when asking that question, that in its recent report the Law Commission reviewed the law in relation to the execution of documents generally, and explained that all of the following forms of ‘signature’ have (amongst others) been found by the courts to be legally valid: signing with an “X”; signing with initials only; signing with a mark (even where the party executing the mark can write); a name typed at the bottom of an email; the header of a SWIFT message; and so on.
In concluding that electronic signatures are capable in law of being used to validly execute documents (including deeds), the Law Commission placed emphasis on the fact that what matters is that the person signing the document intends to authenticate the document and that any formalities relating to execution of that document are satisfied [3].
It is, of course, also possible for parties to a legal document to delegate responsibility for execution – again, so long as any necessary formalities are satisfied. That delegation is commonly seen in a wide variety of scenarios – for example, directors, managers etc. executing documents on behalf of companies; law firm employees executing documents in the name of the firm to bind the partnership as a whole; agents executing contract documents to bind their principals; etc.
It is arguable, therefore, that it is not the mark which is ultimately made on a document which matters from a legal perspective – but whether the person (be it an individual or a lender/company) on whose behalf the mark is made (and will be legally bound by it) intends to authenticate that document and all it stands for.
Applying that logic to a practical example, it is arguable that it would be legally valid for, say, a junior case-handler within a bank or a law firm acting for a bank to sign certain possession/debt claim documents in their supervisor’s name on the basis that: (a) the case-handler’s signing of the supervisor’s name is tantamount or equivalent to an electronic representation of the supervisor’s name or other recognised legally valid mark; and (b) that the supervisor and the bank intended for that signature to authenticate those documents and for those documents to bind the supervisor/the bank.
Signature invalid
If, however, a document was found not to have been validly signed, in most cases that would effectively render the document unsigned altogether. In practice, the court usually remedies such a defect by ordering the party in question to sign validly (and costs penalties may follow – the lender may have to pay the costs to put the issue right), or to adduce evidence in some other way (a new witness statement; oral evidence; an alternative witness). In our practical example, should a court make such an order, the bank or law firm would presumably have no difficulty in then procuring the supervisor’s valid signature or producing fresh, procedurally-compliant evidence.
Alternatively, it could be argued that, where signatures had been forged, judgments have been obtained by fraud and should therefore be set aside on the basis that ‘fraud unravels all’ [4]. Under English law, there is no defined cause of action of civil or commercial ‘fraud’. Instead, the term is used to cover a range of legal options, including deceit or fraudulent misrepresentation; claims arising out of conspiracy, bribery, forgery, breach of fiduciary duty and breach of trust; and inducing breach of contract, many of which often form elements of lender litigation. In our practical example, whether or not the bank was guilty of fraud would be determined by the court assessing whether there had been any deliberate action on behalf of the bank which involved dishonest conduct.
Such a finding would perhaps be unlikely in the consumer-focused, highly-regulated, professional environment mentioned above. However if a court were to find that a case-handler signing in the name of a supervisor did amount to dishonest conduct, and that any judgment following on from that was therefore obtained by fraud – what then?
In fact, it is quite possible that a court would not decide that any such fraud must unravel possession/debt judgments made in favour of banks in any event, because to do so could fly in the face of both the principle of res judicata (that is, the rule against re-litigation which emphasises the importance of finality in litigation) and the practical convention that the courts should avoid ‘opening the floodgates’ to any flow of claims where that would be contrary to public policy and to the efficiency and efficacy of the court process [5]. Certainly if significant numbers of cases were brought, this could bring chaos to an already overburdened court system.
In addition, of course, in the vast majority of cases the fact would remain that borrowers had had the benefit of funds advanced to them and had failed to repay. In such cases it is more than likely that the law of equity (fundamental fairness) would ultimately provide a remedy for the banks, and would prevent borrowers from becoming unjustly enriched.
Responding to allegations
As noted above, several firms have so far publicly denied any involvement in systemic signature forgery. At an individual level, financial services colleagues and their legal representatives involved in the recovery of payments and/or possession from customers, are professional people subject and adhering to high standards of regulation and reputation.
There is therefore a genuine risk that the BSFC’s allegations – just like any other type of ‘get out of your mortgage free’-type claims which are fuelled by social media forums but which are inevitably legally flawed – are misconceived. The real danger is that belief and reliance upon misleading and incorrect assertions could actually prove harmful to borrowers. In particular, there is a risk that borrowers misled into withholding mortgage/loan payments could be exposed to mounting debt and potentially even to losing their homes, adding to the problems of those already in financial difficulties.
In the interests of treating customers fairly, firms facing any signature forgery allegations should advise borrowers to take their own specialist legal advice, and to discontinue any misconceived legal proceedings, at the earliest possible time. It is, of course, in the borrowers’ interest to keep any associated costs to an absolute minimum, not least because legal costs can, in the usual course, be added to the mortgage account in accordance with the mortgage terms, and they may therefore exacerbate any existing borrower-affordability issues.
In relation to the issues of increasing digitisation, e-conveyancing and the electronic execution of signatures more generally, it is clear that these are ‘ones to watch’. Indications from the Law Commission are that we may soon have some clarified and codified legislation and good practice guidance which, together, will confirm speedy and safe options for parties wishing to execute legal documents. Walker Morris will continue to monitor and report on key developments.
If you are or act for a financial services firm and would like any further information or advice on any of the issues discussed in this article, please do not hesitate to contact any member of Walker Morris’ Banking Litigation team.
[1] Please see our Walker Morris briefing for further information on the Law Commission’s report.
[2] Not Walker Morris – another, unspecified law firm
[3] Such formalities may be required by legislation, or may be laid down in a contract or other legal instrument under which a document is to be executed. Examples of formalities that might be required include that the signature be witnessed; or that the signature be in a specified form (such as being handwritten).
[4] Takhar v Gracefield Developments Lts & Ors [2019] UKSC and see our briefing for further information and advice.
[5] These arguments have found favour with the courts recently in the context of other wrongful possession claims – see Walker Morris’ recent briefing for further detail.

Supreme Court confirms ‘fraud unravels all’
Why is this case important? Walker Morris’ Andrew Beck a specialist in litigation and dispute […]
Why is this case important?
Walker Morris’ Andrew Beck a specialist in litigation and dispute resolution with extensive experience of dealing with fraud cases, explain the Supreme Court’s recent decision in Takhar v Gracefield. This high profile case was concerned with the apparently competing principles of finality of litigation on the one hand; and ‘fraud unravels all’, on the other.
Finality of litigation v fraud
Res judicata is the fundamental legal and public interest principle which states that there should be finality to litigation and that defendants should not face repeated litigation in respect of the same set of circumstances. The courts also have the power to strike out claims which amount to an abuse of process. Although there is no specific definition of ‘abuse of process’ in this context, it is clear that this covers (non-exhaustively) re-litigation situations; advancing a case or issue that is inconsistent with an earlier judgment [1]; and advancing claims or arguments that could and should have been made in earlier proceedings [2].
Res judicata and the rules against abuse of process exist for the protection of all. The certainty and finality of litigation; the authority and supremacy of a judgment of the court; and the cost-efficiency of the court process for individual parties and for the public as a whole, all depend upon these important principles…
… but what is the position if an earlier judgment has been obtained by fraud?
Under English law, there is no defined cause of action of civil or commercial ‘fraud’. Instead, the term is used to cover a range of legal options, including deceit or fraudulent misrepresentation; claims arising out of conspiracy, bribery, forgery, breach of fiduciary duty and breach of trust; and inducing breach of contract, many of which often form elements of lender litigation. The common theme is deliberate action on the part of the wrongdoer which generally involves dishonest conduct. The law sees any such action as being so serious that the maxim ‘fraud unravels all’ is now well established. The presence of a fraud might therefore invalidate a contractual agreement or carve-out, or it might lift the bar on re-litigation which would otherwise exist.
In the recent case of Takhar v Gracefield Developments Ltd & Ors [3], the Supreme Court has considered the interaction between res judicata/abuse of process and fraud unravels all.
What were the facts and key issues?
In 2008, a claim which the claimant had issued against the defendant was rejected because, despite the claimant maintaining in those proceedings that she did not remember signing key documentation disclosed by the defendant, she did not have a positive case to assert and she did not have any evidence that her signature had been forged. Following the court’s judgment against her, however, the claimant went on to obtain evidence of forgery and, in 2013, the claimant issued a fresh claim against the defendant.
The defendant argued that the 2013 claim should not be allowed to proceed pursuant to the rules against re-litigation; particularly in circumstances where evidence of the fraud was not new and could, with reasonable diligence, have been discovered by the claimant before the 2008 trial. The claimant countered that ‘fraud unravels all’, such that the rules against re-litigation should not apply and/or it would be wrong to impose this ‘due diligence condition’ in the case of fraud.
The Court of Appeal decided in 2017 that a party seeking to set aside an earlier judgment on the basis of fraud must establish that evidence of the fraud was not available at the time of the original trial and could not, with reasonable diligence, have been discovered.
What did the Supreme Court decide?
The Supreme Court has, however, now allowed the claimant’s appeal. In doing so, it has clarified:
- where it can be shown that a judgment has been obtained by fraud; and
- where no allegation of fraud had been raised at the trial which led to that judgment
- then a requirement of reasonable diligence should not be imposed on the party seeking to set aside the judgment.
(The Supreme Court has also acknowledged that the position may be different, and a court may have discretion whether to impose the reasonable diligence requirement, in cases where fraud was raised at the original trial and new evidence is prayed in support of the case for setting aside judgment or where a deliberate decision may have been taken not to investigate the possibility of fraud in advance of the first trial, even if that had been suspected.)
WM Comment and practical advice
The Supreme Court’s decision confirms that the principles of preserving the finality of litigation and preventing the prevailing of a fraud both remain essential and in effect. It clarifies, however, that those principles do not compete in a case where fraud was not in issue between the parties in the original proceedings. In those circumstances, the Supreme Court considered that the policy reasons for finding that ‘fraud unravels all’ were “overwhelming” [4].
The best advice for any party who suspects the commission of a fraud is to take diligent steps to obtain evidence of any dishonesty or wrongdoing and to bring it to the attention of the court at the earliest possible time. If it is not possible to do that before an initial judgment is obtained, an application to set aside will have to be made. Despite the Supreme Court’s decision in Takhar v Gracefield, for all practical purposes, that application will have to be supported with some evidence as to how and when the fraud came to light and the steps that were taken by the applicant, both prior to the original trial and since, to prove that the fresh application does not amount to an abuse.
_______________
[1] This abuse tactic is often referred to as ‘collateral attack’
[2] This is known as the rule in Henderson v Henderson (1843) 3 Hare 100
[3] [2019] UKSC 13
[4] Ibid. para 53

Brexit – what happens next?
Now that the House of Commons has overwhelmingly rejected the government’s Brexit deal, we take […]
Now that the House of Commons has overwhelmingly rejected the government’s Brexit deal, we take a look at what happens next and what it means for businesses.
On Tuesday 15 January 2019, the House of Commons voted overwhelmingly to reject the Brexit deal negotiated between the government and the European Union. The Prime Minister will make a statement on the way forward and table an amendable motion in the House of Commons on Monday 21 January 2019.
After the Withdrawal Agreement was rejected, the Prime Minister said that meetings would be held across the House of Commons to identify what would be required to secure its backing for a deal with the EU. If there are ideas which are “genuinely negotiable” and have sufficient support, these will then be explored with the EU. The extent to which the EU is prepared to re-open negotiations is another matter. So far, the indications are that they are not willing to do so. Any major renegotiation would likely require an extension of the Article 50 exit process to delay the UK’s departure from the EU – currently set for 29 March 2019. A request for an extension for any reason would have to come from the UK, and the EU would have to agree it. With European Parliament elections coming up in May 2019, this has its own complications.
The Prime Minister sought to provide reassurance that it is not the government’s strategy to “run down the clock to 29 March”. However, with a deeply divided House of Commons, all options remain on the table. That includes the very real prospect of a “no deal” Brexit. Other possibilities are a second referendum and the UK unilaterally revoking its Article 50 withdrawal notice, effectively cancelling Brexit, something which it is legally entitled to do.
While the vote was historic and momentous, in practical terms it changes little for businesses, which face ongoing uncertainty. It has been widely predicted for some time that the government’s deal would be voted down. The impact of a no deal Brexit will depend on a range of factors, including the size, nature and location of the business, the sector in which it operates, the relationships it has with suppliers and customers, the extent to which it trades across borders, and other commercial considerations. With the level of uncertainty showing no sign of changing any time soon, businesses should continue with their contingency planning. The government has launched a website Prepare your business for EU Exit. Watch out for our upcoming guidance on a range of commercial legal matters arising under a no deal Brexit, which will be issued shortly. Should you wish to discuss the potential implications of Brexit for your business, please get in touch in the first instance with your usual contact, who will be very happy to coordinate the necessary response.

HR in 2019 – turbulent times ahead –[...]
‘May you live in interesting times’…an old Chinese saying intended to be uttered as a […]
‘May you live in interesting times’…an old Chinese saying intended to be uttered as a curse upon one’s enemies. We are living in unprecedented times and 2019 is undoubtedly set to be an ‘interesting’ year for business as ongoing fallout from Brexit translates to general uncertainty and unchartered trading conditions.
Yet, against the political turmoil, business has to go on. As ever, HR plays a critical role in alerting the Board to key risks, shaping strategic direction and ensuring that HR objectives remain aligned to business objectives.
So, what key HR challenges are pinging the radar for 2019?
New IR35 rules for contractors in the private sector from 6 April 2020
Do you engage contractors? If so, you’ll be aware that changes to IR35 in relation to off-payroll working in the private sector will come into force from 6 April 2020. This is a significant ‘game-changer’ which will require forward planning.
Back in April 2017, the Government introduced changes to IR35 in the public sector so that the public authority engaging the contractor became responsible for applying IR35 (i.e. for making the decision whether income tax and employee NICs should be deducted from payments and accounting for employer NICs in line with PAYE). Put simply, if the public authority considers that IR35 applies, it (and not the contractor) is responsible for operating PAYE and NICs on the fees it pays to the intermediary company.
The Government has not yet confirmed how large a private sector organisation must be in order to be ‘in scope’ although it is likely that the threshold of 250 or more staff currently applied in the public sector will be used.
Planning ahead for the change during 2019 will need to include an audit of:
- the numbers and categories of contractors currently engaged (including those engaged through an agency)
- the terms of the contracts under which they are working
- the likely IR35 status of each individual contractor
There may need to be a review and restructure of the terms on which the company engages with its contractors not least because the new rules will lead to additional costs for both contractor and hirer. The obvious question is which party will absorb these costs? Also check that payment software/systems are able to operate PAYE and NICs whilst, at the same time, ensuring that the contractor receives the correct net payment and any VAT.
Remember too that this change deals only with employment status for tax purposes and not for employment purposes. Payment of a consultant under the new regime will not automatically deem them to be an employee or worker. As always, and in all other respects, companies need to remain on guard against treating contractors as if they were employees.
Ethnicity pay gap reporting
Hot(tish) on the heels of gender pay gap reporting, mandatory pay gap reporting on grounds of ethnicity could soon follow. The Government’s consultation on this (due to close on 11 January 2019) follows a number of formally commissioned reviews all of which have highlighted disparities in pay and status between ethnic minority individuals and their white British counterparts. All of the evidence points to there being a notable ethnicity pay gap in the UK and the Government has openly (since their last manifesto) committed to doing something about it.
The consultation document indicates that employers with 250 or more employees would be required to report (as is currently the case with gender pay gap reporting). It seeks views on whether broad categories (e.g. White, Asian, Black African etc) should be used or the 18 ethnicity categories currently used by the Office for National Statistics (ONS). The obvious downside of using broad categories is that the data may lack meaning but using the 18 ONS categories raises a whole host of potential difficulties. Not least that it could result in an individual’s personal details being compromised. Moreover, should it be the employer or the employee who gets to say which ethnicity category an employee is in? On this point, surely there is much potential for error and misunderstanding.
The consultation runs until 11 January 2019 and, Brexit permitting, it is expected that any resultant legislation would be introduced later in 2019 (with an additional year to allow employers to prepare). Employers would be well advised to start thinking about how they would capture ethnicity pay data and whether there is an ethnicity pay gap in their own workforce that needs to be addressed.
Immigration rules following Brexit
Brexit means that employers are going to have to stay fully up to date with immigration and ‘right to work’ rules and any changes made.
The Government plans to require EEA migrants and their family members to apply for settled status under a new process. The type of status that an individual will be eligible for will depend on the amount of time they have lived in the UK and the date they arrived. Those who have acquired permanent residence will be able to swap their status directly for indefinite leave to remain or settled status.
There is, of course, a lot more to it than that and HR teams may well find themselves being bombarded with questions from concerned employees so it’s important to stay up to date. We have a dedicated business immigration team who are following developments and can assist with any queries that you or your staff may have.
Corporate Governance Reform
The Companies (Miscellaneous Reporting) Regulations 2018 come into force on 1 January 2019 and apply in relation to the financial years of companies beginning on or after 1 January 2019. More details are to follow, but given that the Regulations are requiring the publishing of a range of HR data for many companies, this may turn into a substantial piece of work that will need to be factored into HR workflows. It’s likely that HR will need to engage with executive teams on report preparation so now is the time to start thinking about who will take ownership of this.
Prioritise and maintain focus on employee engagement
Employee disengagement and attrition costs businesses heavily in lost productivity and additional recruitment overheads. It is easy to focus on ‘hard’ goals such as financial targets and regulatory compliance at the cost of one of the most important resources for a business – its people. One should also not forget its cousin, “business protection”, if you feel you are vulnerable to losing key members of staff, make sure that you have the necessary protections in place (post-termination restrictions, confidentiality provisions, IP provisions etc).
With that in mind, our final thought is this… In the inevitably turbulent times ahead, one of the key tasks for HR will be to ensure that due attention and resource is given to the retention and incentivisation of good staff. When times are hard it is even more important not to lose sight of the importance and business benefits of a happy and motivated workforce.
If you would like advice on any of the topics in this article please contact David Smedley or Andrew Rayment.

Are you up to speed with the Government’s[...]
The Government has set out its plans for the future status of EEA nationals and […]
The Government has set out its plans for the future status of EEA nationals and their family members after Brexit. Our business immigration team can assist you with any queries.
The Government plans to require EEA migrants and their family members to apply for settled status under a new process. The type of status that an individual will be eligible for will depend on the amount of time they have lived in the UK and the date they arrived.
It is inevitable that HR teams will be asked for guidance from concerned employees so it’s important to be up to speed and we can help you with this. Our business immigration team can assist with any queries you or your staff may have.

Employer National Insurance contributions on termination payments will[...]
In Autumn 2018 budget news, there is to be a further delay before termination payments […]
In Autumn 2018 budget news, there is to be a further delay before termination payments in excess of £30,000 will be made subject to employer national insurance contributions (NICs).
There have been a number of recent changes to the tax and NI treatment of termination payments (especially payments in lieu of notice). One of the changes proposed by the Government was that termination payments which qualified for the £30,000 tax exemption would be subject to employer NICs on amounts in excess of £30,000.
At first, this change was expected to be introduced from April 2018. The Government then announced in the Autumn 2017 Budget that it would take effect from April 2019. In the 2018 Budget, the Government stated that this change will be further delayed to now take effect for termination payments made on or after 6 April 2020.
Note that the existing employee NICs exemption will be retained where the termination payment exceeds £30,000.
If you would like any advice on this article, please contact David Smedley or Andrew Rayment.

Director-shareholder remuneration – risks of declaring dividends as[...]
In the recent case of Global Corporation Limited v Hale [2018] EWCA Civ 2618, the […]
In the recent case of Global Corporation Limited v Hale [2018] EWCA Civ 2618, the Court of Appeal considered whether payments to the director and shareholder of a company must be repaid on the basis that they constituted dividends which were unlawful pursuant to section 830 of the Companies Act 2006.
Background
The Respondent in this case was a director and shareholder of an engineering company which specialised in tuning motor engines (the Company).
The Company was balance sheet insolvent from 2009 onwards as a result of its business being adversely affected by the financial crisis. The Company was ultimately placed into liquidation on 25 November 2015.
Although the Company remained balance sheet insolvent to the date of its liquidation, it traded profitably and significantly reduced its balance sheet deficiency from 2012 onwards. Nevertheless, the Company had no distributable profits from which a dividend could lawfully be paid.
The Respondent worked full time in the business and received regular monthly payments of around £1,600. In the years prior to the Company’s liquidation, these payments were initially characterised as dividends and subsequently recharacterised as salary payments at the end of the Company’s accounting period, when the Company’s accountants confirmed that the Company had insufficient distributable profits to lawfully pay a dividend.
The Company was placed into liquidation part way through the Company’s 2015 accounting period. The payments received in that accounting period had also been characterised as dividends for tax and accounting purposes. The payments were not recharacterised as salary payments prior to the Company entering liquidation.
The Company’s liquidators considered that the payments may be challenged as unlawful dividends pursuant to section 830 of the Companies Act 2006. Those claims were assigned to the Appellant.
First Instance
At first instance, HHJ Mathews found that the decision to classify the payments as dividends was made “only in principle, with the formal decision left to be made at the year end”. On this basis, the Judge found that the payments were not dividends for the purposes of section 830.
Given that the payments were found not to be dividends, the question arose as to whether the payments were made on any proper basis and, if not, whether the receipt of those payments constituted a breach of the Respondent’s fiduciary duties. The Judge found that the Company was obliged to pay the Respondent a reasonable sum for his services, as the Company would be unjustly enriched if it received valuable services from the Respondent for free. On this basis, the Judge found that the Respondent was entitled to retain the payments and that the payments did not give rise to a breach of fiduciary duty.
Court of Appeal
The Judgment of HHJ Mathews was appealed to the Court of Appeal, which allowed the appeal.
The Court stated that the relevant question was whether the payments constituted dividends at the time they were made. It was found that the payments clearly were dividends, given that they were expressly declared by the directors to be interim dividends and were taxed accordingly.
It was immaterial that the payment may subsequently have been recharacterised as remuneration. The Court found that “the most [such a recharacterisation] can do is to allow the monies to be notionally repaid and then re-applied in a way which does not contravene the provisions of s.830 and is otherwise a lawful application of the assets of the Company.”
The Court also doubted the Judge’s finding that companies were bound by an obligation to pay reasonable compensation to directors and noted the decision in Guinness Plc v Saunders [1990] 2 AC 663, in which the House of Lords held that the law would not imply a contract for remuneration when such a contract could only be agreed under the articles of association by an appropriate resolution of the board. The Judge’s findings in this respect had previously been questioned in Toone v Robins [2018] EWHC 569, in which Norris J stated “to award a company director for work done for the company by applying the doctrines of “unjust enrichment” would contradict the long-established principle that a director may not make an unauthorised profit out of his position, a principle that overrides any unjust enrichment claim.”
It was also noted that, even if a claim for unjust enrichment were to succeed, this would need to be proved for in the liquidation, rather than simply allowing the Respondent to retain the payments.
Comment
This case brings clarification to this area of the law and makes clear that director-shareholders cannot simply draw funds from the company on an ad hoc basis and avoid subsequent liability by referring to the value of work they provided the company. This clarification will no doubt be welcomed by liquidators.
As far as director-shareholders are concerned, there are obvious tax advantages in drawing compensation by way of dividend rather than as a salary, although this case highlights the risks of doing so. Any dividend paid at a time when the company has insufficient distributable profits is unlawful. This principle applies regardless of whether the company is currently trading profitably.
Director-shareholders cannot simply hope to re-classify such dividends if necessary and will likely be required to repay the same to the company in the event of a challenge. Once such dividends are repaid to the Company, it appears unlikely that a company would be required to pay the director a reasonable sum for his services under the doctrine of unjust enrichment.
Although the tax advantages of dividends over salary are clear, the most prudent approach for director-shareholders of companies with unascertained distributable reserves would be to take a salary rather than a dividend so as to avoid the issues which arose in this case.

Ethnicity pay gap reporting
Mandatory pay gap reporting on grounds of ethnicity (similar to gender pay gap reporting) could […]
Mandatory pay gap reporting on grounds of ethnicity (similar to gender pay gap reporting) could be on the horizon.
In line with a manifesto commitment, the Government has published a consultation paper on introducing mandatory pay gap reporting on ethnicity grounds. The consultation comes on the heels of the Government’s Race Disparity Audit which highlighted significant racial inequalities in access to good quality employment, housing and education in the UK.
The consultation also follows a number of formally commissioned reviews all of which have highlighted disparities in pay and status between ethnic minority individuals and their white British counterparts. These include the Parker Review which highlighted a dearth of ethnic minorities in UK boardrooms, the McGregor-Smith review which emphasised structural workplace biases and an Equality and Human Rights Commission report in 2017 which referred to a notable ethnicity pay gap in the UK.
Which employers would be in scope?
The consultation indicates that employers with fewer than 250 employees would not be required to report (as is currently the case with gender pay gap reporting). However, the Government has asked for views on this. The McGregor-Smith review (referred to above) concluded that employers with 50 or more employees should be in scope although the Government has indicated in the consultation document that this would impose too great a burden on smaller businesses.
What ethnicity categories would be used?
The consultation seeks views on whether broad categories (e.g. White, Asian, Black African etc) should be used or the 18 ethnicity categories currently used by the Office for National Statistics. The downside of using broad categories is that the data may lack meaning but, on the other hand, using the 18 ONS categories could result in it being possible to identify an individual employee’s salary. Another question that has been raised is whether it should be the employer or the employee who decides which category an employee is in. If it is the employer then, there would inevitably be scope for error or misunderstanding.
What happens next?
The consultation runs until 11 January 2019. It is thought that any new legislation would be introduced later in 2019 (with an additional year to allow employers to prepare for it). The Government’s Brexit workload may mean that this is something of an ambitious timescale. We will report on any further developments.
If you would like any advice on this article, please contact David Smedley or Andrew Rayment.

Disclosure, all change please!
What is changing, and why? Whilst the full ‘cards on the table’ approach to disclosure […]
What is changing, and why?
Whilst the full ‘cards on the table’ approach to disclosure in England and Wales may be an important aspect of the litigation process in England and Wales, it can often prove disproportionately expensive. The explosion in the volume of electronic data in recent years is also a significant contributing factor to escalating disclosure costs.
There have been concerns for some time over how to control disclosure costs, particularly in very small and very large cases, to ensure that litigation is conducted as efficiently as possible. A working group set up in 2016 was tasked with identifying problems with the existing regime and devising a practical solution. The conclusion was that the current section of the Civil Procedure Rules (CPRs) which deals with disclosure, Part 31, is no longer fit for purpose and there is a need for more meaningful engagement between the parties and more robust management from the courts.
As from 1 January 2019, therefore, a mandatory two-year disclosure pilot scheme will operate in the Business and Property Courts (BPCs) across England and Wales [1]. In the words of the working group, the new scheme is intended to bring about a “wholesale cultural change”.
It is vital that in-house lawyers and anyone involved in commercial dispute resolution get to grips with the new scheme.
Disclosure Pilot Scheme
Over many years, parties, lawyers and even the judiciary have got into the habit of feeling that anything that is or could potentially be relevant to the case should be disclosed. That results in huge swathes of documents routinely being disclosed, the vast majority of which often have no real bearing on the issues. That is not what is actually required by law. Cases as far back as 2007 [2] have acknowledged that, in fact, the CPRs sacrifice ‘perfect justice’ for the more pragmatic ‘reasonable search’ rules, which do not require that “no stone be left unturned” when it comes to looking for documents to disclose. Whilst this may mean that a relevant document, even a ‘smoking gun’, is not found, this is justified by considerations of proportionality. The pilot scheme effectively provides a mandatory procedural framework which codifies those principles.
The pilot scheme introduces two stages of disclosure: initial disclosure of key documents with the parties’ statements of case; and, in some cases, extended disclosure later in the litigation. Importantly, there is no automatic entitlement to extended disclosure.
One of the central features of the new scheme is a greater focus on the key issues for which disclosure of documents is really required, as opposed to disclosure of anything and everything which may potentially be relevant to any and every issue pleaded. (For example, ‘issues for disclosure’ may not include issues which are purely questions of law, or issues which need to be decided solely on the basis of, say, witness or expert evidence.) The idea is that disclosure should be no wider than is strictly necessary. If extended disclosure is ordered, it may be on an issue by issue basis, with one of five possible models for disclosure (ranging from disclosure of known adverse documents only (Model A), through to a wide search-based train of enquiry disclosure (Model E)), applying as appropriate to particular issues for disclosure.
The scheme also places a new emphasis on early cooperation between the parties. It requires the parties to jointly complete, before the first Case Management Conference, a Disclosure Review Document (DRD), which sets out the parties’ proposals for the appropriate disclosure model[s]. The DRD is also the method through which the parties share information about how documents, including electronically stored information (including metadata and so-called ‘deleted data’ and the like) [3], are stored and how they might be searched and reviewed. The parties are also required to discuss and seek to agree on the use of software or analytical tools, including technology assisted review software and techniques, with a view to reducing the burden and costs of the disclosure exercise. The DRD also requires the parties to give their best estimates of the likely costs involved in the disclosure exercise, to enable the court to make an informed decision as to the nature of the extended disclosure order to be made in the case – if any.
Another key feature of the new scheme is that it expressly imposes new duties on parties and their legal advisers which are more onerous that those set out in CPR 31 and existing Practice Directions. The duties relate to the preservation of potentially disclosable documents and to the parties’ and legal advisers’ conduct of the disclosure exercise itself. The duties are serious and backed up by sanctions for non-compliance, so clients should expect to receive detailed advice and assistance from their lawyers in that regard on a case-by-case basis.
Practical advice
In-house lawyers and anyone involved in commercial dispute resolution and, in particular, litigation in the BPCs should familiarise themselves with the new disclosure pilot Practice Direction and associated documents, and ensure that their internal processes and procedures reflect the requirements of the scheme.
In particular, staff training as to new legal and procedural duties and requirements, and as to the principles underlying both disclosure and legal privilege (which can allow otherwise disclosable documents to be withheld from the opposing party and from the court in certain circumstances) will be vital.
If you would like any further information or advice, of if you would like any assistance with training or with reviewing your firm’s internal dispute resolution processes, please do not hesitate to contact Gwendoline Davies or any member of Walker Morris’ Commercial Dispute Resolution Team.
_____________
[1] The scheme is set out in a new Practice Direction to the CPRs, PD 51U
[2] Nichia Corp v Argos [2007]; Digicel (St Lucia) v Cable & Wireless [2008]; Shah v HSBC Private Bank [2011]
[3] For more information about disclosure and edisclosure, please see the Chambers Global Guide to Ediscovery and Disclosure and the chapter on Disclosure and Inspection from Walker Morris’ Little Green Book of Dispute Resolution

Plastics: The Scope of the Single-Use Plastic Directive[...]
The Chancellor of the Exchequer’s autumn budget has outlined the UK’s intentions to address waste […]
The Chancellor of the Exchequer’s autumn budget has outlined the UK’s intentions to address waste by encouraging the recycling of plastic, shortly after the European Commission proposed the introduction of a Single Use Plastic Directive.
Plastics Tax and Producer Responsibility
The Chancellor’s statement outlined the introduction of a tax to reduce the environmental consequences of plastic. Expected to commence in April 2022 the tax will apply to importers and producers of plastic packaging. Although the precise nature of the tax has not been detailed, only plastic packaging that has at least 30% recycled plastic content will be exempt from the tax.
Alongside the plastic tax, the government have announced changes to the current Packaging Producer Responsibility System. The intention is to heighten responsibility for businesses in relation to the treatment of plastic packaging after use, increasing involvement in the recycling and clean-up of their products. The Treasury’s intention is for the system to promote easily recyclable packaging and deter the use of hard to recycle plastics.
Additionally, the government is increasing funding by £10 million for research and development into plastics and a further £10 million for innovation into recycling and minimising waste.
The divergence between the UK and EU approach to reducing waste was highlighted by the Chancellor’s direct rejection of the so called ‘latte levy’, the introduction of a charge to disincentivise the use of, often single use, plastic cups. It was suggested this measure would be inappropriate in isolation and unlikely to generate change. In contrast, the EU’s proposed directive targets specific disposable items that make a disproportionately large contribution to marine and beach waste.
Although support has been shown for the Chancellor’s proposals, concern has been expressed over the available supply of recycled plastic, fundamental to achieving the 30% requirement. It is hoped the increased spending on innovation, research and development and the revenue from the tax will enable a sufficient supply of recycled plastic for suppliers to reach the 30% requirement.
Single Use Plastic Directive
The directive aims to reduce the volume of waste plastic claimed by the European Commission to account for over 80% of marine waste. It focuses on prevalent discarded items including: plastic bottles, straws, food packaging and cotton buds, and has been extended by the European Parliament to include items made of expanded polystyrene and oxo-degradable plastic. The directive updates the existing EU concept of Extended Producer Responsibility by introducing additional obligations on importers and producers to mitigate the consequences of their products upon the environment.
For manufacturers, the implications are varied. The directive outlines specific mechanisms, dependent upon the item, that aim to reduce aggregate plastic waste. For products with renewable alternatives, bans will be introduced, and where bans are inappropriate industries may be required to finance waste management; increase awareness of the implications of plastic; and/or alter labelling to reflect a product’s plastic content, how to dispose of it and its environmental consequences. Additionally, State facing obligations have been proposed, requiring the introduction of reduction and collection targets, one example being the introduction of a 25% reduction in the use of food containers for fruits and vegetables by 2025.
Criticism has arisen regarding the expediency of the drafting and there remains uncertainty surrounding the potentially far reaching implications of the directive. The proposed definition of a single-use plastic product includes items only ‘partly’ containing plastic. The wide-scope of the directive may prove onerous for manufacturers. The European Council have reacted positively towards the directive but seek further clarification on the definition of single use and have requested guidance detailing examples of relevant products.
Whilst uncertainties surrounding Brexit make the implications of the directive indeterminate, the Autumn Statement indicates that the UK is taking a markedly different approach to plastic consumption, addressing plastic packaging more generally but relying on fewer mechanism for change.

Health and Safety – October 2018
Sentencing news; focus on mental health; HSE inspections; occupational health pilot group launched in construction. […]
Sentencing news; focus on mental health; HSE inspections; occupational health pilot group launched in construction.
Sentencing news
A waste and recycling company has been fined £700,000 (with costs of almost £100,000), and its director has been sentenced to eight months in prison, after a worker died in 2010 when he entered the machine he was working with to clear a blockage. The machine’s safety interlock system had been defeated two months earlier, enabling workers to enter the machine while it was still in operation. Five years later, inspectors from the Health and Safety Executive (HSE) were informed that the company was continuing to use the same machine with further critical safety systems being defeated. The sentencing judge noted this as a serious aggravating factor.
A garden shed manufacturing company was fined £233,334 (with costs of over £21,000) after a worker was killed by a reversing fork lift truck which was unloading a delivery wagon at the time. The HSE says that vehicles at work continue to be a major cause of fatal and major injuries – every year there are over 5000 incidents involving transport in the workplace, about 50 of them fatal.
Focus on mental health
The HSE has updated its guidance on mental health in the workplace, setting out the roles and responsibilities of employers to help their employees. The guidance contains various links to supporting materials. The HSE says that employers have a legal duty to protect employees from stress at work by doing a risk assessment and acting on it. See the HSE’s webpage on work-related stress for more details.
On 8 October 2018, the business-led charity Business in the Community published its Mental Health at Work Report – 2018. It says that, while the government and others are putting in more resources and developing new initiatives, businesses have the opportunity to step up and make direct changes to the way they think about and tackle mental health issues, starting with the core and enhanced standards outlined in the Stevenson/Farmer review (see the October 2017 edition of the Regulatory round-up for details). It says that employers must wake up to the prevalence and impact of mental health issues in the workplace and make it their priority to establish parity between physical and mental health. A series of recommendations for employers on how they can radically improve the support provided in the workplace is set out on page 107 onwards.
HSE announces waste and recycling industry inspections…
On 1 October 2018, the HSE announced the launch of a three month inspection campaign in the waste and recycling industry. Unannounced inspections will focus in particular on the management of workplace transport and machinery safety.
…and cladding removal and replacement inspections
The HSE has also announced that it is carrying out a series of inspections of removal and replacement of Aluminium Composite Material cladding projects on tall buildings. While fire safety will be the focus of the visits, the HSE says that other matters of evident concern which are found will also be dealt with. It has produced a sector technical note for its inspectors in the appendix to its operational guidance, which it says will also be useful for clients, managing agents, designers and contractors involved in planning, procuring and undertaking the work. It strongly advises those engaged to read and follow the guidance in the note.
In related news, the Royal Institute of British Architects responded to the government’s recent consultation on the proposed clarification of building regulations guidance on fire safety (Approved Document B), saying that it doesn’t go far enough. The consultation was issued in the wake of Dame Judith Hackitt’s independent review of building regulations and fire safety.
Pilot group launched to improve occupational health in construction
Not-for-profit financial services provider B&CE has launched a pilot group of companies to help develop a new product to improve occupational health provision across the construction industry. The aim is to make it easier for employers to comply with health and safety legislation and identify work-related illnesses earlier. It says that, each year, 80,000 workers in the construction industry suffer from illnesses caused or made worse by their work.
Contains public sector information published by the Health and Safety Executive and licensed under the Open Government Licence.

Data Protection – October 2018
Morrisons loses group data breach case appeal; High Court blocks collective proceedings against Google; Facebook’s £500,000 […]
Morrisons loses group data breach case appeal; High Court blocks collective proceedings against Google; Facebook’s £500,000 fine; Privacy Shield Review; and more.
Morrisons loses group data breach case appeal…
In a landmark judgment, supermarket chain Morrisons has lost its appeal against a High Court ruling that it is liable in damages for the actions of one of its former employees who, while employed as a senior internal auditor at the company, deliberately leaked payroll data relating to almost 100,000 employees online following disciplinary action [1]. He had been tasked with providing payroll data to Morrisons’ external auditors. Over 5,500 employees commenced proceedings against Morrisons for damages and interest for misuse of private information, breach of confidence and breach of statutory duty owed under section 4(4) the Data Protection Act 1998 (the Act).
Morrisons was not found directly liable, but the High Court found that the company had deliberately entrusted the individual concerned with the payroll data (disclosing it to others was closely related to the task he had been given, despite the lack of authorisation) and there was a sufficient connection between the position in which he was employed and his wrongful conduct to establish secondary (vicarious) liability. Morrisons submitted on appeal that this close connection test was not satisfied, since the wrongdoing that caused the harm was done by the individual at his home, using his own computer, on a Sunday, several weeks after he had downloaded the data at work on to his personal USB stick. The Court of Appeal agreed with the High Court that there was an “unbroken thread” linking the individual’s work to the disclosure of the data. Rather than a sequence of random events, there was an unbroken chain which included the first unlawful act of downloading data from his personal work computer to a personal USB stick.
It was submitted that to impose vicarious liability on Morrisons in circumstances where the individual’s motive was to harm Morrisons would render the court an accessory in furthering his criminal aims. This was dismissed by the Court of Appeal, which did not accept that there is an exception to the irrelevance of motive where the motive is, by causing harm to a third party, to cause financial or reputational damage to the employer. The Court of Appeal also gave short shrift to the submission that, given the number of employees affected, a finding of vicarious liability would place an enormous burden on Morrisons (and on other innocent employers in future cases). It is helpful to quote directly from the judgment:
“There have been many instances reported in the media in recent years of data breaches on a massive scale caused by either corporate system failures or negligence by individuals acting in the course of their employment. These might, depending on the facts, lead to a large number of claims against the relevant company for potentially ruinous amounts. The solution is to insure against such catastrophes; and employers can likewise insure against losses caused by dishonest or malicious employees. We have not been told what the insurance position is in the present case, and of course it cannot affect the result. The fact of a defendant being insured is not a reason for imposing liability, but the availability of insurance is a valid answer to the Doomsday or Armageddon arguments put forward … on behalf of Morrisons”.
Further proceedings are due to take place to determine the level of compensation. Morrisons has said that it will appeal to the Supreme Court.
While the High Court found that, in relation to data deletion, Morrisons had fallen short of its duty to take appropriate organisational measures to guard against unlawful disclosure and data loss, by the time it would have been appropriate to conduct any check on deletion, the probability was that the information had already been copied, and so the failure neither caused nor contributed to the disclosure. In light of the decision in this case, it would be prudent for employers to review their existing policies and procedures and consider imposing stricter internal controls to guard against the risk of employees “going rogue”, including in those parts of the business where employees are regularly entrusted with personal data and confidential or sensitive information.
…as the High Court blocks attempt to bring collective proceedings against Google
The High Court has refused to give the go-ahead to a representative action brought against Google by Richard Lloyd (the former executive director of consumer organisation Which?) on his own behalf and on behalf of an estimated class of 4.4 million people [2]. A representative action is one of the currently available methods for bringing collective proceedings in England and Wales.
The claim alleged that Google acted in breach of the duty imposed by section 4(4) of the Act by secretly tracking the internet activity of Apple iPhone users, collating and using the information obtained, and selling the accumulated data (it was able to do this by using what has been termed “the Safari Workaround”). The claim was for compensation under section 13(1) of the Act, which provides that an individual who suffers damage by reason of any contravention by a data controller of any of the requirements of the Act is entitled to compensation from the data controller for that damage. No financial loss or distress was alleged.
Mr Lloyd applied for permission to serve the proceedings on Google in the United States. The main issues were: whether the pleaded facts disclosed any basis for claiming compensation under the Act; and if so, whether the Court should or would permit the claim to continue as a representative action.
The Court answered “no” in respect of each issue. The facts alleged did not support the contention that Mr Lloyd or any of the represented claimants had suffered any actual “damage” within the meaning of the Act as a result of the alleged breach (whether financial or non-financial, for example distress). The Court concluded that the essential requirements for a representative action were absent. Mr Lloyd and the represented claimants did not all have the “same interest” within the meaning of the relevant procedural rule. It could not be supposed that the breach of duty or the impact of it was uniform across the entire class of claimants – inevitably, the nature and extent of the breach and the impact it had on individuals would have varied greatly. It was also impossible reliably to ascertain whether any given individual was a member of the represented class.
Finally, in any event, the Court would exercise its discretion against the continuation of the action as a representative action: “It would not be unfair to describe this as officious litigation, embarked upon on behalf of individuals who have not authorised it, and have shown no interest in seeking any remedy for, or even complaining about, the alleged breaches…the Representative Claimant should not be permitted to consume substantial resources in the pursuit of litigation on behalf of others who have little to gain from it, and have not authorised the pursuit of the claim, nor indicated any concern about the matters to be litigated.”
We understand that Mr Lloyd has sought permission to appeal the judgment. With the introduction of the EU General Data Protection Regulation and the new Data Protection Act 2018 in May 2018, there was concern that these might open the floodgates to US-style class actions in data breach cases (see our earlier briefing on this topic). The decision in this case suggests otherwise, for now.
In other news…
- Facebook has been fined £500,000 (the maximum under the Act, which was applicable at the time) by the Information Commissioner’s Office (ICO) in the wake of the Cambridge Analytica scandal. The Information Commissioner will provide a further update on the ICO’s investigation into data analytics for political purposes when she gives evidence to the Department for Digital, Culture, Media and Sport Select Committee on 6 November 2018.
- Heathrow Airport Limited was fined £120,000 by the ICO after it failed to ensure that the personal data held on its network was properly secured. The ICO’s Director of Investigations said: “Data protection should have been high on Heathrow’s agenda. But our investigation found a catalogue of shortcomings in corporate standards, training and vision that indicated otherwise. Data protection is a boardroom issue and it is imperative that businesses have the policies, procedures and training in place to minimise any vulnerabilities of the personal information that has been entrusted to them”. Among other things, the investigation found that only two per cent of the workforce of 6,500 had received data protection training, and there was widespread use of removable media in contravention of the company’s own policies and guidance.
- In other recent enforcement action, a marketing company was fined £90,000 by the ICO after millions of nuisance emails were sent to people who had subscribed to websites operated by the company’s affiliates, but who had not given their consent to receive them.
- The second annual review of the embattled EU-US Privacy Shield, one of the approved mechanisms for the transatlantic transfer of personal data, took place in Brussels on 18 and 19 October 2018. See the joint press statement. The European Commission will publish a report on its findings before the end of the year.
- The Irish Supreme Court is expected to hear Facebook’s appeal in the Schrems litigation in December 2018. Earlier this year, the Irish High Court referred to the Court of Justice of the European Union 11 questions over the validity of the Commission’s adequacy decisions on model contract clauses, one of the alternative available data transfer mechanisms. A number of the questions refer directly to the Privacy Shield. Facebook was granted unprecedented leave to appeal to the Irish Supreme Court.
- We reported previously that, on 28 September 2018, Facebook announced that a security issue had been discovered three days earlier affecting almost 50 million of its user accounts. Cyber attackers exploited a vulnerability in Facebook’s code which impacted the “View As” feature. According to a brief statement at the time, the ICO was making enquiries to establish the scale of the breach and to establish if any UK citizens had been affected by it. In an update on 12 October 2018, Facebook said that about 30 million people were affected. Names and contact details of 29 million people were accessed and, in respect of 14 million of them, other details on their profiles including date of birth, relationship status and work.
- On 26 October 2018, British Airways published an update on the cyber-attack which it first announced in September 2018. It says that the holders of a further 185,000 payment cards may have been affected by the breach. Also, fewer customers were affected than was originally announced. The ICO issued a statement in response.
- The government is undertaking a survey of UK businesses and charities to find out how they approach cybersecurity and learn more about the cybersecurity issues they face. The fieldwork for the latest survey is taking place by telephone from October to December 2018. Businesses and charities from across the UK have been selected at random. See the webpage for details.
- On 16 October 2018, the National Cyber Security Centre published its second annual review, looking at the work it has undertaken over the past year.
- On 19 October 2018, the European Data Protection Supervisor set out the “urgent case for a new ePrivacy law”. Among other things, he said that the adoption of the proposed ePrivacy Regulation is crucial to protect the fundamental rights to privacy and the protection of personal data in the digital age. See the blog post for details.
- The ICO has welcomed the government’s early signing on 10 October 2018 of the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (known as “Convention 108”), which is the only legally binding international agreement on data protection. It describes the Convention’s modernisation as “a key milestone for global data privacy regulation”. See the ICO’s blog on its international work.
- In other international news, the Information Commissioner was announced on 23 October 2018 as the new chair of the International Conference of Data Protection and Privacy Commissioners (ICDPPC). At its recent annual meeting, the ICDPPC adopted a declaration on ethics and data protection in artificial intelligence, in order to contribute to the global discussion on this matter.
- And finally, the ICO published an expanded guide to the Network and Information Systems Regulations 2018 for organisations providing digital services such as online marketplaces, online search engines and cloud services.
______________________
[1] WM Morrison Supermarkets Plc v Various Claimants, [2018] EWCA Civ 2339
[2] Richard Lloyd v Google LLC, [2018] EWHC 2599 (QB)

Health and Safety – September 2018
£900,000 fine reduced on appeal; other sentencing news; government ban on combustible cladding; and more. […]
£900,000 fine reduced on appeal; other sentencing news; government ban on combustible cladding; and more.
£900,000 fine reduced to £135,000 on appeal
A utilities company has had its £900,000 fine reduced to £135,000 on appeal [1]. Electricity North West Ltd was convicted of contravening regulation 4(1) of the Work at Height Regulations 2005, but acquitted on two other counts of breaching regulation 3(1) of the Management of Health and Safety at Work Regulations 1999 and section 2(1) of the Health and Safety at Work Act 1974. The conviction followed an incident in which an employee died after falling from height while clearing ivy from a vertical wooden pole. The company argued that the size of the fine bore no relation to the seriousness of the offence, in terms of culpability and harm, and in light of the acquittals on the other two counts, and that it was manifestly excessive.
The sentencing judge found that there was “high” culpability, since there was a persistent failure properly to plan over a lengthy period of time. The need to plan for work at height was obvious and a systemic failure put the case in that category of culpability. In relation to harm, in light of the acquittals on the other two counts, he concluded that the likelihood of harm was low and the offending fell within harm category 3. These factors indicated a starting point for a fine of £540,000. The judge then went on to assess turnover. As the company was a “very large” organisation, it was necessary to make an upward adjustment to the starting point and move outside the range to achieve a proportionate sentence. £900,000 was the minimum that could be imposed in the circumstances.
In relation to culpability, the Court of Appeal disagreed with the judge’s finding that the failure to plan that a Mobile Elevated Work Platform was readily available on the day of the incident made the offence one of high culpability. It said that the failure was not comparable to the other factors indicating conduct or omission which falls ‘far short of the appropriate standards’ so as to justify a finding of high culpability, for example, failing to put in place measures which are standard in the industry or ignoring concerns raised by employees or others. In light of the jury’s verdicts, the company had been convicted of an offence which was properly characterised as falling between low and medium culpability. The sentencing range for large organisations for low culpability/harm category 3 is between £10,000 and £140,000, and for medium culpability/harm category 3 between £130,000 and £750,000. The Court of Appeal concluded that the correct sentence was a fine of £135,000. Notably, it did not consider that any further upward adjustment to reflect turnover should be made on the facts of the case.
Other sentencing news
- A logistics company was fined £1.5 million, and ordered to pay costs of over £32,000, after a worker was fatally trapped while attempting to attach a trailer, which was parked on a slight slope, to his vehicle. The inspector from the Health and Safety Executive (HSE) said: “Had Tuffnells taken the slope into account, simple measures could have been taken that would have prevented this incident. Workplace transport remains a high risk environment, and this case serves as a reminder to industry that assessments of sites should be specific and identify the hazards unique to each yard. It is also a reminder that the slope a vehicle is parked on does not need to be steep for incidents to occur”.
- International tyre manufacturer Pirelli was fined £512,000 after two workers were seriously injured by the same machine in two separate incidents. The HSE investigation found that the machine was not properly guarded, despite the first incident.
- Tata Steel UK Ltd was fined £450,000 after a worker fell three to four metres into an open pit while carrying out a skip emptying operation. An earlier risk assessment had identified the need for a barrier around the pit during this type of operation. A barrier was not provided until after the incident.
HSE launches construction health inspection initiative for October 2018
The HSE announced that it will be visiting construction sites across the country during October 2018, focusing on the measures employers have in place to protect their workers from occupational lung disease caused by asbestos, silica, wood and other dusts. It says that it will be looking specifically for evidence of construction workers knowing the risk, planning their work and using the right controls.
Government announces ban on combustible cladding
As this edition of the Regulatory round-up was due to go to press, the government announced that it will ban the use of combustible materials on the external walls of all new high-rise buildings that contain flats, as well as hospitals, residential care premises and student accommodation above 18 metres in height. There will be changes to building regulations and products will be limited to those achieving a European classification of Class A1 (these are products described as having no contribution to fire at any stage) or A2 (products described as having no significant contribution to fire at any stage). The government consulted on a proposed ban during the summer, after the Hackitt final report on building regulations and fire safety stopped short of recommending an outright ban.
Some have said that the ban does not go far enough. The Fire Brigades Union says that the ban should apply to all buildings, whatever their height or use, and should permit only the highest standard of A1 materials. It is also concerned that the measures do not deal with existing cladding on buildings (see the press release). The Royal Institute of British Architects (RIBA) is also concerned at permitting all A2 classified products (see the press release).
On 10 September 2018, the Ministry of Housing, Communities & Local Government issued a circular letter to draw attention to issues about assessments of external wall cladding systems and to issue guidance pending the outcome of various recent government consultations (including the proposed ban on combustible cladding) in the wake of the Hackitt Review.
In related news:
- RIBA is consulting until 15 October 2018 on a new ‘Plan of Work for Fire Safety’.
- The government responded to a Select Committee report setting out the Committee’s main conclusions and recommendations following a short inquiry post-publication of the Hackitt final report.
- The Construction Industry Council published the first quarterly report of the steering group responsible for implementing the competence recommendations of the Hackitt Review.
Consultation on banning the sale of energy drinks to children
The government is consulting until 21 November 2018 on a proposal to end the sale of energy drinks to children. The ban would apply to all retailers in England, including both on-site and online sales. A summary of the proposals and the questions for consultation can be found on page 9 onwards.
______________
[1] R v Electricity North West Ltd, [2018] EWCA (Crim) 1944

Data Protection – September 2018
Equifax receives maximum fine for security breach; other cyber security news; latest from the ICO; […]
Equifax receives maximum fine for security breach; other cyber security news; latest from the ICO; update on ePrivacy Regulation; and more
Equifax receives maximum fine for security breach…
The UK arm of credit reference agency Equifax has been fined £500,000 by the Information Commissioner’s Office (ICO) for failing to protect the personal information of up to 15 million UK customers during a cyber attack in 2017. The ICO investigation found that the company had failed to take appropriate steps to ensure that its American parent, which was processing the data on its behalf, was protecting the information. There were significant problems with data retention, IT system patching and audit procedures.
Due to timing, the investigation was carried out under the Data Protection Act 1998, with £500,000 being the maximum financial penalty. The maximum penalty under the new General Data Protection Regulation (GDPR) is €20 million or 4% of global turnover. The Information Commissioner said that the company had “received the highest fine possible under the 1998 legislation because of the number of victims, the type of data at risk and because it has no excuse for failing to adhere to its own policies and controls as well as the law…Multinational data companies like Equifax must understand what personal data they hold and take robust steps to protect it. Their boards need to ensure that internal controls and systems work effectively to meet legal requirements and customers’ expectations. Equifax Ltd showed a serious disregard for their customers and the personal information entrusted to them, and that led to today’s fine”.
…while Facebook announces security breach affecting almost 50 million users
On 28 September 2018, Facebook announced that a security issue had been discovered three days earlier affecting almost 50 million of its user accounts. Cyber attackers exploited a vulnerability in Facebook’s code which impacted the “View As” feature. The company says that it has yet to determine whether the affected accounts were misused or whether any information was accessed. According to a brief statement, the ICO is making enquiries to establish the scale of the breach and to establish if any UK citizens have been affected by it.
Earlier in the month, British Airways announced that it was investigating the theft of customer data, including personal and financial details, from its website and mobile app. It has also been widely reported that a Conservative Party conference app contained a security flaw allowing access to users’ personal data, including mobile phone numbers. The ICO is making enquiries in relation to both incidents.
On the subject of cyber security…
In a recent speech to the CBI Cyber Security: Business Insight Conference, the ICO Deputy Commissioner (Operations) said that the ICO, as a regulator, “does not seek perfection even if to some it may feel like that. We seek evidence of senior management and board level insight and accountability. We seek evidence of systems that provide a robust level of protection and privacy. The small number of fines we issue always seem to get the headlines, but we close many thousands of incidents each year without financial penalty but with advice, guidance and reassurance. For every investigation which ends in a fine, we have many audits, advisory visits and guidance sessions. That is the real norm of the work we do”. He said that since GDPR came into force on 25 May 2018, the ICO has been receiving around 500 calls a week to its breach reporting line. Around one in five of reported breaches involve cyber incidents, of which nearly half are the result of phishing. The key trends which the ICO is finding with its reporting system are: organisations struggling with the concept of 72 hours as defined under GDPR; incomplete reporting; and some over-reporting by data controllers.
The National Cyber Security Centre has released five core questions to help Britain’s biggest boards understand their cyber risk. See the press release for a link through to the toolkit and other materials.
Europol published its latest report assessing the emerging threats and key developments in cybercrime over the past year. See the press release which looks at some of the main trends, including ransomware, malware, payment card fraud and targeting cryptocurrencies.
The Network and Information Systems Regulations 2018 (NIS Regulations) came into force on 10 May 2018. They were made to implement the EU Directive on Security of Network and Information Systems (NIS Directive). Businesses identified as “operators of essential services” will be required to take appropriate and proportionate security measures to manage the risks to their systems and to notify serious incidents to the relevant authority. Key digital service providers will also have to comply with security and incident notification requirements. Just after the previous edition of the Regulatory round-up went to press, the government published its response following a targeted consultation on how the NIS Directive will apply to digital service providers in the UK. It proposes to use the outcome of the consultation to assist the ICO in clarifying its guidance to digital service providers. It says that it will look to clarify the following key areas: how digital service providers can more easily identify whether they are within scope of the NIS Regulations; how cloud services in particular are defined; and how the ICO’s cost recovery process will operate.
Latest from the ICO
The ICO has sent notices of intent to fine 34 organisations unless they pay the new data protection fee. They have 21 days to respond and face a maximum fine of £4,350. See the ICO’s blog post and our earlier briefing for more details about the fee. The ICO’s fee webpage can be found here.
The Information Commissioner is reminding organisations to be transparent with people’s personal information, after an ICO survey revealed most UK citizens still do not trust organisations with their data.
The ICO’s Guide to the GDPR was updated in September 2018 to include expanded guidance on exemptions.
The ICO is consulting until 12 October 2018 on creating a regulatory sandbox, following on from the publication of its Technology Strategy for 2018-2021. The sandbox “will be a safe space where organisations are supported to develop innovative products and services using personal data in innovative ways”.
The European Data Protection Board (EDPB) met for its third plenary session on 25 and 26 September 2018. In a blog post about the meeting, the ICO referred, among other things, to the UK’s upcoming departure from the EU: “As we draw closer to a new stage in the relations between the EU and the UK, it is worth bearing in mind that data protection concerns do not begin and end at national borders. Interactions between the ICO and EU supervisory authorities is, and will continue to be, essential…The ICO will maintain the already high standards of data protection in the UK after the UK leaves the EU based on the common data protection framework it shares with the rest of the EDPB”.
In recent ICO enforcement action, a marketing agency was fined £60,000 for sending 1.42 million emails without consent, another firm was fined £150,000 for making over 63,000 calls to people who were registered with the Telephone Preference Service, and a former nurse was prosecuted after she accessed patient records without authorisation, multiple times over a two-year period.
Update on ePrivacy Regulation
A new ePrivacy Regulation, providing special privacy rules for e-communications, was intended to apply at the same time as GDPR, but progress has stalled in Europe. Discussions are ongoing within the Council of the EU and negotiations with the European Parliament are unlikely to start until after elections held in May 2019. On 20 September 2018, ahead of a meeting of the Working Party on Telecommunications and Information Society, the Austrian presidency of the Council of the EU published a revised text of the ePrivacy proposal, seeking to address some of the concerns raised during discussions. See this European Parliament webpage for background and a summary of the current issues.
Other recent news
A new provision inserted into the Privacy and Electronic Communications Regulations prohibits the making of unsolicited calls for the purposes of direct marketing in relation to claims management services, except where a subscriber has previously notified the caller that, for the time being, they consent to such calls being made by or at the instigation of the caller. The change came into effect on 8 September 2018.
On 5 September 2018, the government published an initial code of conduct for the use of digital technology in health and care. Among other things, it clarifies what the government expects from suppliers of data-driven technologies, and how it will support and encourage innovators in health and care.
On 14 September 2018, the government updated its data protection toolkit for schools, first published in April 2018. The guidance is intended to “help schools develop policies and processes for data management, from collecting and handling the data through to the ability to respond quickly and appropriately to data breaches”.
And finally, the European Court of Human Rights ruled that aspects of the UK’s surveillance regimes under the Regulation of Investigatory Powers Act 2000 (RIPA) did not comply with Articles 8 and 10 of the European Convention on Human Rights (right to respect for private and family life and right to freedom of expression) [1]. RIPA has been mostly replaced by the controversial Investigatory Powers Act 2016 (IPA), dubbed the ‘Snooper’s Charter’. The EU may examine the UK’s data protection regime relating to national security legislation, including the powers conferred by the IPA, when it decides on the question of adequacy in relation to data flows post-Brexit. Earlier this year, the English High Court ruled that Part 4 of the IPA is incompatible with fundamental rights in EU law. The government has until 1 November 2018 to rewrite that section of the legislation, which deals with the retention of communications data.
__________________
[1] Case of Big Brother Watch v The United Kingdom (Applications nos. 58170/13, 62322/14 and 24960/15), [2018] ECHR 722

Lease breaks: Top tips and traps for the[...]
In times of economic decline or uncertainty, many businesses look to divest themselves of surplus […]
In times of economic decline or uncertainty, many businesses look to divest themselves of surplus property to reduce rental commitment. With Brexit looming and the state of the high street the focus of some concern, Walker Morris’ specialist Real Estate Litigation Partner Martin McKeague reviews recent case law and provides practical advice for businesses considering their lease break options.
Context and key case law
Whilst the cost savings involved in a rationalisation exercise can be significant, so too can the risks. Once the decision has been made to bring a commercial lease to an end, the failure to serve a valid break notice can have drastic consequences. The business may lose the opportunity to break the lease and may therefore remain liable and tied into the property with long-term, unwanted commitments.
In the leading case of Mannai Investment v Eagle Star [1] in 1997, Lord Hoffmann famously said: “if the [termination] clause had said that the notice had to be on blue paper, it would have been no good serving a notice on pink paper, however clear it might have been that the tenant wanted to terminate.” In doing so he vividly articulated that strict compliance, with both contractual break conditions and any particular service provisions, is required for lease breaks to be effective.
Top tips and traps for the unwary
As such, very careful consideration must always be given to the exercise of any break. The starting point when serving a break notice must always be to examine the lease and the contractual provisions which set out the option to determine; any conditions which must be complied with; and any particular requirements for service (including when notice must be given, how notice must be served and on whom, and by whom, it must be served).
When?
The question of when a break notice can be served is very important, especially if the option is a one-off or ‘once and for all’ break (as opposed to a ‘rolling break’). There are then three dates to ascertain: the break date; the date by which notice must be served (that is, when the notice must be received by the other party); and, working back, the date by which the notice must actually be issued. If any of these are calculated incorrectly then there is a real risk that the break notice will not be validly drafted or served, and the lease will continue.
How?
It is essential to check whether the break clause contains a specific methodology for serving notice or whether the lease contains general ‘service of notices’ provisions elsewhere. Service must be effected in accordance with any contractually specified provision. For example, the lease may specify that service must be by fax or e-mail at a particular address; by first class or registered post; on an agent as well as, or instead of, on the party; or even that notice must be written on pink paper!
Who?
As indicated earlier, it must be ascertained exactly who must give the notice and on whom the notice must be served. However determining the correct party/ies is often more difficult than first imagined. In most cases the landlord and tenant are no longer the original contracting parties; the land or tenancy may be unregistered; the landlord/tenant may not be based in the UK; and/or the lease may specify that the notice must be served on an agent.
What? Conditional Break Options
Conditional break options should be approached with real caution. If the lease requires absolute compliance with one or more conditions, then failure to do so, no matter how trivial, will render the break ineffective. For example, if a break option was conditional on making payment of all lease sums and just a penny remained outstanding at the break date or other prescribed time, that penny would render the whole break invalid.
The most common condition is the payment of all rent due as at the Break Date. On the face of it, that seems straightforward and fair enough. However, is rent is defined within the lease and does it include service charge and/or insurance rent. If it does, can these be properly calculated or ascertained? Does rent (and potentially other sums) simply need to have fallen due under the lease, or do sums have to have been demanded? If sums need to have been demanded, can the tenant guarantee that the landlord will have demanded sums in time for the tenant to make payment?
Another common condition is for a tenant to comply with its repairing obligations. The landlord is under no obligation to confirm exactly what work it expects to be carried out, nor to provide any certainty prior to the break date that any works carried out are satisfactory to discharge the tenant’s obligations.
If conditions in a break option are not absolute, they are often drafted to say that the tenant must materially, substantially or reasonably comply with certain conditions. This is to try and protect the tenant from rendering the break invalid due to minor and inconsequential breaches. The problem here is that each of these terms can have a slightly different meaning and no guarantees can be given to provide absolute certainty of compliance. In these circumstances a tenant may be well advised to undertake the fullest possible compliance. Apart from the risk of a break being ineffective, a party will always face the risk of a damages claim for breach of covenant either during or after the end of a lease in any event. The fullest possible compliance has the dual-effect of mitigating that risk.
Faced with a conditional break and uncertainty as to exactly how to ensure compliance, the tenant in the recent case of Goldman Sachs v Procession House [2] opted for another option – it proactively applied to the court ahead of the break date, seeking a declaration as to exactly what was required.
The lease contained an option for the tenant to break five years prior to expiry of the contract term. At a rent of over £4 million per annum, service of an effective break notice would save the tenant over £20 million (and, conversely, service of an ineffective break would effectively cost it that amount). It was common ground between the parties that the break clause was conditional upon there being no arrears of the rent and the tenant delivering up vacant possession, but there was a dispute as to whether or not the successful exercise of the break was also conditional upon the tenant’s compliance with certain yielding-up/reinstatement obligations. The relevant provisions were:
Clause 23 Break Clause – The lease was terminable by the tenant “…subject to the tenant being able to yield up the premises with vacant possession as provided in clause 23.2”
Clause 23.2 – “On the expiration of [the break notice] the term shall cease and determine (and the tenant shall yield up the premises in accordance with clause 11 and with full vacant possession)…”
Clause 11 Yielding Up – “Unless not required by the landlord, the tenant shall at the end of the term remove any alterations or additions made to the premises (and make good any damage caused by that removal to the reasonable satisfaction of the landlord) and shall reinstate the premises to their original layout…”
In a tenant-friendly decision, taking into account both considerations of commercial common sense and the particular factual matrix surrounding alteration works carried out to the premises by the tenant, the court concluded that the conditionality of the break did not apply to the yielding-up provisions.
The court held that, being so open to interpretation (and therefore leaving the tenant effectively unable to ensure compliance), the requirements of clause 11 were not compatible with being a pre-condition to a break. The court considered that if the parties had intended compliance with clause 11 to be a pre-condition, then that should have been more clearly stated in the drafting.
WM Comment
There is a considerable amount of risk and time involved in serving a break notice and complying with the relevant conditions. The best advice for any retail tenant considering its options is to contact a specialist Real Estate Litigator, time, who will be able to advise on the break and overall exit strategy (including, where appropriate, any dilapidations/reinstatement issues).
For any further information or advice, please do not hesitate to contact Martin McKeague.
_________________
[1] Mannai Investment Co Ltd v Eagle Star Life Assurance Co Ltd [1997] AC 749
[2] Goldman Sachs International v Procession House Trustee Ltd (1) and Procession House Trustee 2 Ltd (2) (2018, unreported)

The end of LIBOR: Implications for lenders and[...]
This article was first published by Mortgage Finance Gazette. To see the full article please […]
This article was first published by Mortgage Finance Gazette. To see the full article please click here.
Louise Power and Jeanette Burgess look ahead to the planned loss of LIBOR in 2021. Louise and Jeanette consider some of the key legal implications and offer their practical advice for lenders.

Supply chain services considerations
Walker Morris Partner and Commercial Contract specialist James Crayton offers some practical tips for retailers […]
Walker Morris Partner and Commercial Contract specialist James Crayton offers some practical tips for retailers following recent media focus on supply chain issues.
In November 2017 Yum Brands owned KFC awarded DHL and QSL its contract to manage its British supply chain, ending its relationship with delivery company Bidvest. Less than a week after the new contract went live in February 2018, hundreds of KFC branches were forced to close due to a number of deliveries being incomplete or delayed.
JD Wetherspoon removed steak from its Tuesday steak club menu in January 2018 following reported food compliance issues with its meat supplier, Russell Hume. Wetherspoons subsequently cancelled its contract with this supplier and the supplier entered administration.
These real world examples highlight some key considerations for retailers to keep in mind when negotiating supply chain contracts.
Exclusivity
Awarding a supplier exclusivity will undoubtedly put you in a strong position to negotiate lower costs, however you should take care when putting all your eggs in one basket. Ensure your supply contract contains provisions to allow you to source from third parties in the event that your supplier has issues. This might mean short term costs, however some contracts allow these to be recovered from the failing supplier. You may also wish to consider including a provision allowing you to terminate the agreement in the event that supply is disrupted for a specified period.
Service Levels
Choosing measurable service levels and documenting what the measure of success/ failure looks like in an SLA is only effective if it is properly incorporated into your agreement. Moreover, your agreement should deal with what happens when such service levels are not met. A service credit regime may seem like an appropriate remedy but consider whether it is enough of a “stick” to guarantee proper performance. It may be that other obligations, such as escalation or a performance improvement plan, are a more practical option. Such service level terms may, in many cases, prove adequate. However, in case of persistent breaches or breaches of certain ‘critical’ service levels, you may also wish to include the additional remedies of a loss of exclusivity or a specific right to terminate.
Exit Management and Implementation Planning
The start of any supply relationship is the best time to think about what is going to happen on exit. Once the contract is signed, commercial pressure on the supplier to agree to help on exit is likely to dissipate, and the momentum needed to agree a post-signing exit plan is often lost. A detailed exit management plan containing transitional service provisions could be key to ensuring you have the support required from the exiting supplier for a smooth transition to a new provider and a robust exit clause should set out the support you require in the agreement itself. Consider provisions which document the scope, length and cost of transitional services and also inserting obligations on your exiting supplier to assign or novate any sub-contracts or licences in place with third parties to the new supplier.
For further information or assistance with drafting supply contracts or managing your supply chain, please do not hesitate to contact James or any member of Walker Morris’ Commercial Contracts or Retail teams.

Vulnerability and GDPR
Walker Morris partner Louise Power explains how financial services firms can comply with their General […]
Walker Morris partner Louise Power explains how financial services firms can comply with their General Data Protection Regulation (GDPR) obligations while also meeting the needs of vulnerable customers.
Complying with competing responsibilities
In today’s complex regulatory environment, financial services firms face a host of rules, regulations and recommendations all of which are concerned with different aspects of the customer journey and with ensuring fair customer outcomes. There is no doubt that firms are doing an admirable job, and that the fundamental principle of treating customers fairly (TCF) is embedded within the industry and at the heart of firms’ policies, procedures and decision-making. An area of risk, however, is where different responsibilities overlap. In those circumstances, how can firms ensure that all of their responsibilities – even those which may seemingly compete – are complied with?
A key example is where firms need to share information about potential vulnerability so as to adhere to TCF on the one hand, but they need to protect customers’ data in accordance with strict GDPR obligations on the other.
Sensitive Personal Data and GDPR
As firms will know, GDPR imposes different data protection requirements depending on the data in question. Where data is sensitive personal data (or ‘special category data’ under GDPR) (SCPD), enhanced requirements apply [1]. The first step to ensuring compliance is for firms to understand exactly what is SCPD…
…SCPD is information relating to an identifiable individual’s:
- race
- ethnic origin
- politics
- religion
- trade union membership
- genetics
- biometrics (where used for ID purposes)
- health
- sex life; and
- sexual orientation.
Information pertaining to vulnerability is most likely to be caught by GDPR SCPD rules if it falls within the ‘health’ category, whereas data relating to financial vulnerability (such as low income, income shock, non-health related change in circumstances, and so on) will not necessarily be SCPD.
In order to process personal data, GDPR requires that firms must first have a ‘lawful basis’ [2]. For a financial services firm, this requirement is satisfied because the processing of personal data is necessary for its legitimate interests in carrying out the ordinary course of business and there is no good reason to protect an individual’s data which overrides those legitimate interests.
When processing SCPD, in addition to the ‘lawful basis’, a ‘specific condition’ under Article 9 of GDPR must be satisfied. Of the ten available conditions, those which are most likely to apply in this context are:
- a) The data subject has given explicit consent to the processing of the data for one or more specific purposes; and
- f) Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity [3].
Impact and advice
Where firms process SCPD, therefore – including where firms provide third parties such as law firms or other suppliers with SCPD, they should confirm, ideally in writing and within contractual terms, that the customer has provided its explicit consent for its data to be so processed – and in particular for it to be provided to the third parties in question.
Firms should therefore ensure that their processes/procedures and contractual arrangements with customers and suppliers specifically address consent for processing SCPD. Without such confirmation, suppliers cannot satisfy condition a) and cannot lawfully process SCPD. Consequently in those circumstances neither can suppliers (and, in turn, the firms themselves) satisfy TCF requirements for vulnerable customers.
______________
[1] For further information, see the Information Commissioner’s Office (ICO) guidance
[2] See our more detailed briefing for further information and advice
[3] Note that condition f) may not be appropriate if firms are not proposing to litigate.

Newsflash: Relief as legal privilege is restored
Walker Morris Commercial Dispute Resolution and Regulatory experts Gwendoline Davies and Andrew Northage explain why the […]
Walker Morris Commercial Dispute Resolution and Regulatory experts Gwendoline Davies and Andrew Northage explain why the Court of Appeal’s landmark decision in Serious Fraud Office v Eurasian National Resources Corporation Limited and The Law Society [1] is good news for businesses, in-house lawyers and the rule of law overall.
Concerns arising from High Court findings
As we explained in our earlier article, certain aspects of the High Court’s decision in 2017 gave rise to significant concerns among corporations and within the legal profession that the crucial principle of legal professional privilege – that clients should be able to candidly disclose matters and documents to their lawyers and to withhold documents from a court or third party without any adverse inferences being drawn – was being eroded.
In particular, the High Court had held that, in a criminal or regulatory investigation, the test as to whether litigation is in reasonable contemplation (and whether privilege protection therefore applies) would not necessarily be met where an investigation was contemplated, or even ongoing, because prosecution only occurs once evidence of any truth in the allegations is discovered. As such, the High Court considered that only a prosecution – not an investigation – would amount to ‘litigation’ for privilege purposes.
The High Court had also held that documents created with a view to investigating, or even obtaining advice for the purpose of avoiding or settling criminal or civil litigation or investigation, would not pass the requisite test for privilege.
The potential implications were so significant that The Law Society intervened in the appeal on behalf of the legal profession.
Court of Appeal victory for privilege
On 5 September 2018 the Court of Appeal overturned the High Court’s findings, reinstating the law of privilege so that in-house advice prepared prior to court proceedings, and discussions and documents prepared in connection with the avoidance or settlement of proceedings are protected.
Christina Blacklaws, president of The Law Society, said clients can now be “far more confident that discussions with their solicitors will remain confidential”. She also commented: “The rule of law depends on all parties being able to seek confidential legal advice without fear of disclosure” and “a lack of privilege in these cases could have made it more difficult to uncover wrongdoing, as organisations might have been less willing to investigate issues to their full extent without the protection afforded by legal professional privilege.”
Ripe for further reform?
The Court of Appeal was not required, in this case, to decide the long-standing controversy arising from the Three Rivers (No. 5) [2] decision that the ‘client’ entitled to claim privilege can only be only those individuals actually charged with instructing lawyers – a very narrow definition. However, in-house lawyers may be interested to note that the court did, nevertheless, confirm that it saw force in departing from Three Rivers and would have done so. That, along with the fact that the SFO is understood to be considering an appeal to the Supreme Court, indicates that the law in this important area may be ripe for reform.
Walker Morris will continue to monitor and report on key developments.
Practical advice and tips for in-house lawyers
For practical advice about legal professional privilege, please see our more detailed earlier briefing and the privilege chapter from our upcoming Little Green Book of Dispute Resolution.
____________________
[1] [2018] EWCA Civ 2006
[2] Three Rivers District Council & Ors v Governor & Co of the Bank of England [2003] EWCA Civ 474

Companies fined and censured for breach of AIM[...]
The London Stock Exchange has privately censured and fined two AIM companies and publicly censured […]
The London Stock Exchange has privately censured and fined two AIM companies and publicly censured and fined MBL Group plc for breaches of the AIM Rules in relation to disclosure and compliance.
The London Stock Exchange (LSE) has recently fined and privately censured two AIM companies and publicly censured and fined MBL Group plc £125,000 for breaches of the AIM Rules. The rules that were breached were Rule 10 (Principles of disclosure), Rule 11 (General disclosure of price sensitive information) and Rule 31 (AIM company and directors’ responsibility for compliance).
AIM Rule 10 (Principles of disclosure)
Where a company is required to make an announcement under the AIM Rules, AIM Rule 10 requires the announcement to be made via an RIS no later than it is published elsewhere.
In one of the companies that was privately censured, the company gave an update regarding the progress of its business via social media. Some of the information that was disclosed was information which should have been notified to the market via an RIS before it was disclosed through social media and therefore the company was in breach of AIM Rule 10. In addition, by failing to have sufficient procedures, resources and controls in place to monitor its social media output, the LSE found that the company had also breached AIM Rule 31. This rule provides that an AIM company must have in place sufficient procedures, resources and controls to enable it to comply with the AIM Rules.
AIM Rule 31 (AIM company and directors’ responsibility for compliance)
In addition to providing that an AIM company must have in place sufficient procedures, resources and controls, AIM Rule 31 also requires an AIM company to provide its nominated advisor (Nomad) with any information it reasonably requests or requires in order for that Nomad to carry out its responsibilities under the rules. The purpose of the rule is to ensure that the Nomad is fully aware of developments within the company so that it can fulfil its regulatory role.
In the case of the second privately censured company, the LSE concluded that the company had breached AIM Rule 31 by not keeping its existing Nomad informed as to its progress in appointing a successor Nomad, despite frequent requests to do so within the notice period. The requirement to keep a Nomad fully aware of developments within the company still applies even during the period in which a Nomad is serving notice.
AIM Rule 11 (General disclosure of price sensitive information)
An AIM company must issue notification without delay of any new developments which are not public knowledge which, if made public, would be likely to lead to a significant movement in the price of its securities.
MBL Group plc was found to be in breach of this rule because the company failed to notify, without delay, information of which it became aware in relation to the significant deterioration in the financial performance of the subsidiaries it was preparing to sell. The information was price sensitive and also at odds with information that had previously been disclosed to the market.
WM comment
These cases highlight how important it is to ensure that the continuing obligations under the AIM Rules are complied with. AIM companies must ensure that they consider properly the disclosure implications of relevant financial information available to them. In addition, when notifying information, they must take care to ensure that the information does not, by omission, create an incomplete understanding. AIM companies must also ensure that they have sufficient procedures, resources and controls in place to meet their obligations under the rules at all times. It is clear that where there is actionable evidence, the LSE will bring to account companies that fail to meet the required standards of disclosure.

Data subject access requests: Court of Appeal guidance[...]
Under data protection legislation, individuals have the right to access their personal data, to find […]
Under data protection legislation, individuals have the right to access their personal data, to find out what data is held and how it is used. This right is exercised by making a data subject access request (or DSAR) to the data controller or processor (responsibility for complying with a DSAR lies with the controller). At a time when individuals are becoming more aware of their rights as data subjects, DSARs are increasingly being used tactically, both prior to and alongside the litigation process.
In a recent decision, the Court of Appeal has provided welcome guidance for data controllers on how to approach DSARs in “mixed data” cases, as Walker Morris data protection specialists Jeanette Burgess and Andrew Northage explain.
Background
In Dr B v The General Medical Council [1], the General Medical Council (GMC) appealed a High Court order in which the judge granted an injunction against it, restraining disclosure of an expert report. The report was produced in relation to a GMC investigation into a doctor’s fitness to practice (Dr B), following a patient’s complaint (P) that Dr B had examined and dealt with him incompetently, leading to an avoidable delay in his diagnosis.
The report was central to the GMC’s decision whether to take action against Dr B. The GMC decided that there should be no further action and sent both parties a short summary of the expert’s comments. P requested disclosure of the full report and the request was treated as a DSAR under section 7 of the Data Protection Act 1998 (DPA) [2]. Dr B opposed disclosure, asserting, among other things, that the clear intention behind the DSAR was to initiate litigation against him.
By the time the case came before the High Court it was agreed that the personal data of P and Dr B were “inextricably mixed” in the report. Section 7(4) of the DPA provided that, where a data controller cannot comply with the DSAR without disclosing information relating to another individual who can be identified from that information, he is not obliged to comply with it unless (a) the other individual has consented to the disclosure of the information to the person making the DSAR, or (b) it is reasonable in all the circumstances to comply with the DSAR without the consent of the other individual. Section 7(6) set out a number of factors to which particular regard should be had, including any express refusal of consent.
Having carried out this balancing exercise, the GMC decided to disclose the report. Dr B applied to the High Court to restrain disclosure.
The High Court’s decision…
Importantly, the High Court judge noted the remark of Lord Justice Auld in the Durant case [3] that, in the absence of consent, there was a rebuttable presumption or starting point against disclosure.
The GMC submitted that Dr B did not have a reasonable expectation that the report would be kept from P. His reasonable expectation should have been that it would be disclosed to P if requested under section 7 of the DPA. Dr B disagreed, pointing to the GMC’s practice of providing only a summary of expert reports in cases where it had decided to take no further action, such as this one.
The judge also considered what had been said in earlier cases about the “purpose” of a DSAR under the DPA. The GMC argued that the requester’s intention to use the information in furtherance of litigation was not of itself a reason for refusing a DSAR. It accepted, and the judge agreed, that it was a factor which could be taken into account in the balancing exercise. The GMC submitted, however, that it should be given no significant weight in this case.
The judge concluded that the GMC had “got the balance” wrong. It had failed to begin with a presumption against disclosure, and had given no adequate weight to Dr B’s status as a data subject and to his rights of privacy. The real focus of the report was on Dr B’s professional competence. The judge disagreed with the GMC’s submission that Dr B’s reasonable expectation was that the report would be disclosed to P. Instead, he had a reasonable expectation that a lawful balancing exercise would be carried out. The GMC had focused on P’s rights and the issue of transparency of the GMC’s decision-making process. It had taken no adequate account of Dr B’s express refusal of consent, nor of the intended use of the report for the purposes of litigation, which was the “dominant purpose” behind the DSAR (this was important, even though there was no evidence of any abuse of the report summary already provided to P).
…overturned by the Court of Appeal
The GMC appealed the High Court’s decision on the following grounds:
- There was improper reliance on an alleged presumption that there should be no disclosure in a “mixed data” case.
- There was improper reliance on P’s motive in making the DSAR.
- The Court’s reasoning was flawed in holding that the GMC (a) gave inadequate consideration to Dr B’s privacy rights, (b) took inadequate account of his express refusal of consent, and (c) underestimated the incremental impact of the disclosure of the report over and above the summary.
- The Court (a) “effectively substituted” its own assessment of the case for disclosure, (b) over-estimated the risk of P publishing the report, and failed to consider that Dr B had preventive legal options open to him to block such abuse, and (c) gave inadequate consideration to P’s “fundamental rights…to obtain and understand information about him of a highly sensitive nature”.
In a majority judgment, the Court of Appeal allowed the GMC’s appeal. Key points include:
- The judge was wrong to say that there was a presumption under section 7(4) of the DPA in favour of a person who has not consented to or who objects to disclosure. The Court was not bound to accept or follow Auld LJ’s observation on this point in Durant, as it did not form part of the rationale for the decision in that case.
- Where no consent has been given/an objection has been raised, the outcome of the balancing exercise will inevitably depend on the particular facts and context. Although section 7(6) of the DPA specifies that regard should be had to certain listed matters “in particular”, it does not limit the other matters which may be relevant circumstances; nor does it specify the weight to be given to the listed matters either as between the items in the list or as against other, non-listed relevant circumstances.
- A presumption in favour of withholding disclosure could operate as a “tie-breaker” at the end of a process of analysis, if all other competing factors are otherwise precisely in balance. In this case, there was no scope for applying such a presumption, as the GMC had given positive reasons why it considered it reasonable in all the circumstances to comply with P’s DSAR, notwithstanding that the report also comprised Dr B’s personal data.
- The general position is that subject access rights are not dependent on the requester’s motivation (see, for example, the Court of Appeal’s decision in Dawson-Damer [4], which we considered in an earlier briefing). Section 7(4) of the DPA is a special provision dealing with mixed data, and the role played by litigation motive in respect of mixed data is different from that played by it in relation to other data. Parliament’s instruction to the data controller is that he must consider every aspect of the matter, and that would include any evidence as to the litigation motive of the requester.
- A litigation motive is not irrelevant under section 7(4), but neither is it a disqualifying factor. It is simply a factor to be weighed in the balance by the data controller. There is no general principle that the interests of the requester, when balanced against the interests of the objector, should be treated as devalued by reason of a litigation motive.
- Dr B’s desire to be protected from litigation was peripheral to the main focus of the balancing exercise, which was concerned with weighing the privacy interests of the requester and the objector.
- The judge was wrong to hold that “if it appears that the sole or dominant purpose is to obtain a document for the purpose of a claim against the other data subject, that is a weighty factor in favour of refusal, on the basis that the more appropriate forum is the court procedure under Part 31 of the Civil Procedure Rules”. The GMC plainly took account of Dr B’s allegation that the purpose of the DSAR was to use the report in litigation against him, but treated it as only having limited weight because it was unlikely to assist P very much in any proceedings – that was a lawful and rational assessment. It was by no means clear, in any event, that that was P’s sole or dominant purpose. It is well established that a person making a DSAR is only entitled to disclosure of information, not documents – P could not have known that the report itself would be disclosed as a result of a DSAR made by him.
- Even if part of P’s motive was to try to obtain material which might assist him in litigation against Dr B, that would in no way diminish the legitimacy or force of his interest to have communicated to him under section 7 information about his personal data as processed by the GMC and the expert.
- It was noteworthy that P’s data constituted “sensitive personal data”, while Dr B’s did not have that enhanced status.
- The data controller is the primary decision-maker in assessing whether disclosure is reasonable or not. Apart from the mandatory relevant considerations set out in section 7(6) of the DPA, data controllers generally have a wide discretion as to which particular factors to treat as relevant to the balancing exercise. They also have a wide discretion as to the weight to be given to each factor they treat as relevant. Data controllers come in all shapes and sizes, with widely varying levels of resource to deal with DSARs. The interests of requesters, objectors and data controllers which might be taken into consideration in the balancing exercise are also very diverse.
- The question for the court to ask is whether it was reasonable in all the circumstances for the data controller to refuse/comply with the DSAR. If the controller did not make a reasonable assessment, then the court has a discretion to make the assessment itself. In this case, the GMC gave proper consideration to Dr B’s privacy interests, took account of his express refusal to consent, and considered his arguments in relation to the impact of disclosure of the report. The GMC made a lawful and rational assessment and the weight to be afforded to each of these factors was a matter for the GMC as data controller. The judge improperly substituted his own views regarding relevant factors and their weight for those of the GMC.
- A complainant making a DSAR has a legitimate interest under data protection legislation to check that the personal data used by the GMC and the expert in forming their views are accurate – there was nothing inconsistent in the GMC’s practice of providing only a summary of expert reports in cases where it had decided to take no further action, and then separately considering whether a further disclosure of personal data should be made later on following receipt of a DSAR.
- If Dr B was worried about the possibility of dissemination of the report by P for wholly inappropriate or illegitimate purposes, it was open to him or his advisers to ask the GMC to seek undertakings from P to protect against it (but note that it is unlikely to be appropriate to try to restrict later use of the information in litigation).
WM Comment
The Court of Appeal’s decision provides welcome guidance to data controllers faced with DSARs involving “mixed data”, where the other individual or individuals have not consented to the disclosure. It is clear that, when carrying out this balancing exercise of weighing the privacy interests of the affected parties, the data controller is given a wide discretion. Litigation motive is a factor to be taken into account, but there is no special weight to be attached to it.
It is essential that organisations have policies and procedures in place to deal with DSARs, and that staff across the organisation know how to recognise a DSAR and who to contact if one is received. It is important to remember that a DSAR can be oral – it does not have to be written. Under the GDPR, the time for responding to a DSAR has been reduced from 40 days to one month. In addition, as data controllers have ultimate responsibility for complying with DSARs, they need to ensure that they have in place appropriate contractual arrangements with data processors.
If you require assistance in relation to any of the issues discussed in this briefing, please do not hesitate to contact Jeanette or Andrew, who will be very happy to help.
_______________
[1] [2018] EWCA Civ 1497
[2] The DSAR regime has not changed substantially under the EU General Data Protection Regulation (GDPR) and Data Protection Act 2018, which replaced the DPA on 25 May 2018.
[3] Durant v Financial Services Authority [2003] EWCA Civ 1746
[4] Dawson-Damer v Taylor Wessing LLP [2017] EWCA Civ 74

Traps and tips for serving effective notices
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, explains why serving legal notices can […]
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, explains why serving legal notices can be a risky business… and shares some practical advice.
Notice of claims…
In recent years, the UK courts have repeatedly focused on the importance of clarity and accuracy when notifying breach of warranty claims [1]. The issue has recently come before the courts again, and flags some wider traps and tips for anyone involved in the notification of warranty claims or in the service of legal notices generally.
In Teoco UK v Aircom Jersey [2] the Court of Appeal was asked to determine whether the purchaser/claimant’s notification of a breach of SPA warranty claim – worth some £3.46 million – was valid.
Notification requirements
The purchaser had bought group companies pursuant to a sale and purchase agreement (the SPA) which contained a tax covenant and various warranties under which the seller warranted that the companies had paid all tax due. As is typical, the seller’s liability was subject to notification of claims obligations which, in this case, required the purchaser to give notice: “setting out reasonable details of the claim (including the grounds on which it is based and the Purchaser’s good faith estimate of the amount of the claim)“.
Notification letters
In February 2015 the purchaser’s solicitors wrote to the seller, referring generally to the tax covenant, tax warranties and general warranties, alleging potential breaches and purporting to comply with the notification of claims obligations within the SPA. When the seller responded that the letter contained insufficient detail to constitute a valid notification, the purchaser’s solicitors wrote again, this time simply setting out a breakdown of tax allegedly due.
Court of Appeal confirmation
The High Court had previously concluded that the purchaser’s letters did not constitute valid notification of a claim because, without identification of the specific warranties alleged to have been breached, they did not set out the legal grounds for a claim. The Court of Appeal agreed and clarified as follows:
- while every notification clause (like every other contractual provision) will turn on its own individual wording…
- …certainty is important [3]
- a compliant notification of warranty claim should identify the particular warranty/ies alleged to have been breached [4]
- there may be some cases in which the ‘reasonable recipient’ test may be relevant (that is, the objective test, established in the House of Lords case of Mannai Investment Co Ltd v Eagle Star Life Assurance Co Ltd [5], which can (in some circumstances) save an otherwise defective notice if the reasonable recipient would nevertheless have been left in no doubt as to its meaning)
- however, in this case, there was real scope for doubt about which provisions the purchaser thought may found a claim.
…and service of notices generally
The notification of warranty claims obligations in the Teoco SPA were also time-limited: notice had to be given as soon as reasonably practicable after the purchaser became aware of a claim, and in any event on or before the longstop date of 31 July 2015. Legal proceedings also had to be commenced within six months of the date the seller was notified and, once a claim had been commenced, no new claim may be brought in respect of the same matter. (The purchaser therefore effectively had only one ‘shot’ at getting any claim right).
Such time limits and other claim restrictions are common, not only in relation to warranty claim notifications, but also in relation to the service of all sorts of contractual notices.
Most modern commercial contracts also contain separate, detailed service of notice clauses with additional obligations and requirements which, if they are not strictly complied with, can invalidate any notice. The consequences of that can be significant.
In the recent case of Zayo Group International Ltd v Michael Ainger & Ors [6], the claimant had left service of the relevant notices until the last minute. The contract in question provided for notices to be served on all seven defendants by hand at the addresses specified in the contract or such other addresses as may be notified in writing. When the courier arrived at the address of one of the defendants, he discovered that she no longer lived there and left without leaving the notice. The deadline for service expired later that day, so the claimant had no opportunity to further attempt service. When the claimant subsequently sought to bring proceedings in reliance on its notices, the High Court dismissed its claim in full and against all defendants, on the basis that service had not been validly effected.
Practical advice
A good tip, when it comes to the service of any contractual notice, is to remember the mantra: who, when and how?
Immediately a party considers serving a notice, it should ascertain exactly:
Who
who is required to give notice and on whom the notice should be served. (Consider the party/counter-party itself? Legal representatives? Other agents? Have there been any assignments, novations or variations which change the position? What are the current names and addresses/contract arrangements for the relevant parties/agents?)
When
when the notice should be served, including whether there are any long-stop dates for service or for completion of any other conditional/procedural steps (such as commencing any follow-on court claims, or the like).
It is also important to bear in mind, when calculating dates, that there may be different dates to ascertain. For example, depending on the nature and wording of the notice clause, you may need to know the date on which a notice actually has to take effect; the date by which it has to be served on (i.e. received by) the receiving party; and/or the date by which it has to be issued.
All of those dates can be influenced by other factors (such as the required method of valid service; how long that will take; whether the contract designates when service will take place or whether the contract relies on external deeming provisions; whether there are any weekends/bank holidays to take into account and/or whether only working/business days count (which can differ across different countries); and so on.
How
The ‘how‘ covers:
the content of the notice – such as the requirement in this claim (and in the majority of notification of warranty claim cases) to set out, with the requisite specificity, the legal basis of the claim;
the form of the notice and any strict procedural requirements (in Mannai Lord Hoffmann famously said: “if the [termination] clause had said that the notice had to be on blue paper, it would have been no good serving a notice on pink paper“); and
the fact that service must be effected in accordance with any contractually specified method. That, in turn, can lead to problems if notification obligations within contracts are drafted in isolation from, or inconsistently with, more general service clauses and other relevant contractual provisions. For example, what happens if a party gives a PO box as its service address, but the contract specifies service by recorded delivery? (You cannot effect recorded delivery on a PO box) What happens if the contract specifies that the service address is a party’s registered office, but the agreement is assigned to an individual? (Individuals do not have registered offices).
Comment
The best advice is to leave the service of any legal notice[s] entirely to the experts. The consequences of getting any such notice wrong can be too costly to gamble. That is particularly the case where, as in Teoco, the potential claimant only has one bite at the cherry. Instructing specialist legal representatives to take on the risk for you reduces the chance of any problems arising.
________________
[1] The Hut Group Ltd v Nobahar-Cookson & Anor [2016] EWCA 128; Teoco UK Ltd v Aircom Jersey 4 Ltd & Anor [2015] EWHC (Ch)
[2] [2018] EWCA Civ 23
[3] Senate Electrical Wholesalers Ltd v Alcatel Submarine Networks Ltd [1999] 2 Lloyd’s Rep 423
[4] RWE Nukem Ltd v AEA Technology Plc [2005] EWHC 78 (Comm)
[5] [1997] AC 749, HL
[6] [2017] EWHC 2542 (Comm) (incidentally, also a notification of warranty claim dispute)

Sentencing Council publishes gross negligence manslaughter definitive sentencing[...]
The penalties imposed on individuals for fatal accidents in the workplace are set to increase […]
The penalties imposed on individuals for fatal accidents in the workplace are set to increase after the Sentencing Council for England and Wales published its definitive sentencing guideline for gross negligence manslaughter. Walker Morris health and safety expert, Stuart Ponting, considers the new guideline and the implications for employers and directors.
Background
The Sentencing Council consulted in 2017 on a draft sentencing guideline for gross negligence manslaughter (in addition to other forms of manslaughter). Gross negligence manslaughter occurs when the offender is in breach of a duty of care towards the victim, the breach causes the death of the victim and, having regard to the risk involved, the offender’s conduct was so bad as to amount to a criminal act or omission. There was previously no existing guideline for sentencing offenders convicted of this form of manslaughter.
Notably, the consultation paper said the draft guideline aimed to regularise practice rather than substantially alter it, other than in the case of higher culpability offences arising from health and safety breaches where it was anticipated that sentences would rise. The maximum sentence for gross negligence manslaughter is life imprisonment, with an offence range of one to 18 years in prison.
Not surprisingly, perhaps, the draft guideline for gross negligence manslaughter attracted the most responses during the consultation (notably from the medical profession) [1]. The Sentencing Council took on board a number of the concerns raised and a definitive guideline was published on 31 July 2018.
The new guideline comes into effect on 1 November 2018 and applies to individual offenders aged 18 and over who are sentenced on or after that date, regardless of the date of the offence. Organisations sentenced for the offence of corporate manslaughter will continue to be assessed in line with a separate sentencing guideline [2].
How does it work?
The guideline sets out a step-by-step decision making process for the court to use to ensure a consistent approach to sentencing in gross negligence manslaughter cases across England and Wales.
Step one involves determining the offence category, which reflects the severity of the offence. Step two relates to the starting point and category range. Starting points define the position within a category range from which the court starts to calculate the provisional sentence. Starting points and ranges apply to all offenders, whether they have pleaded guilty or been convicted after trial. The starting points and category ranges are for a single offence of manslaughter resulting in a single fatality. Where another offence or offences arise out of the same incident or facts, concurrent sentences reflecting the overall criminality of offending will usually be appropriate.
Once it has decided upon a provisional sentence, the court must then go on to consider further features of the offence or the offender that warrant adjustment of the sentence within the range, including a non-exhaustive list of aggravating and mitigating factors. This is followed by a series of further steps, including potential credit for a guilty plea and consideration of whether it would be appropriate to impose a life sentence.
Notably, at step seven, in appropriate cases an offender may be disqualified from being a director of a company in accordance with section 2 of the Company Directors Disqualification Act 1986 for up to 15 years. This provision was added as a result of the consultation as the Sentencing Council recognised that while it would apply in only a limited number of cases, it would be a useful reference to include.
Culpability and Harm
Developing a sentencing guideline for gross negligence manslaughter was particularly challenging because the offence occurs relatively rarely but in a very wide range of circumstances; a duty of care can arise in many different scenarios. As such a degree of flexibility in determining the culpability of an offender (in effect, how ‘guilty’ they are) is particularly important in relation to this guideline, which specifically warns against taking an overly mechanistic approach to applying the characteristics/factors set out at step one in cases to which they do not readily apply.
Those characteristics/factors indicate the culpability level that may attach to the offender’s conduct, ranging from very high culpability at Category A, to lower culpability at Category D. The court should balance these to reach a fair assessment of the offender’s overall culpability in the context of the circumstances of the offence.
Characteristics/factors which are likely to be relevant in a health and safety context, and which indicate high culpability (Category B) include that the offence was particularly serious because the offender showed a blatant disregard for a very high risk of death resulting from the negligent conduct and the negligent conduct was motivated by financial gain (or avoidance of cost).
The assessment of culpability no longer includes consideration of the extent to which the offender was aware of the risk of death as this proposal was met with considerable criticism by respondents to the consultation. Gone too is the proposed high culpability factor “the negligent conduct persisted over a long period of time (weeks or months)” – this was criticised by those representing doctors and by health and safety lawyers as potentially occurring in a wide range of cases and not necessarily being indicative of high culpability.
In relation to harm, the harm caused will inevitably be of the utmost seriousness in all manslaughter cases and the loss of life is already taken into account in the sentencing levels at step two. Given the sentence ranges at step two cover a very wide range of sentence outcomes and there are only four starting points, adjustment from the starting point may be necessary before any adjustment for aggravating/mitigating factors (and so on) where a case does not fit squarely into a category.
One aggravating factor which might apply in a health and safety context was added at the suggestion of several respondents to the consultation and arises in circumstances where an offender ignored previous warnings. Potential mitigating factors include self-reporting and/or co-operation with the investigation and that, for reasons beyond the offender’s control, the offender lacked the necessary expertise, equipment, support or training which contributed to the negligent conduct. This was one of a number of factors added to reflect external pressures on individual offenders which may have contributed to the breach of a duty of care.
WM Comment
It remains to be seen how the courts will apply the new guideline in practice, but it is a further indication of the increasingly tough line being taken when it comes to health and safety breaches. Since the new sentencing guideline for health and safety offences, corporate manslaughter and food safety and hygiene offences came into effect in February 2016, we have seen a marked increase in the severity of the fines imposed on organisations, with the number of £1 million-plus fines continuing to mount. It is clear from these new guidelines that those individuals who cut corners to reduce cost and disregard the safety of those to whom they owe a duty of care will be firmly on the courts’ radar and similarly held to account where appropriate.
Gross negligence manslaughter is at the forefront of public consciousness, with the Hillsborough match commander facing trial on 95 charges of gross negligence manslaughter, and investigators considering whether offences of gross negligence manslaughter, among others, were committed in relation to the Grenfell Tower disaster.
There has never been a more prudent time to review and update policies and procedures and upskill managers and directors in their obligations under health and safety legislation to ensure the ‘tone from the top’ is consistent, effective and offers some comfort to those individuals who could ultimately find themselves accountable if disaster strikes.
Should you require assistance in relation to any of the issues raised in this briefing, please do not hesitate to contact Stuart or Rob, who will be very happy to help.
______________________
[1] See pages 10 to 14 of the Response to consultation document.
[2] The Health and safety offences, corporate manslaughter and food safety and hygiene offences: Definitive guideline

Watch out for GDPR-related claims – it’s not[...]
In the run-up to implementation of the EU General Data Protection Regulation (GDPR) on 25 […]
In the run-up to implementation of the EU General Data Protection Regulation (GDPR) on 25 May 2018, much of the focus was on the eye-watering level of fines which data protection regulators can impose, among a variety of other enforcement tools at their disposal, for infringements of the new legislation: up to 2 per cent of annual global turnover or €10 million, whichever is the greater, for violations relating to certain administrative data protection failings; and up to 4 per cent of annual global turnover or €20 million, whichever is the greater, for violations relating to certain more fundamental failings, such as breaches of any of the basic principles for processing personal data and breaches of data subjects’ rights.
In this briefing, Walker Morris’ Heads of Regulatory & Compliance and Commercial Dispute Resolution, Jeanette Burgess and Gwendoline Davies, consider another lurking danger for businesses – the very real prospect of GDPR-related litigation – and offer their practical advice.
A game-changer
GDPR is a game-changer. It delivers new and enhanced rights for individuals in relation to their personal data, including the right of access [1], the right to rectification, the right to be forgotten, the right to object to or restrict processing, the right to data portability, and rights related to automated decision-making. Not all of these rights are absolute, but deciding when they apply can be complex and decisions will be susceptible to challenge. As with the previous regime under the Data Protection Act 1998, organisations must implement appropriate technical and organisational measures to ensure a level of security that is appropriate to the risks involved in their processing of personal data. For the first time, however, GDPR introduces certain direct obligations on data processors and the requirement for detailed contractual obligations to be implemented between all data controllers and processors. There are also new mandatory notification requirements in relation to data breaches (including informing individuals directly without undue delay, if the breach is likely to result in a high risk to their rights and freedoms), and specific requirements in relation to documentation and record-keeping – part of the universal principle of accountability under the new regime.
There can be little doubt that, aided by the recent bombardment of their inboxes with GDPR-related emails, consumers are becoming increasingly aware of their status as data subjects and emboldened in relation to the exercise of their data protection rights. Add to that the ever-present threat of increasingly sophisticated cyber-attacks, recent high-profile data breaches, and incidents such as the Facebook/Cambridge Analytica scandal, and it is no surprise that individuals want more control over their data, reassurance about how it is used, managed and protected, and the ability to seek appropriate redress when things go wrong. With GDPR placing an increased level of responsibility on those who process personal data, the stakes have never been higher.
The right to compensation
In addition to having the right to complain to the regulator (in the UK, the Information Commissioner) if they consider that the processing of their personal data infringes GDPR, affected data subjects now have the right to apply to the court for a remedy if they think that their rights have been infringed through non-compliant processing, and any person (not just a data subject) has the right to receive compensation for damage suffered as a result of a GDPR infringement. Importantly, this covers material or non-material damage, and so individuals will still be able to make a claim where there has been no monetary loss. This could include, for example, claims for reputational damage, embarrassment, distress, inconvenience or anxiety.
Unlike under the old data protection regime, claims can now be brought against both data controllers and data processors. A data processor will only be liable for the damage caused by processing where it has not complied with GDPR obligations specifically directed at data processors, or where it has acted outside or contrary to lawful instructions of the data controller. Where more than one controller or processor, or both a controller and a processor, are involved in the same processing and are responsible for any damage caused by it, each will be held liable for the entire damage. This means that the individual only needs to make a claim against one of them. The controller or processor who pays out in full can then claim back from the others that part of the compensation corresponding to their responsibility for the damage.
A controller or processor will be exempt from liability for the damage caused by processing if it proves that it is “not in any way responsible” for the event giving rise to the damage. It is not yet clear how this will be interpreted in practice, but the wording certainly suggests that there will be a high hurdle to overcome. Being able to demonstrate compliance with GDPR requirements will be key.
Depending on the circumstances and the nature of the infringement, organisations could, in addition or alternatively, find themselves facing other types of claim such as those for misuse of private information or breach of confidence. Directors could also find themselves subject to claims where, for example, a data breach results in a reduction in share value.
The prospect of group litigation
One topic that has received a considerable amount of coverage is the prospect of GDPR opening the floodgates to US-style class actions.
GDPR allows a data subject to authorise a not-for-profit body, organisation or association (for example, a consumer group such as Which?) to exercise certain rights on his or her behalf, including the right to receive compensation (where provided for by member state law). In addition, member states may provide that such a body has the right to lodge a complaint with the regulator or to apply to the court for a remedy, independently of the data subject’s authority, if it considers that the data subject’s GDPR rights have been infringed as a result of the processing.
This issue of collective redress is one of the limited opportunities afforded to member states to decide how GDPR applies domestically. It was the subject of significant debate when the UK’s new Data Protection Act 2018 (the Act) (which came into force on the same day as GDPR, and is to be read alongside it) was passing through the various parliamentary stages as a Bill before it became law. Among other things, campaigners emphasised the difficulties of seeking a positive “opt-in” to proceedings from tens of thousands of affected individuals, and highlighted that those affected by data breaches and other illegal data-related activities are often unaware of what has happened.
In relation to the representation of data subjects with their authority, the Act reflects the requirements of the GDPR, including allowing a data subject to authorise a representative body to exercise his or her right to compensation. It also goes further, providing the Secretary of State with “the power to make regulations enabling representative bodies to bring collective proceedings on behalf of data subjects in England and Wales or Northern Ireland by combining two or more claims in respect of data subjects’ rights, where those data subjects have given their authorisation to the representative body”. This is designed to provide an effective mechanism for a representative body to seek a remedy in the courts on behalf of a large number of data subjects.
Controversially, the Act does not allow representative bodies to exercise data subjects’ rights without their authority. Following pressure from campaigners, however, the Act imposes a duty on the Secretary of State to carry out a review of this position and to report to Parliament within 30 months of 25 May 2018.
While we do not yet have an “opt-out” class action mechanism for breaches of data protection legislation, the threat of group litigation is a real one. In Various Claimants v Wm Morrisons Supermarket plc [2], a group of more than 5,500 employees brought a civil claim for compensation against Morrisons, using one of the currently available routes for group litigation under the Civil Procedure Rules, after one of its ex-employees deliberately leaked payroll data of thousands of staff online following disciplinary action. Morrisons was not found directly liable, but there was a sufficient connection between the individual’s position of employment and his actions to establish secondary (vicarious) liability. This was despite the disclosure of the data being made outside working hours using the individual’s personal equipment. An appeal of this judgment is currently outstanding.
With recent high-profile data breaches affecting millions of individuals, and in the current climate of increased awareness of data protection rights, group litigation has the potential to result in substantial and damaging exposure, both in terms of value and reputation.
Practical advice
Data protection is a boardroom issue. To reduce the risk of being on the receiving end of a GDPR-related claim, it is essential that organisations take data protection seriously, with robust policies, procedures, systems, safeguards and organisation-wide training in place to ensure GDPR compliance (and, crucially, to be able to demonstrate that compliance). It will be important to keep those measures under review as the business develops and changes.
Contractual arrangements between data controllers and processors should be reviewed to ensure that they address clearly and unambiguously the parties’ respective obligations and liabilities, including in relation to breach reporting and the settling of compensation claims, and include all the ‘boiler plate’ terms which are mandatory under Article 28 of the GDPR.
While it is unlikely that insurance will be available to cover potential regulatory fines, organisations should consider reviewing their insurance cover to help limit the damage, financial and reputational, in the event of a GDPR-related claim.
If a data breach or other infringement does occur, it should be dealt with promptly and effectively, with clear communication to the affected individuals so that they can take any necessary steps to minimise loss. Organisations may wish to consider appropriate redress schemes to help rebuild customer trust and shore up any reputational damage. It will be important to learn from previous incidents and take steps accordingly to limit the likelihood of a similar incident happening again in the future.
Looking beyond issues of pure compliance, GDPR provides organisations with an opportunity to innovate, to review and improve data management, and to maximise the potential of their data assets. It is about good business practice: being accountable, transparent and fair; managing data responsibly; giving individuals greater choice and control over how their personal data is used; building a culture of privacy; and integrating data protection into the heart of the business.
If you require assistance in relation to any of the issues raised in this briefing, please do not hesitate to contact Jeanette or Gwendoline, who will be very happy to help.
_____________
[1] We explained in an earlier briefing how data subject access requests (or DSARs) are increasingly being used tactically, both prior to and alongside the litigation process. GDPR introduces changes to the DSARs regime, including: a shorter time limit to respond, reduced from 40 days to one month (although the deadline can be extended by up to two months where requests are complex or numerous); in most circumstances the information must be provided free of charge; and, where a DSAR is made electronically, the information should be provided in a commonly used electronic format, unless otherwise requested.
[2] [2017] EWHC 3113 (QB)

Currency, cost calculations and contractual clarity
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, highlights the importance of dealing comprehensively […]
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, highlights the importance of dealing comprehensively and clearly with matters of currency and calculation in cross-border contracts.
Currency confusion in an array of cases
Retailers and contract managers will recall the “Marmite Row”, during which Unilever (the Netherlands-based supplier of household brands) sought to impose on supermarkets around a 10% price increase, allegedly in response to post-referendum falls in the value of the pound. That dispute was resolved before it hit the courts, as Unilever and Tesco came to a private settlement, but the issue of Brexit-related currency fluctuation disputes suddenly became very real. Since then, a number of other cases have considered the questions of currency and contractual clarity.
In the context of cross-border legal costs payments, the High Court in the November 2016 case of Elkamet v Saint-Gobain [1] ordered, without any prior authority on the point, that if a foreign company had to exchange currency into sterling in order to pay costs in UK litigation, then it was entitled to be compensated for exchange rate losses in the same way that it was entitled to be compensated for loss of interest. On the same point in the 2017 case of MacInnes v Gross (2) [2], however, the High Court declined to make such an order. In the latter case the judge reasoned that there were inherent differences between the costs and interest regimes; currency fluctuations are uncertain and wholly outside a party’s control (and can go up, as well as down); and, in any event, any “generous” interest rate ordered, such as 4% above base, is designed to provide at least some protection for payees against such matters.
More recently, the June 2018 case of Aras v National Bank of Greece [3] concerned a commercial contract dispute. As a fall-out from “Grexit”, the parties entered into agreements for the sale, by the National Bank of Greece, of shares in Finansbank (a Turkish bank). The agreements provided that the buyer would purchase in Euros and they contained a mechanism for calculating the purchase price and fees by reference to book value. However, Finansbank’s book value was denominated in Turkish lira and the agreements were silent on when the currency conversion to calculate the price should occur.
The Commercial Court, following a trial conducted under the Shorter Trials Scheme, undertook a comprehensive contractual interpretation exercise to resolve the dispute:
Correct approach to contractual interpretation
- Since the 2015 Supreme Court decision in Arnold v Britton [4], the courts will strive to uphold the clear wording of the clause wherever possible, applying the objective test of what the reasonable businessperson would understand the clause to mean, even if that results in a bad bargain for any party.
- The court’s task is to ascertain the meaning of the language which the parties have chosen to express in their agreement when read in the context of the factual background known or reasonably available to the parties at the time of the agreement [5].
- However, where a contract term might be interpreted in different ways, the court is entitled to prefer the interpretation which is consistent with business common sense [6].
- Alternatively, where it is commercially and practically necessary, a court may imply terms into the contract to ensure business efficacy [7].
In short, a literal approach to contractual interpretation is to be preferred over a more purposive approach wherever possible. However, there may sometimes be provisions in even a detailed, professionally drawn contract which lack clarity. A court interpreting such provisions may take into account the factual matrix to ascertain the objective meaning. The lack of clarity in this case led the court to do just that.
The court asked itself what a reasonable person with the parties’ background knowledge would have understood the parties to have intended. It decided, in line with business common sense, that, to allow a valid valuation comparison and to remove uncertainties surrounding currency fluctuations, it was most likely that the parties intended that the relevant calculation, and the currency conversion, should be made by reference to a fixed date (which, in this case, was found to be the relevant accounting date).
WM Comment
As the UK moves towards its departure from the EU we are likely to see more and more cases in which currency fluctuations influence pricing, payments and contractual provisions and disputes in a myriad of ways.
In many situations, there will be practical steps that parties can take to protect their own position. For example, in the supply agreement/commercial contract context, much is likely to depend on the terms of individual contracts, including whether pricing structures and/or so-called Brexit clauses provide sufficient flexibility and clear mechanisms for changing market forces and for resolving disputes. In the legal costs context, pending any appellate court’s authority, it might make sense for claimants in proceedings with non-UK based parties to include exchange rate losses as a head of claim so as to keep the Elkamet option open; and international costs claimants may be best advised to fully quantify any exchange rate losses claimed, so as to avoid having to ask the court for an open-ended order (as was the case in MacInnes).
In an otherwise largely uncertain economic environment, it is certain that contracting parties will now be well advised always to consider questions of currency fluctuations and calculations – and to address them specifically and clearly – in their contractual arrangements.
If you have any concerns arising from currency fluctuations in the current climate, if you would like any advice or assistance in connection with the drafting or review of your contractual terms, or if you have any more general Brexit-related queries or training requirements, please do not hesitate to contact Gwendoline Davies or any member of the Commercial Dispute Resolution team and Commercial team.
_______________
[1] Elkamet Kunstofftechnik GmbH v Saint-Gobain Glass France SA [2016] EWHC 3421 (Pat)
[2] [2017] EWHC 127 (QB)
[3] [2018] EWHC 1389 (Comm)
[4] [2015] UKSC 36
[5] Wood v Capita Insurance Services Ltd [2017] UKSC 24
[6] Rainy Sky SA v Kookmin Bank [2011] UKSC 50
[7] M&S v BNP Paribas [2015] UKSC 72

A ‘Bright Line’ decision – Court of Appeal[...]
The Court of Appeal has issued its decision in Royal Mencap Society and Tomlinson-Blake ruling […]
The Court of Appeal has issued its decision in Royal Mencap Society and Tomlinson-Blake ruling that carers who work sleep-in shifts at a client’s residence and who are ‘on call’ are not entitled to the National Minimum Wage for periods whilst they are asleep.
Facts
Ms Tomlinson-Blake was employed by Mencap as a carer for autistic adults. Her usual work pattern involved working a day shift at the men’s house until 10 p.m. and then working the following morning shift from 7 a.m. Those hours were part of her salaried hours and she received adequate pay for them. In addition, the claimant was required to carry out a sleep-in shift between 10 p.m. and 7 a.m. for which she received a flat rate of £22.35 together with one hour’s pay of £6.70, making a total payment for that nine-hour sleep-in of £29.05.
The precise scope of the claimant’s duties during a sleep-in shift were considered in detail by the original Employment Tribunal. No specific tasks were allocated to the claimant to perform during that shift, but she was obliged to remain at the men’s house throughout this shift and to keep a ‘listening ear’ out during the night in case her support was needed. She was expected to intervene where necessary to deal with incidents that might require her intervention (if one of the men became unwell or distressed) or to respond to requests for help. The Tribunal had emphasised that deciding whether to intervene required an exercise of her professional judgment, based on her knowledge of the residents.
In practice, the need for Ms Tomlinson-Blake to intervene was real but infrequent. The Tribunal found that there were only six occasions over the preceding 16 months when the claimant had to get up to intervene during the sleep-in hours. If nothing needed to be done during her sleep-in shift, the claimant was entitled to sleep throughout. She was provided with her own bedroom in the house, together with shared bathing and washing facilities. The evidence was that it was positively expected that she should get a good night’s sleep, since, depending on the shift pattern, she might have to work the following day.
Ms Tomlinson-Blake’s claim, supported by the union Unison, was that she was entitled to have all hours of her sleep-in shift hours (including those when she was asleep) paid at the National Minimum Wage (NMW).
Her case was upheld by the Employment Tribunal and Mencap appealed to the Employment Appeal Tribunal, unsuccessfully. On the back of this decision, in April 2017, Mencap began paying the NMW for every hour of a sleep-in shift. It also appealed to the Court of Appeal arguing that the decision was wrong and, apart from anything else, it could simply not afford to meet the potential financial exposure to back-payment claims from sleep-in carers.
The Court of Appeal decision
The social care sector has awaited the Court of Appeal’s decision with bated breath given the enormous potential liability for the sector (estimated to be £400m). The wait was over on 13 July 2018 when it issued its decision upholding Mencap’s appeal and roundly rejecting the EAT’s previous reasoning.
It held that care workers doing sleep-in shifts are only entitled to the NMW when they are required, because they need to undertake a specific activity, to actually be awake.
The assertions that Ms Tomlinson-Blake was expected to keep a ‘listening ear’ open during her sleep time and use professional judgment as to whether she was needed to intervene in any disturbances did not persuade the Court. The Court ruled that every sleep-in worker must keep a listening ear open but that it does not, by itself, constitute performing a specific activity. It noted that in Ms Tomlinson-Blake’s case, she had only been required to wake up and intervene on six occasions over the preceding 16 months.
Available for work rather than actually working
The Court of Appeal’s view is that sleep-in workers (whilst they are sleeping) are ‘available for work’ rather than actually ‘working’. It held that the correct interpretation of the NMW Regulations is that the only time that counts for NMW purposes is the time when the worker is required to be awake for the purposes of working.
A ‘bright line’ approach
The Court of Appeal adopted what it referred to as a “bright line” approach that it found to be missing from previous case law authorities on the issue. Basically, this involved focusing above all else on what Parliament’s original intention was when drafting the NMW Regulations and sleep-in exception. It said, “It would not be a natural use of language, in a context which distinguishes between (actually) working and being available for work, to describe someone as “working” when they are positively expected to be asleep throughout all or most of the relevant period.”
How much does this decision depend on its individual facts?
It is very important to note that this decision does not go so far as to give employers complete carte blanche to say that NMW is not payable for a sleep-in shift because each case will still need to be decided on its facts.
The Court of Appeal said, “I quite accept that the distinctions [between the previous authorities and this case] are subtle, but they are in my view sufficient to justify a difference in outcome: it must be borne in mind that the decision which side of the line dividing “actual work” from “availability for work” a given case falls is factual in character, and in marginal cases different tribunals might well assess very similar facts differently.”
The Court said that its judgment is limited to the facts of sleep-in workers who are “contractually obliged to spend the night at or near their workplace on the basis that they are expected to sleep for all or most of the period but may be woken if required to undertake some specific activity”.
As the facts of not all sleep-in cases are the same, there will always need to be an assessment in each case.
Is this the final word?
Unison, who represented Ms Tomlinson-Blake, has issued a press release stating that it is considering an appeal to the Supreme Court. If this happens, we may not have a definitive answer for some time.
Walker Morris comment
This decision is good news for the social care sector who will be hoping that Unison do not appeal and that the Court of Appeal’s decision will be the final word. An appeal would need to be lodged within 28 days, so we should have an answer to that point fairly soon.
Many employers signed up to the Government’s Social Care Compliance Scheme (SCCS) which enables employers to repay money owed to workers by March 2019 without any HMRC penalty. It now remains to be seen whether the Government dissolves the scheme. Mencap have commented on their website that there now seems little point in the SCCS continuing.
Many care employers (including Mencap) had already begun paying NMW for the full duration of sleep-in shifts after the EAT issued its decision in 2017. Mencap has stated that it does not intend to reverse this practice and it is hard to see how they would be able to do so lawfully.
This is a highly charged political issue and Mencap is calling for the Government to legislate for better pay for care workers and to ensure that sleep-ins are paid at a ‘higher rate’.
There are a number of questions yet to be answered that we hope to have some clarity on over the next few months, including:
- Will HMRC alter its ongoing enforcement activities?
- What will happen regarding HMRC penalties for underpayments based on what was previously understood to be the correct legal position?
We will issue further updates as the position becomes clearer.
If you have any queries please contact David Smedley or Andrew Rayment.

An entirely surprising interpretation of an entire agreement[...]
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, looks at the risks associated with […]
Walker Morris’ Head of Commercial Dispute Resolution, Gwendoline Davies, looks at the risks associated with pre-contractual statements and how parties can try to avoid liability for misrepresentation. In that context, Gwendoline considers a recent, surprising High Court case concerning the interpretation of an ‘entire agreement’ clause, and offers some best-practice advice for businesses.
Risk of pre-contractual [mis]representations
When parties consider doing business together, a multitude of enquiries, discussions and negotiations take place before any deal is done. Marketing campaigns, promotional offers and other communications have often also been undertaken prior to the contemplation of any particular enquiries or leads. At this pre-contract stage, myriad representations are made, many of which could give rise to liability. The law of misrepresentation is not straightforward. It comprises elements of common law, equity and statute (the Misrepresentation Act 1967, MA) and it includes characteristics of both contract law and tort. To avoid inadvertently leaving itself open to legal challenge, therefore, it is important for any business to understand the types of statements and representations that can found the basis of a claim.
A misrepresentation is an untrue statement of fact or law upon which a party relies in being induced to enter a contract, which thereby causes the relying party to suffer loss. Misrepresentations can be express written or oral statements; they can be implied by words or by conduct; made when making plans or projections for the future; arise via half-truths; or arise where a statement was true when it was made, but later becomes untrue if circumstances change. Misrepresentations can occur more readily in relationships of utmost good faith, such as partnerships or contractual arrangements requiring full disclosure. It is also possible for a statement made in negotiations to be a representation that becomes a binding term of the contract itself. Liability can therefore arise both under the MA and for breach of contract.
There are certain steps, however, that can be taken to exclude or limit liability for misrepresentation.
Potential contractual protections
It is possible to insert an exclusion clause into a contract which seeks to exclude or limit liability for misrepresentation. If an exclusion clause is ambiguous or uncertain, it will generally be construed against the party trying to rely on it (the contra proferentem rule) and so, to be on the safe side, the clause should expressly state that it covers misrepresentation or tort, as well as breach of contract. As with the general laws on exclusion clauses, whether or not a clause which purports to restrict liability for misrepresentation is effective will depend upon the application of the Consumer Rights Act 2015 (in the case of business to consumer contracts) and on the ‘reasonableness test’ in the Unfair Contract Terms Act 1977 (UCTA).
An ‘entire agreement’ clause (which often forms part of the standard ‘boilerplate’ of a commercial contract) attempts to provide that the contract constitutes the entire agreement between the parties, such that it supersedes any prior agreements, negotiations, or heads of terms. Entire agreement clauses have their limitations, however, and it is a common misconception that they will necessarily prevent liability for misrepresentation. In fact, case law has generally suggested that it will be a risky strategy indeed merely to rely on an entire agreement clause in defence of a misrepresentation claim. Instead, the best advice to date has always been that, because reliance on a statement as an inducement to enter into a contract is one of the requirements of an actionable misrepresentation, parties should expressly exclude liability by means of a specific ‘non-reliance statement’.
Entirely surprising entire agreement case
In the recent case of NF Football Investments Ltd v NFCC Group Holdings Ltd [1], however, the High Court has interpreted a straightforward entire agreement clause, which did not contain any non-reliance wording nor any wording to exclude liability, as being a complete answer to a misrepresentation claim. On the face of it, this decision seems to fly in the fact of established Court of Appeal authority [2] that, in order for liability for misrepresentation to be effectively excluded, very clear wording to that effect and/or a non-reliance clause is needed.
Finding for the defendant and dismissing the claim summarily (without trial), Master Bowles in the High Court stated that the relevant authority does not go so far as to establish that an effective provision purporting to exclude liability must be in any particular form. Instead, it is the context and construction of the particular clause in question which matters. The Master then placed heavy reliance on the facts that:
- the wider contract included indemnification procedures to deal with claims likely to arise under/in respect of the ‘four walls’ of the contract. By implication, therefore, claims otherwise arising (such as misrepresentation claims) would be caught by the entire agreement clause
- the scope of matters extinguished by the entire agreement clause was wide because it was drafted to include both matters of a potentially contractual nature (by virtue of the words used such as “drafts”, “agreements”, “promises” and “warranties”) and of a non-contractual nature (“correspondence”, “negotiations”, “assurances” and “representations”).
Practical advice
The NF Football decision is unusual and, whilst the Master’s seeming departure from existing authority may be defensible and justified on the facts, it should probably not be seen as indicating an entirely new approach to entire agreement clauses. The case does suggest, however, that the door has been opened a little wider for those defendants seeking to rely upon entire agreement statements to defeat misrepresentation claims.
In any event, there are a number of practical points and best-practice tips of which all businesses should be aware:-
- Take care to ensure that marketing material and all forms of pre-contract communications are accurate…
- …and that they are kept accurate and up to date on an ongoing basis.
- Prior to conclusion of any contract, check whether any circumstances or key terms have changed since communications and negotiations began. If they have, make sure that all parties are aware and remain happy to proceed before you complete.
- Prior to conclusion of any contract, check that all of the contractual terms – including the boilerplate – accurately reflect and cater for the parties’ intentions. Take specialist legal advice.
- Educate sales staff and negotiators as to the dangers of misrepresenting facts or projections.
- If you think you may have suffered loss having relied on a misrepresentation, act quickly. There are different types of misrepresentation claim and different requirements and remedies can apply depending on the circumstances. Again, take specialist legal advice immediately to ensure that you do not prejudice your position.
- If you regularly contract on the same terms, review your standard/boilerplate clauses in light of the NF Football decision and all relevant authorities. The best advice will remain for parties to consider limiting or excluding liability for misrepresentation by inserting exclusion and/or non-reliance clauses into commercial contracts. Where entire agreement statements are used, parties should make sure that these are properly and widely drafted. Your legal adviser should be able to assist with ensuring that all such clauses are reasonable (in line with UCTA) and effective.
For further information, advice or assistance, please contact Gwendoline Davies or any member of the Commercial Dispute Resolution Team.
______________
[1] [2018] EWHC 1346 (Ch)
[2] Axa Sun Life Services plc v Campbell Martin Ltd [2011] EWCA Civ 133

The Supreme Court delivers a ‘Straight Flush’ –[...]
The highest Court in the UK has confirmed (in a unanimous decision) that a plumber […]
The highest Court in the UK has confirmed (in a unanimous decision) that a plumber who worked for Pimlico Plumbers for 6 years, was a worker and not self-employed. Pimlico Plumbers had lost at each stage of the legal dispute leading up to the Supreme Court decision.
Even though the case was decided on its own facts, it is likely that the Supreme Court’s decision will have an influence on the other high-profile, ongoing legal disputes on worker status including those currently being appealed by Uber and Citysprint to the Court of Appeal and Employment Appeal Tribunal respectively (due to be heard later this year). It is frustrating that the decision does not set out over-arching principles or guidance for lower Courts to consider in cases of this nature, but it will put renewed pressure on the Government to take urgent steps to provide clarification on categorising workers and self-employed contractors.
We look at the key ‘need-to-know’ points for employers on this decision.
What were the basic facts?
Gary Smith worked for Pimlico Plumbers as a plumber and heating engineer for six years until 2011, when he suffered a heart attack. He then asked for a three-day week but this was rejected, his rented Pimlico Plumbers’ van was taken away and he was dismissed. Pimlico Plumbers disputed that he was sacked because he wanted to work fewer days.
Mr Smith had paid tax as a self-employed person and was vat registered but he claimed that he was, in fact, a worker and was therefore entitled to certain payments such as holiday and sick pay.
The first question for the Employment Tribunal to rule on was whether Mr Smith was a worker or self-employed (as the company claimed). This is because workers do not benefit from the full range of employment rights given to employees, but they are entitled to certain ‘worker’ protections such as holiday and sick pay.
What did the Supreme Court say?
Upholding previous decisions of the lower Courts, Lord Wilson said: “Although the contract did provide him with elements of operational and financial independence, Mr Smith’s services to the company’s customers were marketed through the company.
“More importantly, its terms enabled the company to exercise tight administrative control over him during his periods of work for it; to impose fierce conditions on when and how much it paid to him, which were described at one point as his wages; and to restrict his ability to compete with it for plumbing work following any termination of their relationship.
“The dominant feature of Mr Smith’s contracts with Pimlico was an obligation of personal performance.
“We hold that the tribunal was entitled to conclude that the company cannot be regarded as a client or customer of Mr Smith. So, Mr Smith wins the case and the [Employment] Tribunal can proceed to examine his claims as a worker.”
The ultimate deciding factor in this case was that Mr Smith had a lack of control over his work. For example, he was contractually obliged to do a minimum number of hours a week and he did not have the right to use a substitute if he was not available. Moreover, he wore a Pimlico Plumbers uniform, had a tracker in his Pimlico Plumbers’ branded van and carried a Pimlico Plumbers’ ID card. His contract referred to ‘wages’, ‘gross misconduct’ and ‘dismissal’.
The Court recognised that there were some factors in Mr Smith’s case that pointed towards self-employment (e.g. that he was vat-registered and paid tax as a self-employed person) but, ultimately, the overall contract with Pimlico Plumbers was inconsistent with him being a truly independent contractor.
It is fair to say that the owner of Pimlico Plumbers, Charlie Mullins, was outraged at the Court’s decision. He commented that the claim was an “exploitation” by a “highly-paid, highly-skilled man who used a loophole in current employment law to set himself up for a double pay-day.” He claimed that Mr Smith had been quite content to be self-employed (or at least until he wasn’t) because it meant he could earn more money than operating as an employee.
It is perhaps best not to be too cynical because the UK workplace is not a free market. For every case of a well-paid contractor ‘exploiting’ the system there will be someone struggling with long, badly-paid hours in the gig economy who doesn’t have the luxury to refuse work at will or to avoid unethical hirers who misuse gaps in the legal framework. Hirers who are, arguably, undermining those ethical companies that do stick to their legal obligations.
In any event, the reality is that whether Mr Smith (or anyone in his situation) is acting disingenuously or otherwise is almost entirely irrelevant to the Court’s legal analysis of their employment status.
What happens next?
As he has been found to be a worker, Mr Smith’s claim for compensation can now proceed and will be heard by the Employment Tribunal probably before the end of this year.
Will the Government now act to reform the law in this area?
The decision serves to highlight that the law on worker status remains in a huge state of confusion. Employers using self-employed contractors face significant challenges in properly categorising and structuring their workforce.
The Government issued a consultation under the ‘Good Work’ plan earlier this year. This was in response to the Taylor Review which considered the issue of employment status for people working in the gig economy. Many felt the consultation following the Review was a case of kicking the ball further down the tracks and we still do not know how the Government will proceed. Calls for action from employers and their representative bodies will only get louder in the wake of the Pimlico decision.
Frances O’Grady, general secretary of the TUC, has commented, “It’s time to end the Wild West in the gig economy”. Whichever way you look at it, few employers or *employees/*workers/*self-employed contractors (delete as applicable) would disagree with the overall sentiment that something needs to be done.
Walker Morris comment
In our view, the two factors that are more likely than anything else to eventually drive substantive reform in this area are that, a) the Government and HMRC are potentially losing tax revenue due to current mis-classification of workers/self-employed contractors and b) they know it and are already on to it.
In what many consider to be an unashamedly audacious proposal to ‘pass the buck’ to employers, the Government has recently proposed putting the onus on private sector companies to determine whether their contractors are genuinely self-employed for tax treatment reasons. If this proposal is enacted, companies who mis-classify contractors as self-employed could bear liability for the resultant tax bill.
This is a system that has already been brought into force, despite significant objections, in the public sector.
What should employers do?
Employers who are concerned that they may have mis-classified their contractors or ‘gig workers’ as self-employed should seek legal advice. This is a key business risk and a well-conducted risk assessment/analysis will help to establish whether the company faces potential exposure and, if so, what can be done to mitigate this.
In most cases, it will be possible to create a practical plan of action to minimise future exposure and deal with any latent exposure. As always, forewarned is forearmed.
If you would like any advice on this article please contact David Smedley or Andrew Rayment.

Lease breaks: Key cases, traps and top tips
In times of economic decline or uncertainty, many businesses look to divest themselves of surplus […]
In times of economic decline or uncertainty, many businesses look to divest themselves of surplus property to reduce rental commitment. Walker Morris’ specialist Real Estate Litigator David Manda reviews recent case law and provides practical advice for businesses considering their lease break options.
Context and key case law
Whilst the cost savings involved in a rationalisation exercise can be significant, so too can the risks. Apart from the commercial, HR and PR issues that can arise if a tenant’s departure from business premises is not handled sensitively, there are important legal and procedural considerations that need to be followed. Once the decision has been made to seek to bring a commercial lease to an end, the failure to serve a valid break notice can have drastic consequences. The business may lose the opportunity to break the lease and may therefore remain liable and tied into the property with long-term, unwanted commitments.
In the leading case of Mannai Investment v Eagle Star [1] in 1997, Lord Hoffmann famously said: “if the [termination] clause had said that the notice had to be on blue paper, it would have been no good serving a notice on pink paper, however clear it might have been that the tenant wanted to terminate.” In doing so he vividly articulated that strict compliance, with both contractual break conditions and any particular service provisions, is required for lease breaks to be effective. Recent case law has reaffirmed that strict approach.
In Riverside Park v NHS [2], the ten year lease contained a one-off break option for the tenant to terminate the lease after five years, subject to the giving of a valid break notice and on condition that vacant possession was delivered up on the break date. The tenant served a valid notice on the landlord, however it did not remove internal demountable partitioning. The tenant argued that the partitioning amounted to ‘fixtures’, which had become part of the premises and did not have to be removed in order for vacant possession to be delivered; whereas the landlord argued that the partitions were mere ‘chattels’, which the tenant was obliged to remove. The High Court agreed with the landlord and concluded that the tenant had not given vacant possession and had not therefore complied with the break condition. The tenant was found not to have validly exercised the break and it remained tied to the lease for the whole of the remainder of the term.
Having acknowledged that notice requirements and break conditions must be strictly complied with, the House of Lords in Mannai did, however, also recognise the need for the law to provide a realistic and workable framework. It therefore developed the ‘reasonable recipient’ test.
In Vanquish Properties v Brook Street [3], the lease contained another one-off break option – this time for the landlord to terminate the lease on a specified break date. The landlord originally named on the lease had granted an overriding lease to “Vanquish Properties (UK) Limited Partnership acting by its general partner Vanquish Properties GP Limited”. With the intention of facilitating redevelopment plans for the premises, Vanquish Properties (UK) Limited Partnership purported to serve a break notice. The tenant challenged the validity of the notice, arguing that the landlord was, in fact, Vanquish Properties GP Limited [4] and so the landlord had not given notice in accordance with the lease at all. By this time the deadline for service had passed, and so no further/alternative notice could be served.
The tenant also argued that the incorrect name on the notice was a defect which the Mannai principle could not save because a reasonable recipient would be confused. The High Court agreed and, again, the right to break the lease was lost.
Top tips and traps for the unwary
As these cases demonstrate, very careful consideration must always be given to the exercise of any break. The starting point when serving a break notice must always be to examine the lease and the contractual provisions which set out the option to determine; any conditions which must be complied with; and any particular requirements for service (including when notice must be given, how notice must be served and on whom, and by whom, it must be served).
When?
The question of when a break notice can be served is very important, especially if the option is a one-off or ‘once and for all’ break (as opposed to a ‘rolling break’). There are then three dates to ascertain: the break date; the date by which notice must be served (that is, when the notice must be received by the other party); and, working back, the date by which the notice must actually be issued. If any of these are calculated incorrectly then there is a real risk that the break notice will not be validly drafted or served, and the lease will continue.
How?
It is essential to check whether the break clause contains a specific methodology for serving notice or whether the lease contains general ‘service of notices’ provisions elsewhere. Service must be effected in accordance with any contractually specified provision. For example, the lease may specify that service must be by fax or e-mail at a particular address; by first class or registered post; on an agent as well as, or instead of, on the party; or even that notice must be written on pink paper!
Who?
As indicated earlier, it must be ascertained exactly who must give the notice and on whom the notice must be served. However determining the correct party/ies is often more difficult than first imagined. In most cases the landlord and tenant are no longer the original contracting parties; the land or tenancy may be unregistered; the landlord/tenant may not be based in the UK; and/or the lease may specify that the notice must be served on an agent.
What? Conditional Break Options
Conditional break options should be approached with real caution. If the lease requires absolute compliance with one or more conditions, then failure to do so, no matter how trivial, will render the break ineffective. For example, if a break option was conditional on making payment of all lease sums and just a penny remained outstanding at the break date or other prescribed time, that penny would render the whole break invalid.
The most common condition is the payment of all rent due as at the Break Date. On the face of it, that seems straightforward and fair enough. However, is rent is defined within the lease and does it include service charge and/or insurance rent. If it does, can these be properly calculated or ascertained? Does rent (and potentially other sums) simply need to have fallen due under the lease, or do sums have to have been demanded? If sums need to have been demanded, can the tenant guarantee that the landlord will have demanded sums in time for the tenant to make payment?
Another common condition is for a tenant to comply with its repairing obligations. The landlord is under no obligation to confirm exactly what work it expects to be carried out, nor to provide any certainty prior to the break date that any works carried out are satisfactory to discharge the tenant’s obligations.
If conditions in a break option are not absolute, they are often drafted to say that the tenant must materially, substantially or reasonably comply with certain conditions. This is to try and protect the tenant from rendering the break invalid due to minor and inconsequential breaches. The problem here is that each of these terms can have a slightly different meaning and no guarantees can be given to provide absolute certainty of compliance. In these circumstances a tenant may be well advised to undertake the fullest possible compliance. Apart from the risk of a break being ineffective, a party will always face the risk of a damages claim for breach of covenant either during or after the end of a lease in any event. The fullest possible compliance has the dual-effect of mitigating that risk.
Faced with a conditional break and uncertainty as to exactly how to ensure compliance, the tenant in the very recent case of Goldman Sachs v Procession House [5] opted for another option – it proactively applied to the court ahead of the break date, seeking a declaration as to exactly what was required.
The lease contained an option for the tenant to break five years prior to expiry of the contract term. At a rent of over £4 million per annum, service of an effective break notice would save the tenant over £20 million (and, conversely, service of an ineffective break would effectively cost it that amount). It was common ground between the parties that the break clause was conditional upon there being no arrears of the rent and the tenant delivering up vacant possession, but there was a dispute as to whether or not the successful exercise of the break was also conditional upon the tenant’s compliance with certain yielding-up/reinstatement obligations. The relevant provisions were:
Clause 23 Break Clause
The lease was terminable by the tenant “…subject to the tenant being able to yield up the premises with vacant possession as provided in clause 23.2”
Clause 23.2
“On the expiration of [the break notice] the term shall cease and determine (and the tenant shall yield up the premises in accordance with clause 11 and with full vacant possession)…”
Clause 11 Yielding Up
“Unless not required by the landlord, the tenant shall at the end of the term remove any alterations or additions made to the premises (and make good any damage caused by that removal to the reasonable satisfaction of the landlord) and shall reinstate the premises to their original layout…”
In a tenant-friendly decision, applying the contra proferentum rule of contractual construction [6] and taking into account both considerations of commercial common sense and the particular factual matrix surrounding alteration works carried out to the premises by the tenant, the court concluded that the conditionality of the break did not apply to the yielding-up provisions.
The court held that, being so open to interpretation (and therefore leaving the tenant effectively unable to ensure compliance), the requirements of clause 11 were not compatible with being a pre-condition to a break. The court considered that if the parties had intended compliance with clause 11 to be a pre-condition, then that should have been more clearly stated in the drafting. The court found, instead, that the reference, in parentheses, to clause 11 in clause 23.2 was merely a reminder of the tenant’s reinstatement obligations which, if not complied with by the end of the lease, would give rise to a damages claim for breach in any event.
The Goldman Sachs case is, however, one to watch, as permission has been granted for the landlord to appeal to the Court of Appeal. Walker Morris will monitor and report on developments.
WM Comment
It is clear that there is a considerable amount of risk and time involved in serving a break notice and complying with the relevant conditions. The best advice for any business considering its options is to seek the advice of a specialist Real Estate Litigator at the earliest possible time, who will be able to advise on the break and overall exit strategy (including, where appropriate, any dilapidations/reinstatement issues).
For any further information or advice, please do not hesitate to contact David Manda or any member of Walker Morris’ Real Estate Litigation Team.
___________________
[1] Mannai Investment Co Ltd v Eagle Star Life Assurance Co Ltd [1997] AC 749
[2] Riverside Park Ltd v NHS Property Services Ltd [2016] EWHC 1313 (Ch)
[3] Vanquish Properties (UK) Limited Partnership v Brook Street (UK) Ltd [2016] EWHC 1508 (Ch)
[4] a limited partnership is not actually a legal entity in its own right and so it cannot hold an interest in land and it cannot, therefore, be a landlord
[5] Goldman Sachs International v Procession House Trustee Ltd (1) and Procession House Trustee 2 Ltd (2) (2018, unreported)
[6] This general rule states that any ambiguity regarding the meaning of a provision in a contract will be construed against the person who seeks to rely upon it

Corporate governance for large private companies
As already reported in this issue of Corporate Matters, large private and unlisted public companies […]
As already reported in this issue of Corporate Matters, large private and unlisted public companies will be required in the future to include a statement in the directors’ report about their corporate governance arrangements. To help companies comply with these new requirements the FRC has published for consultation the ‘Wates Corporate Governance Principles for Large Private Companies’.
On 13 June 2018, the Financial Reporting Council (FRC) issued for consultation a draft of the Wates Corporate Governance Principles for Large Private Companies (Wates Principles). These principles are designed to help companies comply with the draft Companies (Miscellaneous Reporting) Regulations 2018 which are due to come into force on 1 January 2019.
The proposed Wates Principles are voluntary and companies can choose to adopt the most appropriate code for them, or none at all as long as they explain why this is the case and what other governance arrangements have been made. More broadly, the FRC hopes that the Wates Principles will help companies of all sizes understand good practice in corporate governance and not just those caught by the new legislation.
There are six principles and each principle is supported by non-exhaustive guidance. The principles are:
- Purpose: an effective board promotes the purpose of a company, and ensures that its values, strategy and culture align with that purpose.
- Composition: effective board composition requires an effective chair and a balance of skills, backgrounds, experience and knowledge, with individual directors having sufficient capacity to make a valuable contribution. The size of a board should be guided by the scale and complexity of the company.
- Responsibilities: a board should have a clear understanding of its accountability and terms of reference. Its policies and procedures should support effective decision-making and independent challenge.
- Opportunity and risk: a board should promote the long-term success of the company by identifying opportunities to create and preserve value and establish oversight for the identification and mitigation of risk.
- Remuneration: a board should promote executive remuneration structures aligned to sustainable long-term success of a company, taking into account pay and conditions elsewhere in the company.
- Stakeholders: a board has a responsibility to oversee meaningful engagement with material stakeholders, including the workforce, and have regard to that discussion when taking decisions. The board has a responsibility to foster good relationships based on the company’s purpose.
WM comment
Responses to the consultation are requested by 7 September 2018 and we understand that the final principles and guidance will be published in December 2018.

Data Protection – June 2018
First GDPR complaints filed; Privacy Shield update; proposed fines for nuisance call directors; cybersecurity and […]
First GDPR complaints filed; Privacy Shield update; proposed fines for nuisance call directors; cybersecurity and more.
Latest on the EU General Data Protection Regulation (GDPR)…
Since the 25 May 2018 implementation date for GDPR, the Information Commissioner’s Office (ICO) has continued to update its Guide to the GDPR, to include detailed guidance on children and the GDPR and detailed guidance on determining what is personal data. It has also added guidance on the GDPR’s seven key principles.
The ICO launched a range of resources for its “Your data matters” public information campaign, including pages explaining the different personal data rights. See this post for more information about the campaign. Organisations can download and use the materials to help clients and customers understand how GDPR works. Those wanting to pledge their support for their customers’ or service users’ data rights can sign up to a public register and gain access to an exclusive banner for use on their communications materials.
Changes to the way that the ICO is funded came into force on 25 May 2018 (see our earlier briefing for details of what organisations need to do). The ICO’s new data protection fee webpage can be found here. The ICO’s register of fee payers is now publicly available.
The new European Data Protection Board (EDPB) replaced the Article 29 Working Party on 25 May 2018. See the press release for more details. The EDPB recently published its final guidelines on derogations applicable to international transfers under GDPR. It is currently consulting until 12 July 2018 on guidelines on certification and identifying certification criteria.
…as the first complaints are filed
Austrian privacy campaigner Max Schrems wasted no time in taking action under GDPR. On the same day that the GDPR came into force, his non-profit organisation “noyb” (meaning “None of Your Business”) filed multi-billion-euro complaints against Google, Instagram, WhatsApp and Facebook with various European data protection authorities, over the issue of “forced consent”. See the press release for details.
More news from Europe
At its first plenary meeting on 25 May 2018, the EDPB adopted a statement on ePrivacy. It calls on the European Commission, Parliament and Council to work together to ensure a swift adoption of the new ePrivacy Regulation.
On 31 May 2018, the European Data Protection Supervisor published a preliminary Opinion on the principle of “privacy by design” (a key feature of the accountability and governance requirements under GDPR), calling for “workable technology which serves the interests of society”. See the press release.
On 4 June 2018, the European Parliament’s Civil Liberties, Justice and Home Affairs Committee (known as the LIBE Committee) held the first part of a hearing on the Facebook/Cambridge Analytica case. On its website, the Committee says that: “The contributions made by speakers showed the need to further investigate the consequences this data breach has had on data protection and privacy, the possible impact on electoral processes, consumers’ trust in digital platforms, cybersecurity, the market position of Facebook etc”. The second part of the hearing is due to take place on 25 June 2018, when members will “question experts and Facebook representatives on issues such as data protection implications, alleged election interference and cybersecurity”.
In a separate but related development, the LIBE Committee has called on the European Commission to suspend the embattled EU-US Privacy Shield (the framework for transatlantic exchanges of personal data for commercial purposes) unless the US complies with it by 1 September 2018, saying that “the Privacy Shield in its current form does not provide the adequate level of protection required by EU data protection law and the EU Charter [of Fundamental Rights]”. It emphasises the need for better monitoring of the agreement (citing the fact that both Facebook and Cambridge Analytica are certified under the Privacy Shield). It is also concerned about a new US law granting the US and foreign police access to personal data across borders. See the press release here.
On the subject of the Privacy Shield, we reported in the previous edition of the Regulatory round-up that the Irish High Court has referred to the Court of Justice of the European 11 questions over the validity of the European Commission’s adequacy decisions on model contract clauses (following the complaint by Max Schrems to the Irish Data Protection Commissioner about Facebook Ireland’s transfer of his personal data to Facebook Inc. in the US). Importantly, a number of these questions refer directly to the Privacy Shield. The second annual joint review of the Privacy Shield is due to be held in the autumn. Walker Morris will continue to monitor and report on developments.
Back in the UK…
The Department for Digital, Culture, Media & Sport and the Home Office have published various guidance on the new Data Protection Act 2018, which also came into force on 25 May 2018 and is to be read alongside GDPR.
The government is consulting until 21 August 2018 on taking action against directors in relation to nuisance calls and messages, including proposals to amend electronic marketing regulations to give the ICO increased powers to impose fines of up to £500,000. The ICO has welcomed the consultation.
On 7 June 2018, the Department for Exiting the European Union published a technical note on the benefits of a negotiated legally-binding data protection agreement between the UK and the EU; benefits which, it says, a standard adequacy decision (where the European Commission assesses whether a third country’s data protection standards are “essentially equivalent” to those applied in the EU) cannot provide. This includes a role for the ICO on the EDPB. The government previously published a presentation setting out its proposed future UK-EU framework in relation to data protection. In a speech delivered on 26 May 2018, the Commission’s chief Brexit negotiator rejected, among other things, the notion that the ICO could remain on the EDPB, and said that “the UK must understand that the only possibility for the EU to protect personal data is through an adequacy decision”.
On 13 June 2018, the Department for Digital, Culture, Media & Sport issued a consultation seeking views on the activities and work of the new Centre for Data Ethics and Innovation. In the words of the Secretary of State: “From helping us deal with the novel ethical issues raised by rapidly-developing technologies such as artificial intelligence, agreeing best practice around data use to identifying potential new regulations, the Centre will set out the measures needed to build trust and enable innovation in data-driven technologies. Trust underpins a strong economy, and trust in data underpins a strong digital economy”. The consultation closes on 5 September 2018.
Cybersecurity update
On 13 June 2018, Dixons Carphone announced that it had launched an investigation into unauthorised data access, affecting 5.9 million payment cards and 1.2 million personal data records. The National Cyber Security Centre, ICO and Financial Conduct Authority are among those investigating the breach.
Yahoo! was fined £250,000 by the ICO following a cyber attack in November 2014 which was only publicly disclosed almost two years later. Systemic failures put customer data at risk. In the accompanying blog post, the ICO’s Deputy Commissioner of Operations discusses the fine and reminds organisations of their cybersecurity responsibilities.
The British and Foreign Bible Society was fined £100,000 after intruders exploited a weakness in its computer network to access the personal data of 417,000 supporters.
Other recent ICO enforcement action
- BT was fined £77,000 for sending 4.9 million emails to recipients who had not given the necessary consent. While the company did not deliberately break the rules, the Information Commissioner found that it should have known the risks and it failed to take reasonable steps to prevent them.
- Gloucestershire Police was fined £80,000 after a bulk email was sent revealing the identities of abuse victims. The officer involved had not used the “Bcc” function on the email, meaning that names and email addresses, and other information relating to the allegations, were visible to other recipients, who included witnesses, lawyers and journalists.

Considerations for Customers of Supply Chain Services in[...]
Walker Morris’ Commercial Contract specialists James Crayton and Charlotte Wright offer some practical tips following […]
Walker Morris’ Commercial Contract specialists James Crayton and Charlotte Wright offer some practical tips following recent media focus on supply chain issues, including those experienced by KFC and Wetherspoons.
In November 2017 Yum Brands owned KFC awarded DHL and QSL its contract to manage its British supply chain, ending its relationship with delivery company Bidvest. Less than a week after the new contract went live in February 2018, hundreds of KFC branches were forced to close due to a number of deliveries being incomplete or delayed.
JD Wetherspoon removed steak from its Tuesday steak club menu in January 2018 following reported food compliance issues with its meat supplier, Russell Hume. Wetherspoons subsequently cancelled its contract with this supplier and the supplier entered administration.
These real world examples prompted us to pull together some key considerations for customers to keep in mind when negotiating supply chain contracts.
Exclusivity
Awarding a supplier exclusivity will undoubtedly put you in a strong position to negotiate lower costs, however you should take care when putting all your eggs in one basket. Ensure your supply contract contains provisions to allow you to source from third parties in the event that your supplier has issues. This might mean short term costs, however some contracts allow these to be recovered from the failing supplier. You may also wish to consider including a provision allowing you to terminate the agreement in the event that supply is disrupted for a specified period.
Service Levels
Choosing measurable service levels and documenting what the measure of success/ failure looks like in an SLA is only effective if it is properly incorporated into your agreement. Moreover, your agreement should deal with what happens when such service levels are not met. A service credit regime may seem like an appropriate remedy but consider if it is enough of a “stick” to guarantee proper performance. It may be that other obligations such as escalation or a performance improvement plan are a more practical way to manage your supplier. Such terms may provide you with an adequate remedy in the event of certain service level failures, however in the event of persistent breaches of the same service level or breaches of certain ‘critical’ service levels, you may also wish to include a loss of exclusivity, or a specific right to terminate.
Exit Management and Implementation Planning
The start of any supply relationship is the best time to think about what is going to happen on exit. Once the contract is signed, commercial pressure on the supplier to agree to help on exit (when they may inevitably lose interest in the relationship) is likely to dissipate, and the momentum needed to agree a post-signing exit plan is often lost. A detailed exit management plan containing transitional service provisions could be key to ensuring you have the support required from the exiting supplier for smooth transition to a new provider. A robust exit clause will set out the support you require in the agreement itself (as opposed to obligations to agree an exit management process at a later date prior to exit). Consider provisions which document the scope, length and cost of transitional services and also inserting obligations on your exiting supplier to assign or novate any sub-contracts or licences in place with third parties to the new supplier.
For further information or assistance with drafting supply contracts or managing your supply chain, please do not hesitate to contact James, Charlotte or any member of Walker Morris’ Commercial Contracts team.