#WMTechTalk

Welcome to our #WMTechTalk home page.

Hosted by our Technology & Digital Group, this series of content tackles some of the crucial tech and legal issues our clients encounter in relation to the development, implementation and operation of technically innovative services and products.

Find links to view previous #WMTechTalks below.

For ideas on future content please contact one of our specialists below.

This year we are proud to be an Executive sponsor of the Leeds Digital Festival 2022.

The festival returned on the 25 – 27 April 2022 for a three-day celebration of digital culture. The main Festival takes place in the autumn, showcasing the city region’s dynamic digital sector with a curated programme of cutting-edge tech events.

What is a smart legal contract?

As the digital world evolves, terms such as NFTs, smart contracts and blockchain are making […]

As the digital world evolves, terms such as NFTs, smart contracts and blockchain are making their way into the mainstream but what do these terms actually mean? And how can they benefit you, your work or your company?

In the third video in our series, Sally Mewies, Partner and Head of the Technology & Digital Group, explains everything you need to know about smart contracts.

A smart legal contract is…

Want to learn more from our Technology & Digital specialists and be the first to receive important updates, developments and events from the team? Then sign up for our newsletter, the Technology & Digital round-up here.

This video forms part of our #WMTechTalk, a series of content tackling some of the crucial tech and legal issues our clients encounter in relation to the development, implementation and operation of technically innovative services and products.

Visit our #WMTechTalk homepage to learn more.

How we can help

Please contact Sally if you have any queries about the points covered in the video or need any advice or assistance.

For a more detailed look at smart legal contracts, read Sally’s latest article “Smart legal contracts: An explanation and practical advice”.

More from Walker Morris

Specialists from our Technology & Digital Group recently gave a flavour of developments to look out for in 2022. Read “What to look out for in 2022” and learn about key developments in smart contracts and NFTs, data protection and e-privacy reform, increased scrutiny of Big Tech, the digital supply chain, and much more.
What is a blockchain? In the first video of the series, Luke Jackson explains what blockchain actually is and the associated benefits.
What is an NFT? In the second video of the series, Luke Jackson explains what is an NFT, how an NFT works and the benefits of using the technology.

Smart legal contracts: An explanation and practical advice

Confused by the terminology? Sally Mewies, Head of Walker Morris’ Technology & Digital Group, explains […]

Confused by the terminology? Sally Mewies, Head of Walker Morris’ Technology & Digital Group, explains what a smart legal contract is and sets out some of the practical legal considerations for commercial parties to keep in mind. You can also view Sally’s brief explainer video here.

How we can help

Please contact Sally if you have any queries about the points covered below or need any advice or assistance. Our Technology & Digital experts are well placed to advise on all aspects of commercial agreements, disputes involving blockchain and other technologies and any concerns from a regulatory perspective.

What is a smart legal contract?

A smart legal contract is a contract which creates binding legal obligations on the parties, but which is wholly or partly written as a computer programme.

The computer programme is written so that instead of a party to a contract having to take steps to exercise certain rights or comply with certain obligations, the computer programme executes those elements automatically without human intervention. Often this will be done on a prompt from data or information received by the computer programme from a trusted source. There will be many commercial contracts, for example services agreements, where only part of the contract can be executed as a computer programme because other obligations need to occur in the physical world.

Smart legal contracts come in three forms: (i) a contract which is entirely written as a computer programme but also has a complete natural language version; (ii) a contract which is partly written in natural language and partly as a computer programme; and (iii) a contract which is entirely written as a computer programme.

An example of a smart legal contract might be a cloud services agreement with a service level regime. Certain terms governing the contract could be in the natural language version, but the service level regime could be written as a computer programme. Data from a trusted source would tell the computer programme if there had been a service level breach that entitled the customer to receive a service credit, and the service credit would be paid automatically without the supplier taking any action or issuing any instruction.

Access to the cloud services could also be governed by a computer programme, in that payment could trigger the access and non-payment could terminate the access. Clearly issues relating to termination/ suspension of use of cloud services can be business impacting in a commercial agreement and this binary operation of access might not work in all cases, which is where the natural language version plays a role. For these reasons, smart legal contracts are likely to be hybrid i.e. partly code and partly natural language in many business scenarios.

The role of Blockchain

Smart legal contracts in theory are technology neutral, but currently are made possible by distributed ledger technologies (DLTs). Blockchain and Ethereum are both examples of DLTs. DLTs are often generically referred to as the more familiar term “Blockchain” which we use in this article (see our brief explainer video here).

Blockchain has special properties which mean that records, data or information written on the Blockchain can be trusted as being accurate. Blockchain creates a trusted shared record between parties who do not know each other or who cannot trust each other. Parties to a wholly or partly coded contract need to trust the underlying system that enables that computer programme to execute, and want to be sure that neither party (or a third party) can unilaterally amend the contract in an unintended way. Some Blockchains have the technology to support these requirements and that is why they are ideal for supporting smart legal contracts.

Smart legal contracts are written on the Blockchain and are programmed to execute commands and actions depending on the terms of the contract.

Practical legal considerations

The Law Commission recently concluded that smart legal contracts are compatible with existing English law principles and are therefore legally binding and enforceable. However, the application of common law principles and case law to smart legal contracts needs careful consideration by the parties and in most cases will necessitate part of your smart legal contract being in a natural language, i.e. a hybrid smart legal contract.

Setting up a smart legal contract requires different considerations from a entering into a wholly natural language contract and initially most are likely to be a combination of natural language and code.

Clearly it will be necessary for the parties to work with a programme coder and select the correct Blockchain for the relevant smart legal contract, but there is the legal side to consider too and this involves looking at how certain legal principles may play out in an automated situation.

Here are some practical legal considerations that will need to be thought about and agreed by the parties at the outset, and included in the natural language part of any smart legal contract. Issues that are not necessarily spelt out in detail in the natural language contract because they are compatible with the natural language contract and work with it, may need additional provisions/explanation where a contract is partly written in computer code:

If a conflict arises between the coded part of the smart legal contract and the natural language part, how will that be resolved? This will need to be dealt with in the natural language part.

Sometimes there are mistakes in a natural language contract that require rectification. This is reasonably easily resolved in a natural language contract and can often be rectified before performance of the relevant term is needed. This could be more challenging in a piece of computer code that executes automatically, and therefore the parties may need to agree and stipulate how this will be resolved. In time we would expect that the courts will formulate methods for dealing with these situations so that there is certainty around the process for rectification.

Contracts can be found to be void or voidable and this can result in the contract being deemed never to exist. The nature of Blockchain is that it is immutable and cannot be changed so the parties will need to agree how this kind of issue will be resolved between them and how the computer code can be “turned off” or “nullified”. This probably comes down to the nature of the Blockchain deployed and its governance mechanism.

If the contract is terminated by one party then the coded part of the smart legal contract will need to stop performing. There are also issues relating to breach of contract. Can there in fact ever be a breach of a programme that is coded to perform certain tasks? It could be that corruption to third party data sources results in the computer code not performing correctly which leads to a breach by one party. In time it is likely that rules will be developed by the courts to cover these scenarios, but until then the parties might need to define what constitutes a material breach and set out the remedies depending on how that breach occurred; a trend that parties have shied away from in many natural language contracts because of the complexity of defining every scenario.

The coded element of the smart legal contract may execute an activity in a way not intended by one of the parties and this may come down to how the computer programme or programmer has interpreted an instruction or a data source. English case law has extensive rules for interpreting natural language contracts, but there are no legal rules for interpreting a piece of code. The courts will no doubt adopt principles around what a “reasonable coder” might have intended or understood, but in these early stages of smart legal contract development it would be sensible for the parties to consider how these kinds of issues will be resolved.

If the smart legal contract involves consumers then the business party will need to find a way of explaining in plain English what the terms of the smart legal contract mean, including the parts that are written as computer programmes, in order to satisfy consumer law requirements.

And, last but not least, don’t forget data! If data is gathered and stored in the smart legal contract then it may constitute valuable commercial information/knowhow and the parties should be clear about how that can be used. If personal data is stored on the Blockchain then data protection laws must be complied with. The challenges of complying with data protection laws on immutable technology is a conversation for another time!

Technology & Digital round-up – 6 May 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers digital regulation, developments at Twitter, NFTs in sport, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

Through the Digital Regulation Cooperation Forum, the UK’s four digital watchdogs – the ICO, the CMA, the FCA and Ofcom – launched a call for input on the benefits and risks of how sites and apps use algorithms, and on auditing algorithms and the role of regulators. Comments are requested by 8 June 2022. This forms part of the Forum’s workplan for the year ahead. Other areas of focus include promoting competition and privacy in online advertising and enabling innovation. The Forum’s CEO explains that this year “represents a crucial moment in the UK’s approach to regulating digital technologies and services. Regulators are gearing up to take on new and revised responsibilities across the digital space. These new responsibilities…represent a seismic step change in the UK digital landscape”.

In related news, the Forum responded to a letter from the Secretary of State for Digital, Culture, Media & Sport on delivering the UK’s pro-innovation approach to digital regulation. Among other things, a metaverse and immersive tech symposium will be held in May and a Web 3.0 event is planned for July.

The government is consulting until 29 June 2022 on plans to improve the security and privacy of apps and app stores. See the press release for details.

The ICO is running a webinar on 24 May on AI and data protection risk.

New trade sanctions against Russia require social media and internet access service providers and app stores to take reasonable steps to prevent UK users from accessing internet services provided by a sanctioned individual/entity or encountering content generated, uploaded or shared by them. Please get in touch if you require advice or assistance on any aspect of sanctions compliance.

The government published a policy paper on mandatory digital waste tracking, which it plans to introduce across the UK. There is a target date of 2023 to 2024 to launch the digital waste tracking service. The government consulted on the introduction of mandatory digital waste tracking earlier this year.

Europe’s top court confirmed that the GDPR does not preclude national legislation allowing consumer protection associations to bring representative (class) actions independently for data protection infringements. New EU measures on representative actions will also apply from June 2023.

Staying in Europe, political agreement was reached on the Digital Services Act, a comprehensive set of new rules regulating the responsibilities of digital services (including online platforms, such as marketplaces and social media networks) that act as intermediaries within the EU to connect consumers with goods, services and content. The legislation is likely to come into force later this year with full implementation a further 15 months after that. It will apply from an earlier date for the very large online platforms and search engines.

…and in other news

Tech news has been dominated by Elon Musk’s $44 billion deal to buy Twitter, with politicians and regulators warning that he must protect Twitter users from harmful content. Meanwhile, Elon Musk warned that business and government users may need to pay a “slight” fee to stay on the platform and UK MPs invited him to Parliament to hear more about his plans.

The Central African Republic became the second country (following El Salvador) to adopt Bitcoin as its national currency.

Nike launched its first range of digital sneakers following its acquisition of RTFKT in December 2021. The virtual trainers, coined as ‘Nike CryptoKicks’, have been well received compared to other artwork NFTs, particularly among the ‘sneakerhead’ collector community. The launch follows Nike’s launch of Nikeland in the Roblox metaverse, giving the apparel some early Web 3.0 successes.

As a proud Executive sponsor of the Leeds Digital Festival 2022, Walker Morris recently hosted a webinar on ‘Blockchain and Sustainability – Friends or Foes?’ as we looked to dispel some of the myths surrounding blockchain and discussed topical issues such as energy efficiency and sustainability with a panel of industry speakers. Click here to view the webinar recording.

Walker Morris Technology and Sport lawyer Luke Jackson took a closer look at Liverpool FC’s venture into the NFT marketplace and set out his top tips for other clubs thinking about their NFT offering.

The National Cyber Security Centre published a blog post featuring updated guidance on cyber security in the built environment – considering security throughout a building’s lifecycle.

The NCSC also published a joint advisory with its international partners detailing the 15 most commonly exploited vulnerabilities in 2021.

And finally, a £5 million Centre for Creative and Immersive XR (extended reality) has been launched in Portsmouth with cutting edge tools available for businesses and other organisations in exchange for the university being able to train its students using real-life projects.

If you have any queries or need further advice or assistance, please get in touch with one of our experts below.

Webinar Recording: Blockchain and Sustainability – Friends or[...]

Walker Morris Technology and Digital specialists Sally Mewies and Luke Jackson recently held a webinar […]

Walker Morris Technology and Digital specialists Sally Mewies and Luke Jackson recently held a webinar “Blockchain and Sustainability – Friends or Foes?” alongside Blockchain experts Anthony Day (IBM), Gary Woodhead (CurveBlock), Dan Graf (Earthchain), as part of the Leeds Digital Festival “mini-festival”.

In this webinar, our expert speakers look to dispel some of the myths and mystery around what Blockchain is, explore its potential for future growth and gain insight into businesses that have gone one step further and integrated the use of Blockchain into their sustainability-centric businesses.

Blockchain and Sustainability – Friends or Foes?

The power required to run the global Bitcoin network is estimated as being in the region of 7.5 gigawatts per year. To put that in to context that’s the same amount of power required to run 825,000,000 individual LEDs. This then, poses the obvious question – is Blockchain sustainable?

Being one of the hottest topics in tech means that there is the inevitable influx of associated myths and scaremongering. This brings with it the risk that the global community will prematurely dismiss and cast ill-informed aspersions on a technology that has the potential to aid the world’s fight to become more sustainable.

Speakers

Sally Mewies, Partner, Technology & Digital Group, Walker Morris
Anthony Day, Partner, UK & Ireland Blockchain Team, IBM
Gary Woodhead, Co-Founder & CEO, CurveBlock
Dan Graf, Co-Founder & CEO, Earthchain

If you have any queries or need further advice or assistance, please get in touch with one of our Blockchain experts below.

Technology & Digital round-up – 22 April 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers a key judgment on exclusion clauses, cookie consent, NFTs, Leeds Digital Festival, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

In a key judgment, the Court of Appeal reversed a controversial High Court decision and held that a loss of profit exclusion in a contract did not exclude a claim for wasted expenditure. See our briefing on the decision and its practical implications.

The ICO welcomed news of Google’s revised approach to cookie consent. Google will reportedly introduce a “reject all” button on cookie banners step by step in the EU, Switzerland and the UK. The French data regulator previously fined Google and Facebook a total of £175 million over cookie consent issues, finding that while the tech giants provided a virtual button to allow the immediate acceptance of cookies, there was no equivalent to refuse them as easily.

The High Court stayed a consumer claim relating to an online auction bid for an NFT in favour of arbitration in New York. Watch out for our upcoming briefing on the decision, one of the first in the English courts concerning this type of digital asset.

We referred in the last edition of the round-up to the agreement in principle reached between the US and European Commission on a new transatlantic data privacy framework. It has since been reported that the framework could be adopted by the end of the year. Meanwhile, the European Data Protection Board welcomed the commitments made by the US but said that it will pay special attention to how this political agreement is translated into concrete legal proposals.

Watch out for our upcoming briefings on smart contracts and the IP implications associated with NFTs. Confused by the terminology? See our videos What is a blockchain? and What is an NFT? and our briefing Understanding blockchain, NFTs & smart contracts.

…and in other news

Walker Morris is proud to be an Executive sponsor of the Leeds Digital Festival 2022. Join us on 27 April for a free webinar on ‘Blockchain and Sustainability – Friends or Foes?’ as we look to dispel some of the myths surrounding blockchain – exploring what it is, looking at its potential future growth and even gaining an insight into businesses that have gone one step further and integrated the use of this technology into their sustainability-centric businesses. We are very pleased to be joined by a panel of industry experts – Dan Graf from Earthchain, Gary Woodhead from CurveBlock, and Anthony Day, formerly Blockchain Partner at IBM. You can register here.

To celebrate World Intellectual Property Day, Walker Morris Senior Associate Matthew Lingard will be speaking at a special Business & IP Centre Leeds event on 28 April on ‘How the next generation is using AI to power innovation’. Matt’s talk will cover: what AI is and how it currently impacts our lives; how successful businesses are using AI to innovate and what key lessons can be learned; and the benefits and risks associated with using AI for your business. You can register here.

The buyer of an NFT of Twitter co-founder Jack Dorsey’s first tweet is struggling to sell it after being offered only about 0.2% of the $2.9 million it was bought for.

Meanwhile, Twitter’s board took action to protect itself against Elon Musk’s attempts to take over the company.

The government published guidance and timelines for the launch of the Digital Growth Grant. It says it is committed to making the UK the best place to found and grow a tech business and securing the UK’s status as a global science and technology superpower. A competition will run over the summer with the successful bidder awarded up to £12.09 million.

A survey conducted for Google Cloud of almost 1,500 executives across 16 countries found that, while ESG initiatives are a top organisational priority, there is a troubling gap between how well companies think they’re doing and how accurately they’re able to measure it. 78% of executives cited technology as critical for their future sustainability efforts – they believe it can help transform operations, share their efforts more broadly and measure and report on the impact of those efforts.

Apple released new details on the increased use of recycled content across its products – including introducing certified recycled gold for the first time – and announced new disassembly technology as part of its goal to become a “closed-loop” manufacturer.

The National Cyber Security Centre’s “NCSC for Startups” programme is looking for innovators to help organisations tackle the scourge of ransomware – the most significant cyber threat facing the UK.

The latest State of the World report from the International Federation of Consulting Engineers (FIDIC) says that the pace of technological change in the global engineering, construction and infrastructure sector is increasing faster than ever before, with the potential for new ‘disruptors’ entering the market driving changes to business models across the sector leading to many new challenges and opportunities for companies.

In related news, the Chartered Institute of Building and the Buildings Client Group are developing a new partnership to stimulate change and drive digital innovation across the built environment sector.

And finally, Facebook’s parent company Meta is testing new features to let creators make money within its social virtual reality app Horizon Worlds by selling virtual items and effects in the worlds they create for others to explore.

If you have any queries or need further advice or assistance, please get in touch with one of our experts below.

Government consults on online sales tax: Have your[...]

The Government has issued a consultation inviting the views of business on the pros and […]

The Government has issued a consultation inviting the views of business on the pros and cons of introducing a new tax on online sales. The consultation was promised in the 2021 review of business rates.

The consultation responds to the concerns of bricks-and-mortar retailers that the effect of the business rates regime is that they bear a disproportionate tax burden compared to online retailers, and that this will not be fully addressed by the proposed business rates revaluation in 2023. The 2021 review concluded that the business rates system should be retained as there is no generally supported alternative which would deliver the same revenue as the business rates system.

The focus of the consultation is on the interaction of an online sales tax with business rates and is not a wider review of how the digital economy should be taxed.

The consultation asks for feedback on a number of issues identified by the Government if an online sales tax were to be introduced. It is clear that this is a listening exercise by the Government at this stage and no possible options or timescales have been tabled. The consultation closes on 20 May 2022.

What might an online sales tax look like?

Although no model is put forward in the consultation, it is clear that it would be a form of levy on transactions carried out “online”. The Government acknowledges this raises many questions, including what would an “online” transaction cover, will it apply to just goods or extend to services, would it be focussed on sales to consumers and how would it be collected.

What transactions might be within scope?

Online transactions would include sales taking place over the internet and views are sought on whether it should include transactions arranged by phone and/or through apps (including in-store apps). Views are invited specifically on whether click and collect transactions should be outside the scope of a possible online sales tax on the basis that this may encourage footfall within stores operating click and collect.

A key question is whether the tax should apply only to purchases of goods, or whether it should cover services and/or supplies involving both. The consultation acknowledges the difficulty in drawing a boundary between goods and services in areas such as meal delivery and where customer support is included when a product is bought. If services are to be included, there are issues around whether this should be limited to services which are delivered online (such as cloud computing services) or whether it should include services which are physically delivered (such as leisure and hospitality) but ordered online. Views are also invited on how digital forms of goods (such as e-books) should be treated.

Would an online sales tax apply only to consumer sales?

The consultation points out there would be many issues if an online sales tax were to apply to business-to-business as well as consumer sales. In particular, there would be a possibility of the levy being paid at a number of levels in a business supply chain before sale to the final consumer.

How might an online sales tax be collected?

The tax would need to be collected from sellers. Many sellers operating online are small scale so the consultation asks for views on whether there should be a minimum turnover threshold and how the tax might be collected through online marketplaces and similar intermediaries. A particular issue is how the tax could be collected from sellers with no UK presence.

How likely is it that an online sales tax will be introduced?

The consultation notes that an online sales tax levied at the rate of 1% or 2% would not raise enough revenue to replace the estimated £7.5 billion paid by retailers in business rates so a higher rate would be required for a revenue neutral online sales tax which would raise the political obstacles to introduction. The Government is also keen to retain and develop innovation in the retail sector and maintain competitive pricing for consumers.

In reviewing the responses, the Government will need to balance the benefits of retaining High Street occupancy against other factors such as the impact of such a tax on the cost of living, the impact on innovation and competitiveness and the risk of overall tax and rates revenue being reduced.

How we can help

Businesses that might be affected by an online sales tax should consider responding to the consultation.

If you have queries about any of the points raised in this briefing, require advice or assistance with responding to the consultation, or have any other concerns, please contact one of our experts below.

Exclusion clauses: Wasted expenditure distinct from loss of[...]

In a key judgment, the Court of Appeal has reversed a controversial High Court decision […]

In a key judgment, the Court of Appeal has reversed a controversial High Court decision and held that a loss of profit exclusion in a contract did not exclude a claim for wasted expenditure. At least £80 million turned on the construction of that one clause. Sally Mewies and Gwendoline Davies, Partners in Walker Morris’ Technology & Digital and Commercial Dispute Resolution Teams, consider Soteria Insurance Limited v IBM United Kingdom Limited [1] and the judgment’s practical implications.

What practical advice arises?

Pending a potential appeal by IBM to the Supreme Court, this judgment provides welcome clarity. Taking into account the Court of Appeal’s reasoning (see below), and the potentially significant cost implications of getting things wrong, commercial parties should draft the exclusion clauses in their contracts with care.

While common sense has been restored, this case demonstrates the dangers of using templated exclusion clauses in all cases without careful consideration of the losses that are likely to be incurred if there is a serious breach. It won’t be possible to change this pattern of behaviour in many business as usual contracts because it has become so commonplace, but in high value strategic agreements more thought and perhaps different language should be considered.

Parties seeking to exclude or limit liability for wasted expenditure claims should include express wording to that effect and think carefully about tailoring their wording/including specific definitions in the context of the particular transaction – what types of loss might arise and what exactly is it that you are seeking to exclude?

Given the court’s reference to an earlier case [2], where the draconian consequences of a clause expressly excluding liability for “revenue or profits, anticipated savings or wasted expenditure…” in circumstances of wrongful repudiation led the court to restrict the clause only to defective performance, parties intending exclusions to apply in instances of repudiation may also wish to provide for this expressly in their drafting.

How we can help

Our large team of experts are here to help with any queries you may have in relation to contract drafting or dispute resolution options and strategy. Please get in touch.

What was the case about?

The parties entered into a contract under which IBM was to supply and manage an IT system for CIS General Insurance Limited (‘CISGIL’, now Soteria). The system was very late and ultimately not delivered. A dispute arose over a £2.9 million invoice from IBM. The invoice was not paid and the contract terminated.

The High Court held, among other things, that IBM had wrongfully repudiated the contract and that CISGIL had consequently established a claim for wasted expenditure, valued at £122 million. However, that claim was excluded in its entirety by operation of the clause in the contract which excluded liability for “loss of profit, revenue, savings (including anticipated savings)”.

In reaching that conclusion, the High Court said that CISGIL’s loss of bargain suffered as a result of IBM’s repudiatory breach comprised the savings, revenues and profits that would have been achieved had the IT solution been successfully implemented, and that a conventional claim for damages in this type of commercial case would usually be quantified based on those lost savings, revenues and profits. CISGIL was entitled to frame its claim as one for wasted expenditure but that simply represented a different method of quantifying the loss of bargain; it did not change the characteristics of the losses for which compensation was sought.

The proper construction of the exclusion clause was the primary issue for the Court of Appeal to resolve.

What did the Court of Appeal decide?

The Court of Appeal reversed the High Court’s decision for the following reasons:

Applying the principles of contract construction [3], claims for wasted expenditure (costs actually incurred but wasted) were not referred to in the clause and, on the natural and ordinary meaning of the words, were not included in “loss of profit, revenue [or] savings”. The fundamental difficulty was that the words were simply not there. In addition, the clause contained a good deal of particularity as to what types of loss were being excluded from the otherwise wide definition of losses in the contract. They included not only loss of profit, revenue or savings, but also loss of data, goodwill and reputation. The parties’ decision not to exclude claims for wasted expenditure was therefore telling.

Clear language was needed to exclude such an obvious remedy. The more valuable the right, the clearer the language of any exclusion clause will need to be; the more extreme the consequences, the more stringent the court must be before construing the clause in a way which allows the contract-breaker to avoid liability for what may be their catastrophic non-performance. There was nothing in the clause to suggest that the costs which CISGIL inevitably incurred in the expectation that the project would be completed satisfactorily, would somehow be irrecoverable if IBM repudiated the contract.

When a contract is repudiated, the victim can claim loss of profits or the expenditure which has been thrown away as a result of the repudiation – they cannot claim both. All loss of profit/revenue/savings claims are difficult for the potential contract-breaker to estimate in advance. They can be notoriously open-ended. Such claims are therefore types of potential loss which, because of those problems of speculation and ascertainment, are routinely excluded by clauses like the one in this case. Claims for wasted expenditure are “an entirely different animal”. To be able to claim such wasted expenditure is a valuable right. If the victim of a breach of contract has spent money in anticipation that the contract would be performed, then their loss is easy to ascertain through invoices, contracts, receipts, and so on. This type of loss is the opposite of speculative: it is precisely ascertainable. It was unsurprising from a commercial perspective that, while speculative and uncertain types of loss were excluded by the clause, at least one kind of easily-ascertainable type of loss – wasted expenditure – was not. The claims that would have compensated CISGIL for being better off as a result of the new IT system were excluded; the claims to compensate them for being worse off as a result of the non-provision of the system were not.

It was fundamentally incorrect to say that CISGIL’s loss of bargain was solely represented by lost profits, revenue and savings – the primary thing which had been lost was the provision of the new, improved IT system. It would be wrong to suggest that the clause excluded all claims for loss of bargain – the clause was seeking to exclude some of the types of loss which flow from an underlying loss of bargain, but not to exclude other types of loss which arise from that same lost bargain. Some types of loss of bargain damages, like loss of profit, revenue or savings, were excluded. Other types, such as re-procurement costs and wasted expenditure, were not.

Characterising “wasted expenditure” as a method of calculating “lost profits, revenues or savings” was an unjustified leap of reasoning by the High Court. While lost profits (or revenue or savings) is one method of calculating damages for the loss of bargain, a claim for wasted expenditure is simply a different method of calculating such damages. That does not make wasted expenditure a method of assessing or claiming lost profits (or revenue or savings). They are different types of claims.

Our large team of experts are here to help with any queries you may have in relation to contract drafting or dispute resolution options and strategy. Please get in touch with Sally Mewies and Gwendoline Davies, Partners in Walker Morris’ Technology & Digital and Commercial Dispute Resolution Teams.

[1] [2022] EWCA Civ 440

[2] Kudos Catering (UK) v Manchester Central Convention Complex Limited [2013] EWCA Civ 38

[3] See this earlier briefing for a summary of the approach to contractual interpretation and the relevant case law

Technology & Digital round-up – 8 April 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers cryptoasset regulation, data reform, electronic trade documents, cyber security, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

The government announced its plan to make the UK a global cryptoasset technology hub. This includes legislating to bring stablecoins within regulation – paving their way for use as a recognised form of payment – and working with the Royal Mint to create an NFT this summer.

In related news, the Financial Conduct Authority confirmed that it will hold its first ever CryptoSprint on 10 and 11 May, exploring how the evolving world of cryptoassets could be regulated within the UK.

The Advertising Standards Authority issued an Enforcement Notice to over 50 companies, as it continues its clampdown on misleading and irresponsible crypto ads.

The High Court dismissed a multibillion dollar claim against bitcoin software developers. The claimant claimed to own a very substantial amount of digital currency assets that it was unable to control or use following an alleged hack which removed the private keys that would allow dealings in the assets, and information that would allow access to the keys. The claimant had argued that the developers owed fiduciary and other duties so that they should assist it to regain control and use of its assets, including writing and implementing a software patch. The court disagreed.

Meanwhile, the European Parliament took the first steps towards agreeing new rules requiring cryptoasset transfers to be traced and identified to prevent their use in money laundering, terrorist financing and other crimes.

In his first speech in the post, the UK’s Information Commissioner referred to the government’s proposed data reform, saying that it should not be seen as radical and that, while there is always a cost in moving from one regulation to the next, nothing in the proposals imposes additional burdens on business.

The United States and European Commission announced an agreement in principle on a new ‘Trans-Atlantic Data Privacy Framework’. The arrangement, yet to be legally finalised and adopted, aims to address the concerns raised in the so-called Schrems II decision which invalidated the previous EU-US Privacy Shield mechanism for transferring personal data. Activist Max Schrems has already commented that the new framework will likely be challenged in court if it is not in line with EU law.

The Law Commission published its recommendations and draft legislation to allow for the legal recognition of electronic versions of trade documents such as bills of lading and bills of exchange, saying that the reforms could revolutionise global trade.

The Competition and Markets Authority announced the launch of the Digital Regulation Cooperation Forum’s new digital research portal – bringing together over 80 pieces of recent research on emerging and future digital developments from eight regulatory bodies.

The CMA published two papers discussing and summarising evidence on ‘online choice architecture’ – such as the order of products in search results, the number of steps needed to cancel a subscription, or whether an option is selected by default – and how it potentially causes harm to competition and consumers.

The EU took a step closer to implementing the Digital Markets Act to comprehensively regulate the gatekeeper power of the largest digital companies, curbing Big Tech’s dominance.

…and in other news

The National Cyber Security Centre published a blog post on the use of Russian technology products and services following the invasion of Ukraine.

In a recent weekly threat report, the NCSC highlights key findings from the Cyber Security Breaches Survey 2022 and notes that reported ransomware attacks have doubled in the UK.

It was reported that thousands, if not millions, of people could have lost money in the second largest crypto hack in history.

Global footwear brand Clarks teamed up with retail platform OtailO so that online shoppers can return purchases through a web application. The sustainable solution uses an inspection mechanism to streamline specific return scenarios and has already helped Clarks to cut waste and save costs.

The Digital, Data and Technology Profession, part of the Civil Service, published the Digital, Data and Technology Playbook, setting out key policies and guidance for how digital projects and programmes are assessed, procured and delivered. All central government departments and their arm’s length bodies are expected to follow the 11 key policy reforms on a ‘comply or explain’ basis.

Elon Musk joined the Twitter board after taking a $2.9 billion dollar stake in the social media platform. The company later denied that the idea for an edit button came from the Tesla CEO who held an online poll on the feature.

Meanwhile, Donald Trump’s new social media app was branded a disaster, with a waiting list of nearly 1.5 million people unable to use it six weeks after it was launched.

Finally, Facebook is reportedly planning on creating a web-based currency for its platform. Termed ‘Zuck Bucks’ the currency could lead to Facebook offering loans to small business. The story followed news of plans for Facebook to support NFTs on its website.

Please get in touch with one of our experts below if you have any queries or need advice or assistance.

Right to work checks: the extension of adjusted[...]

Right to work checks have changed dramatically over the last couple of years, with further […]

Right to work checks have changed dramatically over the last couple of years, with further changes due to be implemented on 6 April 2022. An overview of the current rules and imminent changes, along with practical advice for employers, is detailed below.

Background

All employers have a legal obligation to prevent illegal working; in order to comply, employers are required to carry out “right to work” checks on all employees prior to their employment, to ensure that the individual is not disqualified from carrying out the work in question by reason of their immigration status.

Failure to carry out checks in the prescribed manner can lead to both civil penalties (up to £20,000 per worker) and potentially criminal liability in some circumstances, if it transpires that the employer has in fact engaged an illegal worker. However, employers who carry out and keep records of their right to work checks in accordance with Home Office guidance are protected from civil penalties by means of a statutory excuse.

How has the process changed since Brexit?

Prior to Brexit, EEA and Swiss nationals were able to simply provide their passports or national ID cards to demonstrate their right to work in the UK in the same way as British nationals. Now, as a result of Brexit, the same right to work checks must be made against EEA nationals (except Irish nationals) as for other overseas nationals. Although there was an initial grace period during which EEA and Swiss passports were still acceptable evidence of right to work, since 1 July 2021, employers have been required to see evidence of the immigration status of new EEA and Swiss recruits, which in the majority of cases will be evidence of their status under the EU Settlement Scheme (EUSS). There is no requirement on employers to check the EUSS status of EEA and Swiss nationals already in their employment before the 1 July 2021 changes came into effect.

How has the Covid-19 pandemic impacted the process?

Historically, right to work checks have predominantly been carried out manually, involving employers checking the individual’s original documents in their physical presence. However, since April 2018, online checks have been optional for non-British/ Irish citizens with an online immigration status or in possession of a biometric residence permit/card.

The requirement to work from home where possible during the pandemic, initially introduced during the first lockdown, made manual right to work checks impractical. To overcome this, the government introduced an adjusted right to work checking process which permits employers to check scanned copies of right to work documents (which are included in Lists A, B1 or B2 of the Home Office Checklist) via a video call with the individual, instead of checking original documents in their physical presence. Further information can be found in our previous article here. These adjusted right to work checks were due to expire last summer, as discussed in another of our earlier publications, but have since been extended to April 2022, and most recently to 30 September 2022.

This means employers can currently complete right to work checks remotely in three ways:

by carrying out a manual check of original right to work documents in the presence of the employee or an adjusted check of scanned copies of right to work documents via a video call with the employee;

via the right to work checking service, where the individual has leave to remain either under the Home Office Immigration Rules or under the EUSS, provided they give the employer a share code to view their details; and

via the Home Office Employer Checking Service, where the individual has a pending application or cannot provide the required documents, which allows an employer to obtain a Positive Verification Notice and a statutory excuse limited to a six month period.

What other changes should employers be aware of?

The government has recently announced further changes which are intended to advance the digitalisation of the right to work checking process. From 6 April 2022, employers will:

no longer be able to carry out a manual right to work check on those who hold a biometric residence permit, biometric residence card or a frontier worker permit (biometric card holders); in these instances, online checks must be carried out in order for the employer to obtain a statutory excuse; and

be able to work with certified digital identity service providers (IDSPs) to utilise identity document validation technology (IDVT) to carry out digital identity checks in relation to British and Irish citizens who hold a valid passport. This is the first time that employers will be able to outsource their right to work checks and still benefit from a statutory excuse.

What practical steps should employers be taking to prepare for these changes?

Outsourcing to IDSPs

Outsourcing checks on British and Irish citizens to IDSPs using IDVT may provide tangible benefits to employers. For example, the Home Office hopes that it will help to “accelerate the recruitment and onboarding process, improve employee mobility and enhance the security and integrity of the checks.” However, these benefits should be weighed against the potential costs, as some reports suggest fees could range from a few pounds to up to £70 per check depending on the IDVT in question. In light of these costs, employers may wish to continue using the adjusted right to work checks up until their expiry on 30 September 2022 and then revert to checks of original documents at that point. Although it will still be possible to use video calls rather than in person meetings to verify identity, from 1 October 2022 it will be necessary for the employer to be in possession of the original documents which may be a practical challenge to businesses adopting remote or hybrid working practices.

Employers who decide to engage IDSPs ought to consider using a certified provider, details of which are still awaited but which will appear here. While this is not mandatory, it will provide assurance that the IDSP meets the guidance and standards necessary.

Further, training should be provided to staff on what information they must obtain from an IDSP to confirm verification of identity, what the information can be used for, and what other requirements they still need to fulfil to establish eligibility to work. For example, employers must still carry out their own due diligence to satisfy themselves that their chosen IDSP has completed the check correctly and in the prescribed manner; and employers will not have a legal defence to illegal working where it is reasonably apparent that the identity checked by the IDSP differs from the identity of the actual prospective employee.

Employers looking to engage IDSPs may want to spend time between now and 30 September 2022 (when the remote checking process is due to end) finding a suitable provider and entering into appropriate commercial arrangements with them.

Internal training and policies

It is advisable that individuals carrying out right to work checks are provided with updated training, to ensure they understand how to comply with the incoming rules in April and October 2022.

Employers’ policies and procedures may also now be out of date and should be updated in line with the recent amendments.

Employers should also consider the recently published Code of Practice on avoiding unlawful discrimination while preventing illegal working, which will be in force from 6 April 2022 and which highlights the other potential consequences of non-compliant policies and procedures.

Conducting an audit

Employers considering applying to the Home Office for a sponsor licence will need to ensure current and historic compliance with right to work requirements, as the Home Office may complete an unannounced compliance visit before or after a licence has been granted.

An audit is a useful method for identifying compliance issues, and can save businesses significant time and money in the long run in the event that there are employees in the workforce without the correct permissions to work.

Further clarification on the impact of these changes for employers can be found in the recently published draft guidance on right to work checks.

How we can help

The Walker Morris Business Immigration team is available to assist with any queries you may have in light of the recent or upcoming changes to right to work checks. If you require assistance on any of the issues raised in this article, please contact Shabana Muneer using the details below.

Technology & Digital round-up – 18 March 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers cyber security warnings, sanctions and cryptoassets, blockchain, NFTs, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

The fundamentals of keeping data secure are sometimes forgotten, says the Information Commissioner in the latest ICO newsletter. With the number of cyber-related data breaches up nearly 20% over the past two years, the ICO’s experience is that many organisations need to take some of the more basic steps to protect information. This is particularly significant in light of the situation in Ukraine. See 11 practical ways to keep your IT systems safe and secure on the ICO’s SME web hub and its newly-published ransomware guidance. The National Cyber Security Centre has a wide range of resources for businesses including information about the Cyber Essentials scheme. It recently published joint guidance with the Centre for the Protection of National Infrastructure to help the UK’s data centres stay secure.

In related news, the FCA set out the points firms should consider regarding their operational and cyber resilience following the Russian invasion.

The FCA and other UK financial regulators issued a joint statement on sanctions and the cryptoasset sector. It includes steps to take to reduce the risk of sanctions evasion via cryptoassets. Walker Morris can assist with all aspects of sanctions compliance – our experts below will be able to direct you.

See our briefing Understanding blockchain, NFTs & smart contracts for an explanation of some of the technologies dominating the tech news at the moment. You can also view our videos What is a blockchain? and What is an NFT? for a short introduction to these key concepts.

The Online Safety Bill was finally introduced in Parliament this week. New measures include tougher and quicker criminal sanctions for tech bosses and new criminal offences for falsifying and destroying data.

In the latest decision highlighting England and Wales’ position as a leading jurisdiction for dealing with actions involving digital assets, the High Court in a cyber fraud case granted the first third-party debt order in relation to cryptocurrency.

Our commercial dispute resolution experts consider new Law Society guidance on blockchain technology and its impact on the dispute resolution process.

The FCA issued a warning on illegal crypto ATMs operating in the UK and is taking assertive action to tackle harm in the consumer investments market – cryptoasset scams are among the top types of scams being reported to the FCA.

The ICO published the latest chapter of its draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies – setting out its views on how organisations should approach accountability and governance obligations when anonymising personal data. The call for views closes on 16 September 2022.

A reminder that the ICO’s international data transfer agreement and UK addendum to the new EU standard contractual clauses are due to come into force on 21 March 2022 and replace use of the old EU SCCs for transferring personal data outside of the UK in the absence of relevant adequacy arrangements.

The Competition and Markets Authority is investigating Google and Meta over ad tech concerns. The Irish Data Protection Commission recently fined Meta €17 million in relation to a series of data breaches in 2018.

…and in other news

Many of the recent non-legal tech-related news stories have centred around developments in Ukraine, including this article questioning whether the internet is on the verge of breaking up.

UK chipmaker Arm is cutting up to 1,000 jobs after the collapse of its $40 billion sale to US rival Nvidia.

Bitcoin soared after the US President signed an executive order requiring government agencies to assess the benefits and risks of creating a central bank digital dollar and other cryptocurrency issues.

Meanwhile, the EU Parliament rejected a proposal limiting proof-of-work cryptocurrencies such as Bitcoin, but set draft rules for sustainability.

The Advertising Standards Authority published a new webpage of tips to ensure that future cryptoasset ads are compliant with the rules.

Google is profiting from ‘predatory’ loan adverts promising instant cash, according to the Observer.

Instagram will soon allow users to display NFTs and perhaps even mint them, Meta CEO Mark Zuckerberg has announced.

Microsoft is updating Outlook, Teams, and PowerPoint to be more accommodating of hybrid working.

And finally, American Express hinted at entering the metaverse through recent trademark filings.

Please get in touch with one of our experts below if you have any queries or need advice or assistance.

Blockchain and commercial disputes: new Law Society guidance

The Law Society recently published the second edition of its legal and regulatory guidance on […]

The Law Society recently published the second edition of its legal and regulatory guidance on blockchain, described as “a comprehensive guide to the legal and regulatory considerations that everyone in the on-chain space needs to understand”. As the Law Society explains, over the past 18 months, the Covid-19 pandemic has accelerated the use and evolution of distributed ledger technology (DLT) such as blockchain.

See our recent briefing Understanding blockchain, NFTs & smart contracts and our video What is a blockchain? for an introduction to blockchain technology. DLT describes a wide range of technologies that maintain immutable digital records across a network and is considered to have far-reaching potential across a wide range of sectors.

England and Wales is already at the forefront of developments in this area [1]. As the use of DLT becomes more prevalent, the law (and the lawyers who practise it) will need to continue to adapt in order to keep up with the opportunities and challenges it presents. The guidance suggests best practice for legal practitioners working with these new and developing technologies and covers a range of topics including smart contracts, data and governance, data protection, intellectual property rights, dispute resolution, competition, tax, and environmental, social and governance. It will also be of interest to businesses seeking to familiarise themselves with these technologies and their uses.

In this article, commercial dispute resolution experts Louise Norbury-Robinson and Jack Heward from Walker Morris’ Technology & Digital Group summarise some of the key points raised in the guidance concerning blockchain’s impact on the commercial dispute resolution process.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then sign up for our regular newsletter, the Technology & Digital round-up here.

Practical uses of blockchain in commercial disputes

The guidance explores ways in which DLT can assist, as well as the potential pitfalls that may be encountered. Benefits include:

DLT/blockchain could be effectively used in the disclosure stage of litigation to make the process quicker and more cost effective than current methods that rely on specific key word searches to select documents and identify issues in the claim. By comparison a DLT platform would be coded to identify common disputes and issues, allowing for partially automated disclosure. In addition, everything uploaded to the platform would be encrypted and non-removable, giving parties certainty over the integrity of the information and the process and easing any suspicions of tampering or removal.

The DLT platform assigns a member of the ledger/blockchain a unique access key (similar to a bank pin number) as a secure way of generating a digital signature for each transaction recorded on the ledger/blockchain. This has a clear benefit over wet (physical) signatures which can be easily subject to fraud. It also provides certainty as the signature cannot be replicated by another individual (unless stolen), thereby reducing arguments over fraud and false signatures in litigation; and improves efficiency in light of new working practices as a result of the pandemic [2].

“On-chain” dispute resolution options

The guidance notes that there is an increasing number of new DLT-based – or “on-chain” – dispute resolution offerings which aim to digitise the traditional dispute resolution process. Companies have developed systems in response to users’ appetite for speed, efficiency and automaticity. The guidance makes the point that these are in respect of what are essentially smart contracts – they have not yet sought to solve on-chain disputes centred on smart legal contracts, which are still a relatively new technology in themselves.

On-chain offerings often purport to be a form of arbitration, although the guidance notes that the term is often misused and the majority do not satisfy the requirements under domestic laws or international treaties (for example the New York Convention) to result in a valid legal decision enforceable in the off-chain world.

The current on-chain systems broadly fall into the following three categories:

Online “arbitration” where arbitration procedures are incorporated into the code of a smart contract, generally giving parties an option to choose arbitration before disputes arise, and claiming that awards are binding and legally enforceable;

crowdsourcing, which allows anonymous users on the network to cast their vote as to who the “winner” of a dispute should be and rewarding them accordingly; and

AI powered “bots” – predictive analytics tools – which produce data-driven decisions on the outcome of a dispute that can then be executed automatically.

Observations and concerns

The guidance makes a number of observations and identifies various concerns around the scope, soundness and reliability of current on-chain mechanisms to resolve the full range of potential disputes. They include the following:

Among other things, the parties can agree encoded provisions that mirror the escalation steps in a traditional dispute resolution clause, so that they are automatically notified of a breach of the agreement, the automated operation of the code is “frozen”, and decision makers can then become actively involved to assist with the resolution of the dispute via traditional routes if desired.

Another option would be a digitised commercial arbitration process intended to result in a valid and binding New York Convention award. Arbitration institutions could register on the DLT platform and users of the network could refer their disputes to be resolved under pre-established procedural rules through their smart contract or smart legal contract.

On-chain solutions can be designed to automatically enforce the outcome of a dispute without any input from the parties. This would mean that monetary compensation could be paid immediately into the winner’s digital wallet without the need for the losing party to consent to or actively take steps to make the payment. This would save time and costs for the winner who might otherwise be forced to take enforcement action against their opponent in the event of non-payment.

While these benefits will appeal to many would-be litigants, the guidance warns that on-chain mechanisms need to be legally robust – valid, effective and final in the off-chain world – to prevent other parties challenging or otherwise undermining the outcomes. If the outcome of the on-chain dispute can be subject to further scrutiny in a court of law or arbitral tribunal then it will only serve to increase the time and costs of the parties involved.

Other on-chain options are based around anonymous users of the DLT/blockchain network gaining the right to vote on the dispute’s outcome by placing a stake in the form of cryptocurrency. They vote from a pre-determined list of binary outcomes, with those who voted with the majority receiving compensation and those who did not losing their stake. One of the obvious issues is that parties need to have the confidence that these anonymous “decision makers” have the necessary expertise to vote on the “correct” outcome of the dispute. A further glaring issue identified by the guidance is that in certain platforms the amount of cryptocurrency a user is willing to stake often determines the likelihood of them being selected as a decision maker and it is not even clear in some cases whether the user is ultimately a human or a bot. This presents a wide range of legal and practical challenges.

DLT/blockchain uses a decentralised network that is not strictly bound by the limits of traditional physical borders or legal systems. A very complex legal battle may ensue if parties seeking to use on-chain dispute resolution processes fail to specify which law and jurisdiction will apply to their agreement. Parties would be well advised to consider these issues at the outset to avoid costly legal proceedings – including tactical satellite litigation in multiple jurisdictions – later down the line.

The guidance notes that while on-chain dispute resolution mechanisms may be workable for small, straightforward and predictable disputes, it is not clear (at present) how useful they will be for more complex, multi-jurisdictional and unexpected disputes that require careful consideration of detailed evidence.

The last section of the guidance dealing with dispute resolution considers in some detail the three issues of fundamental importance to the efficient and effective governance of any DLT system – jurisdiction, applicable law and money laundering. It says experience has demonstrated the need for cryptoassets and other DLT applications to operate within traditional legal and regulatory frameworks, noting, however, that regulators have at the same time been wary of stifling technological innovation.

The future

The guidance calls for a combination of authoritative guidance and best practice standards and concludes that, going forward, certainty and consistency of outcome in dispute resolution will likely be achieved through traditional processes and the increasing use of future forms of best practice DLT/other digital platform mechanisms combined with smart legal contract data. Examples such as regulators having been compelled to bring cryptoassets within the scope of anti-money laundering due to the illicit use of cryptocurrencies to facilitate money laundering, cyber crimes and token fraud mean that a vision of entirely self-automated DLT systems – untouched by traditional law and regulation – is not feasible.

While it is currently unlikely that on-chain dispute resolution will overthrow traditional procedures entirely, what this guidance clearly shows us is that the impact of blockchain on commercial dispute resolution will continue to gather pace as these technologies, and the discussion surrounding their uses, develops. The sooner commercial parties and their advisers get to grips with the potential benefits and pitfalls, the better.

How we can help

Our Technology & Digital experts are well placed to advise on all aspects of commercial agreements, disputes involving blockchain and other technologies and any concerns from a regulatory perspective. Please contact Louise or Jack if you have any queries arising from this briefing or need any advice or assistance.

[1] See, for example, Ground-breaking Digital Dispute Resolution Rules published, English law can accommodate smart legal contracts and English court grants wide-ranging relief after cryptocurrency scam

[2] For the latest position on electronic signatures, see Electronic execution: An essential update

Understanding blockchain, NFTs & smart contracts

Our technology and digital experts provide help and understanding on the subject of blockchain, NFT’s and smart contracts.

Get a print friendly PDF version here.

2022 has started in much the same way as 2021 finished, with technology news largely dominated by stories relating to blockchain technologies such as NFTs and other cryptoassets. So, over the next few weeks, we are going to turn our focus particularly to these topics and take a look at the key legal and practical implications. In the meantime, let us begin where many get lost: with explanations of some of the main concepts.

Blockchain

Consider blockchain as the technological breakthrough that has thrust buzzwords like ‘NFT’ and ‘cryptocurrency’ into the mainstream. The tech world is excited about blockchain because it represents an advancement in the way that information is recorded and held.

Fundamentally a blockchain is a database, or ledger, of information. However, its technical composition means that users can have absolute confidence that the data being displayed is complete, accurate and, for all intents and purposes, infallible: once information is written onto a blockchain, it is (close to) impossible to change that information.

Blockchain also works on a distributed basis, which means that the ledger of information is not held in one, single location but concurrently on multiple computers across a network. As well as bolstering the network’s security, this also means that any interested party can access an up-to-date copy of the information at any given time.

To use a very rudimentary analogy, picture a write-only Excel spreadsheet (where new cells can be added but existing cells not amended), of which a copy is held by every party that could want to view it.

NFTs

An NFT is a token (a form of digital asset) that exists on a blockchain (think of it as a cell on the previously mentioned spreadsheet).

These particular tokens are non-fungible (and therefore NFTs) in the sense that they are unique, with an individual identifying number: contrast that with Bitcoins – probably the most well-known cryptocurrency – which are fungible due to one Bitcoin being the equivalent of any other. It does not matter which Bitcoin you possess as they are all the same, whereas that is not the case with NFTs, which are unique.

To give a real-world example, a £10 note is interchangeable with any other £10 note (and is therefore fungible), however no diamond is exactly the same as another (and is therefore non-fungible). If this is all sounding a little too abstract, let us look at NFTs’ most notorious real-life application to date: digital art.

Digital art existed long before NFTs hit the mainstream in 2021, but had an ongoing issue with evidencing ownership. After all, a digital image can be saved, copied or shared by anyone in just a few clicks. Proponents of NFTs claim that the technology has solved this problem.

By including in an NFT a URL link to the digital image, the artist could sell the NFT (that is the non-fungible token on the blockchain) and the buyer take ownership of it. The buyer would therefore own the digital asset that links to the image (whether or not they actually own the image is a topic for another article).

What is more, the artist could include further information in the NFT so that in the event the buyer re-sold the NFT, the artist would automatically receive a further royalty payment (more on that in the ‘smart contracts’ section below). The NFT therefore is not the digital art itself, but more comparable to a certificate of authenticity relating to the digital art.

Is an NFT simply digital art?

No! Any data can be contained within an NFT. It could be a domain name, tickets to a concert or sporting event, in-game items or even real estate deeds.

Smart contracts

A smart contract is a software program that executes automatically when a pre-defined set of requirements are fulfilled. Where such a software program fulfils a legal obligation, it is known as a smart legal contract. Insurance contracts are commonly used as an example use case for the smart legal contract – provided the requisite criteria are met, the smart contract kicks in and an insurance payout is made without requiring further human intervention.

A recent Law Commission report concluded that smart contracts are compatible with the existing principles of English law and are therefore capable of being legally binding. As a result, we can expect them over time to represent a modernisation of contracting, evolving the traditional approach in a manner comparable to electronic signatures.

The emergence of blockchain was a game-changer for smart legal contracts: by writing the underpinning code onto a blockchain, parties could trust that the intended automated consequences would be effected in a way that was not achievable through normal coding.

And now, smart contracts are being used to give NFTs added utility: for example, a smart contract could be written into an NFT that, upon that NFT being resold, automatically ensures that the original artist (of the digital image that the NFT links to) receives a royalty as a percentage of the onward sale.

The smart contract concept pre-dates the recent rise of blockchain technology and NFTs. The long-used example is the vending machine: when a pre-defined set of requirements are fulfilled (correct money is entered and an item code inputted), the machine – without further human intervention – self-executes and out pops a chocolate bar!

Concluding thoughts

Criticisms have been levelled at these technologies, such as the environmental impact the level of computing to power blockchain requires, or the ability for opportunists to steal original artwork, masquerade it as their own and mint it as an NFT to forever exist on the blockchain. What many appear to agree on though, is that in time new innovative use cases for these technologies will emerge (LawtechUK recently published a number of case study examples). Anticipating this, the Law Commission is undertaking a project to determine the extent to which the existing legal framework can accommodate these technologies, in particular digital assets. A formal consultation is expected in mid-2022, however interim comments suggest at least a degree of reform is likely to be introduced.

Want to learn more from our Technology & Digital experts and be the first to receive important updates, developments and events from the team? Then sign up for our newsletter, the Technology & Digital round-up here.

For more information, please speak to one of our NFT and blockchain experts below.

What is a blockchain?

The tech world is excited about blockchain, NFTs and cryptocurrencies, with these terms being heard […]

The tech world is excited about blockchain, NFTs and cryptocurrencies, with these terms being heard more and more often, making their way into workplace discussions and mainstream conversations, but what do they actually mean? And how can they benefit you, your work or your company?

In the first video in our series, Luke Jackson, Senior Associate in the Technology & Digital Group, sits down and discusses what a blockchain is and its associated benefits.

Visit our #WMTechTalk homepage to learn more.

For more information, please speak to NFT and blockchain experts, Luke Jackson or Sally Mewies.

More from Walker Morris

Specialists from our Technology & Digital Group recently gave a flavour of developments to look out for in 2022. Read “What to look out for in 2022” and learn about key developments in smart contracts and NFTs, data protection and e-privacy reform, increased scrutiny of Big Tech, the digital supply chain, and much more.
Interested in events from Walker Morris? Visit our events page to see our full list of upcoming events.
Want to watch a previous webinar? Visit our digital academy, home to a library of digital content including webinars, our bite-sized video nuggets and podcasts.

What is an NFT?

The popularity of NFTs, blockchain and cryptocurrencies continues to grow, with these terms being used […]

The popularity of NFTs, blockchain and cryptocurrencies continues to grow, with these terms being used more and more, making their way into boardroom discussions and professional conversations, but what do they actually mean? And how can they benefit you, your work or your company?

In the second video in our series, Luke Jackson, Senior Associate in the Technology & Digital Group, explains what is an NFT, how an NFT works and the benefits of using the technology. If you aren’t sure on terms such as non-fungible token, digital asset and blockchain technology, then this video is for you.

Visit our #WMTechTalk homepage to learn more.

For more information, please speak to NFT and blockchain experts, Luke Jackson or Sally Mewies.

More from Walker Morris

What is a blockchain? In the first video of the series, Luke Jackson explains what blockchain actually is, the associated benefits and its role with NFTs.
Want to know the most recent developments from the team? Check out our latest round-up covering recent advertising standards activity, electronic execution of documents, smart contracts, crypto scams, and much more.
Specialists from our Technology & Digital Group recently gave a flavour of developments to look out for in 2022. Read “What to look out for in 2022” and learn about key developments in smart contracts and NFTs, data protection and e-privacy reform, increased scrutiny of Big Tech, the digital supply chain, and much more.

Technology & Digital: What to look out for[...]

Specialists from our Technology & Digital Group give a flavour of developments to look out for […]

Specialists from our Technology & Digital Group give a flavour of developments to look out for in 2022 covering smart contracts and NFTs, data protection and e-privacy reform, increased scrutiny of Big Tech, the digital supply chain, and much more. We hope you enjoy reading it.

-> Read “What to look out for in 2022” here.

We will be producing a range of materials and running events on various Technology & Digital topics throughout 2022, so keep an eye out for those. In the meantime, please get in touch with one of our experts below if you have any queries.

If you are interested in receiving a copy of our regular round-up of legal and non-legal tech-related news stories and other similar updates direct to your inbox, including invites to our Technology & Digital events, please sign up here.

See our previous edition here.

Technology & Digital round-up – 4 March 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers recent advertising standards activity, electronic execution of documents, smart contracts, crypto scams, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

The Advertising Standards Authority published advice for advertisers of cryptoassets, saying that they must take particular care to ensure they do not mislead consumers and are not socially irresponsible in the way they promote cryptoassets – complex and volatile products that are also becoming increasingly popular and widespread in the UK.

In related news, the ASA banned a poster for a cryptocurrency displayed across the London Underground for irresponsibly exploiting consumers’ fears of missing out, trivialising investment in cryptocurrency, and taking advantage of consumers’ lack of experience or credulity by not making clear that capital gains tax could be payable on profits from investing.

The ASA also recently published a feature on “dark patterns” and advertising regulation, and what the ASA is doing to tackle them.

We published an essential update for businesses on the electronic execution of documents.

LawtechUK and its UK Jurisdiction Taskforce launched the ‘Smarter Contracts’ project by publishing a report which aims to explain how smarter contracts and blockchain technology are currently being used. In his speech introducing the report, the Master of the Rolls said the theory is to dispel the myth that blockchain is a fringe technology used only by those wanting to risk their livelihoods or possibly make their fortunes on volatile cryptoassets like Bitcoin.

The High Court recently granted a total of six worldwide freezing orders, interim injunctions and disclosure orders against ‘persons unknown’ for the benefit of a UK resident who had unwittingly fallen victim to a suspected cryptocurrency investment scam. The decision reaffirms England and Wales’ position as a leading jurisdiction for dealing with this type of action. See our recent briefing for details.

Giving evidence to the House of Lords Fraud Act 2006 and Digital Fraud Committee inquiry, the Director of Economic Crime at the Home Office referred to the growing threat of cryptocurrencies in money laundering and the plan to introduce legislation on the ability to seize crypto assets using civil recovery powers (at the moment the ability is limited to criminal powers).

The Competition and Markets Authority published a blog post on the final Privacy Sandbox commitments secured from Google. It says this is an ideal opportunity to test the way it wants the new Digital Markets Unit to run and is keen to engage with tech firms and consumers on an ongoing basis.

The Information Commissioner’s Office published new guidance covering the processing of personal data by video surveillance systems by public and private sector organisations. Organisations using surveillance systems that process the personal data of identifiable individuals need to comply with the UK GDPR and Data Protection Act 2018.

…and in other news

In light of the escalating crisis in Ukraine, the National Cyber Security Centre continues to call upon organisations in the UK to bolster their online defences. You can read its latest guidance here.

A finance expert told BBC News that the war in Ukraine could become the first meaningful “crypto conflict”.

A recent article described the experience of making a purchase via an NFT vending machine. The vending machine dispenses “colours” – that is, a unique NFT representing a particular colour – for $5.99 each, though it was unclear what function they would provide.

The UK and Singapore signed a new innovative digital trade deal. The two countries also agreed to revitalise the existing FinTech Bridge, a move that will support innovative financial services and strengthen cooperation on emerging technologies.

One year on from the publication of the Kalifa Review of UK FinTech, over 70 CEOs and founders of FinTechs of all sizes and covering a wide range of sectors came together to welcome strong progress and call for further action.

A recent study found that UK firms are most likely to pay ransomware hackers.

The Artificial Intelligence Public-Private Forum launched by the Bank of England and Financial Conduct Authority published its final report, with the ultimate aim of advancing the collective understanding and promoting further discussions among academics, practitioners and regulators to support the safe adoption of AI in financial services.

Fitbit was forced to undertake a large-scale recall of its Ionic smartwatch following reports of an overheating battery and potential burn injuries for users. It is suggested that up to 1.7 million devices may need to be returned.

And finally, in yet another example of an innovative football and technology partnership, Manchester City FC is set to become the first Premier League club to enter the metaverse, as a result of a three year deal with tech giants Sony that will see the club build a virtual Etihad Stadium. Watch out for our upcoming briefing.

Technology & Digital round-up – 18 February 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers court guidance on low value data breach claims, HMRC’s seizing of NFTs, the Super Bowl advert that “broke the Internet”, and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

The ICO is seeking views on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies. Three chapters have been published so far. Upcoming topics include accountability and governance requirements. The ICO will consult on the full draft guidance in the autumn.

Our data breach litigation specialists look at the latest in a recent run of cases dealing with low value data breach claims and consider the court’s further guidance in this area. The decision is consistent with the courts’ approach to giving short shrift to low value, unmeritorious or exaggerated claims – a welcome trend for data controllers.

The court refused to grant a mandatory interim injunction requiring a software developer to deliver up to its customer software, source code and other documents required for completion of an IT platform which it had developed for the customer under a software development agreement, following disputed allegations that the product was incomplete, late and defective. The decision reflects the high bar that applicants seeking this type of relief need to overcome in order to be successful.

HMRC seized three NFTs as part of an investigation into a suspected VAT fraud scheme involving 250 fake companies, the first UK law enforcement agency to do so.

The Industry Working Group on Electronic Execution of Documents published its interim report, which explains the current situation in England and Wales (including how the formal requirements for some common documents can be fulfilled), offers best practice guidelines based on existing technology, and includes recommendations for future reform. Watch out for our upcoming briefing.

We reported previously that the FCA is consulting on strengthening its financial promotion rules for high risk investments, including cryptoassets, following announcement of the Government’s plan to strengthen the rules on cryptoasset advertisements and protect consumers from misleading claims. See our recent briefing to find out more.

The Competition and Markets Authority fined Meta for a second time after the company breached the CMA’s initial enforcement order concerning the purchase of online database and search engine Giphy. Elsewhere, the CMA accepted commitments offered by Google that address the CMA’s competition concerns resulting from investigating Google’s proposals to remove third party cookies and other functionalities from its Chrome browser. The ICO’s Commissioner’s Opinion sets out clear data protection standards that organisations must meet when developing online advertising technologies.

Over in Europe, France’s data regulator is the latest to find the use of Google Analytics non-compliant with the EU GDPR. This follows a recent similar ruling from the Austrian data regulator.

The European Data Protection Board launched its first coordinated enforcement action – into the use of cloud-based services by the public sector.

…and in other news

Coinbase reportedly spent $14 million on a TV advertisement during the Super Bowl to air a bouncing QR code for 60 seconds. The QR code led to the crypto-trading platform’s website, which crashed due to the influx of new visitors.

McDonald’s “entered the metaverse” after filing a series of trademarks for a virtual restaurant that will deliver food online and in person.

More bad press for Big Tech after it emerged that anti-vaxxers in France were buying fake Covid passes online, often promoted on mainstream social media platforms.

The National Cyber Security Centre warned of a growing wave of increasingly sophisticated ransomware attacks in its first ever joint advisory with international partners on the threat. The NCSC’s CEO strongly encourages UK CEOs and boards to familiarise themselves with the alert and to ensure their IT teams are taking the correct actions to bolster resilience.

A US company is speeding up the path to practical fusion energy by using Google’s vast computing power. By applying software that can improve on its own, tasks that once took two months have been cut down to just a few hours.

Media company Forbes announced a $200 million strategic investment from Binance, one of the world’s largest cryptocurrency and blockchain infrastructure providers.

An augmented reality device specifically designed for the construction industry has been developed, which should make it easier for those inspecting the site to notice when building works are deviating from the original plans and allow construction managers to decide whether the works or the plans need changing.

The Government published an update on the National Data Strategy Forum – a structured programme of engagement designed to ensure that a diverse range of perspectives beyond Government and the public sector continue to inform the implementation of the National Data Strategy. The five key workstreams are: unlocking the power of data for everyone everywhere; trust in data; data reform; net zero; and measuring the data ecosystem.

And finally, a retired British property investor hopes to convince thousands of cryptocurrency investors to move to his remote South Pacific island and form a regulation-free “crypto utopia”.

Get in touch with one of our experts below if you have any queries or need advice or assistance.

Technology & Digital round-up – 4 February 2022

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers an important development on international data transfers, regulation of automated vehicles and Spotify under the spotlight.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

The ICO’s international data transfer agreement and UK addendum to the new EU standard contractual clauses have been laid before Parliament. They are due to come into force on 21 March 2022 and replace use of the old EU SCCs for transferring personal data outside of the UK in the absence of relevant adequacy arrangements. They will apply to all new transfers from 21 September 2022. The old EU SCCs can be used for contracts concluded on or before that date until 21 March 2024 provided the processing operations remain unchanged and the arrangements ensure appropriate safeguards in compliance with the Schrems II decision. See the ICO’s statement. The addendum will be a useful alternative to the international data transfer agreement for organisations transferring personal data from both the UK and the EU, as they will be able to use one set of SCCs (the new EU SCCs and addendum) instead of having to enter into two different sets of arrangements. The ICO is developing additional tools to provide support and guidance to organisations, to be published soon. That includes guidance on transfer risk assessments that will need to be carried out in addition to applying the new transfer tools, to ensure Schrems II compliance.

In a related development, the government announced the launch of the International Data Transfer Expert Council, a group of 20 experts who will meet quarterly and provide independent advice to help the government ‘achieve its mission of unlocking the benefits of free and secure cross-border data flows now the country has left the EU’. Current priority countries for striking data adequacy partnerships include the US.

Highlighted in a new ICO in the media webpage are the first media interviews given by the new Information Commissioner. They provide an insight into the approach we can expect to see. Among other things, the Commissioner talked about wanting a sharp supervisory focus on tech companies, how coming out of the EU presents considerable opportunities and how, in the context of data protection reform, he thought greater certainty and flexibility could be provided to businesses without putting at risk fundamental rights that people have in the UK.

The Information Commissioner recently announced a major listening exercise to hear directly from businesses, organisations and people about their experiences of working with the regulator, to help it focus on a ‘how to’ not a ‘don’t do’ approach.

The ICO in the media webpage also highlights recent reports covering the ICO’s response to a Home Office backed campaign calling for the rollout of end to end encryption to be delayed until tech organisations can ensure the safety of their users. Among other things, the ICO’s Executive Director for Innovation and Technology says that the discussion is too unbalanced to make a wise and informed choice – there is too much focus on the costs without also weighing up the significant benefits.

In a new report, MPs on the Digital, Culture, Media and Sport Committee voice their urgent concerns that, as currently drafted, the Online Safety Bill neither adequately protects freedom of expression nor is clear and robust enough to tackle the various types of illegal and harmful content on user-to-user and search services. The draft Bill is a significant piece of proposed legislation to make internet service providers responsible for what is happening on their platforms.

In related news, over in Europe, MEPs agreed a draft set of measures to tackle illegal content, to ensure platforms are held accountable for their algorithms, and improve content moderation. Negotiations with member states on the Digital Services Act can now begin.

On 26 January 2022, the Law Commission published a report recommending new laws to regulate automated vehicles (vehicles which can drive themselves without being controlled or monitored by an individual for at least part of a journey) in Great Britain. Key recommendations include new legal roles for users, manufacturers and service operators, with removal of criminal responsibility for the person in the passenger seat, and holding manufacturers and service operators criminally responsible for misrepresentation or non-disclosure of safety-relevant information. The government will now decide whether to accept the recommendations and introduce legislation to bring them into effect.

Over in the US, electric car maker Tesla is recalling nearly 54,000 cars and SUVs because their “Full Self-Driving” software lets them roll through stop signs.

…and in other news

The controversial decision by Spotify to remove Neil Young’s catalogue from the streaming service following an ultimatum from the artist relating to Joe Rogan’s hugely popular podcast reignited the debate around the influence held by Big Tech. Concerns had been raised that Rogan’s podcast content contained inaccuracies relating to COVID-19 and questions have been asked by those that felt Spotify had not done enough to prevent the spread of misinformation on its platform.

The New York Times has acquired the rights to the popular online daily puzzle ‘Wordle’. The game has been hugely popular since its launch in October 2021, with the New York Times having high hopes that it will boost their online subscriptions.

The National Cyber Security Centre is urging UK organisations to bolster their cyber security resilience in response to the malicious cyber incidents in and around Ukraine.  It recently published updated guidance on actions to take when the cyber threat is heightened.

It was reported that India will launch a digital version of the rupee as early as this year and introduce a 30% tax on income from digital assets – putting profits from trading or transferring cryptocurrencies and NFTs in the country’s highest tax band. China is already trialling the digital yuan.

Meanwhile, the International Monetary Fund urged El Salvador to remove Bitcoin as legal tender, saying that the adoption of a cryptocurrency as legal tender entails large risks for financial and market integrity, financial stability and consumer protection.

Europol published a report debunking common myths on the criminal use of cryptocurrencies, confirming, for example, that the overall number and value of cryptocurrency transactions related to criminal activities still represent only a limited share of the criminal economy when compared to cash and other forms of transactions, and that most blockchains are publicly available, making transactions traceable.

The rise of digital art thefts in the NFT marketplace is the subject of this news report, with one artist describing the situation as “one huge mess of theft and fraud and inauthenticity”.

Vodafone announced that it will begin retiring its 3G network in 2023 as part of a network modernisation programme to improve the 4G and 5G experience for all customers.

Facebook founder Mark Zuckerberg announced that Meta is building the world’s fastest artificial intelligence supercomputer as part of his plans to build a virtual metaverse – see this news report.

Jaguar Land Rover warned that it expects the global computer chip shortage to continue throughout this year but expects supplies to gradually improve.

Get in touch with one of our experts below if you have any queries or need advice or assistance.

Technology & Digital round-up – 21 January 2022

Happy New Year and welcome to our first Technology & Digital round-up of 2022. This […]

Happy New Year and welcome to our first Technology & Digital round-up of 2022. This edition covers cryptoassets, data fines, cloud services, smart supermarkets, cyber security, the metaverse and much more.

If you would like to receive this and other similar updates direct to your inbox, please click here.

Get in touch with Sally Mewies or Luke Jackson if you have any queries or need advice or assistance.

The legal part…

We published Technology & Digital: What to look out for in 2022 giving a flavour of ten legal and regulatory developments we expect to see this year.

HM Treasury unveiled the Government’s plan to strengthen the rules on cryptoasset advertisements and protect consumers from misleading claims. It proposes to bring the promotion of cryptoassets within the scope of financial promotions legislation. This means that all crypto marketing promotions will need to be issued or approved by an FCA-authorised person and comply with the ‘fair, clear and not misleading’ requirement. The FCA is now consulting until 23 March 2022 on strengthening its financial promotion rules for high risk investments, including cryptoassets. Watch out for our upcoming briefing. This is an important step forward in creating a robust regulatory framework that will foster innovation while ensuring consumer protection. In related news, the Advertising Standards Authority has upheld a series of complaints regarding cryptoasset advertising in recent weeks, having previously confirmed that it is treating this as a ‘red alert’ priority issue.

The International Monetary Fund says that cryptoassets such as Bitcoin have matured from an obscure asset class with few users to an integral part of the digital asset revolution, raising financial stability concerns. Its analysis suggests that cryptoassets are no longer on the fringe of the financial system and it is therefore time to adopt a comprehensive, coordinated global regulatory framework to guide national regulation and supervision and mitigate the financial stability risks stemming from the crypto ecosystem.

The Law Society published the second edition of its legal and regulatory guidance on blockchain. In his foreword to the report, the Master of the Rolls describes it as a comprehensive guide to the legal and regulatory considerations that everyone in the on-chain space needs to understand. He refers to three major developments that he believes are imminent, including the launch of central bank digital currencies that will put cryptoassets into mainstream use.

Meanwhile, the House of Lords Economic Affairs Committee published a report concluding that it has yet to hear a convincing case for why the UK needs a retail central bank digital currency. It says that, while such a currency may provide some advantages, it would present significant challenges for financial stability and the protection of privacy.

Following on from the recent release of its National Cyber Strategy 2022, the Government published its 2022 cyber security incentives and regulation review. Among other things, it is considering ways in which it can mandate large companies to appropriately assess and address the cyber risks they face. Two consultations were published alongside the review: one on proposals for legislative changes to drive up levels of cyber resilience, particularly in organisations which play an important role in the UK economy, like managed IT service providers; the other on proposals for how a stronger cyber security profession can support better cyber resilience. See the press release.

The new UK Information Commissioner began his five year term saying that he looks forward to ensuring the law continues to be relevant in our changing world. This will be a busy year for the ICO as it actively engages with the Government over proposed wide-ranging data reforms and the introduction of the Online Safety Bill, and strengthens links with other digital regulators. It is currently consulting until 24 March 2022 on how it uses its powers to investigate, regulate and enforce: “We are focussed on promoting best practice and compliance but, where it is necessary, we will exercise a fair and proportionate approach to enforcement action”.

One of the ICO’s non-executive directors delivered a comprehensive speech on regulatory cooperation across borders at an event on data protection and transnational cooperation in the post-Brexit era. Among other things, he talked about how the power and reach of multinational technology platforms over personal data is now unprecedented, and common action will create clearer and more forceful direction towards respect for data protection and privacy. As to the UK’s continuing data adequacy status he said that, while ‘essential equivalence’ is not cast in stone and does not require a carbon copy of the GDPR, if essential elements of protection are missing, that would create a serious obstacle. This is relevant because of the ongoing data reform consultation and the Government considering how to proceed.

It was reported that Facebook’s parent company Meta is facing a billion-pound class action case concerning the alleged abuse of its market dominance to impose unfair terms and conditions on British Facebook users, giving it the power to exploit their personal data. Over in the US, the Federal Trade Commission has been given the go-ahead to take Meta to court over anti-trust rules. The competition and consumer regulator is trying to make Meta sell off Instagram and WhatsApp.

The French data regulator fined Google and Facebook a total of £175 million over cookie consent issues, finding that while the tech giants provided a virtual button to allow the immediate acceptance of cookies, there was no equivalent to refuse them as easily.

And finally, in a decision that could sound the death knell for the use of US cloud services in Europe, the Austrian data regulator found that a website which had been exporting visitors’ data to the US as a result of implementing Google Analytics, breached the GDPR’s rules on international transfers. There were insufficient safeguards to effectively block US intelligence services from accessing the data. Here in the UK, it has been reported that financial regulators are preparing to step up their scrutiny of the cloud computing giants.

…and in other news

Contrary to initial reports, global retailer H&M denied reports it was collaborating with CEEK to sell virtual fashions in the metaverse…for now.

Microsoft is acquiring video game publisher Activision Blizzard for an eye-watering $68.7 billion. According to Microsoft’s CEO, the deal will play a key role in the development of metaverse platforms.

It was announced that leading UK researchers will work with international collaborators to develop the technologies of tomorrow through 12 projects which aim to address the challenges of monitoring Earth’s emissions and climate, quantum computers, communication networks, better medicines and electric vehicles.

The National Cyber Security Centre issued an alert advising organisations to take steps to mitigate the Apache Log4j vulnerabilities. The alert contains further links including on what everyone needs to know and what boards should be asking.

In related news, the Cyber Essentials certification scheme will adopt a new tiered pricing structure from 24 January 2022. The NCSC previously announced that it will introduce an updated set of requirements for the scheme in response to the evolving cyber security challenges that organisations now face.

The NCSC added its support to new advice from its international partners on countering Russian state-sponsored cyber threats targeting critical infrastructure.

Non-profit organisation Worker Info Exchange – dedicated to helping workers access and gain insight from data collected from them at work – published a report evidencing the harms caused by gig platforms’ algorithmic workforce management systems.

Aldi opened its first till-free supermarket following similar moves by Tesco, Sainsbury’s and Amazon, as this report asks whether smart supermarkets herald the end of shopping as we know it.

You can now buy Tesla merchandise with Dogecoin – the cryptocurrency which was initially started as a joke – after the electric carmaker’s CEO Elon Musk announced the development on Twitter. The purchases are apparently non-refundable.

Kosovo has pulled the plug (temporarily) on all crypto mining activity as it seeks to ease a crippling energy crisis. This is part of the ongoing global discussion around cryptocurrency regulation and the impact of cryptocurrency mining on the environment.

Get in touch with one of our experts below if you have any queries or need advice or assistance.

Technology & Digital round-up – 10 December 2021

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers recent CMA and ICO activity, the new Product Security and Telecommunications Infrastructure Bill, cyber attacks, digital trade and much more. If you would like to receive this and other similar updates direct to your inbox, please click here. Get in touch with one of our experts below if you have any queries or need advice or assistance.

The legal part…

We reported in an earlier edition of the round-up that the Competition and Markets Authority fined Facebook £50.5 million for breaching an order imposed during the investigation into Facebook’s purchase of online database and search engine Giphy. The CMA has since blocked the deal and requires Facebook (now Meta) to sell Giphy, after finding that the deal could harm social media users and UK advertisers.

The CMA recently hosted the first dedicated two-day summit with the heads of the G7 competition authorities to discuss cooperation across digital markets. See the press release.

We referred in our previous edition to the Product Security and Telecommunications Infrastructure Bill which was introduced to Parliament on 24 November 2021. A copy of the Bill itself (which creates, among other things, a new regulatory scheme to make smart products more secure against cyber attacks) and the explanatory notes have now been published. Details of the relevant security requirements to be complied with will be set out in separate regulations.

In related news, see our recent briefing on some of the telecommunication/infrastructure aspects of the Bill and what landowners and telecoms operators need to know.

The Information Commissioner’s Office flagged a paper it has written on end-to-end encryption. It concludes that it does not see value in proposals that seek to weaken end-to-end encryption, but it does see value in accelerating innovations that allow the detection of harmful content without compromising privacy.

The ICO fined the Cabinet Office £500,000 for disclosing postal addresses of the 2020 New Year Honours recipients online. It had failed to put appropriate technical and organisational measures in place to prevent the unauthorised disclosure of people’s information.

The ICO also announced its provisional intent to impose a potential fine of just over £17 million on Clearview AI Inc, following an investigation into the company’s use of images, data scraped from the internet and the use of biometrics for facial recognition.

The Digital Regulation Cooperation Forum launched a technology horizon scanning programme, to provide a coherent view of new and emerging digital markets and technologies.

The Bank of England published the minutes of the first meeting of the CBDC (Central Bank Digital Currency) Engagement Forum. The Bank’s and HM Treasury’s aim is to move towards a stance on whether or not a CBDC is needed in the UK. Were there a decision to proceed, progressive phases of development, design and technology work would commence.

…and in other news

The government announced that it has developed an algorithmic transparency standard for government departments and public sector bodies, one of the first countries in the world to do so.

It was reported that a possible supply chain cyber attack left more than 300 Spar supermarkets unable to process credit card payments. The National Cyber Security Centre’s guidance on how to effectively detect, respond to and resolve cyber incidents can be found here.

As set out in its 2025 UK Border Strategy, the government is looking to use data, technology and trusted relationships to deliver robust upstream compliance which would allow processes to be moved away from the frontier and facilitate improved flow of goods. It is calling on stakeholders with an interest in movement of goods to submit their interest in piloting this ‘Ecosystem of Trust’ concept to develop a world leading technology enabled border.

The Board of Trade published a new report on digital trade which, according to the press release, outlines the huge opportunities digital trade presents for boosting UK exports, turbocharging economic growth, and creating high-paying jobs across all parts of the UK. It was shortly followed by news of a bumper digital trade deal with Singapore.

With a USD1.1 billion valuation, the Bank of London launched on 30 November 2021 as the world’s first purpose-built global clearing, agency and transaction bank. The Bank’s founder and Group Chief Executive said in a press release that veteran banking experts, leading creative innovators and visionary technologists had been brought together to build, patent and validate truly game-changing technologies and innovations to transform the very fundamentals of banking.

Ubisoft is set to become the first major gaming company to launch in-game NFTs, following the announcement of its new “Digits” system. Digits will utilise the Tezos blockchain, which is claimed to be more energy efficient than some rival blockchains. The initial batch of NFTs will be limited edition items for the ‘Tom Clancy’s Ghost Recon Breakpoint’ game.

The UK will phase out 2G and 3G mobile services by 2033, as mobile-network operators agreed on the timetable to wind down the technology. The move will free up radio waves for 5G (and eventually) 6G networks that will power automated vehicles, drones and VR.

It was reported that Google is suing two Russian individuals it claims are behind a sophisticated botnet operation that has silently infiltrated more than 1 million Windows machines worldwide.

Amazon suffered its third outage this year. The outage affected Amazon Web Services, the biggest cloud computing company in the world, which provides services to governments, companies and universities.

Google released data of search term trends in 2021: with ‘Euros’ being the UK’s most searched term of the year. ‘Covid vaccine’ was the most searched news event, ‘Squid Game’ topped the list of TV shows, ‘when will lockdown end?’ was one of the most frequently asked questions and ‘impeachment meaning’ the most commonly requested definition.

Technology & Digital round-up – 26 November 2021

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers smart contracts, proposed new cyber laws, electric vehicle developments, social media boycotts and much more. Get in touch with one of our experts below if you have any queries or need advice or assistance.

The legal part…

In a significant and welcome development, the Law Commission has confirmed that the law of England and Wales can accommodate smart legal contracts, without the need for statutory law reform. The Commission is encouraging parties to anticipate and cater for potential uncertainties in the legal treatment of smart legal contracts by including express terms aimed at addressing them, for example clauses allocating risk in relation to the performance of the code, and setting out clearly the relationship between any natural language and coded components. See our briefing for details. The Commission identified deeds and private international law as the two areas where further work is required to support the use of smart contract technology in appropriate circumstances. A project on conflict of laws and emerging technology will start in 2022. The Commission says that the problem of digital location, i.e. the difficulty of ascribing real-world locations to digital actions and digital objects, is among the most significant challenges that private international law will have to overcome in relation to emerging technology, including smart legal contracts.

A proposed new law will require manufacturers, importers and distributors of digital tech which connects to the internet or other products to make sure they meet tough new cyber security standards – with fines of up to £10 million or up to 4 per cent of global revenue for those who fail to comply. The Product Security and Telecommunications Infrastructure Bill was introduced to Parliament on 24 November 2021. See the press release. Walker Morris will monitor and report on developments.

The government announced that IT service providers could be required to follow new cyber security rules such as the National Cyber Security Centre’s Cyber Assessment Framework as part of new proposals to help British businesses manage the growing cyber threat. The government’s response to a recent call for views on enhancing the security of digital supply chains and third party IT services shows there is industry support for developing new or updated legislation, with 82 per cent of respondents agreeing that it could be an effective or a somewhat effective solution. The government says it will now develop more detailed policy proposals and is currently carrying out a review of the laws and measures which encourage firms to improve their cyber security. It will launch a new national cyber strategy later this year.

In yet another data breach case, the High Court gave strong guidance that pursuing low value or exaggerated claims constitutes an abuse of process and is “simply unacceptable”. This is the latest in a run of cases which look set to stem the flow of trivial or meritless data breach claims brought by individuals against businesses. See our briefing for details.

The Information Commissioner’s Office has published clear data protection standards that companies must meet to safeguard people’s privacy online when developing new advertising technologies (‘adtech’). The ICO says that the standards come as a warning to companies designing new methods of online advertising that they must comply with data protection law and stop the excessive collection and use of people’s data.

The UK’s tech minister led the annual Digital Nations summit, where digital ministers from ten governments agreed to continue to use digital tech to reduce the environmental impacts of government, narrow digital divides, and build trust in digital government services by putting safeguards in place on human rights, data protection, data and AI ethics and transparency.

In his recent speech to business leaders, the Prime Minister announced that new homes and buildings such as supermarkets and workplaces, as well as those undergoing major renovation, will be required to install electric vehicle charge points from next year, under new legislation.

The Financial Conduct Authority reported on its recent Sustainability TechSprint, which focused on building technological solutions to overcome challenges faced by regulators in monitoring ESG data and disclosures from regulated firms and listed issuers. The solutions developed ranged from a tool to help verify companies’ carbon offsetting programs to one that helped develop a sustainable investment label using an impact score. The FCA said that the level of engagement and discussions over the course of the TechSprint reinforced the importance of placing ESG considerations at the heart of financial decision making and taking brave, innovative steps towards tackling these challenges collaboratively.

WhatsApp is rewriting its privacy policy following the record €225 million fine received from Ireland’s data privacy watchdog for severe and serious infringements of the EU General Data Protection Regulation.

The European Data Protection Board adopted a statement on legislative proposals forming part of Europe’s digital and data strategies. These include a Regulation on a European approach for AI. The EDPB is concerned that, without further amendments, the proposals will negatively impact the fundamental rights and freedoms of individuals and lead to significant legal uncertainty that would undermine both the existing and future legal framework. As such, the proposals may fail to create the conditions for innovation and economic growth envisaged by the proposals themselves. The European Commission previously announced that it was investing nearly €2 billion to bolster Europe’s technological sovereignty and bring digital solutions to market for the benefit of citizens, public administrations, and businesses.

Luke Jackson from our dedicated Technology & Digital Group has been discussing why IP and AI will be integral to the factory of the future and explains who really owns the clever data.

…and in other news

El Salvador’s president plans to build a Bitcoin city at the base of a volcano, with the cryptocurrency used to fund the project. The country recently became the first to introduce Bitcoin as legal tender. In contrast, India appears to be on the verge of banning private cryptocurrencies ahead of its central bank launching an official digital currency.

Cosmetics retailer Lush announced that its global brand will be turning its back on Instagram, Facebook, TikTok and Snapchat, until the platforms take action to provide a safer environment for users. The company said that its resolve “has been strengthened by all the latest information from courageous whistleblowers, which clearly lays out the known harms that young people are exposed to because of the current algorithms and loose regulation of this new area of our lives”.

A number of unfortunate Tesla drivers were left ‘locked out’ of their cars after a glitch caused the supporting phone app to go offline. Those carrying the backup keycard were able to continue operating their electric vehicles.

Manchester City suspended its partnership with 3Key Technologies just days after announcing the deal. This development comes after concerns were raised over the legitimacy of the company, a “decentralised finance trading analysis” partner with seemingly zero digital footprint. In the same week FC Barcelona cancelled its partnership with NFT marketplace Ownix after a consultant linked to the company was arrested. Both perhaps represent a timely reminder of the importance of thorough due diligence to businesses seeking to get ahead of the curve with crypto-partnerships.

British electric truck company Tevva announced that it has secured $57 million in funding to put electric and hydrogen trucks on the road in 2022. First deliveries of its third-generation vehicle are scheduled from Q3 2022 to address the immediate industry need to electrify.

In a wide-ranging speech following the COP26 summit in Glasgow, the Prime Minister set the ambition that the UK will aim to build the first general purpose quantum computer, and secure fifty percent of the global quantum computing market by 2040: “…if we could perfect it there are so many problems we could solve: including how to turn nitrogen into fertiliser and feed the world without creating so much C02”.

And finally, in a sign of the times, NFT or non-fungible token is Collins Dictionary’s word of the year. “Crypto” and “metaverse” also made it onto the list of new words.

Technology & Digital round-up – 12 November 2021

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers the Supreme Court’s landmark decision in the Lloyd v Google mass data breach case, the government’s consultation on AI and IP, social media influencers, and much more. Get in touch with one of our experts below if you have any queries or need advice or assistance.

The legal part…

In a welcome development for data controllers, the Supreme Court delivered its much-anticipated judgment in the Lloyd v Google mass data breach case. Google appealed a Court of Appeal decision giving the go-ahead for a representative action brought by Lloyd on his own behalf and that of an estimated class of 4.4 million Apple iPhone users. The compensation claim concerned damage allegedly suffered as a result of unlawful processing of their personal data in breach of the (old) Data Protection Act. Lloyd sought a uniform sum of damages for each individual, without having to investigate their individual circumstances. The Court of Appeal decided that a claimant could recover damages for mere loss of control of their data under the Act, without proving financial loss or distress. The Supreme Court unanimously reversed the decision, allowing Google’s appeal. It held that “damage” under the Act referred to material damage (such as financial loss) or mental distress distinct from, and caused by, unlawful processing – i.e. not to the unlawful processing itself. To recover compensation under the Act, it was also necessary to prove what unlawful processing occurred in relation to each individual. The case is also of interest in relation to UK class actions generally. See our briefing on the decision and its practical implications.

In related news, the High Court dismissed a “speculative” claim for, among other things, damages for misuse of confidential information and breaches of data protection law and ordered the claimants to pay costs on the indemnity basis. The defendants had mistakenly emailed a demand for payment of school fees to the wrong recipient who promptly deleted the message. The court found that there was nothing especially personal about the information and it was a single breach that was quickly remedied. There was no credible case that distress or damage over a de minimis threshold would be proved.

As part of its UK Innovation Strategy, the government is consulting until 7 January 2022 on how the copyright and patent system should deal with AI. With AI playing an increasing role in both technical innovation and artistic creativity, the government says that patents and copyright must provide the right incentives to AI development and innovation, while continuing to promote human creativity and innovation. The consultation follows on from an earlier call for views on AI and intellectual property and focuses on the following specific areas: copyright protection for computer-generated works without a human author; licensing or exceptions to copyright for text and data mining, which is often significant in AI use and development; and patent protection for AI-devised inventions.

Ryan Doodson, Associate in our Commercial and Technology team, looked at the common questions and deliberations that every brand should consider in social media influencer partnerships, and offered his practical advice. You can read Ryan’s briefing here. In related news, companies are accused of using social media influencers to entice young people to try nicotine products – see this report.

The Financial Conduct Authority’s Chief Data, Information and Intelligence Officer gave a speech on drivers of change in the financial services industry and how the FCA is responding. Among other things, she talked about how fraudsters and scammers are benefitting from new technologies and cited cryptocurrencies as an example. According to recent surveys, more than half of people investing in high risk products say that hype on social media and the news drove their decisions. Influencers on Youtube, Instagram and TikTok are having a growing impact on younger investors in particular.

The trade union Prospect is calling for stronger regulation of the use of monitoring technology by employers after survey results suggested electronic monitoring of home workers by companies is rising sharply – see this news report. According to a related news story, a report by a group of MPs and peers says that monitoring of workers and setting performance targets through algorithms is damaging employees’ mental health and needs to be controlled by new legislation. The ICO recently consulted on updating its existing employment practices code, including practical new guidance on monitoring of workers.

The European Commission adopted new rules to strengthen the cybersecurity of wireless devices and products available on the European market. They will cover devices such as mobile phones, tablets and other products capable of communicating over the internet; toys and childcare equipment such as baby monitors; as well as a range of wearable equipment such as smart watches or fitness trackers. Provided the European Council and Parliament do not raise any objections, the rules will come into force after a two-month scrutiny period. Manufacturers will then have a transition period of 30 months to start adapting relevant products and complying with the new legal requirements which are expected to apply as of mid-2024.

It was reported that Yahoo has become the latest US tech company to end its presence in mainland China after the imposition of tougher regulations in the country. One of these is the Personal Information Protection Law which came into effect on 1 November 2021. The new law has many similarities to GDPR. Like GDPR, it has extra-territorial effect, which means it applies to processing outside China of personal information of individuals within China, including where the purpose is to provide products or services or to analyse and evaluate individuals’ activities. Such processors are required to establish a special agency or designate a representative within the territory. Among other things, there are strict requirements in relation to data localisation and cross-border transfers. Fines of up to 5% of annual turnover or RMB 50 million can be imposed for non-compliance. Affected companies should review their data flows and practices accordingly.

We looked at issues surrounding defamation in today’s digital world and explained how our specialists can help.

…and in other news

Walker Morris announced the launch of its dedicated Factory of the Future microsite, specially developed to provide advice and expertise that manufacturers need to leverage the benefits of smart technology and embrace robot revolutions. You can access the microsite here.

UK Research and Innovation announced £50 million in funding for UK quantum industrial projects, including a green tech project to develop quantum technology to detect gas leaks – critical for the safe rollout of hydrogen as a widely used energy source in the domestic, industrial and transportation sectors. The announcement came as the UK and USA signed a new joint statement of intent to boost collaboration on quantum science and technologies.

HM Treasury and the Bank of England published a statement setting out next steps on the exploration of a UK Central Bank Digital Currency. It would be a new form of digital money issued by the Bank of England for use by households and businesses and would exist alongside cash and bank deposits. A consultation will be launched in 2022.

Tesla CEO Elon Musk carried out a Twitter poll asking whether he should sell 10% of his shares in the company in order to pay tax, with the share price falling after 58% of respondents answered “yes”. He has since sold $5 billion of shares, although the sale of about a fifth of those was made based on a pre-arranged trading plan.

The government published its response to the International Trade Committee’s report on digital trade and data. It says that a key strategic priority is to expand the UK’s digital trade in the Asia Pacific region where technological innovation and the digital economy are growing rapidly. The Board of Trade aims to set out a digital trade strategy and recommendations before the end of the year. As new free trade agreements are concluded, the government will continue to publish materials that aid understanding of what has been agreed and its implications including, where relevant, on data protection issues and source code provisions.

Facebook’s newly re-branded parent company Meta announced that, in the coming weeks, it will shut down the Face Recognition system on Facebook as part of a company-wide move to limit the use of facial recognition in its products.

It was reported that New York’s next mayor wants to receive his first three paycheques in Bitcoin, as he signals his intention to make New York the “centre of the cryptocurrency industry”.

Facebook whistleblower Frances Haugen has told MEPs that the EU’s future Digital Services Act can set the global standards in transparency, oversight and enforcement. See the press release.

Amazon, Facebook, Google and eBay responded to a request by the Chair of the Treasury Committee to provide further information on the policies they have in place to combat economic crime, prevent fraud and protect consumers. Four more tech giants – Microsoft, Twitter, Snapchat and TikTok – have since also been asked for information on their policies. The Committee wants the government to include fraudulent advertisements within the scope of the Online Safety Bill. The draft Bill is currently undergoing pre-legislative scrutiny by a special joint committee which is due to report on its findings by 10 December 2021. The government recently responded to the House of Lords Communication Committee’s report on Freedom of Expression in the Digital Age, including in relation to the draft Bill.

In related news, the Culture Secretary warned that tech bosses could face criminal cases over online harm, saying in her evidence to the joint committee: “I think my advice to people like Mark Zuckerberg, Nick Clegg and others who want to take off into the metaverse would be to stay in the real world. This Bill will be an Act very soon. It is the algorithms that do the harm. The Act will be there, and they will be accountable to the Act”.

And finally, the chief executive of chip firm Arm warned that Christmas shoppers who have not already bought all their devices may not get them in time, describing the mismatch between supply and demand as “the most extreme” he has ever seen. See this news report.

Technology & Digital round-up – 29 October 2021

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. This edition covers Facebook going Meta, smart doorbells, developments from the CMA and more. Get in touch with one of our experts below if you have any queries or need advice or assistance.

The legal part…

The County Court upheld a claimant’s claims for harassment and breach of the Data Protection Act 2018 arising out of her neighbour’s use of security cameras, including a smart doorbell, at and around his property. Among other things, the judge found that the extent of the devices’ audio range could not be said to be reasonable for the purpose for which they were used, i.e. crime prevention. See this news report. While the higher courts are not bound by County Court decisions, the case is nevertheless of interest for its consideration of the privacy issues surrounding this type of smart technology.

The European Commission is consulting until 10 January 2022 on adapting the civil liability rules in relation to products and services to the digital age and circular economy. The initiative is part of a staged approach to developing an “ecosystem of trust” for artificial intelligence (AI).

Meanwhile, the Information Commissioner’s Office is consulting until 1 December 2021 on a beta version of its AI and data protection risk toolkit which is designed to assist risk practitioners to identify and mitigate risks to data protection that AI systems that process personal information create or exacerbate.

The US Treasury Department’s Office of Foreign Assets Control, which administers US sanctions, published guidance to promote sanctions compliance in the virtual currency industry. The Treasury noted in its press release that, as ransomware attacks have increased in recent years, so has the number of ransomware payments, which have been typically paid through virtual currency.

The CityUK is calling on the government to set a clear framework to boost the UK’s leadership in sustainable digital finance. It wants to ensure that environmental, social and governance (ESG) issues are considered in all new fintech legislative and regulatory initiatives to mitigate risks and avoid unintended adoption barriers.

The Deputy Governor for Financial Stability at the Bank of England (BoE) gave a speech on the impact of cryptoassets on the stability of the UK’s financial system. Among other things, he said that bringing the crypto world effectively within the regulatory perimeter will help ensure that the potentially very large benefits of the application of this technology to finance can flourish in a sustainable way, and the work already begun by regulators globally needs to be pursued as a matter of urgency.

The Competition and Markets Authority (CMA) published Compliance Principles for anti-virus software businesses that use auto-renewing contracts in the UK. It also fined Facebook £50.5 million for breaching an order imposed by the CMA during its investigation into Facebook’s purchase of online database and search engine Giphy. See the press release.

…and in other news

Shanghai-based Envision, owner of the UK’s battery ‘gigafactory’ in Sunderland, has big expansion plans for the plant as the demand for electric cars soars. The news comes in the same week that Tesla’s valuation exceeded $1 trillion for the first time following a bumper deal for electric cars with rental company Hertz.

The BoE published the minutes of the Artificial Intelligence Public-Private Forum (AIPPF) which took place on 1 October 2021. The BoE and Financial Conduct Authority (FCA) launched the AIPPF to help them better understand the impact of AI and machine learning on financial services. They will be thinking about what future engagement with the financial industry more broadly could look like in light of the lessons learned through the AIPPF.

The BoE also published the minutes of the first meeting of the CBDC (Central Bank Digital Currency) Technology Forum, which will have an important role to play in helping the BoE to understand the views of expert stakeholders on the technological challenges of designing, implementing and operating a CBDC.

It was reported that the UK’s spy agencies have given a contract to US firm Amazon Web Services to host classified material in a deal aimed at boosting the use of data analytics and AI for espionage.

Twitter is looking into an apparent bias in its algorithm after its own research suggested that it amplifies tweets from right-leaning political parties and news outlets more than from the left. See this news report.

From 18 to 21 October 2021, the FCA ran a Sustainability TechSprint aimed at promoting new solutions and proof of concepts to some of the challenges faced by regulators in the area of ESG data and disclosure. See this link.

Facebook announced that it is planning to create 10,000 new high-skilled jobs within the EU over the next five years as it works with others to develop the ‘metaverse’ – a new phase of interconnected virtual experiences using technologies like virtual and augmented reality. See this explainer for more information on the metaverse concept. This transpired to be a prelude to the announcement the company would be rebranding as ‘Meta’, news that prompted a mixed reaction.

Facebook has undergone scrutiny after former employee Frances Haugen released tens of thousands of internal documents and testified before US senators. Earlier this week, she appealed to UK MPs to pass legislation that does more to regulate how big tech companies operate.

Technology & Digital round-up – 15 October 2021

Welcome to our latest round-up of legal and non-legal tech-related news stories. Though Facebook’s outage […]

Welcome to our latest round-up of legal and non-legal tech-related news stories. Though Facebook’s outage dominated much of the recent mainstream outlets, this edition also covers data privacy reform, legal action considering the use of Uber’s driver face-scanning software, Twitch’s data leak and much more. Get in touch with one of our experts below if you have any queries or need advice or assistance.

The legal part…

The Information Commissioner’s Office (ICO) published its response to the government’s consultation on data protection and e-privacy reform. The Commissioner notes that digital technologies are one of the engines driving the UK’s economic growth, with the pace and scale of innovation meaning the data landscape has changed significantly since the Data Protection Act 2018 was passed. Supporting the review and the intent behind it, she says it is important government ensures the UK is fit for the future and able to play a leading role in the global digital economy, and that the final reform package clearly maintains rights for individuals, minimises burdens for business and safeguards the independence of the regulator. On that note, the Commissioner voices strong concerns over some of the proposals which she sees as a risk to regulatory independence, such as the Secretary of State approving ICO guidance.

The ICO’s Data Sharing Code of Practice came into force on 5 October 2021. It contains practical guidance for organisations on how to share personal data in compliance with the law.

The ICO’s consultation on its updated draft guidance on anonymisation, pseudonymisation and privacy enhancing technologies closes on 28 November 2021. A formal consultation on the full draft guidance is expected in the autumn.

Luke Jackson, Senior Associate in our Technology & Digital Group, explains how to avoid disputes when contracting for technology and how to manage them if they do occur. See this link.

A legal case has been launched on behalf of more than a million people whose confidential medical records were obtained by Google’s artificial intelligence firm DeepMind in 2015, to address public concerns about the use of private health data by tech firms. This is an example of an opt-out representative action, where a representative claims on behalf of themselves and a class of (potentially millions of) individuals who do not have to opt in to the litigation. It is hoped that the Supreme Court’s upcoming decision on whether the Lloyd v Google case can go ahead will provide clarity in relation to this type of claim and the recoverable damages (see our earlier briefing on the Court of Appeal’s decision in this case). For details on data breach litigation and how organisations can protect themselves, please click here.

An Uber driver who lost his job when automated face-scanning software failed to recognise him is accusing the firm of indirect race discrimination in a legal test case. See this news report.

The Competition and Markets Authority (CMA) responded to the government’s consultation on a new pro-competition regime for digital markets. The CMA strongly supports the proposals. There is concern that some large and powerful digital firms are exhibiting signs of entrenched market power in digital markets, enabling them to stifle competition. The CMA says this is leading to a worse deal for consumers and businesses and is inhibiting innovation and growth in the UK economy.

In pleading guilty to breaches of the Money Laundering Regulations 2007 (MLR), NatWest acknowledged that operational failures, including weaknesses in automated monitoring systems, meant that it failed to prevent the money laundering of £400 million – see this news report. This is the first criminal prosecution under the MLR by the Financial Conduct Authority.

And finally, Alan Harper – Director in our Intellectual Property Team – looks at the three most burning aspects of copyright disputes.

…and in other news

In our recently published International Trade report, Made for Trade, we take a look at the commonalities between UK and US manufacturers, explore the challenges and opportunities they face and investigate how sharing knowledge can help drive further growth. We found that manufacturers are planning extensive tech investment but skills are holding them back. 76% of respondents plan to invest in operational technology, while 63% say a lack of in-house knowledge hinders tech investment. Click here to download your free copy and here to sign up for our upcoming webinar.

In a speech marking her first year in the post, the CEO of the National Cyber Security Centre (NCSC) issued a warning that ransomware is the most immediate cyber security threat to UK business. In related news, Scottish engineering firm Weir was hit by a major ransomware attack, costing the company an estimated £5 million and forcing it to delay shipments worth more than £50 million in revenue.

The NCSC published updated guidance on enabling your staff to use their own devices for work.

It was reported that Intel, the world’s largest maker of semiconductors, is no longer considering the UK as the site to build a major new microchip factory, looking to EU countries instead. The report says that the company is hoping to secure subsidies from governments in the US and Europe on the basis that dependency on Asia for microchips could threaten their national security. A global shortage of semiconductors is currently affecting the supply chains of all kinds of goods.

Google Cloud will provide users with custom carbon footprint reports detailing the carbon emissions their cloud usage generates. See our recent briefing for details and practical advice on complying with environmental, social and governance reporting requirements.

The Green Finance Institute launched a ‘Lender’s handbook on green home technologies’ – a comprehensive guide to inform financial institutions and industry about retrofit technologies and funding options.

Livestreaming site Twitch blamed a server error for a massive leak of sensitive data online. It said that some data was exposed to the internet due to an error in a server configuration change that was subsequently accessed by a malicious third party. Meanwhile, Facebook blamed a routine maintenance job for the recent global outage of its platforms.

The Chair of the Treasury Committee has written to tech giants Google, eBay, Facebook and Amazon with a series of questions relating to their policies and actions to combat economic crime, prevent fraud, and protect consumers.

Sticking with Big Tech, Amazon recently opened its first UK non-food store. As the report explains, the store in Kent will be the first 4-star store (every item has been given more than four stars by customers) outside the US. Digital price tags will be used to ensure the prices are the same in-store and online, and customers will be able to collect online orders and return items without the need for packaging and labels.

Walker Morris has become an early adopter in the UK legal market of the fast-growing verification software platform, Atticus. This is part of a planned programme of IT investments aimed at improving internal efficiencies and delivering a better client experience for our national and international client base.

Technology & Digital round-up – 30 September 2021

Welcome to the first edition of our Technology & Digital round-up, giving you a flavour […]

Welcome to the first edition of our Technology & Digital round-up, giving you a flavour of recent legal and other developments of interest. Please contact one of our experts if you have any queries or need advice or assistance.

The legal part…

Unlocking the power of data is one of the government’s 10 Tech Priorities. As part of its post-Brexit global data plans, it is consulting until 19 November 2021 on wide-ranging reform of the UK’s data protection and e-privacy regimes. It wants to maintain high data protection standards without creating unnecessary barriers to responsible data use. The proposals are likely to be welcomed by businesses. Importantly, the consultation paper says that the UK’s future regime will not require organisations to change many of their current processes if they already operate effectively, but it will provide the flexibility to do so if other processes can deliver the same or better outcomes in more innovative and efficient ways. The government believes it is perfectly possible and reasonable to expect the UK to maintain EU adequacy (ensuring the continued free flow of data between the UK and EU) as it begins a dialogue about the future and moves to implement any reforms. It remains to be seen whether the European Commission, which can withdraw the UK’s newly-granted adequacy status at any time, shares that view.

The Information Commissioner’s Office (ICO) is consulting until 7 October 2021 on its draft international data transfer agreement and guidance. This will replace the current standard contractual clauses (SCCs) for transferring personal data outside of the UK in the absence of relevant adequacy arrangements. As with the new European SCCs adopted in June 2021 (see our earlier briefing) the UK’s draft caters for a wider range of transfer scenarios to reflect the reality of today’s complex data sharing relationships and sets out additional obligations to address the shortcomings raised in the Schrems II decision. A proposed addendum to model data transfer agreements from other jurisdictions provides a potential practical solution for businesses subject to more than one regime that might otherwise have to enter into two different sets of SCCs.

As ways of working change and the role of technology increases, the ICO is consulting until 21 October 2021 on updating its employment practices guidance. See our recent briefing for details.

We Buy Any Car, Sports Direct and Saga were fined a total of £495,000 for sending more than 354 million nuisance messages between them, in breach of the Privacy and Electronic Communications Regulations (PECR). One of the government’s proposed e-privacy reforms is to increase the maximum PECR fine of £500,000 to match the much higher amounts under the UK General Data Protection Regulation.

WhatsApp received a record €225 million fine from Ireland’s data privacy watchdog for severe and serious infringements of the EU General Data Protection Regulation. The initial proposed figure reportedly ranging from €30 to €50 million was rejected by eight data regulators in other EU countries and the European Data Protection Board made a binding ruling which the Irish regulator must now enforce. WhatsApp indicated its intention to appeal.

In a decision which will have significant practical implications, the European Court of Justice (ECJ) recently concluded in The Software Incubator Ltd v Computer Associates (UK) Ltd that the concept of ‘sale of goods’ in the EU’s Commercial Agents Directive must be interpreted as meaning that it can cover the supply, in return for payment of a fee, of computer software to a customer by electronic means where that supply is accompanied by the grant of a perpetual licence to use that software. The Court of Appeal had previously held that software was not goods for the purposes of the UK’s Commercial Agency Regulations and the Supreme Court made a referral to the ECJ. See our briefing for details.

The Commercial Court’s recent decision in Fetch.ai v Persons Unknown has reinforced the status of England and Wales as a leading jurisdiction for the prosecution and resolution of cyber fraud cases. Hackers gained access to private keys associated with cryptocurrency accounts held by the claimant at the Binance cryptocurrency exchange. They removed cryptocurrency from the accounts and sold it on at a massive undervalue, apparently to co-conspirators, causing loss of some $2.6 million to the claimant. The claimant applied for, and was granted, a proprietary injunction, a worldwide freezing order and disclosure orders requiring third parties to provide information to assist in tracing the assets. See our recent briefing on combatting cyber fraud and practical advice for businesses.

The US sanctioned a Czechia-based cryptocurrency exchange for allegedly facilitating proceeds from multiple ransomware gangs. See this news report. It also issued an updated advisory on potential sanctions risks for facilitating ransomware payments. See our recent briefing for more information on sanctions.

The High Court’s recent decision in Darren Lee Warren v DSG Retail Ltd confirmed that the courts will take a narrow view of data breach claims brought in breach of confidence, misuse of private information and negligence.

The Court of Appeal has ruled that AI cannot be the inventor of a patent. See this news report.

The ICO’s Children’s Code came fully into force on 2 September 2021. It contains 15 standards that online services (including apps, games, connected toys and devices, and news services) need to follow to comply with their obligations under data protection law to protect children’s data online.

…and in other news

In one of her first appearances as the newly-appointed Secretary of State for International Trade, Anne-Marie Trevelyan announced a five-point plan for digital trade in a speech during London Tech Week, aimed at reducing costs for British businesses, cutting red tape and shoring up data protection.

The government launched its first National AI Strategy – a new ten-year plan to make the UK ‘a global AI superpower’. It includes plans for a White Paper on AI regulation.

The European Commission published its proposed ‘Path to the Digital Decade’, a concrete plan to achieve the digital transformation of its society and economy by 2030. The Commission’s Digital Decade targets are centred on digital skills, digital infrastructures, digitalisation of businesses and public services.

Non-governmental organisation Global Witness is calling on the Equality and Human Rights Commission and the ICO to investigate whether the algorithms used to promote job ads infringe equality and data protection laws, after it found that Facebook users in the UK may be excluded from viewing job ads based on protected characteristics, such as gender and age.

Following the creation of a joint Bank of England/HM Treasury Central Bank Digital Currency (CBDC) taskforce and subsequent discussion paper on new forms of digital money, plus the rise of cryptocurrency as an increasingly possible mainstream form of payment, UK Finance published a report ‘Retail CBDC – A threat or opportunity for the payments industry?’ which concludes that there are a range of significant issues beyond technology that central banks will have to grapple with. The authors expect sustainability to be a key consideration, both around the use of energy of some cryptocurrencies, but also the potential power of CBDC to boost greener behaviour. In related news, the Lords Economic Affairs Committee launched a CBDC inquiry.

Protesters recently took to the streets of El Salvador after the country became the first to introduce Bitcoin as a legal tender, alongside the US dollar; and recently reported research found that Bitcoin mining produces electronic waste annually comparable to the small IT equipment waste of a place like the Netherlands. Meanwhile, China declared all cryptocurrency transactions illegal (again).

An incident in which a collector bought a fake Banksy NFT (non-fungible token) has highlighted the vulnerabilities of NFT trading. In related news, an NFT-based fantasy football card firm has raised $680 million and an image of a popular internet meme sold as an NFT for about $74,000. Head of our Technology & Digital Group, Sally Mewies, took part in a recent techUK podcast in which the panellists discuss NFTs and how they may move beyond these types of news stories and emerge in the UK as a key technology to support smart contracting, e-commerce and supply chains.

In a bold move, Microsoft announced that users can now delete all passwords from their accounts and instead log in using an authenticator app or other solution.

Leeds Digital Festival kicked off on 20 September 2021, with Walker Morris proudly sponsoring the event that is now one of the UK’s largest tech gatherings. As part of the festivities, Walker Morris hosted a panel discussion titled ‘Funding the Unicorn’, where experts provided their top tips for startups looking to grow: a summary of those insights can be found here.

Funding the Unicorn – capturing our top tips

Following on from our #WMTechTalk series, we recently held a panel discussion exploring funding challenges […]

Following on from our #WMTechTalk series, we recently held a panel discussion exploring funding challenges for tech start-ups as part of Leeds Digital Festival. Our panel provided their top tips for getting your business ready for funding and discussing the potential pitfalls to be aware of when raising capital in a fast growth company. Here are the highlights:

Vision and conviction is everything

The resounding message from the investors on our panel was that consistently the businesses they saw as being the most successful were the ones with founders with a crystal clear vision of where their business was heading and an unwavering conviction to see that through. A strong and thought-out vision will help to keep the business on track in difficult times (which will invariably occur) and make the right choices when change strikes. Accepting that circumstances change and being able to adapt accordingly is essential to success.

Get the best people…

To paraphrase one of our panellists , “taking a business to £1 – £5m is relatively easy, as the founder can control every facet. Taking the business beyond that, where you can no longer micro-manage every detail, is where it gets challenging”. Successful delegation is essential and it is fundamental that a founder has the right people around them as early as possible. Many nascent businesses find comfort in having people they know in the business but not striving to get genuine experts in the field can hurt them in the long run. Identify any weaknesses and be ruthless in bringing in the very best people.

… And empower and enfranchise them

Make sure the other people in the business are aware of the founder’s vision and working towards the same goal. Find people who share the same passion and consider giving employees shares so that everyone has a stake in the success of the venture.

Be attractive to the investor

Our investors underlined that the factors they will take into account include:

Is the business solving a genuine problem?
How scalable is the business?
What is the management team like – do they have vision and conviction?
Can we work with the people in the business in the medium term?
Is there a model for commercial returns that will work for both parties?

Pick the right investor

Make sure the potential funder meets the criteria your business needs. If you have a five year exit plan, and your funder is envisaging a return in 36 months, clearly there is a misalignment and the relationship will just not work. What can your funder offer beyond a financial investment? Look into who their other investments are and challenge them on the network they can introduce you to.

Take advice (at the right time)

Seeking professional advisors comes with a cost and there is an understandable temptation for a start-up to hold off from incurring that expense for as long as possible. But, ultimately equity in a business is an asset and this should not be forgotten. Experienced advisors have been there and done it, speak to your professional advisors, mentors or other founders before diluting your stake in the business.

Learn more about our #WMTechTalk series here.

Must attend events – Leeds Digital Festival 2021

We’re really excited to be hosting our first ever Leeds Digital event. We’ve assembled a […]

We’re really excited to be hosting our first ever Leeds Digital event. We’ve assembled a team of industry superheroes to discuss venture capital funding for technology businesses – and we’ll be hosting drinks, pizza and networking afterwards. If you want to join us, you can sign up here.

In the meantime, we’ve been busy reading the Festival programme and choosing the events we’ll be attending ourselves. The five we’re particularly looking forward to are:

1. NFTreasure Hunt (Hosted by Journey Further) – we’ll be joining other attendees hunting for QR codes we can scan to create NFTs. What form will the NFTs take? We don’t know – but we have our digital wallets at the ready!

2. Leeds Digital Festival Lightning Talks (Hosted by Northcoders) – Northcoders members delivering quick fire talks on an area of technology that excites them. The Northcoders guys are right at the cutting edge, so we know we’ll be learning something fascinating.

3. ASDA’s Transformation Digital Journey to Enable its Future (Hosted by ASDA) – we’ll be learning – and marvelling – about how this retail powerhouse is delivering one of the biggest IT transformations taking place right now.

4. The Leeds-born tech that’s reshaping the CX game (Hosted by Force24) – we’re so lucky in Leeds to be surrounded by cutting-edge platform providers. ResearchBods, Hyper and Force24 are all going to share their journeys – and we’ll have the chance to network with them afterwards in the Sheaf St bar.

5. Building Great Products – Insights from Berlin’s tech scene (Hosted by Amsource) – ByProduct is a Berlin-based community of Product Leaders. We think hearing about how they’ve developed software start-ups into globally recognisable brands will be inspiring.

We can’t wait to take part – and are thrilled to be hosting an event among all these tech superstars. If you’re a tech superstar – current or future – looking for funding, we’d love to see you at our event ‘Funding the Unicorn’! Learn from industry experts and eat pizza! It’s at 5pm on 23 September, sign up here.

Funding the unicorn – Leeds Digital Festival 2021

Thursday 23 September 2021 5:00 – 6.00pm Panel discussion 6:00 – 8:00pm Food & drink […]

Thursday 23 September 2021

5:00 – 6.00pm Panel discussion
6:00 – 8:00pm Food & drink networking

Walker Morris LLP
33 Wellington Street, Leeds, LS1 4DL

Click here to register for this event

Get the inside track on how to raise funding and make your business attractive to potential investors.

The session will be introduced by our Head of Technology & Digital, Sally Mewies, and feature a panel discussion between those that have been there and done it, providing their top tips for getting your business ready for funding and discussing the potential pitfalls to be aware of when raising capital in a fast growth company.

The panel will consist of industry experts from a range of advisory, investment and business backgrounds, including:

Chris Boyes – Chris is an investor at BGF, covering the Yorkshire and North East region. After joining BGF in 2013, Chris has led a number of tech investments across the region including most recently, Datum360. BGF are experienced tech investors, having invested over £700m into more than 100 UK TMT businesses over the last decade.

Michael O’Halloran – Mike is a senior lawyer in Walker Morris’ corporate team, whose experience in the venture capital space includes advising on numerous financing rounds for fast-growth start-ups in Leeds, London and Singapore (both company and investor side), advising Walmart on its acquisition of the Indian unicorn Flipkart and advising Facebook on its investment into GoPay, the subsidiary of the Indonesian unicorn GoJek.

Vin Chinnaraja – Vin is a seed investor in tech & media start-ups, having built and sold one of the top digital agencies in the UK to a PLC. Vin takes an active role in the investments that he makes advising on commercial strategy to create high value and highly desirable businesses. He is currently invested in a number of local start-ups including Hark and Connective3.

Paul Southern – Paul is a retired partner in PwC, having established and led the corporate finance team in the regions, during his many years at the firm. Paul subsequently joined the board of The Binding Site (VC backed and originally a small buyout from Birmingham University), where he led the sale of Unicorn TBS’ auto-immune business to a Spanish buyer for $125 million and led the sale of the rest of the business to Nordic Ventures in 2011. Under Nordic Ventures ownership, TBS is now valued at well over a £1 billion. Paul continues to give corporate finance advice through his company, Woodside, and is involved in a variety of deals including fund raising.

Following the discussion, you will be able to mingle with our panel, as well as other guests and members of our firm, over complementary drinks and artisan pizza in our private outdoor courtyard.

Ground-breaking Digital Dispute Resolution Rules published

Newly published Digital Dispute Resolution Rules offer a bespoke, streamlined arbitration procedure aimed at facilitating […]

Newly published Digital Dispute Resolution Rules offer a bespoke, streamlined arbitration procedure aimed at facilitating the rapid and cost-effective resolution of commercial disputes, particularly those involving novel digital technologies such as cryptoassets, cryptocurrency, smart contracts, distributed ledger technology, and fintech applications. Luke Jackson and Louise Norbury-Robinson from our Technology & Digital Group summarise the key features of these ground-breaking, innovative rules.

WM Comment

This is not the first time the UK Jurisdiction Taskforce [1] has broken the mould when it comes to recognising the importance of the successful development and use of new technologies. In November 2019, it published the first statement on the legal status of cryptoassets and smart contracts. That statement, and these new rules, underline the suitability and attractiveness of English law and jurisdiction for the resolution of commercial disputes involving digital technologies. It will be interesting to see how the rules are received as new technologies continue to evolve and their application increases and diversifies.

How do the rules work?

Parties must agree to them in writing, either before a dispute has arisen or afterwards. The rules provide suggested wording for incorporation into a contract, digital asset (such as a cryptoasset, digital token, smart contract or other digital or coded representation of an asset or transaction) or digital asset system.
Maximum flexibility is key. Parties can specify:
- whether any particular issue or type of dispute should be resolved by expert determination instead of arbitration (arbitration is the default and note that parties who use these rules are not litigating under the court system) [2];
- any preferences as to number, identity or qualifications of appointed arbitrators or experts;
- any preferences as to procedure, including form and timing of any decision or arbitral award, recoverable costs and anonymity;
- any modifications to the application or operation of the rules.
The tribunal (the arbitrator or expert, or panel of arbitrators or experts) is appointed by the Society for Computers and Law.
Unless the parties specify otherwise, the tribunal will use its best endeavours to determine the dispute within 30 days. This is quicker than some of the expedited procedures available at arbitral institutions.
No party has the right to an oral hearing, and the tribunal may determine the dispute on the basis of written submissions only.
A party can rely on on-chain evidence and the tribunal decides how much weight to place on it.
The tribunal’s decision or award is final and binding, and rights of appeal or challenge are limited.
Decisions can be implemented directly on-chain using a private key.
Unless agreed otherwise, disputes will be resolved in accordance with English law.
The rules can be applied to any dispute subject matter.
The outcome of any “automatic dispute resolution process” is legally binding on the parties [3]. This means a process associated with a digital asset that is intended to resolve a dispute by the automatic selection of a person or panel or artificial intelligence agent whose vote or decision is implemented directly within the digital asset system (e.g. peer to peer systems/voting by a community).

How we can help

Our Technology & Digital Group is a multi-disciplinary group which acts for suppliers and customers throughout the sector, and we have a large team of specialists experienced in all aspects of commercial dispute resolution. Please get in touch with Luke or Louise if you need any assistance or advice on drafting, dispute resolution options or strategy, including the possibility of using the new rules.

Click here to watch our recent webinar on avoiding and managing disputes in tech contracts.

[1] One of six taskforces of the Lawtech Delivery Panel (now the Lawtech UK Panel), launched in 2018 to support and accelerate the development and adoption of innovative new legal technologies.

[2] Arbitration generally can be an attractive alternative to court litigation as a formal method of resolving commercial disputes and is the method of choice for resolving cross-border disputes. It is also unaffected by Brexit. Arbitration is an inherently flexible process and parties choose to arbitrate in England for a variety of reasons, including confidence in English law developed through the common law; the renowned arbitration-friendly approach of the English courts (including a proven track record of enforcing arbitral awards); a supportive national arbitration law (the Arbitration Act 1996); and the availability of high-quality professionals.

[3] Including, in relation to a digital asset, a person who has digitally signed that asset or who claims to own or control it through possession or knowledge of a digital key.

Webinar recording: #WMTechTalk Avoiding/Managing disputes in tech contracts

All disputes can be challenging and disruptive for businesses, but disputes in Tech contracts can […]

All disputes can be challenging and disruptive for businesses, but disputes in Tech contracts can be particularly problematic for both the supplier and customer. There are many reasons for this, but a misunderstanding around functionality of the technology product is a key cause. Customers are often buying solutions that either have too much or too little functionality for their needs. Licensing models and metrics for large solutions are often complicated and hard to understand. It is very common for businesses to find themselves under licensed on key systems and this may only be picked up on an audit after many years of use.

Our Technology & Digital Team recently held a webinar discussion looking at key clauses in technology contracts that are important both to avoid a dispute and if a dispute arises. They discussed the best ways to protect a party’s position in the event of a dispute, and gave some guidance for under licensing claims with top tips for avoiding and managing disputes effectively.

Watch the webinar here:

Visit our #WMTechTalk hub for other useful content covering some of the crucial tech and legal issues our clients encounter.

#WMTechTalk webinar series

Welcome to our #WMTechTalk. Hosted by our Technology & Digital Team this series of webinars […]

Welcome to our #WMTechTalk. Hosted by our Technology & Digital Team this series of webinars tackles some of the crucial tech and legal issues our clients encounter in relation to the development, implementation and operation of technically innovative services and products and artificial intelligence (AI). For ideas on future webinar please contact one of our specialists below.

You can register for the individual webinars by clicking on the link for that webinar below.

Please contact events@walkermorris.co.uk for any queries on these events.

Avoiding/Managing disputes in tech contracts

28 April 2021, 12.00pm – 1.00pm (GMT)

CLICK HERE TO REGISTER

All disputes can be challenging and disruptive for businesses, but disputes in Tech contracts can be particularly problematic for both the supplier and customer.

There are many reasons for this, but a misunderstanding around functionality of the technology product is a key cause. Customers are often buying solutions that either have too much or too little functionality for their needs.

Licensing models and metrics for large solutions are often complicated and hard to understand. It is very common for businesses to find themselves under licensed on key systems and this may only be picked up on an audit after many years of use.

Cloud solutions bring their own challenges with complex virtual infrastructure and concerns around integrity of data.

In this Webinar, the Walker Morris Technology and Digital team will look at key clauses in technology contracts that are important both to avoid a dispute and if a dispute arises. They will talk through the best ways to protect a party’s position in the event of a dispute, and give some guidance for under licensing claims.

The Walker Morris team will give you their top tips for avoiding and managing disputes effectively and there will be lots of time for questions

Speakers:

Louise Norbury-Robinson, Senior Associate, Commercial Dispute Resolution
Luke Jackson, Senior Associate, Commercial

Previous events

Monitoring employees at home

We had already seen an increase in the number of employees working from home, but that has accelerated as a result of the Pandemic. Many employers are asking themselves, “what are my responsibilities for employees whilst working from home from a health and safety perspective?”, “Can I monitor their working practices whilst at home?” and, “Can I force them to come into the office for certain meetings or on certain days?”. Members of our HR and Data teams considered these and related issues in this webinar.

Watch the webinar here.

Intellectual property rights and AI – who owns the clever data?

Intellectual Property law inevitably lags behind the pace of technology evolution. The World Intellectual Property Organisation is consulting on how to manage Intellectual Property Rights in artificial intelligence and machine learning solutions and a recent case suggests that AI cannot register a patent as it is not a legal person. As more of these tools evolve and are deployed it is vital that businesses understand the IP risks and issues in using these tools, particularly in relation to the ownership of what they generate including data which may be commercially sensitive or critical for a business maintaining its competitive advantage. Members of our Tech and Digital team will consider the state of play in relation to IP rights in AI tools and data and discuss what the future may hold – using their own intellect not an artificial one!

Watch the webinar here.

Avoiding risk in the cloud

We continue to see an increase in businesses turning to Cloud based solutions and they are an important part of many businesses’ technology and digital strategies. Their importance has only increased as a result of the role they play in artificial intelligence solutions. Buying these services involves balancing risk and cost effectiveness. Protecting data and ensuring security is a key concern for all businesses. This webinar led by our head of Tech and Digital, Sally Mewies, will guide you through some of the risks of buying Cloud and how to mitigate them.

Watch the webinar here.

Blockchain: Smart contracts – will I have to write one?

With all the excitement around artificial intelligence and machine learning, it is easy to forget about blockchain technologies and all the potential they have in the financial services sector and supply chain. This session will go back to basics on Blockchain and how it works, and will look at the concept of a Smart Contract and consider how Smart Contracts may affect the work of lawyers and contract managers.

Watch the webinar here.

International Data Transfers Post Schrems and Post Brexit- a practical guide

This webinar gave an overview of the developments in International Data Transfers in the last six months and provide some practical guidelines and tips on how to navigate the complexity.

Watch the webinar here.

WM Video: #WMTechTalk: e-Signatures: a short guide

Our Walker Morris Technology & Digital team have a focus on cutting edge Technologies, both […]

Our Walker Morris Technology & Digital team have a focus on cutting edge Technologies, both for our clients and as a business, embracing the new Digital World around us. In this video Louise Norbury-Robinson, a Senior Associate in our Commercial Dispute Resolution Team, talks about electronic signatures, and gives you some useful and practical tips that you can put to use in an era where traditional “wet ink” signatures may be a thing of the past and the use of e-signatures are ever more prevalent and useful.

Register for the next webinar in our #WMTechTalk series ‘Avoiding/Managing disputes in tech contracts’ where the Walker Morris Technology and Digital team will look at key clauses in technology contracts that are important both to avoid a dispute and if a dispute arises.

Webinar recording: #WMTechTalk International Data Transfers Post Schrems[...]

Our #WMTechTalk series, hosted by our Technology & Digital Team, and Partner Sally Mewies, recently […]

Our #WMTechTalk series, hosted by our Technology & Digital Team, and Partner Sally Mewies, recently held a webinar with Associate Cristian Brundell which gave an overview of the developments in International Data Transfers in the last six months and provide some practical guidelines and tips on how to navigate the complexity.

Webinar recording: #WMTechTalk: Blockchain: Smart contracts – will[...]

Our #WMTechTalk series is hosted by our Technology & Digital Team, and Partner Sally Mewies […]

Our #WMTechTalk series is hosted by our Technology & Digital Team, and Partner Sally Mewies recently held a webinar discussion with Senior Associate Luke Jackson covering blockchain technologies and all the potential they have in the financial services sector and supply chain. The webinar went back to basics on Blockchain and how it works, and looked at the concept of a Smart Contract and considered how Smart Contracts may affect the work of lawyers and contract managers.

Watch the webinar here:

Webinar recording: #WMTechTalk: Avoiding risk in the cloud

Our #WMTechTalk is hosted by our Technology & Digital Team, and Partner Sally Mewies recently […]

Our #WMTechTalk is hosted by our Technology & Digital Team, and Partner Sally Mewies recently held a webinar discussion with Director Lee Crook covering the increase in businesses turning to Cloud based solutions and how they are an important part of many businesses’ technology and digital strategies. Their importance has only increased as a result of the role they play in artificial intelligence solutions. Buying these services involves balancing risk and cost effectiveness. Protecting data and ensuring security is a key concern for all businesses. This webinar will guide you through some of the risks of buying Cloud and how to mitigate them.

Watch the webinar here:

Webinar recording: WM Tech Talk: Intellectual property rights[...]

Our #WMTechTalk is hosted by our Technology & Digital Team, and Partner Sally Mewies recently […]

Our #WMTechTalk is hosted by our Technology & Digital Team, and Partner Sally Mewies recently chaired a webinar discussion with Alan Harper and Matt Lingard covering the state of play in relation to IP rights in AI tools and data and discuss what the future may hold – using their own intellect not an artificial one! They discussed how as more of these AI tools evolve and are deployed it is vital that businesses understand the IP risks and issues in using these tools, particularly in relation to the ownership of what they generate including data which may be commercially sensitive or critical for a business maintaining its competitive advantage.

Watch the webinar here:

International data transfers and new model clauses: with[...]

As organisations grapple with the reality of an impending “no deal” Brexit against the backdrop […]

As organisations grapple with the reality of an impending “no deal” Brexit against the backdrop of a continuing global pandemic, the scope of compliance obligations is far from diminishing. For many, this expansive burden is already testing internal resourcing as well as increasing the reliance on external specialist support, and coming at a time of unparalleled workforce complication and economic uncertainty. As if this environment wasn’t already challenging enough, organisations are now likely to encounter additional complexity with regard to international data transfers under data protection laws, regardless of whether those transfers are executed in an intragroup capacity or involve external parties.

This added layer of complication may come as a surprise to some. Having seen the dismantling of the Privacy Shield in the Court of Justice of the European Union’s decision in the Schrems II litigation, more clarity around the extent of the issues was given last week when the European Data Protection Board (EDPB) issued draft guidance and the European Commission (EC) issued a series of draft standard contractual clauses designed to replace the existing model. Although something of a moving target, in this update we consider where the current state of play leaves us in relation to transferring data and what action can be taken now to safeguard against non-compliance with the GDPR.

The old status quo

In the midst of the Brexit fog there was one shining light: the UK Government has stated that it will award an adequacy determination to the EU, meaning that exports of UK origin data to the bloc could continue uninterrupted. Similarly, the UK Government has indicated that it will adopt existing EU adequacy decisions so that any ongoing transfers to jurisdictions having the benefit of those decisions, can continue unimpeded. Good news – no need for extra contracts!

For other jurisdictions, exporting organisations have been navigating the regulatory framework to ensure that those transfers are compliant. Beyond the limited ad hoc derogations available under the GDPR, this has effectively resulted in a rather limited choice. For those organisations wishing to transfer data internationally in an exclusively intragroup capacity, reliance on Binding Corporate Rules (BCRs) is a possibility. However, given the cost and inherent complexity of achieving regulatory approval and implementation of such rules, the reality is that historically, in relative terms, very few organisations have followed this route. In addition, given their limited application to intragroup data transfers, this has not been a solution for transfers to external recipients.

Consequently, many firms were relying on the Privacy Shield framework for transfers of data to self-certified US-based data importers where possible, but otherwise had no choice except to rely on EC approved Standard Contractual Clauses (SCCs) in order to adduce adequate safeguards in line with the regulations. These clauses have no doubt in many cases been imperfect: being rigid in nature they have allowed for very little amendment by the contracting parties and have not catered for the types of data sharing relationships commonly relied upon by organisations. In particular, gaps in the regulatory framework meant that, in terms of contractual safeguards, there was really no accepted solution for transfers executed by data processors. These gaps, despite having been seemingly recognised and accepted by regulators, have nevertheless remained unabated for a period of some years.

The effect of Schrems II

Those familiar with the facts of Schrems II will be aware that the focus of the case centred on the use of the US Privacy Shield framework as a means of providing an adequate level of protection, specifically in the context of transfers of EU origin personal data to the US. However, with the abolition of that framework as a result of the judgment in Schrems II, this has placed added pressure on the use of contractual measures to ensure the level of protection afforded in the destination jurisdiction.

As well as finding that the Privacy Framework is not an adequate transfer mechanism, the Court also cast doubt on the use of SCCs in certain scenarios, indicating that the problem was not the transfer mechanism but the level of protection afforded in the jurisdiction to which the data is transferred. Furthermore, the court stated that it is incumbent on the data exporter to assess the level of protection offered in the destination jurisdiction to ensure that it is “essentially equivalent” to that guaranteed in the EU. The court opined that such an assessment must take into account relevant aspects of the destination jurisdiction’s legal system, including the extent of permissible access to data by public authorities under those laws. To the extent that such an assessment reveals irredeemable characteristics in the destination legal system, exporters should terminate the transfer agreement.

As a result, the decision in Schrems II has triggered a wider discussion regarding the use of SCCs and has seemingly forced the hand of legislators/advisers in the EU who are now scrambling to revise the regulatory framework/guidance, apparently with the intention of achieving this before the end of this year.

Regulatory guidance on contractual safeguards

There was surely still some hope in the minds of busy contract/outsourcing lawyers that the potential impact of Schrems II might be mitigated by some softer guidance from the regulators, after all many organisations need to transfer data to third countries (including the US) as part of their day to day businesses. But, on 10 November 2020 that bubble was burst when the EDPB released two sets of draft recommendations: one on the European Essential Guarantees for surveillance measures and another on measures that could be used to supplement data transfer tools. These recommendations are under consultation and are yet to be approved in final form, but do offer an insight into what regulators might expect of data exporters/importers in the future. Among these expectations are significantly more onerous requirements on the contracting parties, including the action points listed below. Also of interest is the EDPB’s stated view that the rationale in the Schrems II case applies equally to all contractual mechanisms, including BCRs and any ad hoc clauses approved by a relevant supervisory authority. Although, they have said that BCRs will be subject to further specific guidance.

Just a few days later on 13 November 2020, the Information Commissioner’s Office (ICO) released its own statement on the EDPB proposals. However, while many of us would have hoped for some clarity on what the ICO’s position will be, even if that amounted only to an acknowledgment that the EDPB guidance will be adopted or substantially replicated, unfortunately that was not forthcoming. In fact, the extent of the ICO’s suggestions was that “organisations should take stock of the international transfers they make, and update their practices as guidance and advice become available”. It is not yet clear what that advice or guidance might be or indeed when it might be made available, arguably leaving UK firms at a disadvantage to their European counterparts.

Then, hot on the heels of the EDPB guidance, the EC indicated that it intends to introduce new forms of SCCs to reflect the increased complexity of the technological landscape. This new form of SCCs includes modules designed to address the regulatory gaps that have plagued parties on both sides of the data transfer relationship and could be adopted by the UK in regulations applicable to post-Brexit data transfers. They will essentially cover four scenarios: controller to processor, controller to controller, processor to processor and processor to controller. The EC has indicated that, if the new SCCs are implemented, then organisations will have 12 months to move from current forms of SCCs to the new modules. So, subject to any other contractual variations in the interim, the old sets of SCCs will automatically cease to be valid at the end of that 12 month period. Many of the additional commitments that are discussed in the EDPB guidance are included in the new SCC modules.

The prospect of properly functioning SCCs will no doubt be music to the ears of data lawyers all over, but what isn’t clear is how the new recommendations will affect the transatlantic data corridor. Of course, if the primary basis of the finding in Schrems II is EU concern over the effects of US intelligence gathering activities, then how can that be overcome by any form of SCCs? The litigation has concentrated on two surveillance programs in particular, both administered at the federal level, with the Court also identifying the lack of entitlement of non-US citizens to constitutional protections (in particular under the 4th Amendment), resulting in the lack of any available redress against the US government. How these aspects of US federal law will be overcome is yet to be seen, but with the immensity of data traffic and financial value connected to the transatlantic corridor being what it is, one can only assume a pragmatic solution will emerge.

Steps organisations can take now

As a throwback to the early GDPR preparation days – map your data transfers/flows! Understand where your data is flowing so that you are ready and prepared to take the necessary actions coming out of new guidance and new SCCs, if and when they are implemented.
Conduct a risk assessment of the nature of the transfers, the recipient and any other actors involved in the arrangements, as well as the protections offered by the legal systems of any relevant third countries. A key issue will be whether the third country has laws that allow public authorities to have access to personal data (for example in connection with crime and national security). If these powers do not go beyond what would be considered necessary and proportionate in a democratic society, then transfers to that country under the SCCs or BCRs should be fine, provided you comply with all the associated requirements.
For existing data transfer agreements, if the decision to adopt new SCCs is implemented you will need to establish a plan and timetable for executing appropriate contractual amendments prior to expiry of the grace period, as well as any supplementary measures that can be taken in the interim.
For new data transfer agreements that are to be entered into before the end of the grace period, consider additional contractual protections that can be incorporated as well as any organisational or technical and solutions for improving the protection of data. The move towards permitting greater amendment of SCCs will be interesting – the guidance suggests warranties can be included in the SCCs from a data importer about the laws and regulations in the relevant country, and whether there is anything in those laws which would prevent the data importer complying with GDPR obligations. These additional warranties are likely to become more important in the overall international data compliance framework.
Re-evaluate international data sharing relationships on a continuing basis, taking into account any adverse changes of law in the destination jurisdiction or to the nature of the parties involved in data flows.
Assess each situation carefully, but in the short term it may be necessary to build into your data protection clauses the fact that there is uncertainty and that during the agreement the parties may need to update and replace the transfer mechanisms in place.
Look to use technical and organisational tools that are already available under the GDPR. Implementing measures like data minimisation, pseudonymisation and encryption are all likely to be components of a combined data protection regime.

As things develop we will keep you updated, and watch out for our webinar on International Data Transfers early in 2021, more details here.

Webinar recording: Technology, automation & people

Sally Mewies, Alan Harper and Charlotte Smith presented a webinar discussing investing in technology, automating […]

Sally Mewies, Alan Harper and Charlotte Smith presented a webinar discussing investing in technology, automating processes and digitalisation. They discussed how automation and technology can lead to greater capacity, greater monitoring and data collection, and less room for error. However it may also require up-skilling the workforce and recruiting those who have the skills needed to create this technology, operate and analyse new technology. Such advances may allow even more roles to be carried out remotely (including those which no-one would have previously considered capable of being carried out remotely, such as production line operators).

Watch the webinar here:

It covered:

What will the factory of the future look like?
How will this impact manufacturing companies?
What does it mean in terms of workforce planning, skills, IP, technology and commercial arrangements?

Webinar recording: WM Tech Talk – Monitoring employees[...]

Our #WMTechTalk is hosted by our Technology & Digital Team, and began with a recent […]

Our #WMTechTalk is hosted by our Technology & Digital Team, and began with a recent webinar on ‘Monitoring employees at home’. The webinar was chaired by Sally Mewies, Head of Technology & Digital, and she was joined by panelists Charlotte Smith, Senior Associate in our Employment team and Christian Brundell, Associate in our Regulatory team.

The team discussed topics such as “what are my responsibilities for employees whilst working from home from a health and safety perspective?”, “Can I monitor their working practices whilst at home?” and “Can I force them to come into the office for certain meetings or on certain days?”.

Watch the webinar here:

Visit our Future World of Work hub here.

Contacts

Sally Mewies - Partner, Technology & Digital at Walker Morris LLP square

Sally Mewies
Partner
Learn More

Luke Jackson, Senior Associate, Employment at Walker Morris square

Luke Jackson
Director
Learn More

Lee Crook, Senior Associate, Commercial, Walker Morris LLP square

Lee Crook
Director
Learn More

Louise Norbury-Robinson - Senior Associate, Commercial Dispute Resolution at Walker Morris LLP square

Louise Norbury-Robinson
Director
Learn More

Matthew Lingard - Senior Associate, Intellectual Property at Walker Morris LLP square

Matthew Lingard
Senior Associate
Learn More