This round-up summarises the developments that generated the most interest from in-house lawyers in the past three months, including Brexit, the formal approval of the General Data Protection Regulation, the implementation of the Market Abuse Regulation, the anti-corruption summit, the first compensation order for workers kept in modern slavery, and a number of interesting commercial contracts cases.
Possible implications of Brexit
The EU referendum result was announced on 24 June, with a majority of voters deciding that that the UK should leave the EU. The two-year period for the negotiation for exit under Article 50 of the Treaty of the European Union will not start until the government formally notifies the European Council that the UK has decided to leave the EU.
Practical Law spoke to practitioners across a range of areas to gauge their reactions to the outcome. We have also updated articles that were published in the lead-up to the referendum, including Brexit: potential implications for contracts and disputes and Brexit: implications for employment law in the UK. The full collection of articles can be found on our EU Referendum landing page.
Preparing for the General Data Protection Regulation
In mid-April, the European Parliament formally approved the EU’s general data protection reform package, which included the General Data Protection Regulation (GDPR). The GDPR will replace the current Data Protection Directive (95/46/EC) and apply in all member states from 25 May 2018, two years from its entry into force on 24 May 2016.
The Information Commissioner’s Office (ICO) subsequently published a 12-step checklist for organisations to help them prepare for the GDPR and set out details of further guidance that organisations can expect to receive and when.
Following the UK’s decision to leave the EU, the ICO published a statement confirming its view that data protection reform remains necessary if the UK wants to continue to make and receive cross-border transfers of data with EU countries. The ICO had been clear throughout the referendum process that businesses should continue to make arrangements to comply with the GDPR, even in the event of a Brexit.
Action items: Continue preparing for the introduction of the GDPR. See Practical Law’s at-a-glance guide to the key provisions of the GDPR and what businesses should be doing now to prepare, and the article, Brexit and the implications for data protection.
Implementation of the Market Abuse Regulation
Back in April, the Financial Conduct Authority (FCA) published a policy statement on the implementation of the Market Abuse Regulation (596/2014/EU) (MAR), which came into force on 3 July. The FCA also published a further policy statement on changes to DEPP and EG and the Market Abuse Regulation Instrument 2016, which sets out the related amendments to the FCA Handbook.
Action items: UK listed and AIM companies will have been preparing to comply with MAR for some time. For key action checklists for dealings by PDMRs, share dealing codes, delaying disclosure, and insider lists, see Article, Market Abuse Regulation: ensuring compliance amidst uncertainty. In addition, ICSA, GC100 and the QCA have published a joint guidance note on MAR that contains specimen group-wide dealing policy, dealing code, and dealing procedures manual. See MAR: Practical Law resources for all Practical law resources on MAR.
International anti-corruption summit
The international anti-corruption summit took place in London in May. Prior to the summit, the government revealed plans to introduce a new corporate offence for companies who fail to prevent fraud or money laundering inside their companies. Offences of failing to prevent fraud and money laundering will bring the laws into line with those affecting corruption and corporate manslaughter, where a corporate entity can be found guilty of an offence if its actions either caused or failed to prevent criminality.
First civil compensation for workers kept in modern slavery
The High Court broke new ground in June when it found a UK company liable to compensate victims of modern slavery for the first time. DJ Houghton Chicken Catching Services Ltd, a gangmaster company, was ordered to pay compensation to Lithuanian workers who had been trafficked to the UK and severely exploited by the company.
The trafficked men were working in supply chains producing premium free range eggs for McDonald’s, Tesco, Asda, M&S and the Sainsbury’s Woodland brand. This decision should make businesses more cognisant of the need to ensure that modern slavery is eradicated form their supply chains.
Revised UK Corporate Governance Code, guidance for audit committees and auditing and ethical standards published
The Financial Reporting Council (FRC) published final draft updates to the UK Corporate Governance Code, guidance for audit committees and auditing and ethical standards in late April. The revised Code, guidance for audit committees and auditing and ethical standards are effective for the audit of financial statements for periods beginning on or after 17 June 2016. The FRC will confirm the final documents and their effective date once the legislative and regulatory processes required in connection with the UK implementation of the EU statutory audit legislation have been completed.
Companies fined and company directors imprisoned following conviction for health and safety breach
At the end of April, the Crown Court fined two companies £490,000 for health and safety breaches and imprisoned the two company directors for gross negligence manslaughter, following the death and serious injury of two employees who had been working at height. Falls from height are one of the main causes of work-related deaths in Britain. The Health and Safety Executive offers comprehensive guidance on minimising the risks.
WP29 published its Opinion on the EU-US privacy shield
The Article 29 Working Party (WP29), the group of European data protection authorities, published its Opinion on the EU-US Privacy Shield draft adequacy decision in April. The Opinion is non-binding and it remains to be seen whether the European Commission will take on board the WP29’s view. The Article 31 Committee of EU Member States’ representatives will hold meetings in early July to try to agree the EU-US Privacy Shield.
Action items: No immediate impact. The Chairwoman of the WP29 has confirmed that data transfers from the EU to the US can still take place under the existing data transfer mechanisms, such as the EU’s standard contractual clauses and binding corporate rules. However, note that Max Schrems has recently challenged the former and the Irish Data Protection Commissioner has referred questions about their validity to the ECJ.
ICO updated guidance on electronic direct marketing published
At the end of March, the Information Commissioner’s Office (ICO) published its long-awaited updated guidance on electronic direct marketing to help organisations comply with their obligations under the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 when carrying out marketing by way of, for example, telephone, fax, email, text, picture or video message, or by using an automated calling system.
Action items: Review your organisation’s lead generation and direct marketing efforts in light of the guidance to ensure that dealings in marketing lists, and calls, texts and other types of direct marketing are made or done in line with the ICO’s approach to enforcement. Also see Standard document, Privacy policy.
Commercial contract cases
Knock-for-knock indemnities can be effective
In April, the Court of Appeal upheld knock-for-knock indemnities applicable to both parties to a commercial contract, with the result that a contractor succeeded in excluding liability for consequential loss as defined in the contract. Very broadly, knock-for-knock indemnities involve an agreement that loss or damage should stay where it is allocated by the contract, regardless of who was “to blame”, often backed up by an obligation to insure to cover the relevant risks. The judgement included a useful review and rejection of several principles commonly invoked when courts interpret exclusion clauses strictly.
Action items: Check insurance cover for contractual risks accepted under indemnities.
Anti-oral variation clauses may not work
In the same month, the Court of Appeal indicated, in obiter comments, that including an anti-oral variation clause in a contract will not prevent subsequent variation of the contract orally or by conduct. The court also discussed the correct approach to the contractual interpretation of long-term agreements. Its decision confirms that, while the starting point for such contracts is that the parties are free to determine for themselves what obligations they will accept, there is also a certain flexibility of approach to interpretation to take account of the reasonable expectations of the parties.
Reminder that prescribed acceptance modes can be waived
In May, the Court of Appeal considered the circumstances in which a provision requiring both parties to sign a document in order to be legally binding can be waived. The case provided a reminder that a prescribed mode of acceptance can be waived, and that the court’s guiding principle when applying the offer and acceptance analysis to decide whether a contract has come into existence remains “the reasonable expectations of honest sensible businessmen”.
Action items: Check any management or sales training briefings give clear guidance on contract formation risks.
Penalties need not be affordable, so long as they are proportionate
Also in April, the High Court held, obiter, that whether a clause is a penalty cannot depend upon the ability of the particular contract-breaker to pay the specified amount or the source from which he has to pay. The penalty doctrine focuses on the lack of proportionality between the amount of the secondary liability imposed and the innocent party’s legitimate interest in performance of the primary obligation. The decision provides a useful gloss on the recent detailed examination of the common law penalty doctrine in Cavendish Square Holdings v Makdessi [2015] UKSC 67.
Time limit for warranty claims given narrowest possible interpretation
Another Court of Appeal case considered whether a buyer’s warranty claim under a share purchase agreement was time-barred by a contractual limitation period for notifying claims, which required the buyer to serve notice of the claim within “20 Business Days of becoming aware of the matter”. The court unanimously dismissed the appeal, concluding that the ambiguities in the provision should be resolved by adopting the narrowest of available interpretations.
Action items: Check robustness of business system for identifying notice of warranty claim provisions in key contracts.