Transcript Slide 1

Commercial Contracts – Data and
Technology Contracts – a brave new
world
Wednesday 8 October 2014
Gemma Townley – Sharpe Pritchard
Stephen Pearson – Freeths
David Lane - Freeths
www.emlawshare.co.uk
Commercial Contracts
EU Data Protection Reform
Gemma Townley– Sharpe Pritchard
www.emlawshare.co.uk
The story so far
• Jan 2012: European Commission announced its
proposals for reform of EU data protection law.
• The centerpiece of the reform is a draft
Regulation to replace the existing data protection
regime (Directive 94/46/EC).
• As a Regulation, it will apply to all member states
without the need for implementation by national
legislation.
www.emlawshare.co.uk
Current Progress
• Since the draft Regulation was proposed by the
Commission on 25 Jan 2012:
– Oct 2013: European Parliament approved an
amended version of the draft Regulations;
– March 2014: European Parliament adopted the
amended draft Regulation at first reading (COM
(2012) 11 final);
– Organisations should be taking steps now to
prepare for the changes; the new law is likely to
come into effect during the term of contracts being
awarded today.
www.emlawshare.co.uk
General Provisions (1)
• Article 4 defines many of the fundamental concepts of
the new regime, and includes a number of changes to
the existing provisions:
– “Data Subject” = “a natural person or a natural person who
can be identified, directly or indirectly, by means reasonably
likely to be used by the controller or any other natural or legal
person, in particular by reference to an identification number,
location data, online identifier or to one or more factors
specific to the physical, physiological, genetic, mental,
economic, cultural or social identify of that person.”
– “Personal Data” = any information relating to a Data Subject.
www.emlawshare.co.uk
General Provisions (2)
• Data Subject’s Consent = the “freely given, specific, informed
and explicit indication of his or her wishes by which the data
subject, either by a statement or by a clear affirmative action,
signifies agreement [to processing]”
• Personal Data Breach = “a breach of security leading to the
accidental or unlawful destruction, loss, alteration, unauthorised
disclosure of, or access to, personal data transmitted, stored or
otherwise processed.”
www.emlawshare.co.uk
Data Protection Principles (1)
• To process the data lawfully, fairly and in a
transparent manner in relation to the Data Subject
(Art 5(a))
• To collect data only for specified, explicit and
legitimate purposes, and not to further process it
in any manner incompatible with those purposes
(Art 5(b))
• To collect and process data only to the extent that
is adequate, relevant and limited to the minimum
necessary in relation to the purposes for which
that are processed (Art 5(c))
www.emlawshare.co.uk
Data Protection Principles (2)
• To ensure that all data held is accurate and kept
up to date (Art 5(d))
• Not to keep data in a form which permits
identification of Data Subjects for longer than is
necessary for the purposes for which the data are
processed (Art 5(e))
• To process the data under his responsibility and
liability and to ensure and demonstrate for each
processing operation the compliance with the
provisions of the Regulation (Art 5(f))
www.emlawshare.co.uk
Legal grounds for processing
• Art 6: Processing of personal data shall be lawful if it
satisfies one or more of the following:
– Data Subject has given consent for one or more specific
purpose;
– Necessary for entering or performing a contract with the Data
Subject;
– Necessary for compliance with a legal obligation to which the
Data Controller is subject;
– Necessary to protect vital interests of Data Subject;
– Necessary for performance of a task carried out in the public
interest;
– Necessary for the purposes of legitimate interests
pursued by the Data Controller.
www.emlawshare.co.uk
Special Categories of Personal
Data
• Art 9: Processing of personal data revealing race or ethnic origin,
political opinions, religion or beliefs, trade-union membership,
and the processing of genetic data or data concerning health or
sex life or criminal convictions or related security measures shall
be prohibited except where (e.g.):
– Data Subject has given consent;
– The Data Controller exercises a legal right or performs a legal
obligation under employment law;
– Protect vital interests of Data Subject;
– Relates to data which are manifestly made public by the Data
Subject;
– Necessary for the establishment, exercise or defence of legal
claims;
– Necessary for the purposes of historical, statistical or
scientific research (subject to conditions).
www.emlawshare.co.uk
Requirements for Consent
• Consent must be freely given, informed, specific
and explicit;
• Data Controller bears the burden of proof;
• If written, clearly distinguishable from any other
matter;
• Right to withdraw – should be as easy to withdraw
as it is to give.
www.emlawshare.co.uk
Rights of Data Subjects
• Existing rights to subject access and objecting to
processing;
• Significantly expanded rights e.g. right to
transparent information and communication;
• New rights e.g. right to be forgotten and the right
to data portability.
www.emlawshare.co.uk
Transparent Information
• Art 11: requires Data Controllers to have transparent and
easily accessible policies with regard to the processing of
personal data and for the exercise of Data Subjects’ rights;
• Data Controller must provide any information and any
communication relating to the processing of personal data
to the Data Subject in an intelligible form, using clear plain
language, adapted to the Data Subject;
• If Data Subject makes request electronically, the data must
be made available in electronic form;
• If Data Controller does process the Data Subject’s
personal data, he must provide the Data Subject with
essentially the same info listed in Art 14.
www.emlawshare.co.uk
Information
• Art 14: Where personal data relating to Data Subject is collected,
the Controller must provide Data Subject with at least:
– Identity and contact details of Controller and his representative and data
protection officer;
– Intended purpose of the processing;
– Period for which the data will be stored;
– Existence of the right to subject access, the right to rectification or erasure
and the right to object to processing;
– Right to lodge a complaint with the national data protection authority and
contact details for that authority;
– Recipient or categories of recipients to whom the data will be disclosed;
– Intention to transfer personal data to a third country or international
organization;
– Any further information necessary to render processing fair.
www.emlawshare.co.uk
Rectification
• Art 16: Data Subject can request the Data
Controller to:
– Rectify any personal data relating to him which
are inaccurate;
– Complete any incomplete data, including by
way of supplementing a corrective statement.
www.emlawshare.co.uk
Right to be forgotten and
erasure
• Art 17: Data Subject can request Data Controller
to erase all personal data relating to them and
abstain from further dissemination of such data
where one of the following grounds applies:
–
–
–
–
–
Data no longer necessary;
Consent withdrawn;
Data Subject objects;
Court has rules that data must be erased;
Data unlawfully processed.
• Controller must have the data erased, including
by third parties.
• Some exceptions.
www.emlawshare.co.uk
Data Portability
• Art 18: Data Subject has the right to obtain from
the Data Controller, on request, a copy of all
personal data which the Data Controller
processes by electronic means and in a structural
and commonly used form.
• This new right is targeted in particular at online
service providers and is designed to promote
further interoperability between online systems.
www.emlawshare.co.uk
Right to Object
• Art 19: creates a right to object to processing if data is
being processed for vital interests of Data Controller,
the public interest or legitimate interest.
• Data Controller has to demonstrate compelling
legitimate grounds for the processing which override
the Data Subject’s interests or fundamental rights and
freedoms, otherwise Data Controller must stop.
• In practice, this will affect Data Controllers who rely on
the “legitimate interest” justification.
www.emlawshare.co.uk
Profiling
• Art 20: Every natural person shall have the right
to object to profiling.
• Only reasons a person may be subjected to
profiling are:
– If it is necessary for the entering into or
performance of a contract at the Data Subject’s
request;
– Expressly authorised by law;
– Based on Data Subject’s consent.
www.emlawshare.co.uk
Obligations on Data Controller
• Must implement appropriate measures to
demonstrate in a transparent manner that the
processing of personal data is performed in
compliance with the Regulations.
• Keep records and documentation about
processing activities;
• Implement data security requirements;
• Carry out data protection impact assessments;
• Appoint a data protection officer.
www.emlawshare.co.uk
Remedies, Liabilities and Sanctions (1)
• Art 31: Data Controller shall notify supervisory
authority of data breaches without undue delay;
• Art 32: If adversely affects the protection of
personal data or privacy of Data Subject,
obligation to report to the Data Subject.
• Art 79: Fines can be awarded against controllers
and processors who fail in their data protection
duties:
– A written warning (less serious breaches);
www.emlawshare.co.uk
Remedies, Liabilities and Sanctions (2)
• Intentionally or negligently failing to operate a proper
subject access request mechanism or failing to
respond promptly to subject access requests, or
charging a fee for responding to such requests:
EUR250,000 (or 0.5% of annual worldwide turnover);
• Intentionally or negligently failing to respond to subject
access requests in a manner which complies with the
Regulations: EUR500,000 (or up to 1% of annual
worldwide turnover;
• General breaches of the Regulations: EUR 1,000,000
(or up to 2% of annual worldwide turnover).
www.emlawshare.co.uk
Refresh of core
contractual principles
David Lane
Associate
Freeths LLP
www.emlawshare.co.uk
Contract Formation
•
•
•
•
Offer
Acceptance
Consideration
Intention to create legal relations
• No need to be in writing
• Battle of the forms
www.emlawshare.co.uk
Express and Implied Terms (1)
• Statutory implied terms:
• Sale of Goods Act 1979 – that the goods supplied:
1. are of satisfactory quality;
2. are fit for purpose;
3. match any description given; and
4. are, if sold by sample, equivalent to the sample.
• Supply of Goods and Services Act 1982: services
will be performed with “reasonable care and skill”.
www.emlawshare.co.uk
Express and Implied Terms (2)
Judicially implied terms:
1. Attorney General of Belize and others v Belize
Telecom Ltd [2009] UKPC 10
2. Mediterranean Salvage and Towage Ltd v
Seamar Trading and Commerce Inc [2009]
EWCA Civ 531.
• “Necessity” or “Business Efficacy” tests
www.emlawshare.co.uk
Variation
• Requires the same
steps as a contract
• Contractual clause to
prevent oral variations
• Record changes in
writing
www.emlawshare.co.uk
Warranties and Indemnities (1)
Warranty:
• Statement of fact
• Breach gives rise to claim
for damages
• Show breach and quantify
loss
• Damages on normal
contractual basis
www.emlawshare.co.uk
Warranties and Indemnities (2)
Indemnity:
• A promise to reimburse
• On a £ for £ basis
• For a particular type of liability
• Easier to claim (no need to
prove loss)
• Generally more certain level of
damages
www.emlawshare.co.uk
Breach and Termination
• Procedure for termination
• Post termination rights and
obligations
• Claims for damages
www.emlawshare.co.uk
Limitation of Liability
• Damages:
(a) Causation;
(b) Remoteness; and
(c) Mitigation
• How can we limit liability?
• What cannot be excluded?
• Is it reasonable and who
decides?
www.emlawshare.co.uk
Contractual Interpretation (1)
• “The Customer and the Supplier
will co-operate with each other in
good faith and will take all
reasonable action as is necessary
for the efficient transmission of
information and instructions and to
enable the Customer or, as the
case may be, any member of the
Customer’s Group, to derive the
full benefit of the Contract.”
www.emlawshare.co.uk
Contractual Interpretation (2)
The Customer and the Supplier:
(a) will co-operate with each other in good faith; and
(b) will take all reasonable action as is necessary:
(i) for the efficient transmission of information and
instructions; and
(ii) to enable the Customer or, as the case may be,
any member of the Customer’s Group, to derive
the full benefit of the Contract.
www.emlawshare.co.uk
Contractual Interpretation (3)
The Customer and the Supplier will co-operate with each
other in good faith and will take all reasonable action as
is necessary:
(a) for the efficient transmission of information and
instructions; and
(b) to enable the Customer or, as the case may be,
any member of the Customer’s Group,
to derive the full benefit of the Contract.
www.emlawshare.co.uk
www.emlawshare.co.uk
Performance Regimes,
Liquidated Damages and
Penalties
Stephen Pearson
Commercial Partner
Freeths LLP
www.emlawshare.co.uk
Why Performance Regimes?
£187bn expenditure per annum!
“Government is clearly failing to manage
performance across the board, and to achieve the
best for citizens out of the contracts into which
they have entered”
(HMG Public Accounts Committee)
www.emlawshare.co.uk
How Can Regimes Work?
• SMART (Specific, Measurable, Assignable,
Realistic and Time-Related)
• Convert to KPIs
• Consider financial effect of non-compliance ≤ 20%
of fee?
• Over-compliance?
www.emlawshare.co.uk
Example KPIs
• Customer satisfaction above [ ]%
• “Dynamic” standards, eg upper quartile of
benchmark standards
• Industry-specific standards
www.emlawshare.co.uk
Example KPIs (Continued)
• Rooms meeting availability criteria:
–
–
–
–
–
Services
Temperature
Appliances operating
Ventilation
Light levels
www.emlawshare.co.uk
Example KPIs (Continued)
• Rectification of defects within:
– 4 hours – Very High
– 24 hours – High
– 48 hours – Medium
– 7 days – Low
or points accrue, leading to financial deduction /
warning notice, termination
• Records up to date – logs of cleaning / inspections
• Staffing to required level
• Service availability at [ ]% plus
www.emlawshare.co.uk
Results of Failure
•
•
•
•
Financial deduction
Step-in
Termination
Bond / Guarantee activated
www.emlawshare.co.uk
Beware the Excusing Cause!
(Aka the dog ate my homework)
•
•
•
•
•
Bedding-in period
Force Majeure
Actions of Authority
Special Events
Inclement Weather?
– Emergency?
– Shortage of materials?
– Programmed maintenance?
www.emlawshare.co.uk
Liquidated Damages
• Unpopular
• An amount “reasonable in light of the anticipated
or actual harm caused by the breach”
• Common in build contracts
• Unreasonably large LDs are unenforceable on
grounds of public policy as a penalty
• What will you lose? Income? Third party costs?
• Cost of providing a replacement – “freshers
dilemma”
www.emlawshare.co.uk
Penalty Clauses
•
Dunlop Pneumatic v New Garage (1915)
“the essence of a penalty is the money stipulated in terroriam … the
essence of liquidated damage is a genuine pre-estimate of damage”
•
Cavendish v Makdessi (2005)
– Is there a commercial justification
– Is it “extravagant or aggressive”
– Was it to deter the breach
– Negotiated on a level playing field
– Care needed not to describe provision as a “penalty”
www.emlawshare.co.uk
Questions?
www.emlawshare.co.uk