Newsletter Issue 97

Data Protection: ICO guidance on passwords and encryption; ICO call for views on updating direct marketing code of practice;
Employment: Gender Representation on Public Boards (Scotland) Act 2018 (Commencement No1) Regulations 2018; European Court of Justice judgement on payments in lieu of annual leave on termination; Government response to Parental Bereavement Leave and Pay Consultation; Inquiry into Non-Disclosure Agreements
Commercial: Budget 2018: Capital allowances for structures and buildings; Contractual limitation periods of signing a document as a deed; the scope of an ‘entire agreement’ clause
Procurement: Equal treatment and previous participation;
FAQ: Employment: Do mistakes in a dismissal process impact affect the fairness of the dismissal, even if the employer believes that the dismissal was inevitable notwithstanding the procedural failings?
Read Full Article…

Procurement: Equal treatment and previous participation

In Case T 10/17 Proof IT SIA v EIGE (16 October 2018), the question of applying the principle of equal treatment was considered when an incumbent service provider participated in a tender exercise for the re-procurement of online services.  The incumbent was awarded the contract.  However, another bidder, Proof IT SIA, established in Riga, Latvia, (the ‘company’) brought a claim against the contracting authority, the European Institute for Gender Equality (EIGE).  The company sought an annulment of EIGE’s decision to reject its tender and the awarding of the contract to the incumbent.  The company also sought damages for loss of opportunity.   The contract was to be awarded on the conventional basis of the ‘most economically advantageous’ offer based on a quality and price ratio – the tender specification set out the award criteria and their weighting.  The company argued that there were imprecise award criteria, and a lack of transparency, which had the effect of conferring on EIGE an unrestricted freedom of choice.  This, the company argued, contravened the principles of transparency and equal treatment.  The company further argued that EIGE had committed manifest errors of assessment, and if these were to be corrected the result would be that the company would be the successful tenderer.  It was also alleged that the principle of equal treatment was breached in such Read Full Article…

Commercial agreements: The scope of an ‘entire agreement’ clause

Our June 2018 Newsletter reported on the case of NF Football Investments Ltd and another v NFCC Group Holdings Ltd and another [2018] EWHC 1346 (Ch). It concerned the acquisition by the claimant of the shares of Nottingham Forest Football Club Limited from the defendants.  This judgment concerned a claim for statutory misrepresentation pursuant to section 2(1) of the Misrepresentation Act 1967.  The defendants argued that this claim should be struck out as it was precluded by an ‘entire agreement’ clause set out in the share purchase agreement (SPA).  As we reported previously, the court agreed that it was not the intention of the parties to address outwith the contractual structures, claims arising out of the SPA (such as the statutory misrepresentation claim). This judgment has been overturned on appeal, however, in the case of Al-Hasawi v Nottingham Forest Football Club Ltd and others [2018] EWHC 2884.  The judge noted that it may have made commercial sense for the parties to have excluded claims for statutory misrepresentation, but he held that the entire agreement clause was not effective to achieve this.  To hold otherwise would be to improve the bargain that the parties had made.  Although the contract did provide for certain contractual remedies, the court held that the existence of specific remedies could not lead to the inference that all Read Full Article…

GDPR: First ICO enforcement notice under GDPR and DPA 2018

On 20 September 2018 it was reported that the Information Commissioner’s Office (ICO) had issued an enforcement notice dated 6 July 2018 to AggregateIQ Data Services Ltd (AIQ), using its powers under section 149 of the Data Protection Act 2018 (DPA 2018) for the first time.   AIQ, a Canadian company located outside the EU/European Economic Area, processed personal data of UK individuals.   According to the ICO, the processing was in connection with online political messages sent by AIQ on behalf of Vote Leave, BeLeave, Veterans for Britain and DUP Vote to Leave.  As part of its contracts with the foregoing organisations, AIQ had been provided with personal data including names and email addresses of the individuals involved.  The personal data was then used by AIQ to target the data subjects with political advertising messages on social media. In correspondence with the ICO dated 31 May 2018, AIQ confirmed that personal data of UK individuals concerned were still held by them.  The data were stored on a code repository, and had been subject to unauthorised access by a third party.   According to the enforcement notice, the ICO was satisfied, having carried out an investigation, that AIQ failed to comply with GDPR requirements, including those under Article 5(1)(a), (b) and (c) (including processing personal data for purposes incompatible with Read Full Article…

Employer vicariously liable for rogue employee’s data breach

Our December 2017 Newsletter reported in detail on the case of Various claimants v Wm Morrisons Supermarket PLC [2017] EWHC3113 (QB), in which the High Court considered the extent of an employer’s liability when a rogue employee deliberately disclosed his colleagues’ personal information. To recap briefly, an employee who was disgruntled with his employer abused his position of Senior IT Auditor to post on a file sharing website personal details of 99,998 fellow employees of Morrisons.  Whilst the High Court held that Morrisons had limited primary liability for the data breach, it found them liable vicariously for the unlawful conduct of its employee in respect of claims under the Data Protection Act 1998 (DPA), an action for breach of confidence, and an action for misuse of private information.   Morrisons appealed to the Court of Appeal on the point of vicarious liability and the Court issued its judgment this month in Wm Morrisons Supermarket PLC v Various claimants [2018] EWCA Civ 2339.   Morrisons argued again for the legitimacy of the defences that it had relied upon in the High Court.   Firstly, Morrisons argued that it was not possible to be liable vicariously under the DPA.  They further argued that the DPA also effectively excluded actions for misuse of private information and breach of confidence and/or the imposition of Read Full Article…