Court holds that failure to comply with data protection laws can be a material breach of contract

A recent case before the Court of Session has held that a company was in material breach of contract as a result of a failure to comply with data protection laws. The case also provided further guidance on when the courts will consider a aspirational pre-contractual sales statement to be a misrepresentation.

The case involved a company called Soccer Savings (Scotland) Ltd (SSSL). In 2010, SSSL entered into a contract with the Scottish Building Society (SBS) to run an affinity savings scheme targeted at football fans. Basically it allowed fans to get a savings account branded with their football club’s brand.

The scheme wasn’t very successful and SBS terminated the contract in June 2011. SSSL challenged the grounds of termination but accepted the termination as a repudiation of contract and sued for damages. The case came to proof before Lord Hodge.

The defence
When SBS terminated the agreement it relied on pre-contractual mis-representation and material breach of contract. At proof before Lord Hodge, SBS departed from some of the allegations on record and restricted their defence to mis-representation and three separate contractual breaches.

Lord Hodge found that statements of aspiration or optimism about what was achievable did not amount to an undertaking or warranty. SBS had the clear impression that the proposed venture was likely to succeed but:

It is clear that the venture failed very badly. But that does not make the statements of aspiration by the promoters of SSSL into misrepresentations of fact. Other things may have been said that strengthened [SBS’ Chief Executive] Mr Kay’s conviction that he had been given representations on which he had relied to recommend the deal to his board, but absent evidence of specific statements of fact, I am satisfied that the defence of misrepresentation fails.

So SBS were left with the three breaches of contract to justify their termination of the contract.

Breach of contract
The first breach relied upon was SSL’s failure to get a signed written agreement with a football club by the stipulated contractual deadline of 1st July 2010 thus delaying promotion of the venture.

In an earlier decision Lord Hodge had already held that this was a breach of contract but he now held that although it was a breach it was not a material breach. It did not go “to the heart of the contract” and did not contribute to the eventual failure of the scheme. Accordingly it could not be used to justify termination.

SBS argued that SSSL had breached regulations 3 and 5 of the Consumer protection from Unfair Trading Regulations 2008 by issuing letters on football club notepaper. Lord Hodge disagreed. The clubs had agreed to the issuing of the letters and had signed them. There was no breach.

Breach of data protection laws
And so to the final alleged breach – a failure to comply with data protection rules.

The data protection clause obliged SSSL to use reasonable endeavours to to comply with the statutory rules and to take appropriate measures against unauthorised or unlawful processing of personal data.

SSSL had used the database of a related company (Soccer Savings Ltd or SSL) to send out letters in its own name and in the name of two clubs to account holders in a similar scheme which another building society, the Dunfermline Building Society (DBS), already ran with the SSL. The deal with the SBS came about after the value of deposits under the SSL/DBS scheme fell significantly after DBS encountered difficulties and was put into special administration in 2009. The DBS was subsequently taken over by the Nationwide Building Society (NBS).

Lord Hodge found that SSSL was a data controller under the Data Protection Act, but was not registered as a data controller with the Information Commissioner when it processed data. It had committed an offence. In addition it did not have the necessary consent from the account holders to use their data to promote the new scheme:

While a failure to register may not of itself have been a material breach of contract, I am satisfied that SSSL’s use of the data obtained by SSL under the soccer saver scheme was. SSL did not have the consent of the data subjects (i) to make their data available to the football clubs with which it contracted or (ii) to use their data to promote SBS. Yet SSL had contracted with the football clubs to give them access to the names and addresses of account holders. And SSSL’s directors procured SSL to use the data for the latter purpose. It used the football clubs’ unauthorised possession of the soccer saver data in an attempt to circumvent the restrictions on SSL’s activities in its contract with DBS.

What takes the breaches to the heart of the contract is that SSSL was offering SBS a business proposal, a major component of which involved achieving the transfer of account holders from DBS to SBS. SSSL proposed to use SSL’s data to market SBS’s products and to obtain the transfer of accounts from DBS by targeted marketing. That is what it sought to do in SSL’s letter to the Rangers account holders [one of the clubs involved]. But that provoked NBS correctly to assert both a breach of contract by SSL and also breach of the data protection legislation. NBS carried out the threat in its letter of 10 November 2010 and complained to the Data Commissioner.

I conclude that an important component of SSSL’s performance of its obligations under the contract involved it in the breach of the statutory data protection rules and that that illegality materially impaired that performance. That amounted to a material breach of contract.

The result was that SSSL had indeed been in material breach of contract and so SBS had been entitled to terminate the contract –even if, perhaps, their reasons for doing so were originally quite different.

Ownership of customers
More importantly, however, the case emphasises the importance of ensuring that ownership of customers under affinity arrangements is clearly defined, and the importance of thinking up front about the privacy consents that may be required from customers.

Had the original privacy notices issued to customers clearly stated that SSL and its related companies could use customer details for marketing purposes, then many of these issues could have been avoided. However, I suspect that the course of events that subsequently unfolded were not in anyone’s contemplation when the original deal was conceived.

Martin Sloan

With assistance from Douglas MacGregor, PSL in Brodies’ Dispute Resolution and Litigation department

Survey higlights key issues for senior IT professionals in IT outsourcing contracts

Supply Management, the official journal of the Chartered Institute of Purchasing and Supply, yesterday published details of a report by outsourcing consultancy Alsbridge into customer satisfaction with IT outsourcing arrangements.

According to the report, just over a quarter of the 250 senior IT professionals canvassed were unhappy with at least one of their IT outsourcing contracts, with 76% considering renegotiating or retendering two or more of their IT outsourcing contracts before the end of the term.

The reasons for this are telling, if unsurprising.

Too much left to be agreed post signature
40% of respondents said that they had left too many important details in the contract to be confirmed at the point at which the deal was signed.

There is often a push to sign a contract by a certain date, come what may.

However, that can be dangerous. Once a contract has been signed, the balance of power shifts hugely in favour of the supplier, meaning that the customer will usually be in a very weak position when it comes to reaching agreement on the outstanding issues.

If things are left to be agreed, it is therefore essential that the contract sets out a clear process for agreeing those outstanding points (with appropriate remedies if agreement can’t be reached) and that key commercial issues are resolved prior to signature.

Changing requirements
54% of respondents said that their IT outsourcing contracts failed to keep up to date with changing technology needs, with 46% saying that the contract also failed to keep up with changing business needs.

These are classic problems, particularly in long term outsourcing contracts. IT quickly dates, and the requirements of the customer’s business are always changing. It’s therefore essential that the contract includes a process for ensuring continuous improvement obligations. This might include IT refresh obligations, obligations to keep up to date with industry best practice or to adopt industry standards, and an obligation to regularly propose ways in which the services can be improved or delivered at better value.

Combined with this, it’s also important to ensure that the contract contains a robust governance and change control procedure, which allows the customer to ensure that issues are managed and to introduce changes to reflect the changing needs of its business. This might also include clear processes for ramping up or ramping down service provision or the scope of the services in the event of changing business requirements.

Value for money
Another theme coming out of the survey was value for money. 49% of respondents cited diminishing returns on their IT outsourcing investments, whilst 36% highlighted problems with complacent suppliers. A further 46% of respondents said that they were under pressure to cut costs.

Benchmarking provisions can help a customer to keep tracks on whether its outsourcing contracts are delivery value for money. However, a bechmarking regime is only effective if it encourages the supplier to keep its service provision competitive. Key to that is ensuring that the customer has adequate remedies in the event that the benchmarking findings show that the supplier is out of step with the market. This might include mandatory price reductions or ensuring that the customer can break the contract and move to another supplier (albeit the latter is not without cost, given the expense involved in carrying out a new procurement exercise and transition to another vendor).

Long term, not short term
If these issues are properly addressed in the contract then the outsourcing arrangement is likely to be more productive and rewarding for both the customer and the supplier.

Whilst there is always a pressure to sign deals as soon as possible (particularly against articial deadlines such as the end of a calendar year or the supplier’s quarter), this survey just goes to show that spending more time on the contract (and involving legal input at an early stage in the procurement process) can lead to a more satisfactory outsourcing relationship in the long term.

Which, ultimately, is what outsourcing is all about.

Martin Sloan

European guidance on mobile apps and privacy

The Article 29 Working Party (the “A29WP”), a grouping of representatives from the various European data protection regulators, recently issued an opinion on apps on smart devices.

There are two constants with the A29WP’s opinions:

  • Firstly, although often presented as such, they are not an authorative statement of the law. They simply set out the collective (sometimes aspirational) interpretation of the European data protection directive.
  • Secondly, the opinions set out a far stricter interpretation of the directive than that usually taken by the UK’s Information Commissioner’s Office (ICO). This reflects the fact that the ICO usually takes a more business friendly/pragmatic approach to interpreting the law than some of its European counterparts.

That said, the latest opinion provides some useful guidance for app developers, and builds on previous guidance from California’s attorney general and the GSMA, which I summarised in this blog post last year.

The guidance also follows on from the so-called Cookie Law, which (contrary to popular opinion) also applies to mobile apps.

Why do mobile apps raise privacy concerns?
As I noted in that blogpost, there are a number of reasons for the current privacy deficiencies with mobile apps:

  • The market is immature, with many apps developed by individuals or small companies not familiar with privacy laws, but whose products have become hugely popular.
  • The distribution model is fragmented and apps frequently incorporate third party services (for example, mapping providers) into their functionality. SDKs and OS developer rules impose strict controls on developers, yet they don’t provide the necessary tools to ensure that developers adopt privacy by design.
  • The mobile app market has developed at the same time as a vast expansion in the data created by devices, such as geolocation data.
  • Many app developers are located outside the EU and are therefore unfamiliar with European privacy rules, despite the fact that they are selling their apps to users in the EU.

A29WP’s recommendations
The opinion imposes a number of requirements on app developers. These include:

  • App developers must understand their obligations as data controllers when they process data from and about users.
  • Freely given, specific and informed consent must be sought before an app is stalled.
  • Granular consent must be obtained for each specific category of data that the app will access.
  • The user must be provided with well-defined details of the purposes for which data will be processed before the app is installed. General purposes such as “product innovation” or “market research” are, in the A29WP’s opinion, not sufficient.
  • The purposes for which data is processed must not be changed without obtaining new consent from the user.
  • Users must be provided with a readable, understandable and easily accessibile privacy policy, which includes
  • Allow users to revoke their consent and uninstall the app and delte data where appropriate.
  • Incorporate data minimisation and privacy by design/default.

Part of the problem with these requirements is that some of them are impossible to achieve in practice as they are dependant upon the design of the app store and OS ecosystem. For example, the way in which most smart device operating systems install apps means that there is no opportunity in the app purchase system to notify users about data use and obtain consent. This could be set out in the app licence terms of use, but given the low profile given to such licence terms in the app store purchase process, this wouldn’t meet the A29WP’s own recommmendations on obtaining consent.

This is presumably why the opinion also sets out a number of requirements on app stores and OS and device manufacturers, even though there appears to be little base in law for such requirements (the neither party is a data controller in relation to data primarily processed by the app/the app developer).

These requirements, for example, oblige app stores to check that app developers have incorporated appropriate consent mechanisms, and obligations on OS manufacturers to build additional controls into their OS APIs to facilitate consent to access data on the device.

The practical approach
In my view, given these technical limitations, it is more pragmatic to recommend that app developers design apps so that the privacy policy is displayed, and consent obtained, when the app is first opened, and that no data is captured until this takes place. This way, app developers can be sure that they do not inadvertently collect data without consent.

The opinion also skims over one of the other big issues with mobile apps – the use of third party services. In many cases, I suspect that app developers simply aren’t aware of which party is responsible for data protection compliance. Where third party services are utilised (for example, mapping or geolocation), there will often be multiple data controllers. However, the app developer is the party that controls the primary interface with those third parties and therefore needs to flag the terms on which such third parties will use the data collected.

Given the opacity of the policies provided by many third party service providers (and the lack of clear guidance from regulators when the revised cookie law came into force), working this out is often difficult.

You can read the A29WP’s opinion in full by following this link (PDF). If you are an app developer and would like to discuss how your app collects data, and what you can do to ensure that it complies with EU data protection law, please get in touch.

Martin Sloan

Court of Appeal overturns previous decision on obligations of good faith

Last year, the English courts ruled that an obligation could be implied into a contract that the parties would not exercise a discretion under that contract in a manner that was arbitary, capricious or irrational.

The case related to an outsourcing contract between an NHS Trust and catering company Compass, trading as Medirest. The contract contained a service level regime, but unusually the “Service Failure Points” (SFPs) awarded for a breach of the service levels, which in turn could lead to a right to terminate, appeared to be determined at the discretion of the NHS Trust (the customer).

As the relationship broke down, the NHS Trust allocated apparently disportionately high SFPs for individual breaches. Amongst the examples quoted by the judge was the award of over 30,000 SPFs and a deduction of £46,000 from the charges for an out of date box of tomato ketchup sachets found in a store room. By way of comparison, the fees were around £180,000 a month, and only 1,400 SPFs were required in a six month period to trigger a right to terminate.

The court held that the Trust had a discretion under the contract and therefore, in accordance with previous case law, a term should be implied not to act in a manner that is arbitary, capricious or irrational. The court in turn held that the Trust was in breach of that obligation and that Medirest was intitled to terminate for breach.

You can read a full summary of the original judgment in this previous blogpost.

The Court of Appeal’s decision
The Trust appealed on a number of grounds. On appeal, the Court of Appeal overturned the lower court’s decision, holding amongst other things that there was no need for the implied term.

Whilst the SFPs and deductions made were clearly absurd, the Court of Appeal took the view that the Trust had misinterpreted and misapplied the SPF and deduction procedure, but that it had not acted dishonestly.

If the Trust awarded itself execessive SFPs or deductions then that would be a breach of clause 5.8 (which dealt with the application of SFPs and deductions) – no further implied term was required to make that work. Indeed, clause 5.8 stated that SFPs and deductions that were not justified were deemed to have been cancelled.

As the SFPs had expired and the Trust had refunded the excessive deductions, the breach had been cured. Medirest was not, therefore entitled to terminate the contract for material breach.

The Court of Appeal’s judgment clarifies a number of points:

  • An implied term not to act arbitarily, capriciously or irrationally will only be applied where the part in question has genuine discretion about how to exercise a right under a contract, and where there is a range of options. In this case, the Court of Appeal held that the discretation was simply whether or not to exercise a contractual right.
  • Jackson LJ’s view was that any attempt to exclude such an implied term where it might otherwise apply would have to be explicitly stated and agreed by the parties (it could not be excluded by a general exclusion of implied terms).

The case serves also as a general reminder to organisations to ensure that their contractual arrangements are clear and unambiguous. In this case, the contract comprised a standard NHS contract and a procedure from a PFI contract for service failures and deductions. The two did not sit well together. Had the contract been properly drafted, then it is possible that the Trust may not have acted in the way it did, and that the relationship between the parties may not have broken down quite so irrepairably.

The case should also act as a warning to parties to think before terminating for material breach. In this case, it appears that Medirest was already in breach of contract, and that the Trust had also served notice to terminate. However, wrongfully claiming repudiatory breach and ceasing to perform your obligations is likely to lead to a substantial damages claim from the other party. This is particularly so where the terminating party is the supplier under an outsourcing arrangement, where the sudden cessation of the services could cause substantial damage.

Martin Sloan

Our Employment Law colleagues blog on another Employment Tribunal case related to an employee’s use of social media. In this case, the employer’s social media policy was relevant to the Tribunal’s dismissal of the employee’s claim.

Brodies Employment Blog

Recently, there have been a number of Employment Tribunal cases focusing on employees’ Facebook posts. In Weeks v Everything Everywhere Limited, the claimant was dismissed after making posts that compared his employer to Dante’s Inferno.

Everything Everywhere Limited (EEL) employed Mr Weeks as a customer service adviser. Its social media policy warned employees to avoid making posts that could damage EEL’s reputation or be viewed as bullying and harassment.

Mr Weeks frequently made Facebook posts that likened EEL to Dante’s classical portrayal of Hell, such as “Dante’s awaits me – what a downer 12 hours of love and mirth“. Ms Lynn, one of his colleagues, reported these comments to Mr Groom, his line manager. Mr Groom formally warned Mr Weeks to stop posting in this manner.

After receiving the warning, Mr Weeks made posts which Ms Lynn found threatening. For example, he posted “it saddens me that people…

View original post 181 more words

New rules on payment surcharges in consumer contracts

At the end of last year, the Government implemented Article 19 of the Consumer Rights Directive through the new Consumer Rights (Payment Surcharges) Regulations 2012. These regulations aim to address ‘above-cost’ payment surcharges made by traders.

Payment surcharges (where a trader imposes a fee on customers depending on the type of payment method they choose to use) have become a popular way for traders to reduce the headline cost of goods or services when trading in a competitive market. Payment surcharges are particularly notorious in the budget airline industry (where substantial charges are often imposed for using a credit card), but in recent years have become increasingly common in both on and offline consumer contracts.

The new laws are aimed at ensuring that any surcharges are note used by traders as a mechanism for generating additional revenue for the trader.

So what do these regulations actually change?
The new regulations prohibit traders from imposing payment surcharges on customers where the charge exceeds the cost to the trader of using the payment method – in other words, ‘above cost payments’. They are payment method agnostic – that means they apply not just to surcharges imposed when using a credit or debit card, but also other methods such as cheques, cash and direct debits.

In addition to payment charges, the regulations are also applicable to discounts offered for paying using particular methods (for example, direct debit).

The regulations apply to all consumer contracts (both on and offline) in sales or services, digital content and most utilities, and also extend to package holidays, which is beyond the scope of the Directive. The rationale for including package holidays is that a failure to extend the prohibition would produce inconsistencies between packages holidays and individual, separately purchased, components of a holiday (for example air travel).

The regulations detail some excluded contracts including certain financial service and social services contracts.

Charges that do not vary depending on the payment method (and therefore apply to all payment methods) are not affected by the regulations.

How do you calculate what charges are reasonable?
Neither the regulations nor the Directive define what the “cost to the trader” is for the purposes of determining what charge is appropriate. In its guidance (see link below) the Department for Business Innovation and Skills states that only direct costs are relevant, but that these will vary depending on the size of the trader.

In relation to card payments, the guidance lists the following types of costs as being relevant:

  • The Merchant Service Charge, which traders pay to their acquiring bank
  • IT and equipment costs used for particular means of payment such as card terminals, for example point of sale devices
  • Risk management – active fraud detection and prevention measures which vary depending on their business and whether transactions take place face to face or remotely
  • Processing fees such as charges for reversing or refunding a payment
  • Any operational costs that can be separately identified as internal administrative costs arising from activities dedicated exclusively to card payments. For example, where traders opt to buy in services from intermediaries who provide equipment, fraud detection and processing services (especially online payments) for card payments, they should be able to recover the costs they incur through a payment surcharge.

When does this change come into effect?
The regulations come into force on 6 April 2013 and apply to all contracts entered into on or after this date, although new businesses (which begin trading between 6 April 2013 and 12 June 2014) and micro-businesses (less than 10 employees) are given until 12 June 2014 before the regulations apply.

Do the regulations have any other powers?
In the event of non-compliance trading standards are provided with powers to investigate.

Trading standards can also seek undertakings from traders or apply for injunctions in the event of non-compliance. The regulations can also be enforced under the Enterprise Act 2002 (Part 8 Domestic Infringements) Order 2013. Specified enforcers can apply to the courts for enforcement orders if they become aware that a trader has or is likely to engage in conduct which constitutes an infringement.

What do traders need to do now?
Any trader that currently imposes payment surcharges should review their charges to ensure that they are compliant with the new regulations.

Further information…
The Department for Business, Innovation and Skills has published helpful guidance including Q&A’s on the new Regulations whith can be accessed on the BIS website (PDF).

Martin Sloan

The SPL’s big bar bill (broadcasting rights)

Over the past couple of years I have written periodic updates regarding the rights of English (or English-based) pub landlords to use “foreign” decoders to screen football matches in their pubs.  Following the European Court of Justice (“ECJ”)’s decision as reported in Football Association Premier League v QC Leisure, in  my post from last February I offered this summary of the state of play:

The ECJ decided that national legislation banning the use of overseas (non-UK, but EU supplied) decoders amounted to an unlawful restriction on competition, and it was probable that only certain elements of Sky’s broadcast of match footage was protectable by copyright….Provided a landlord is using an EU decoder of some description, the consequences very much remain to be seen.  Perhaps the best way to summarise the current situation is to borrow some football terminology:

  1. Win – Use a decoder supplied by Sky
  2. Lose – Use a decoder without paying for it, or a decoder obtained from/that accesses the feed of a non-EU rights holder
  3. Draw – Use a decoder supplied by a EU (but non-UK) rights-holder

A new development in the pub landlords v football rights holders battle emerged on Monday, when it was reported that the Scottish Premier League (SPL) is facing a £1.7m damages claim over its legal bid to stop a pub group screening live matches via a Polish broadcaster.  The case in question is The Scottish Premier League Limited v Lisini Pub Management Company Limited

The background of the case

The story starts way back in 2006, when new Rangers boss and “fitness fanatic” Paul Le Guen was at war with Barry Ferguson, and present-day SPL player of the year Charlie Mulgrew was being “made into a man” (and what a hunky one!) at Wolves. 

The SPL took proceedings back in against Lisini Pub Management Co Ltd for unlawful broadcasts of Celtic games in autumn 2006 using a broadcast signal from Poland.  At the start of 2007 Lisini signed an undertaking saying that they would stop using foreign decoders.  They then used a Polish decoder to screen a match in April 2007.  The SPL then obtained interdict to prevent any more use of foreign decoders.  And the case was then sisted to see what the ECJ had to say about the use of decoders supplied by EU rights-holders. 

Of course, as described above, the ECJ decided that the use of foreign decoders was probably OK, and Lisini Pub Management Co Ltd is now counterclaiming against the SPL, seeking damages of £1,761,749. 

The decision

In the Outer House of the Court of Session Lord Woolman refused to dismiss Lisini’s counterclaim, concluding:

 In my view the English Premier league case has an important bearing on the present action. The material facts are virtually identical. The ECJ gave clear answers to the precise questions referred to it. Its decision means that subscribers in member states are entitled to access broadcast signals from other member states. An EC citizen living in (say) Germany should not be prevented from obtaining a signal from Sky, BBC, RAI, Nova or Polsat.

The SPL sought to argue that the ECJ arrived at its conclusions without any detailed investigation of whether banning the use of overseas (non-UK, but EU supplied) decoders would actually have an anti-competitive effect on the market for live football broadcasts.   Lord Woolman found this argument “unconvincing”. 

What’s not reported amongst the “SPL face £1.7m claim” headlines is that I think Lisini will have to work quite hard to actually prove such a huge loss.   It will be interesting to see how they reach that figure – it’s not exactly “small beer”.


European Parliament approves new consumer dispute resolution procedures

The European Parliament recently confirmed its adoption of the European Commission’s Alternative Dispute Resolution (ADR) and Online Dispute Resolution (ODR).

The ODR is intended to establish an EU-wide online platform to quickly and efficiently handle consumer disputes arising from online transactions, avoiding the need to go to court.

Tonio Borg, Commissioner for Health and Consumer Policy explained that

ADR and ODR are a win-win for consumers, who will be able to resolve their disputes out-of-court in a simple, fast and low-cost manner, and also for traders who will be able to keep good relations with customers and avoid litigation costs.

Astoundingly, the Commission claims that the a well-functioning and transparent ADR could save consumers €22.5bn a year.

Online Dispute Resolution – the basics
ADR aims provide an alternate route to resolving disputes by using non judicial entities – for example, a conciliator, mediator, arbitrator, or ombudsman.

The ADR entity proposes a solution or brings the parties together to find a solution. Entities operating fully online are called online dispute resolution entities and will be utilised in the new ODR platform.

With more online and cross border European trade the ODR platform will allow the resolution of disputes when traders and consumers are in geographically different locations. The nature of the platform will (hopefully) speed up procedure to the benefit of both consumers and traders.

It is intended that the new procedure will be available to resolve all consumer contract disputes other than contracts for health and education, regardless of what they purchased, and whether the purchased it domestically or across borders. The ADR process will apply to contracts purchased both online and offline.

When will the regulations come into force?
Member States will have 24 months, after the entry into force of the Directive, to transpose the regulations into national legislation i.e. midway through 2015. The ODR platform will become operational six months after the end of the transposition period.

What should traders do now?
A trader who commits or is obliged to using ADR will need to inform consumers about ADR on their website and in their general terms and conditions. Although the changes are not intended to come into force for some time, traders should start to think about their process changes now.

Traders will be obliged to inform consumers about ADR when a dispute cannot be settled between the trader and consumer. Traders should also provide a link to the ODR platform on their websites.

How will it work in practice?
The platform will link all national alternative dispute resolution entities. A set of common rules will be published detailing the functions of the ODR platform, including the role of national ODR advisors.

Consumers will be able to submit a complaint online using the ODR platform. The platform will notify the trader a complaint has been made. The consumer and trader will then agree upon the appropriate ADR entity to determine the dispute. The new rules provide that ADR entities should settle disputes within 90 days.

We will post more information on the new procedures when they become available.

Martin Sloan

Leveson, Royal Charters and the future of press regulation in Scotland

On Monday the three main political parties in Westminster agreed on a plan to implement the Leveson Report’s press regulation recommendations in England and Wales.

The plan
The agreed approach involves a Royal Charter which will establish a new regulator for the press, and amendments to the Enterprise and Regulatory Reform Bill (to help entrench the Royal Charter so that it can only be dissolved by a two-thirds majority vote of both the House of Commons and also House of Lords) and the Crime and Court Bill (so that all “relevant publishers” who do not sign up to the new regulator will pay extra or exemplary (punitive) damages for libel and breaches of privacy). 

The Royal Charter is surprisingly difficult to find, but here is a link.  It remains to be seen whether the new plan will gain widespread acceptance.

Labour leader Ed Miliband has claimed that:

What we have agreed is essentially the royal charter that Nick Clegg and I published on Friday. It will be underpinned by statute. Why is that important? Because it stops ministers or the press meddling with it, watering it down in the future.

Tough talking, but what exactly does Ed Miliband mean when he says “essentially the royal charter”?  What might end up being different?

Well, according to the Royal Charter as drafted at present, a “relevant publisher” means:

a person (other than a broadcaster) who publishes in the United Kingdom:

i) a newspaper or magazine containing news-related material, or
ii) a website containing news-related material (whether or not related to a newspaper or magazine)

It’s an alarmingly wide definition, which could capture not just foreign news websites but also bloggers and perhaps Tweeters. It doesn’t entirely correspond with Culture Secretary Maria Miller’s assertion that:

a publisher would have to meet the three tests of whether the publication is publishing news-related material in the course of a business, whether their material is written by a range of authors – this would exclude a one-man band or a single blogger – and whether that material is subject to editorial control.

By way of example, here on Brodies Techblog we have a team of bloggers, we publish news-related material in our blogs (in that we comment on topical legal issues), and our posts are subject to editorial control before they are published. Did Cameron, Milliband and Clegg have blogs like this in their sights when agreeing the draft charter? Should a blog like this be treated differently from the blog of a individual, but high profile and influential blogger? It’s not clear.

What is clear is that there is still work to be done on the drafting of the charter.

Should the press be regulated like broadcasters?
An interesting – but often overlooked – aspect of the press regulation debate is that broadcasters are regulated by communications regulator Ofcom.

The traditional freedom of the press (particularly in comparison to broadcasting) has complex roots and justifications, including the practical issue of scarcity of broadcast spectrum, which has led to far stricter regulation of television and radio broadcasters.

As a consequence of Ofcom’s regulatory control over broadcasters, broadcasters’ websites are specifically excluded from the Royal Charter definition of “publishers” set out above.  These websites will continue to be regulated by Ofcom.

The Scottish dimension
Press regulation is a devolved competency of the Scottish Parliament.  Alex Salmond has said the concept of a UK-wide regulator backed by Royal Charter may be “an idea worthy of consideration”.

It appears that the First Minister is keen to distance himself from the report produced of the Expert Group on the Leveson Report in Scotland, better known as the “McCluskey Report” (in reference to the Group’s chair, Lord McCluskey), which was published three days before the Westminster announcement.

The recommendations were widely derided last week as being draconian and having gone too far.

Allan Rennie, editor-in-chief of Media Scotland, said:

it’s not just about the press, it’s about anyone in Scotland who dares to express an opinion.

Analysis of a Report and recommendations which appear stillborn are perhaps academic, but it’s not entirely easy to reconcile some of the more vigorous attacks on the McCluskey Report with the actual content of the Report’s proposed Draft Press Standards (Scotland) Bill.

For example, one of the most widely repeated claims over the weekend was that the proposed draft Bill would apply to any publication which can be viewed from Scotland (in other words, anything on the internet, regardless of where the author of the content in question is located). While it’s correct that in the case of allegedly defamatory publications posted on the internet it is generally accepted that “publication” takes place where the article is downloaded, the proposed draft Bill didn’t explicitly refer to this understanding of “publication”.

It referred instead to a publication which “takes place in Scotland”. Further, paragraph 20 of the McCluskey Report specifically stated that the proposed draft Bill was written in “plain English”. (On the other hand, it does seem curious that the proposed draft Bill dispensed with the “publishes in the United Kingdom” wording in several of the draft bills that have been in circulation recently, including Hacked Off’s “Proposed Media Freedom and Regulatory Standards Bill”.)

Differences under the Scottish legal system
Less ambiguous was the McCluskey Report’s conclusion that

we have reached the view that there is no practical alternative to making [the new regulation system] compulsory for all news-related publishers.

As discussed above, the new plan agreed by the three main parties in Westminster does not provide for compulsory opt-in, but instead envisages exemplary damages for publishers who fail to sign up to the new regulator.

However, because damages under Scots civil law are purely compensatory, the concept of exemplary or punitive damages is unknown in Scotland. This is explained in further detail in the Scottish Government’s “Carrots and Sticks” Leveson Briefing Note.

There are also other aspects of Scots Law which would require consideration should the Royal Charter plan be followed, including arbitration and court expenses (in Scotland “costs”).

However, none of these problems would be insurmountable, and the McCluskey Report itself noted at Paragraph 10:

Scottish legislation could provide for a separate Scottish Recognition Body. We do not consider that there is anything in such a proposal that would prevent the formation of a single UK-wide Regulatory Body if that as considered appropriate”.

Alex Salmond has said that he shall continue cross-party talks on press regulation, and report to the Scottish Parliament after Easter. The Scottish Government has separately sought clarification from the UK Government on the impact of the proposed Royal Charter in Scotland.

For the timebeing, however, the future regulation of the press and the web in Scotland (or available in Scotland), and its scope, remains unclear, leaving publishers in the UK uncertain as to whether they will be subject to two different regimes or a single, harmonised, regime.

We will continue to follow this debate as it evolves.


Kitchen design company fined £90,000 for unsolicited marketing calls

As someone who received a number of cold calls from fitted kitchen company DM Design, I’m pleased to see that the Information Commissioner’s Office (ICO) has taken action against the company for a breach of the Privacy and Electronic Communications Regulations (PECR).

The fine is the first monetary penalty to be issued by the ICO in relation to live marketing calls. The ICO’s power to issue monetary penalty under the PECR came into effect in 2012, but to date the power has been little used. The first fine to be issued under the PECR, in November last year, was however fairly high – a £440,000 fine issued to Tetrus Communications after it sent millions of spam text messages to promote compensation claims for personal injury and payment protection misselling.

Both fines serve as a timely reminder to organisations involved in telemarketing – whether by telephone, email, or SMS – to ensure that their processes comply with the law.

The law on unsolicited telemarketing
Under the PECR, organisations must not make unsolicited calls for direct marketing purposes where:

  • the subscriber (recipient of the call) has previously notified the caller that it does not wish to receive such calls: or
  • the telephone number in question is registered with the Telephone Preference Service (TPS).

To enable organisations to check whether a number is registered with the TPS, organisations can pay a fee to the TPS to receive a regular report of numbers that have opted out of receiving direct marketing. In practice, this means that any organisation wishing to make unsolicited marketing calls is required to subscribe to the TPS’s service and regularly check their calling lists against the list of numbers registered with the TPS.

The PECR also sets out rules applying to marketing by text (SMS) and email. In summary, an organisation cannot send unsolicited direct marketing emails or text messages (or faxes) to consumers unless:

  • that individual has either provided their details to the organisation as part of a previous transaction (and the marketing is for similar products and services from that organisation); and
  • the individual was given the opportunity to opt out of receiving marketing when the information was collected, and any permitted marketing gives the individual an easy way to opt out of future marketing.

So called “silent calls” (where an automated system dials numbers but when the recipient answers there is no one on the other end) are dealt with by the telecoms regulator, Ofcom. Ofcom now has powers to fine organisations making silent calls up to £2m.

What did DM Design do wrong?
In this case, it appears that DM Design consistently failed to check whether the people it was phoning had opted out of receiving marketing calls, and (in at least one case) refused to remove the individual’s details from their system when asked to do so.

Over an 18 month period, the TPS received nearly 2000 complaints in relation to unsolicited marketing calls from DM Design. According to the TPS’s records, 12 months into the complaint period, DM Design did pay for one month’s subscription to the TPS mailing list and downloaded it once, but did not download the list at any other time during the period of the complaints.

Reporting silent calls and spam telemarketing
If you receive silent calls or unwanted telemarketing, and are registered with the TPS), then you should report the call, email or SMS to the ICO or Ofcom (see links below). Having done this with unsolicited communications from a number of organisations (including DM Design), I'm pleased to see that the ICO is finally taking enforcement action.

Of course, in order for the ICO to investigate, they will need details about the party that sent the message. I usually find that if you connect through to the call centre, then the operative will usually me more than happy to tell you who they work for and where they are calling from before realising why you are asking!

You can access the ICO's unwanted text and calls reporting tool by following this link.

You can report silent calls to Ofcom.

Martin Sloan

Twitter: @BrodiesTechBlog feed

December 2017
« May    

%d bloggers like this: