4. Where are we?
Aslam v Uber (November 2017)
• The EAT dismissed Uber’s appeal in November 2017
• Uber will appeal to the Court of Appeal
5. Where are we?
Independent Workers Union of Great Britain v
RooFoods Ltd (t/a Deliveroo) (CAC)
• CAC held that riders were NOT workers
• Major difference between was right to substitution
was genuine and used in practice
• Not strictly binding
Pimlico Plumbers Limited v Gary Smith (Supreme
Court)
6. Taylor Report
The Taylor Review report was published in July 2017
and recommended:
• Renaming “worker” to “dependent contractor” and
re-clarifying distinctions
• Additional rights for dependent contractors such as
written statement of terms
• Expedited hearings for determining status
• Right to guaranteed hours after 12 months on a ZHC
• “Rolled up” holiday pay for dependent contractors
7. Good Work Plan
• The Government published a response to the Taylor
Review in February 2018
• It broadly agrees with the Taylor Review. The
Government intends to act on 52/53
recommendations
• Plan sets out policy changes and four consultations
to be launched
• Watch this space
9. How prevalent is it?
0 5 10 15 20 25 30 35 40
Displays of pornography
Sexual comments about women/another woman
Unwated messages of sexual nature
Unwelcome sexual advances
Sexual assault
Unwanted touching
Unwelcome sexual jokes
Sexual comments about body and/or clothing
Serious sexual assault/rape
%
10. The law
Section 26(2) – Sexual harassment
A engages in unwanted conduct of a sexual nature
which has the purpose or effect of either violating
B’s dignity or creating an intimidating, hostile,
degrading, humiliating or offensive environment for
B
11. The law
Section 26(3) – Less favourable treatment for
rejecting or submitting to harassment
Sexual harassment + less favourable treatment due
to B’s rejection or submission to the conduct = s26(3)
claim
12. The law
Are employers liable for the harassment of their
employees?
- General rule is YES, but subject to some
exceptions:
- In the “course of employment”?
- “Reasonable steps” defence
- Liability for third-party harassment?
13. What can employers do?
• Comprehensive anti-harassment policy
• Follow a stringent investigation procedure
• Regular compulsory training for all staff
• Policy should be re-iterated before harassment
“hot-spots”
14. Gender pay gap reporting
Private sector employers must publish their
first reports by
4 April 2018
15. Gender pay gap reporting
What should you do?
• Are you a relevant employer?
• Identify any uncertain areas
• Which pay needs including?
• Calculate the gap before the deadline
• Action plan?
• If in doubt, take advice
16. What has happened so far?
• About 10% of employers have released reports so
far
• There are allegations that companies are releasing
false statistics
• Employers are opting to release voluntary
accompanying narratives to explain reports
18. Vicarious liability
Various claimants v Wm Morrisons Supermarket PLC
(HC)
• Mr S published personal details of 100,000
employees on internet – sentenced to 8 years in
prison
• High Court held that employers can be vicariously
liable for employee breaches
19. Stand-by time?
Ville de Nivelles v Matzak (ECJ)
• Belgian firefighter on stand-by at home
• Required to be at fire station within 8 minutes
• ECJ held that stand-by time in this case was
“working time” for Working Time Directive
purposes
20. Where does this leave us?
Time usually included in Working
Time
Time NOT normally included in Working
Time
Paid and most unpaid overtime Rest breaks including lunch and coffee
breaks
On-call at the work place or a place
to be determined by the employer
Annual leave
Travel whilst on-call On-call where not required to be a
particular place
Travel between work places or after
“booking on”
Purely voluntary unpaid overtime
Work taken home at request of
employer
Travel to the workplace
Work-related training Working from home voluntarily
24. Quick advert…
In house lawyer “checker” Product
- Free second opinion/expert view/check a point
– Approx 20 minutes on the telephone
- Equivalent to seeing a specialist at their desk
- Exclusively for in-house lawyers
Terms and conditions apply
26. Order of Precedence
Dawnus Construction Holdings v Amey (2017) CFI
• Prime Contract
• Sub-contract
• Flow down – “mutatis mutandis”
Subcontract takes precedence in the event of conflict
27. Order of Precedence (2)
MT Hojgaard v E.on Climate & Renewables (2017) SC
• Construction of two wind farms
• At Customer’s request the Agreement provided for an
industry standard to be applied
• Obligation in the agreement of a lifetime of 20 years
Obligations themselves were inconsistent
28. So What?
Contractual Shortcuts can be useful but:
• Consider Dispute Resolution/boilerplate in flow down
contracts
• If not inconsistent – the “order of priority” won’t
delete the other clause – need to expressly override
other clauses
29. Discretion
Watson v Watchfinder (2017) CFI
Option to purchase shares was exercisable with
consent of other directors.
Could the other directors simply refuse?
30. Discretion
BHL v Leumi ABL (2017) CFI
May “charge…up to 15%”
Could they simply charge 15%?
31. Discretion
Shurbanova v Forex Capital Markets (2017 ) CFI
“The company reserves the right to make necessary
corrections or adjustments…
..Any disputes will be dealt with by the Company in
its sole discretion”
32. In the 5 mins before signature
What to check for:
- [Square brackets]
- Parties
- Notice periods
- Signature
33. In the 5 mins before signature
Sutton Housing v Rydon Maintenance (2017) CA
If R didn’t meet “Minimum Acceptable Performance”
S could terminate. What were they…?
Not stated what these were – but there were worked
examples.
34. In the 5 mins before signature
Milton Keynes v Viridor (2017) CFI
“Income Generating Payment Mechanism” (IGPM)
Wrong Tender document prepared and included into
the agreement – contained gaps and no indexation.
Rectify for mistake….?
35. In the 5 mins before signature
“it was sloppy work by [NAME] the management
consultants and, to a lesser extent, by [NAME]
the solicitor … [the] error is perhaps a sad reflection
of the fact that modern day contracts of this kind
are so complicated that nobody (not even the
consultants) bothers to check the actual
documentation being signed”
36. So What?
Lessons from today:
- Contracts are long and heavy
- Be careful what you flow down
- Be careful what you miss out
- Worked examples can help
- So can checking the definitions and [square
brackets]
37. Helena Wootton & Richard Nicholas
Join the conversation #GenerationGDPR
GDPR
39. #GenerationGDPR
Today’s focus
8. Third party contracts
9. Third party due diligence
10. Data security
11. Data protection officers
12. Getting management buy-in
13. ICO guidance and updates
14. The data protection bill
15. Government’s views on data
40. #GenerationGDPR
1. Data visibility
• Data mapping - review and record in writing all
processing activities
• The 5 Ws
– Why is personal data processed?
– Whose personal data is processed?
– What personal data is processed?
– When is personal data processed?
– Where is personal data processed?
42. #GenerationGDPR
2. Evidencing compliance
Policies and procedures
• Data protection (internal)
• Data retention and destruction
• Subject access request
• Breach notification
• Cookie
• Data transfer
• Bring your own device
44. #GenerationGDPR
4. Legitimate interest assessment
• What are the legitimate interests of the
organisation?
• Is the processing necessary?
• Can it be achieved in a less intrusive way?
• Have the interests of both parties been balanced?
45. #GenerationGDPR
5. Consent
• When is consent the answer?
• Any freely given, specific, informed and
unambiguous indication of the data subject’s
wishes by which he or she, by a statement or by a
clear affirmative action, signifies agreement to
the processing of personal data relating to him or
her
• Explicit consent
• Re-papering consents - recital 171
46. #GenerationGDPR
6. Marketing:
Legitimate interests v consent
• Lawful basis
– Consent v Legitimate interest
• Third party marketing
• Privacy and Electronic Communications Regulations
2003
• Draft e-Privacy Regulation
• Right to object
• Third party tracking cookies
48. #GenerationGDPR
8. Third party contracts
• Assess third party relationships
– Group
– Suppliers
– Customers
– Partners
– Processors
• Appropriate contracts and controls
• Article 28
49. #GenerationGDPR
9. Third party due diligence
• Reflect on what you might ask
• Warranties of compliance with law
Example questions to ask:
• What personal data do you process on behalf of us?
• For what purpose do you process this personal data?
• Do you have access to or visibility of the data stored or otherwise
processed on behalf of us? In what countries is data stored?
• Continued…
50. #GenerationGDPR
9. Third party due diligence
• What technical and organisational security measures do you have
in place to ensure a level of security appropriate to the risk.
• Do you have any security accreditations (e.g. ISO27001)? If so,
please provide evidence of certification.
• Do you engage sub-processors? Provide details of who and which
data they process
• What provisions do you have in place to either delete or return the
personal data once the service comes to an end?
• What provisions/training do you have in place to ensure that your
employees process the personal data in accordance with our
instructions?
51. #GenerationGDPR
10. Data security
• Appropriate technical and organisational measures
• Assessing the risk to the rights and freedoms of the
individual
• Data protection impact assessment (DPIA) (Art 35)
• Privacy by design/by default (Art 25)
53. #GenerationGDPR
12. Getting management buy-in
• How do you get management to buy-in to the GDPR
project?
• Liability of directors (DP Bill clause 191)
• Sanctions for non-compliance
• Penalties
– 2% global turnover or €10m
– 4% global turnover or €20m
55. #GenerationGDPR
• Guide to the GDPR
• Guide to the data protection fee
• Introduction to the Data Protection Bill
• Children and the GDPR (draft)
• GDPR consent guidance (draft)
13. ICO guidance and updates
56. #GenerationGDPR
14. The Data Protection Bill
• UK’s third generation of data protection law to
enter parliament
• Published on 14th September 2017
• First reading 18th January 2018
• Repeals Data Protection Act 1998
• What does it do?