0330 161 1234
Our recent in-house senior counsel session took us on a whistle-stop tour of the big commercial law developments in the second quarter of 2023. Radius Law’s Iain Larkins and Sandra Martins ran us through everything that has happened in the last three months that an in-house lawyer needs to know.
Iain covered the big commercial law updates, including:
Sandra then covered employment law updates, which you can read more about in part two of this blog.
What constitutes a material breach? (RiverRock European Capital Partners LLP v Harnack)
In RiverRock European Capital Partners LLP v Harnack [2022] EWHC 3270 (Comm), the court held that a counterparty to a contract being struck off from Companies House was not a material breach as it could be easily rectified and was of no consequence to the contract. The court quoted Jackson LJ in Mid Essex Hospital Services NHS Trust v Compass Group UK and Ireland Ltd [2013] EWCA Civ 200 in which he stated that a material breach ‘is more than trivial but need not be repudiatory…The breach must be a serious matter, rather than a matter of little consequence.
This definition is not entirely helpful, so including additional details in contracts regarding material breaches is recommended. In-house lawyers should carefully define material breaches in contracts and may highlight specific issues that would constitute such a breach.
See News Analysis: ‘Material’ makes a difference—the hurdle for establishing a material breach (RiverRock European Capital Partners LLP v Harnack).
The importance of simplicity in liability clauses and caps (Drax Energy v Wipro)
In Drax Energy v Wipro [2023] EWHC 1342 (TCC), the parties agreed the following liability cap clause which was later disputed due to its lack of clarity:
‘the Supplier's total liability to the Customer…arising out of or in connection with this Agreement (including all Statements of Work) shall be limited to an amount equivalent to 150% of the Charges paid or payable in the preceding twelve months from the date the claim first arose.’
Wipro said the liability clause is an aggregate cap on liability of £11.5m (150% of the first year’s charges), whereas Drax said the clause is a per claim cap, meaning liability is capped at £11.5m per claim (total claim of £31m).
The court commented that the clause was poorly drafted but held on balance that Wipro’s interpretation was correct, and the clause was a single aggregate cap. This dispute would have been avoided if the clause had stated an aggregate cap of £11.5m. The case highlights the importance of keeping such clauses simple and using the word ‘aggregate’ if this is what is intended to avoid confusion.
See News Analysis: Limitation of liability in a contract for software services (Drax Energy v Wipro).
For more on liability clauses and caps, see Practice Note: Exclusion and limitation of liability, Precedent: Limitation of liability clause and Checklist: Drafting and negotiating a limitation of liability clause—checklist. See also the Limitation of liability subtopic.
Are you a de factor director? (Aston Risk Management v Jones)
In Aston Risk Management Ltd v Jones and others [2023] EWHC 603 (Ch), a director of a holding company was also deemed a de facto director of its subsidiary after he provided instructions to it. He claimed he was acting on behalf of the holding company, not as an individual director; however, the court held that Mr Jones had acted individually in his activities relating to that subsidiary rather than as part of the board of the parent company.
De facto directors can be sued and held liable in the same way as ordinary directors, so this case highlights the importance of being very clear as to which ‘hat’ someone is wearing when making decisions where someone is acting as a board of the parent company rather than an individual director of the subsidiary. Iain emphasised some key considerations in these situations:
See News Analysis: A director, if not by name…(Aston Risk Management v Jones (Rev 1)).
For more, see Practice Notes: Claims against directors—key considerations for dispute resolution practitioners and Claims against directors—key and illustrative decisions.
Breach of contract during the notice period (AMT Vehicle Rental Ltd v Volkswagen Group United Kingdom Ltd)
In AMT Vehicle Rental Ltd Volkswagen Group United Kingdom Ltd [2022] EWHC 2934 (Comm), Volkswagen Group UK had a non-exclusive contract with a car rental company to supply rental cars. The contract contained a clause which stated ‘…VGW engages the Provider to provide the services to VWG…’. Volkswagen Group UK terminated the contract and stopped providing information to the rental company in relation to its need for rental cars during the notice period. The court held this was a breach of its obligation to engage the rental company.
See News Analysis: Customer's failure to inform supplier of its vehicle needs under supply contract results in loss of profit damages (AMT Vehicle Rental Ltd v Volkswagen Group United Kingdom Ltd).
New failure to prevent fraud offence
Iain drew the participants’ attention to the likely upcoming new failure to prevent fraud offence in the Economic Crime and Corporate Transparency Bill. If this becomes law, large companies will be obligated to provide training and policies to show they have ‘reasonable fraud prevention procedures’.
For more, see News Analyses: What to expect from the new failure to prevent fraud offence and What financial services firms should know about the new UK 'failure to prevent fraud' corporate criminal offence and see Practice Notes: Economic Crime and Corporate Transparency Bill—strengthening the investigation and enforcement of economic crime and Corporate criminal liability reform—tracker.
EU-US Data Privacy Framework
The European Commission has adopted its adequacy decision for the EU-US Data Privacy Framework, allowing EU companies to transfer data to the US. Max Schrems has claimed he will challenge this decision. Since 17 July 2023, US companies have been able to register to join this Framework.
See News Analysis: EU-US Adequacy has arrived and noyb group announces intention to challenge New Trans-Atlantic Data Privacy Framework.
For more, see Practice Notes: The Privacy Shield—timeline and Data sharing and transactions—overview.
Cl0p exploitation of MOVEit
Cl0p, a ransomware gang believed to be based in Russia with ties to the Kremlin, exploited a vulnerability on the file transfer software of MOVEit to steal confidential information from multiple organisations. This exploitation incited discussion on cyber insurance policies. Lloyd’s of London mandate that cyber insurance policies must exclude losses arising from war. Whether this will work in reality is yet to be seen.
For more, see LNB News: FCA issues statement on file transfer application MOVEit vulnerability and Ofcom releases statement on MOVEit cyber attack.
Experion v The Information Commissioner
In Experian v The Information Commissioner [2023] UKFTT 00132 (GRC), The First Tier Tribunal ruled that Experian was not entitled to rely on legitimate interests for direct marketing using personal data acquired by third sources on the basis of consent, but could rely on it for personal data acquired where privacy notices had been received. The ICO has stated that it intends to appeal this decision.
See News Analysis: The transparency and legitimate interests battle in direct marketing—ICO to Appeal First Tier Tribunal Decision (Experian v The Information Commissioner).
Compliancy of privacy notices
Iain then highlighted that the ICO’s enforcement notice earlier this year to TikTok contained a 58-page annex outlining why TikTok’s privacy notice did not meet the UK GDPR requirements. Iain ran through the key takeaways from this to keep in mind when reviewing privacy notices:
Information Commissioner updates
Last month, the ICO made a statement that organisations failing to include a ‘reject all’ option in their website’s cookie banners are in breach of the law.
See News: Cookie banners missing ‘reject all’ buttons will be investigated, UK DPA warns.
The ICO has also issued updated guidance for employers on workers’ Data Subject Access Requests and new guidance on privacy enhancing technologies (PETs).
See Practice Notes: Data subject access requests—issues in employment and The UK GDPR and DPA 2018: key data protection issues for employment lawyers.
See News Analysis: The ICO is encouraging adoption of privacy enhancing technologies (PETs) within the next five years—2023 PETs guidance explained.
Fair and enforceable consumer terms (Parker-Grennan v Camelot UK)
In Parker-Grennan v Camelot UK Lotteries Ltd [2023] EWHC 800 (KB), Camelot’s website contained a website lottery which displayed a graphic indicating a prize of £1m. Camelot refused to pay, claiming it was a coding error and was excluded under its terms. The court held that hyperlinks and drop-down menus were sufficient to incorporate website terms, Camelot’s terms were not onerous or unusual enough to require a special notice. The court additionally held that there was not a significant imbalance in the parties’ rights and found in favour of Camelot.
Iain highlighted the following considerations in relation to website consumer terms:
See News Analysis: Summary judgment application rejected (Parker-Grennan v Camelot UK) and subtopic E-commerce.
* denotes a required field
